diff --git a/.github/.OwlBot.lock.yaml b/.github/.OwlBot.lock.yaml
new file mode 100644
index 00000000..ed87b76c
--- /dev/null
+++ b/.github/.OwlBot.lock.yaml
@@ -0,0 +1,3 @@
+docker:
+  digest: sha256:be68f3f8f8216e2d9eb083f2721fc724c474d1b5327354fb8c7a46fcaa580316
+  image: gcr.io/repo-automation-bots/owlbot-java:latest
diff --git a/.github/.OwlBot.yaml b/.github/.OwlBot.yaml
new file mode 100644
index 00000000..8c7725ac
--- /dev/null
+++ b/.github/.OwlBot.yaml
@@ -0,0 +1,29 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+docker:
+  image: "gcr.io/repo-automation-bots/owlbot-java:latest"
+
+deep-remove-regex:
+- "/grpc-google-.*/src"
+- "/proto-google-.*/src"
+- "/google-.*/src"
+
+deep-copy-regex:
+- source: "/google/cloud/security/privateca/(v.*)/.*-java/proto-google-.*/src"
+  dest: "/owl-bot-staging/$1/proto-google-cloud-security-private-ca-$1/src"
+- source: "/google/cloud/security/privateca/(v.*)/.*-java/grpc-google-.*/src"
+  dest: "/owl-bot-staging/$1/grpc-google-cloud-security-private-ca-$1/src"
+- source: "/google/cloud/security/privateca/v.*/.*-java/gapic-google-.*/src"
+  dest: "/owl-bot-staging/$1/google-cloud-security-private-ca/src"
diff --git a/google-cloud-security-private-ca-bom/pom.xml b/google-cloud-security-private-ca-bom/pom.xml
index 28be3409..32ac98b3 100644
--- a/google-cloud-security-private-ca-bom/pom.xml
+++ b/google-cloud-security-private-ca-bom/pom.xml
@@ -1,4 +1,4 @@
-<?xml version="1.0"?>
+<?xml version='1.0' encoding='UTF-8'?>
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
   <modelVersion>4.0.0</modelVersion>
   <groupId>com.google.cloud</groupId>
@@ -64,12 +64,21 @@
 
   <dependencyManagement>
     <dependencies>
-
       <dependency>
         <groupId>com.google.cloud</groupId>
         <artifactId>google-cloud-security-private-ca</artifactId>
         <version>0.2.9-SNAPSHOT</version><!-- {x-version-update:google-cloud-security-private-ca:current} -->
       </dependency>
+      <dependency>
+        <groupId>com.google.api.grpc</groupId>
+        <artifactId>grpc-google-cloud-security-private-ca-v1beta1</artifactId>
+        <version>0.2.9-SNAPSHOT</version><!-- {x-version-update:grpc-google-cloud-security-private-ca-v1beta1:current} -->
+      </dependency>
+      <dependency>
+        <groupId>com.google.api.grpc</groupId>
+        <artifactId>grpc-google-cloud-security-private-ca-v1</artifactId>
+        <version>0.2.9-SNAPSHOT</version><!-- {x-version-update:grpc-google-cloud-security-private-ca-v1:current} -->
+      </dependency>
       <dependency>
         <groupId>com.google.api.grpc</groupId>
         <artifactId>proto-google-cloud-security-private-ca-v1beta1</artifactId>
@@ -77,8 +86,8 @@
       </dependency>
       <dependency>
         <groupId>com.google.api.grpc</groupId>
-        <artifactId>grpc-google-cloud-security-private-ca-v1beta1</artifactId>
-        <version>0.2.9-SNAPSHOT</version><!-- {x-version-update:grpc-google-cloud-security-private-ca-v1beta1:current} -->
+        <artifactId>proto-google-cloud-security-private-ca-v1</artifactId>
+        <version>0.2.9-SNAPSHOT</version><!-- {x-version-update:proto-google-cloud-security-private-ca-v1:current} -->
       </dependency>
     </dependencies>
   </dependencyManagement>
@@ -94,4 +103,4 @@
       </plugin>
     </plugins>
   </build>
-</project>
\ No newline at end of file
+</project>
diff --git a/google-cloud-security-private-ca/pom.xml b/google-cloud-security-private-ca/pom.xml
index 3940e993..c361a0c0 100644
--- a/google-cloud-security-private-ca/pom.xml
+++ b/google-cloud-security-private-ca/pom.xml
@@ -1,4 +1,4 @@
-<?xml version="1.0"?>
+<?xml version='1.0' encoding='UTF-8'?>
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
   <modelVersion>4.0.0</modelVersion>
   <groupId>com.google.cloud</groupId>
@@ -42,6 +42,10 @@
       <artifactId>proto-google-common-protos</artifactId>
     </dependency>
 
+    <dependency>
+      <groupId>com.google.api.grpc</groupId>
+      <artifactId>proto-google-cloud-security-private-ca-v1</artifactId>
+    </dependency>
     <dependency>
       <groupId>com.google.api.grpc</groupId>
       <artifactId>proto-google-cloud-security-private-ca-v1beta1</artifactId>
@@ -76,6 +80,11 @@
       <artifactId>grpc-google-cloud-security-private-ca-v1beta1</artifactId>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <groupId>com.google.api.grpc</groupId>
+      <artifactId>grpc-google-cloud-security-private-ca-v1</artifactId>
+      <scope>test</scope>
+    </dependency>
     <!-- Need testing utility classes for generated gRPC clients tests -->
     <dependency>
       <groupId>com.google.api</groupId>
@@ -108,4 +117,4 @@
         </plugin>
     </plugins>
   </build>
-</project>
\ No newline at end of file
+</project>
diff --git a/google-cloud-security-private-ca/src/main/java/com/google/cloud/security/privateca/v1/CertificateAuthorityServiceClient.java b/google-cloud-security-private-ca/src/main/java/com/google/cloud/security/privateca/v1/CertificateAuthorityServiceClient.java
new file mode 100644
index 00000000..8c15715d
--- /dev/null
+++ b/google-cloud-security-private-ca/src/main/java/com/google/cloud/security/privateca/v1/CertificateAuthorityServiceClient.java
@@ -0,0 +1,4758 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.cloud.security.privateca.v1;
+
+import com.google.api.core.ApiFunction;
+import com.google.api.core.ApiFuture;
+import com.google.api.core.ApiFutures;
+import com.google.api.core.BetaApi;
+import com.google.api.gax.core.BackgroundResource;
+import com.google.api.gax.longrunning.OperationFuture;
+import com.google.api.gax.paging.AbstractFixedSizeCollection;
+import com.google.api.gax.paging.AbstractPage;
+import com.google.api.gax.paging.AbstractPagedListResponse;
+import com.google.api.gax.rpc.OperationCallable;
+import com.google.api.gax.rpc.PageContext;
+import com.google.api.gax.rpc.UnaryCallable;
+import com.google.cloud.security.privateca.v1.stub.CertificateAuthorityServiceStub;
+import com.google.cloud.security.privateca.v1.stub.CertificateAuthorityServiceStubSettings;
+import com.google.common.util.concurrent.MoreExecutors;
+import com.google.longrunning.Operation;
+import com.google.longrunning.OperationsClient;
+import com.google.protobuf.Empty;
+import com.google.protobuf.FieldMask;
+import java.io.IOException;
+import java.util.List;
+import java.util.concurrent.TimeUnit;
+import javax.annotation.Generated;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS.
+/**
+ * Service Description: [Certificate Authority
+ * Service][google.cloud.security.privateca.v1.CertificateAuthorityService] manages private
+ * certificate authorities and issued certificates.
+ *
+ * <p>This class provides the ability to make remote calls to the backing service through method
+ * calls that map to API methods. Sample code to get started:
+ *
+ * <pre>{@code
+ * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+ *     CertificateAuthorityServiceClient.create()) {
+ *   CaPoolName parent = CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]");
+ *   Certificate certificate = Certificate.newBuilder().build();
+ *   String certificateId = "certificateId-644529902";
+ *   Certificate response =
+ *       certificateAuthorityServiceClient.createCertificate(parent, certificate, certificateId);
+ * }
+ * }</pre>
+ *
+ * <p>Note: close() needs to be called on the CertificateAuthorityServiceClient object to clean up
+ * resources such as threads. In the example above, try-with-resources is used, which automatically
+ * calls close().
+ *
+ * <p>The surface of this class includes several types of Java methods for each of the API's
+ * methods:
+ *
+ * <ol>
+ *   <li>A "flattened" method. With this type of method, the fields of the request type have been
+ *       converted into function parameters. It may be the case that not all fields are available as
+ *       parameters, and not every API method will have a flattened method entry point.
+ *   <li>A "request object" method. This type of method only takes one parameter, a request object,
+ *       which must be constructed before the call. Not every API method will have a request object
+ *       method.
+ *   <li>A "callable" method. This type of method takes no parameters and returns an immutable API
+ *       callable object, which can be used to initiate calls to the service.
+ * </ol>
+ *
+ * <p>See the individual methods for example code.
+ *
+ * <p>Many parameters require resource names to be formatted in a particular way. To assist with
+ * these names, this class includes a format method for each type of name, and additionally a parse
+ * method to extract the individual identifiers contained within names that are returned.
+ *
+ * <p>This class can be customized by passing in a custom instance of
+ * CertificateAuthorityServiceSettings to create(). For example:
+ *
+ * <p>To customize credentials:
+ *
+ * <pre>{@code
+ * CertificateAuthorityServiceSettings certificateAuthorityServiceSettings =
+ *     CertificateAuthorityServiceSettings.newBuilder()
+ *         .setCredentialsProvider(FixedCredentialsProvider.create(myCredentials))
+ *         .build();
+ * CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+ *     CertificateAuthorityServiceClient.create(certificateAuthorityServiceSettings);
+ * }</pre>
+ *
+ * <p>To customize the endpoint:
+ *
+ * <pre>{@code
+ * CertificateAuthorityServiceSettings certificateAuthorityServiceSettings =
+ *     CertificateAuthorityServiceSettings.newBuilder().setEndpoint(myEndpoint).build();
+ * CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+ *     CertificateAuthorityServiceClient.create(certificateAuthorityServiceSettings);
+ * }</pre>
+ *
+ * <p>Please refer to the GitHub repository's samples for more quickstart code snippets.
+ */
+@Generated("by gapic-generator-java")
+public class CertificateAuthorityServiceClient implements BackgroundResource {
+  private final CertificateAuthorityServiceSettings settings;
+  private final CertificateAuthorityServiceStub stub;
+  private final OperationsClient operationsClient;
+
+  /** Constructs an instance of CertificateAuthorityServiceClient with default settings. */
+  public static final CertificateAuthorityServiceClient create() throws IOException {
+    return create(CertificateAuthorityServiceSettings.newBuilder().build());
+  }
+
+  /**
+   * Constructs an instance of CertificateAuthorityServiceClient, using the given settings. The
+   * channels are created based on the settings passed in, or defaults for any settings that are not
+   * set.
+   */
+  public static final CertificateAuthorityServiceClient create(
+      CertificateAuthorityServiceSettings settings) throws IOException {
+    return new CertificateAuthorityServiceClient(settings);
+  }
+
+  /**
+   * Constructs an instance of CertificateAuthorityServiceClient, using the given stub for making
+   * calls. This is for advanced usage - prefer using create(CertificateAuthorityServiceSettings).
+   */
+  @BetaApi("A restructuring of stub classes is planned, so this may break in the future")
+  public static final CertificateAuthorityServiceClient create(
+      CertificateAuthorityServiceStub stub) {
+    return new CertificateAuthorityServiceClient(stub);
+  }
+
+  /**
+   * Constructs an instance of CertificateAuthorityServiceClient, using the given settings. This is
+   * protected so that it is easy to make a subclass, but otherwise, the static factory methods
+   * should be preferred.
+   */
+  protected CertificateAuthorityServiceClient(CertificateAuthorityServiceSettings settings)
+      throws IOException {
+    this.settings = settings;
+    this.stub = ((CertificateAuthorityServiceStubSettings) settings.getStubSettings()).createStub();
+    this.operationsClient = OperationsClient.create(this.stub.getOperationsStub());
+  }
+
+  @BetaApi("A restructuring of stub classes is planned, so this may break in the future")
+  protected CertificateAuthorityServiceClient(CertificateAuthorityServiceStub stub) {
+    this.settings = null;
+    this.stub = stub;
+    this.operationsClient = OperationsClient.create(this.stub.getOperationsStub());
+  }
+
+  public final CertificateAuthorityServiceSettings getSettings() {
+    return settings;
+  }
+
+  @BetaApi("A restructuring of stub classes is planned, so this may break in the future")
+  public CertificateAuthorityServiceStub getStub() {
+    return stub;
+  }
+
+  /**
+   * Returns the OperationsClient that can be used to query the status of a long-running operation
+   * returned by another API method call.
+   */
+  public final OperationsClient getOperationsClient() {
+    return operationsClient;
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Create a new [Certificate][google.cloud.security.privateca.v1.Certificate] in a given Project,
+   * Location from a particular [CaPool][google.cloud.security.privateca.v1.CaPool].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   CaPoolName parent = CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]");
+   *   Certificate certificate = Certificate.newBuilder().build();
+   *   String certificateId = "certificateId-644529902";
+   *   Certificate response =
+   *       certificateAuthorityServiceClient.createCertificate(parent, certificate, certificateId);
+   * }
+   * }</pre>
+   *
+   * @param parent Required. The resource name of the
+   *     [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+   *     [Certificate][google.cloud.security.privateca.v1.Certificate], in the format
+   *     `projects/&#42;/locations/&#42;/caPools/&#42;`.
+   * @param certificate Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
+   *     with initial field values.
+   * @param certificateId Optional. It must be unique within a location and match the regular
+   *     expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
+   *     [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   *     Enterprise [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier], but is optional
+   *     and its value is ignored otherwise.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final Certificate createCertificate(
+      CaPoolName parent, Certificate certificate, String certificateId) {
+    CreateCertificateRequest request =
+        CreateCertificateRequest.newBuilder()
+            .setParent(parent == null ? null : parent.toString())
+            .setCertificate(certificate)
+            .setCertificateId(certificateId)
+            .build();
+    return createCertificate(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Create a new [Certificate][google.cloud.security.privateca.v1.Certificate] in a given Project,
+   * Location from a particular [CaPool][google.cloud.security.privateca.v1.CaPool].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   String parent = CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]").toString();
+   *   Certificate certificate = Certificate.newBuilder().build();
+   *   String certificateId = "certificateId-644529902";
+   *   Certificate response =
+   *       certificateAuthorityServiceClient.createCertificate(parent, certificate, certificateId);
+   * }
+   * }</pre>
+   *
+   * @param parent Required. The resource name of the
+   *     [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+   *     [Certificate][google.cloud.security.privateca.v1.Certificate], in the format
+   *     `projects/&#42;/locations/&#42;/caPools/&#42;`.
+   * @param certificate Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
+   *     with initial field values.
+   * @param certificateId Optional. It must be unique within a location and match the regular
+   *     expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
+   *     [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   *     Enterprise [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier], but is optional
+   *     and its value is ignored otherwise.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final Certificate createCertificate(
+      String parent, Certificate certificate, String certificateId) {
+    CreateCertificateRequest request =
+        CreateCertificateRequest.newBuilder()
+            .setParent(parent)
+            .setCertificate(certificate)
+            .setCertificateId(certificateId)
+            .build();
+    return createCertificate(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Create a new [Certificate][google.cloud.security.privateca.v1.Certificate] in a given Project,
+   * Location from a particular [CaPool][google.cloud.security.privateca.v1.CaPool].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   CreateCertificateRequest request =
+   *       CreateCertificateRequest.newBuilder()
+   *           .setParent(CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]").toString())
+   *           .setCertificateId("certificateId-644529902")
+   *           .setCertificate(Certificate.newBuilder().build())
+   *           .setRequestId("requestId693933066")
+   *           .setValidateOnly(true)
+   *           .setIssuingCertificateAuthorityId("issuingCertificateAuthorityId-559908707")
+   *           .build();
+   *   Certificate response = certificateAuthorityServiceClient.createCertificate(request);
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final Certificate createCertificate(CreateCertificateRequest request) {
+    return createCertificateCallable().call(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Create a new [Certificate][google.cloud.security.privateca.v1.Certificate] in a given Project,
+   * Location from a particular [CaPool][google.cloud.security.privateca.v1.CaPool].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   CreateCertificateRequest request =
+   *       CreateCertificateRequest.newBuilder()
+   *           .setParent(CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]").toString())
+   *           .setCertificateId("certificateId-644529902")
+   *           .setCertificate(Certificate.newBuilder().build())
+   *           .setRequestId("requestId693933066")
+   *           .setValidateOnly(true)
+   *           .setIssuingCertificateAuthorityId("issuingCertificateAuthorityId-559908707")
+   *           .build();
+   *   ApiFuture<Certificate> future =
+   *       certificateAuthorityServiceClient.createCertificateCallable().futureCall(request);
+   *   // Do something.
+   *   Certificate response = future.get();
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<CreateCertificateRequest, Certificate> createCertificateCallable() {
+    return stub.createCertificateCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Returns a [Certificate][google.cloud.security.privateca.v1.Certificate].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   CertificateName name =
+   *       CertificateName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE]");
+   *   Certificate response = certificateAuthorityServiceClient.getCertificate(name);
+   * }
+   * }</pre>
+   *
+   * @param name Required. The [name][google.cloud.security.privateca.v1.Certificate.name] of the
+   *     [Certificate][google.cloud.security.privateca.v1.Certificate] to get.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final Certificate getCertificate(CertificateName name) {
+    GetCertificateRequest request =
+        GetCertificateRequest.newBuilder().setName(name == null ? null : name.toString()).build();
+    return getCertificate(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Returns a [Certificate][google.cloud.security.privateca.v1.Certificate].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   String name =
+   *       CertificateName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE]").toString();
+   *   Certificate response = certificateAuthorityServiceClient.getCertificate(name);
+   * }
+   * }</pre>
+   *
+   * @param name Required. The [name][google.cloud.security.privateca.v1.Certificate.name] of the
+   *     [Certificate][google.cloud.security.privateca.v1.Certificate] to get.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final Certificate getCertificate(String name) {
+    GetCertificateRequest request = GetCertificateRequest.newBuilder().setName(name).build();
+    return getCertificate(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Returns a [Certificate][google.cloud.security.privateca.v1.Certificate].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   GetCertificateRequest request =
+   *       GetCertificateRequest.newBuilder()
+   *           .setName(
+   *               CertificateName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE]")
+   *                   .toString())
+   *           .build();
+   *   Certificate response = certificateAuthorityServiceClient.getCertificate(request);
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final Certificate getCertificate(GetCertificateRequest request) {
+    return getCertificateCallable().call(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Returns a [Certificate][google.cloud.security.privateca.v1.Certificate].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   GetCertificateRequest request =
+   *       GetCertificateRequest.newBuilder()
+   *           .setName(
+   *               CertificateName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE]")
+   *                   .toString())
+   *           .build();
+   *   ApiFuture<Certificate> future =
+   *       certificateAuthorityServiceClient.getCertificateCallable().futureCall(request);
+   *   // Do something.
+   *   Certificate response = future.get();
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<GetCertificateRequest, Certificate> getCertificateCallable() {
+    return stub.getCertificateCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Lists [Certificates][google.cloud.security.privateca.v1.Certificate].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   CaPoolName parent = CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]");
+   *   for (Certificate element :
+   *       certificateAuthorityServiceClient.listCertificates(parent).iterateAll()) {
+   *     // doThingsWith(element);
+   *   }
+   * }
+   * }</pre>
+   *
+   * @param parent Required. The resource name of the location associated with the
+   *     [Certificates][google.cloud.security.privateca.v1.Certificate], in the format
+   *     `projects/&#42;/locations/&#42;/caPools/&#42;`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final ListCertificatesPagedResponse listCertificates(CaPoolName parent) {
+    ListCertificatesRequest request =
+        ListCertificatesRequest.newBuilder()
+            .setParent(parent == null ? null : parent.toString())
+            .build();
+    return listCertificates(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Lists [Certificates][google.cloud.security.privateca.v1.Certificate].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   String parent = CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]").toString();
+   *   for (Certificate element :
+   *       certificateAuthorityServiceClient.listCertificates(parent).iterateAll()) {
+   *     // doThingsWith(element);
+   *   }
+   * }
+   * }</pre>
+   *
+   * @param parent Required. The resource name of the location associated with the
+   *     [Certificates][google.cloud.security.privateca.v1.Certificate], in the format
+   *     `projects/&#42;/locations/&#42;/caPools/&#42;`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final ListCertificatesPagedResponse listCertificates(String parent) {
+    ListCertificatesRequest request =
+        ListCertificatesRequest.newBuilder().setParent(parent).build();
+    return listCertificates(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Lists [Certificates][google.cloud.security.privateca.v1.Certificate].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   ListCertificatesRequest request =
+   *       ListCertificatesRequest.newBuilder()
+   *           .setParent(CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]").toString())
+   *           .setPageSize(883849137)
+   *           .setPageToken("pageToken873572522")
+   *           .setFilter("filter-1274492040")
+   *           .setOrderBy("orderBy-1207110587")
+   *           .build();
+   *   for (Certificate element :
+   *       certificateAuthorityServiceClient.listCertificates(request).iterateAll()) {
+   *     // doThingsWith(element);
+   *   }
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final ListCertificatesPagedResponse listCertificates(ListCertificatesRequest request) {
+    return listCertificatesPagedCallable().call(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Lists [Certificates][google.cloud.security.privateca.v1.Certificate].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   ListCertificatesRequest request =
+   *       ListCertificatesRequest.newBuilder()
+   *           .setParent(CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]").toString())
+   *           .setPageSize(883849137)
+   *           .setPageToken("pageToken873572522")
+   *           .setFilter("filter-1274492040")
+   *           .setOrderBy("orderBy-1207110587")
+   *           .build();
+   *   ApiFuture<Certificate> future =
+   *       certificateAuthorityServiceClient.listCertificatesPagedCallable().futureCall(request);
+   *   // Do something.
+   *   for (Certificate element : future.get().iterateAll()) {
+   *     // doThingsWith(element);
+   *   }
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<ListCertificatesRequest, ListCertificatesPagedResponse>
+      listCertificatesPagedCallable() {
+    return stub.listCertificatesPagedCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Lists [Certificates][google.cloud.security.privateca.v1.Certificate].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   ListCertificatesRequest request =
+   *       ListCertificatesRequest.newBuilder()
+   *           .setParent(CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]").toString())
+   *           .setPageSize(883849137)
+   *           .setPageToken("pageToken873572522")
+   *           .setFilter("filter-1274492040")
+   *           .setOrderBy("orderBy-1207110587")
+   *           .build();
+   *   while (true) {
+   *     ListCertificatesResponse response =
+   *         certificateAuthorityServiceClient.listCertificatesCallable().call(request);
+   *     for (Certificate element : response.getResponsesList()) {
+   *       // doThingsWith(element);
+   *     }
+   *     String nextPageToken = response.getNextPageToken();
+   *     if (!Strings.isNullOrEmpty(nextPageToken)) {
+   *       request = request.toBuilder().setPageToken(nextPageToken).build();
+   *     } else {
+   *       break;
+   *     }
+   *   }
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<ListCertificatesRequest, ListCertificatesResponse>
+      listCertificatesCallable() {
+    return stub.listCertificatesCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Revoke a [Certificate][google.cloud.security.privateca.v1.Certificate].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   CertificateName name =
+   *       CertificateName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE]");
+   *   Certificate response = certificateAuthorityServiceClient.revokeCertificate(name);
+   * }
+   * }</pre>
+   *
+   * @param name Required. The resource name for this
+   *     [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+   *     `projects/&#42;/locations/&#42;/caPools/&#42;/certificates/&#42;`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final Certificate revokeCertificate(CertificateName name) {
+    RevokeCertificateRequest request =
+        RevokeCertificateRequest.newBuilder()
+            .setName(name == null ? null : name.toString())
+            .build();
+    return revokeCertificate(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Revoke a [Certificate][google.cloud.security.privateca.v1.Certificate].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   String name =
+   *       CertificateName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE]").toString();
+   *   Certificate response = certificateAuthorityServiceClient.revokeCertificate(name);
+   * }
+   * }</pre>
+   *
+   * @param name Required. The resource name for this
+   *     [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+   *     `projects/&#42;/locations/&#42;/caPools/&#42;/certificates/&#42;`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final Certificate revokeCertificate(String name) {
+    RevokeCertificateRequest request = RevokeCertificateRequest.newBuilder().setName(name).build();
+    return revokeCertificate(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Revoke a [Certificate][google.cloud.security.privateca.v1.Certificate].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   RevokeCertificateRequest request =
+   *       RevokeCertificateRequest.newBuilder()
+   *           .setName(
+   *               CertificateName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE]")
+   *                   .toString())
+   *           .setReason(RevocationReason.forNumber(0))
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   Certificate response = certificateAuthorityServiceClient.revokeCertificate(request);
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final Certificate revokeCertificate(RevokeCertificateRequest request) {
+    return revokeCertificateCallable().call(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Revoke a [Certificate][google.cloud.security.privateca.v1.Certificate].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   RevokeCertificateRequest request =
+   *       RevokeCertificateRequest.newBuilder()
+   *           .setName(
+   *               CertificateName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE]")
+   *                   .toString())
+   *           .setReason(RevocationReason.forNumber(0))
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   ApiFuture<Certificate> future =
+   *       certificateAuthorityServiceClient.revokeCertificateCallable().futureCall(request);
+   *   // Do something.
+   *   Certificate response = future.get();
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<RevokeCertificateRequest, Certificate> revokeCertificateCallable() {
+    return stub.revokeCertificateCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Update a [Certificate][google.cloud.security.privateca.v1.Certificate]. Currently, the only
+   * field you can update is the [labels][google.cloud.security.privateca.v1.Certificate.labels]
+   * field.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   Certificate certificate = Certificate.newBuilder().build();
+   *   FieldMask updateMask = FieldMask.newBuilder().build();
+   *   Certificate response =
+   *       certificateAuthorityServiceClient.updateCertificate(certificate, updateMask);
+   * }
+   * }</pre>
+   *
+   * @param certificate Required. [Certificate][google.cloud.security.privateca.v1.Certificate] with
+   *     updated values.
+   * @param updateMask Required. A list of fields to be updated in this request.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final Certificate updateCertificate(Certificate certificate, FieldMask updateMask) {
+    UpdateCertificateRequest request =
+        UpdateCertificateRequest.newBuilder()
+            .setCertificate(certificate)
+            .setUpdateMask(updateMask)
+            .build();
+    return updateCertificate(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Update a [Certificate][google.cloud.security.privateca.v1.Certificate]. Currently, the only
+   * field you can update is the [labels][google.cloud.security.privateca.v1.Certificate.labels]
+   * field.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   UpdateCertificateRequest request =
+   *       UpdateCertificateRequest.newBuilder()
+   *           .setCertificate(Certificate.newBuilder().build())
+   *           .setUpdateMask(FieldMask.newBuilder().build())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   Certificate response = certificateAuthorityServiceClient.updateCertificate(request);
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final Certificate updateCertificate(UpdateCertificateRequest request) {
+    return updateCertificateCallable().call(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Update a [Certificate][google.cloud.security.privateca.v1.Certificate]. Currently, the only
+   * field you can update is the [labels][google.cloud.security.privateca.v1.Certificate.labels]
+   * field.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   UpdateCertificateRequest request =
+   *       UpdateCertificateRequest.newBuilder()
+   *           .setCertificate(Certificate.newBuilder().build())
+   *           .setUpdateMask(FieldMask.newBuilder().build())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   ApiFuture<Certificate> future =
+   *       certificateAuthorityServiceClient.updateCertificateCallable().futureCall(request);
+   *   // Do something.
+   *   Certificate response = future.get();
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<UpdateCertificateRequest, Certificate> updateCertificateCallable() {
+    return stub.updateCertificateCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Activate a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that
+   * is in state
+   * [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
+   * and is of type
+   * [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. After
+   * the parent Certificate Authority signs a certificate signing request from
+   * [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr],
+   * this method can complete the activation process.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   CertificateAuthorityName name =
+   *       CertificateAuthorityName.of(
+   *           "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]");
+   *   CertificateAuthority response =
+   *       certificateAuthorityServiceClient.activateCertificateAuthorityAsync(name).get();
+   * }
+   * }</pre>
+   *
+   * @param name Required. The resource name for this
+   *     [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   *     format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/&#42;`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final OperationFuture<CertificateAuthority, OperationMetadata>
+      activateCertificateAuthorityAsync(CertificateAuthorityName name) {
+    ActivateCertificateAuthorityRequest request =
+        ActivateCertificateAuthorityRequest.newBuilder()
+            .setName(name == null ? null : name.toString())
+            .build();
+    return activateCertificateAuthorityAsync(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Activate a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that
+   * is in state
+   * [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
+   * and is of type
+   * [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. After
+   * the parent Certificate Authority signs a certificate signing request from
+   * [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr],
+   * this method can complete the activation process.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   String name =
+   *       CertificateAuthorityName.of(
+   *               "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+   *           .toString();
+   *   CertificateAuthority response =
+   *       certificateAuthorityServiceClient.activateCertificateAuthorityAsync(name).get();
+   * }
+   * }</pre>
+   *
+   * @param name Required. The resource name for this
+   *     [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   *     format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/&#42;`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final OperationFuture<CertificateAuthority, OperationMetadata>
+      activateCertificateAuthorityAsync(String name) {
+    ActivateCertificateAuthorityRequest request =
+        ActivateCertificateAuthorityRequest.newBuilder().setName(name).build();
+    return activateCertificateAuthorityAsync(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Activate a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that
+   * is in state
+   * [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
+   * and is of type
+   * [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. After
+   * the parent Certificate Authority signs a certificate signing request from
+   * [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr],
+   * this method can complete the activation process.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   ActivateCertificateAuthorityRequest request =
+   *       ActivateCertificateAuthorityRequest.newBuilder()
+   *           .setName(
+   *               CertificateAuthorityName.of(
+   *                       "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+   *                   .toString())
+   *           .setPemCaCertificate("pemCaCertificate2100567073")
+   *           .setSubordinateConfig(SubordinateConfig.newBuilder().build())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   CertificateAuthority response =
+   *       certificateAuthorityServiceClient.activateCertificateAuthorityAsync(request).get();
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final OperationFuture<CertificateAuthority, OperationMetadata>
+      activateCertificateAuthorityAsync(ActivateCertificateAuthorityRequest request) {
+    return activateCertificateAuthorityOperationCallable().futureCall(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Activate a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that
+   * is in state
+   * [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
+   * and is of type
+   * [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. After
+   * the parent Certificate Authority signs a certificate signing request from
+   * [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr],
+   * this method can complete the activation process.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   ActivateCertificateAuthorityRequest request =
+   *       ActivateCertificateAuthorityRequest.newBuilder()
+   *           .setName(
+   *               CertificateAuthorityName.of(
+   *                       "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+   *                   .toString())
+   *           .setPemCaCertificate("pemCaCertificate2100567073")
+   *           .setSubordinateConfig(SubordinateConfig.newBuilder().build())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   OperationFuture<CertificateAuthority, OperationMetadata> future =
+   *       certificateAuthorityServiceClient
+   *           .activateCertificateAuthorityOperationCallable()
+   *           .futureCall(request);
+   *   // Do something.
+   *   CertificateAuthority response = future.get();
+   * }
+   * }</pre>
+   */
+  public final OperationCallable<
+          ActivateCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      activateCertificateAuthorityOperationCallable() {
+    return stub.activateCertificateAuthorityOperationCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Activate a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that
+   * is in state
+   * [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
+   * and is of type
+   * [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. After
+   * the parent Certificate Authority signs a certificate signing request from
+   * [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr],
+   * this method can complete the activation process.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   ActivateCertificateAuthorityRequest request =
+   *       ActivateCertificateAuthorityRequest.newBuilder()
+   *           .setName(
+   *               CertificateAuthorityName.of(
+   *                       "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+   *                   .toString())
+   *           .setPemCaCertificate("pemCaCertificate2100567073")
+   *           .setSubordinateConfig(SubordinateConfig.newBuilder().build())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   ApiFuture<Operation> future =
+   *       certificateAuthorityServiceClient
+   *           .activateCertificateAuthorityCallable()
+   *           .futureCall(request);
+   *   // Do something.
+   *   Operation response = future.get();
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<ActivateCertificateAuthorityRequest, Operation>
+      activateCertificateAuthorityCallable() {
+    return stub.activateCertificateAuthorityCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Create a new [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in
+   * a given Project and Location.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   CaPoolName parent = CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]");
+   *   CertificateAuthority certificateAuthority = CertificateAuthority.newBuilder().build();
+   *   String certificateAuthorityId = "certificateAuthorityId-1652580953";
+   *   CertificateAuthority response =
+   *       certificateAuthorityServiceClient
+   *           .createCertificateAuthorityAsync(parent, certificateAuthority, certificateAuthorityId)
+   *           .get();
+   * }
+   * }</pre>
+   *
+   * @param parent Required. The resource name of the
+   *     [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+   *     [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the
+   *     format `projects/&#42;/locations/&#42;/caPools/&#42;`.
+   * @param certificateAuthority Required. A
+   *     [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with
+   *     initial field values.
+   * @param certificateAuthorityId Required. It must be unique within a location and match the
+   *     regular expression `[a-zA-Z0-9_-]{1,63}`
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final OperationFuture<CertificateAuthority, OperationMetadata>
+      createCertificateAuthorityAsync(
+          CaPoolName parent,
+          CertificateAuthority certificateAuthority,
+          String certificateAuthorityId) {
+    CreateCertificateAuthorityRequest request =
+        CreateCertificateAuthorityRequest.newBuilder()
+            .setParent(parent == null ? null : parent.toString())
+            .setCertificateAuthority(certificateAuthority)
+            .setCertificateAuthorityId(certificateAuthorityId)
+            .build();
+    return createCertificateAuthorityAsync(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Create a new [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in
+   * a given Project and Location.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   String parent = CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]").toString();
+   *   CertificateAuthority certificateAuthority = CertificateAuthority.newBuilder().build();
+   *   String certificateAuthorityId = "certificateAuthorityId-1652580953";
+   *   CertificateAuthority response =
+   *       certificateAuthorityServiceClient
+   *           .createCertificateAuthorityAsync(parent, certificateAuthority, certificateAuthorityId)
+   *           .get();
+   * }
+   * }</pre>
+   *
+   * @param parent Required. The resource name of the
+   *     [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+   *     [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the
+   *     format `projects/&#42;/locations/&#42;/caPools/&#42;`.
+   * @param certificateAuthority Required. A
+   *     [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with
+   *     initial field values.
+   * @param certificateAuthorityId Required. It must be unique within a location and match the
+   *     regular expression `[a-zA-Z0-9_-]{1,63}`
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final OperationFuture<CertificateAuthority, OperationMetadata>
+      createCertificateAuthorityAsync(
+          String parent, CertificateAuthority certificateAuthority, String certificateAuthorityId) {
+    CreateCertificateAuthorityRequest request =
+        CreateCertificateAuthorityRequest.newBuilder()
+            .setParent(parent)
+            .setCertificateAuthority(certificateAuthority)
+            .setCertificateAuthorityId(certificateAuthorityId)
+            .build();
+    return createCertificateAuthorityAsync(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Create a new [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in
+   * a given Project and Location.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   CreateCertificateAuthorityRequest request =
+   *       CreateCertificateAuthorityRequest.newBuilder()
+   *           .setParent(CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]").toString())
+   *           .setCertificateAuthorityId("certificateAuthorityId-1652580953")
+   *           .setCertificateAuthority(CertificateAuthority.newBuilder().build())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   CertificateAuthority response =
+   *       certificateAuthorityServiceClient.createCertificateAuthorityAsync(request).get();
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final OperationFuture<CertificateAuthority, OperationMetadata>
+      createCertificateAuthorityAsync(CreateCertificateAuthorityRequest request) {
+    return createCertificateAuthorityOperationCallable().futureCall(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Create a new [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in
+   * a given Project and Location.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   CreateCertificateAuthorityRequest request =
+   *       CreateCertificateAuthorityRequest.newBuilder()
+   *           .setParent(CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]").toString())
+   *           .setCertificateAuthorityId("certificateAuthorityId-1652580953")
+   *           .setCertificateAuthority(CertificateAuthority.newBuilder().build())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   OperationFuture<CertificateAuthority, OperationMetadata> future =
+   *       certificateAuthorityServiceClient
+   *           .createCertificateAuthorityOperationCallable()
+   *           .futureCall(request);
+   *   // Do something.
+   *   CertificateAuthority response = future.get();
+   * }
+   * }</pre>
+   */
+  public final OperationCallable<
+          CreateCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      createCertificateAuthorityOperationCallable() {
+    return stub.createCertificateAuthorityOperationCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Create a new [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in
+   * a given Project and Location.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   CreateCertificateAuthorityRequest request =
+   *       CreateCertificateAuthorityRequest.newBuilder()
+   *           .setParent(CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]").toString())
+   *           .setCertificateAuthorityId("certificateAuthorityId-1652580953")
+   *           .setCertificateAuthority(CertificateAuthority.newBuilder().build())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   ApiFuture<Operation> future =
+   *       certificateAuthorityServiceClient
+   *           .createCertificateAuthorityCallable()
+   *           .futureCall(request);
+   *   // Do something.
+   *   Operation response = future.get();
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<CreateCertificateAuthorityRequest, Operation>
+      createCertificateAuthorityCallable() {
+    return stub.createCertificateAuthorityCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Disable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   CertificateAuthorityName name =
+   *       CertificateAuthorityName.of(
+   *           "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]");
+   *   CertificateAuthority response =
+   *       certificateAuthorityServiceClient.disableCertificateAuthorityAsync(name).get();
+   * }
+   * }</pre>
+   *
+   * @param name Required. The resource name for this
+   *     [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   *     format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/&#42;`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final OperationFuture<CertificateAuthority, OperationMetadata>
+      disableCertificateAuthorityAsync(CertificateAuthorityName name) {
+    DisableCertificateAuthorityRequest request =
+        DisableCertificateAuthorityRequest.newBuilder()
+            .setName(name == null ? null : name.toString())
+            .build();
+    return disableCertificateAuthorityAsync(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Disable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   String name =
+   *       CertificateAuthorityName.of(
+   *               "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+   *           .toString();
+   *   CertificateAuthority response =
+   *       certificateAuthorityServiceClient.disableCertificateAuthorityAsync(name).get();
+   * }
+   * }</pre>
+   *
+   * @param name Required. The resource name for this
+   *     [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   *     format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/&#42;`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final OperationFuture<CertificateAuthority, OperationMetadata>
+      disableCertificateAuthorityAsync(String name) {
+    DisableCertificateAuthorityRequest request =
+        DisableCertificateAuthorityRequest.newBuilder().setName(name).build();
+    return disableCertificateAuthorityAsync(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Disable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   DisableCertificateAuthorityRequest request =
+   *       DisableCertificateAuthorityRequest.newBuilder()
+   *           .setName(
+   *               CertificateAuthorityName.of(
+   *                       "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+   *                   .toString())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   CertificateAuthority response =
+   *       certificateAuthorityServiceClient.disableCertificateAuthorityAsync(request).get();
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final OperationFuture<CertificateAuthority, OperationMetadata>
+      disableCertificateAuthorityAsync(DisableCertificateAuthorityRequest request) {
+    return disableCertificateAuthorityOperationCallable().futureCall(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Disable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   DisableCertificateAuthorityRequest request =
+   *       DisableCertificateAuthorityRequest.newBuilder()
+   *           .setName(
+   *               CertificateAuthorityName.of(
+   *                       "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+   *                   .toString())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   OperationFuture<CertificateAuthority, OperationMetadata> future =
+   *       certificateAuthorityServiceClient
+   *           .disableCertificateAuthorityOperationCallable()
+   *           .futureCall(request);
+   *   // Do something.
+   *   CertificateAuthority response = future.get();
+   * }
+   * }</pre>
+   */
+  public final OperationCallable<
+          DisableCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      disableCertificateAuthorityOperationCallable() {
+    return stub.disableCertificateAuthorityOperationCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Disable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   DisableCertificateAuthorityRequest request =
+   *       DisableCertificateAuthorityRequest.newBuilder()
+   *           .setName(
+   *               CertificateAuthorityName.of(
+   *                       "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+   *                   .toString())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   ApiFuture<Operation> future =
+   *       certificateAuthorityServiceClient
+   *           .disableCertificateAuthorityCallable()
+   *           .futureCall(request);
+   *   // Do something.
+   *   Operation response = future.get();
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<DisableCertificateAuthorityRequest, Operation>
+      disableCertificateAuthorityCallable() {
+    return stub.disableCertificateAuthorityCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Enable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   CertificateAuthorityName name =
+   *       CertificateAuthorityName.of(
+   *           "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]");
+   *   CertificateAuthority response =
+   *       certificateAuthorityServiceClient.enableCertificateAuthorityAsync(name).get();
+   * }
+   * }</pre>
+   *
+   * @param name Required. The resource name for this
+   *     [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   *     format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/&#42;`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final OperationFuture<CertificateAuthority, OperationMetadata>
+      enableCertificateAuthorityAsync(CertificateAuthorityName name) {
+    EnableCertificateAuthorityRequest request =
+        EnableCertificateAuthorityRequest.newBuilder()
+            .setName(name == null ? null : name.toString())
+            .build();
+    return enableCertificateAuthorityAsync(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Enable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   String name =
+   *       CertificateAuthorityName.of(
+   *               "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+   *           .toString();
+   *   CertificateAuthority response =
+   *       certificateAuthorityServiceClient.enableCertificateAuthorityAsync(name).get();
+   * }
+   * }</pre>
+   *
+   * @param name Required. The resource name for this
+   *     [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   *     format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/&#42;`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final OperationFuture<CertificateAuthority, OperationMetadata>
+      enableCertificateAuthorityAsync(String name) {
+    EnableCertificateAuthorityRequest request =
+        EnableCertificateAuthorityRequest.newBuilder().setName(name).build();
+    return enableCertificateAuthorityAsync(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Enable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   EnableCertificateAuthorityRequest request =
+   *       EnableCertificateAuthorityRequest.newBuilder()
+   *           .setName(
+   *               CertificateAuthorityName.of(
+   *                       "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+   *                   .toString())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   CertificateAuthority response =
+   *       certificateAuthorityServiceClient.enableCertificateAuthorityAsync(request).get();
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final OperationFuture<CertificateAuthority, OperationMetadata>
+      enableCertificateAuthorityAsync(EnableCertificateAuthorityRequest request) {
+    return enableCertificateAuthorityOperationCallable().futureCall(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Enable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   EnableCertificateAuthorityRequest request =
+   *       EnableCertificateAuthorityRequest.newBuilder()
+   *           .setName(
+   *               CertificateAuthorityName.of(
+   *                       "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+   *                   .toString())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   OperationFuture<CertificateAuthority, OperationMetadata> future =
+   *       certificateAuthorityServiceClient
+   *           .enableCertificateAuthorityOperationCallable()
+   *           .futureCall(request);
+   *   // Do something.
+   *   CertificateAuthority response = future.get();
+   * }
+   * }</pre>
+   */
+  public final OperationCallable<
+          EnableCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      enableCertificateAuthorityOperationCallable() {
+    return stub.enableCertificateAuthorityOperationCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Enable a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   EnableCertificateAuthorityRequest request =
+   *       EnableCertificateAuthorityRequest.newBuilder()
+   *           .setName(
+   *               CertificateAuthorityName.of(
+   *                       "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+   *                   .toString())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   ApiFuture<Operation> future =
+   *       certificateAuthorityServiceClient
+   *           .enableCertificateAuthorityCallable()
+   *           .futureCall(request);
+   *   // Do something.
+   *   Operation response = future.get();
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<EnableCertificateAuthorityRequest, Operation>
+      enableCertificateAuthorityCallable() {
+    return stub.enableCertificateAuthorityCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Fetch a certificate signing request (CSR) from a
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that is in
+   * state
+   * [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
+   * and is of type
+   * [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. The
+   * CSR must then be signed by the desired parent Certificate Authority, which could be another
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resource, or
+   * could be an on-prem certificate authority. See also
+   * [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   CertificateAuthorityName name =
+   *       CertificateAuthorityName.of(
+   *           "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]");
+   *   FetchCertificateAuthorityCsrResponse response =
+   *       certificateAuthorityServiceClient.fetchCertificateAuthorityCsr(name);
+   * }
+   * }</pre>
+   *
+   * @param name Required. The resource name for this
+   *     [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   *     format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/&#42;`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final FetchCertificateAuthorityCsrResponse fetchCertificateAuthorityCsr(
+      CertificateAuthorityName name) {
+    FetchCertificateAuthorityCsrRequest request =
+        FetchCertificateAuthorityCsrRequest.newBuilder()
+            .setName(name == null ? null : name.toString())
+            .build();
+    return fetchCertificateAuthorityCsr(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Fetch a certificate signing request (CSR) from a
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that is in
+   * state
+   * [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
+   * and is of type
+   * [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. The
+   * CSR must then be signed by the desired parent Certificate Authority, which could be another
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resource, or
+   * could be an on-prem certificate authority. See also
+   * [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   String name =
+   *       CertificateAuthorityName.of(
+   *               "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+   *           .toString();
+   *   FetchCertificateAuthorityCsrResponse response =
+   *       certificateAuthorityServiceClient.fetchCertificateAuthorityCsr(name);
+   * }
+   * }</pre>
+   *
+   * @param name Required. The resource name for this
+   *     [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   *     format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/&#42;`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final FetchCertificateAuthorityCsrResponse fetchCertificateAuthorityCsr(String name) {
+    FetchCertificateAuthorityCsrRequest request =
+        FetchCertificateAuthorityCsrRequest.newBuilder().setName(name).build();
+    return fetchCertificateAuthorityCsr(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Fetch a certificate signing request (CSR) from a
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that is in
+   * state
+   * [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
+   * and is of type
+   * [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. The
+   * CSR must then be signed by the desired parent Certificate Authority, which could be another
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resource, or
+   * could be an on-prem certificate authority. See also
+   * [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   FetchCertificateAuthorityCsrRequest request =
+   *       FetchCertificateAuthorityCsrRequest.newBuilder()
+   *           .setName(
+   *               CertificateAuthorityName.of(
+   *                       "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+   *                   .toString())
+   *           .build();
+   *   FetchCertificateAuthorityCsrResponse response =
+   *       certificateAuthorityServiceClient.fetchCertificateAuthorityCsr(request);
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final FetchCertificateAuthorityCsrResponse fetchCertificateAuthorityCsr(
+      FetchCertificateAuthorityCsrRequest request) {
+    return fetchCertificateAuthorityCsrCallable().call(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Fetch a certificate signing request (CSR) from a
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that is in
+   * state
+   * [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
+   * and is of type
+   * [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE]. The
+   * CSR must then be signed by the desired parent Certificate Authority, which could be another
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resource, or
+   * could be an on-prem certificate authority. See also
+   * [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   FetchCertificateAuthorityCsrRequest request =
+   *       FetchCertificateAuthorityCsrRequest.newBuilder()
+   *           .setName(
+   *               CertificateAuthorityName.of(
+   *                       "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+   *                   .toString())
+   *           .build();
+   *   ApiFuture<FetchCertificateAuthorityCsrResponse> future =
+   *       certificateAuthorityServiceClient
+   *           .fetchCertificateAuthorityCsrCallable()
+   *           .futureCall(request);
+   *   // Do something.
+   *   FetchCertificateAuthorityCsrResponse response = future.get();
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<
+          FetchCertificateAuthorityCsrRequest, FetchCertificateAuthorityCsrResponse>
+      fetchCertificateAuthorityCsrCallable() {
+    return stub.fetchCertificateAuthorityCsrCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Returns a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   CertificateAuthorityName name =
+   *       CertificateAuthorityName.of(
+   *           "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]");
+   *   CertificateAuthority response =
+   *       certificateAuthorityServiceClient.getCertificateAuthority(name);
+   * }
+   * }</pre>
+   *
+   * @param name Required. The [name][google.cloud.security.privateca.v1.CertificateAuthority.name]
+   *     of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] to
+   *     get.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final CertificateAuthority getCertificateAuthority(CertificateAuthorityName name) {
+    GetCertificateAuthorityRequest request =
+        GetCertificateAuthorityRequest.newBuilder()
+            .setName(name == null ? null : name.toString())
+            .build();
+    return getCertificateAuthority(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Returns a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   String name =
+   *       CertificateAuthorityName.of(
+   *               "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+   *           .toString();
+   *   CertificateAuthority response =
+   *       certificateAuthorityServiceClient.getCertificateAuthority(name);
+   * }
+   * }</pre>
+   *
+   * @param name Required. The [name][google.cloud.security.privateca.v1.CertificateAuthority.name]
+   *     of the [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] to
+   *     get.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final CertificateAuthority getCertificateAuthority(String name) {
+    GetCertificateAuthorityRequest request =
+        GetCertificateAuthorityRequest.newBuilder().setName(name).build();
+    return getCertificateAuthority(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Returns a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   GetCertificateAuthorityRequest request =
+   *       GetCertificateAuthorityRequest.newBuilder()
+   *           .setName(
+   *               CertificateAuthorityName.of(
+   *                       "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+   *                   .toString())
+   *           .build();
+   *   CertificateAuthority response =
+   *       certificateAuthorityServiceClient.getCertificateAuthority(request);
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final CertificateAuthority getCertificateAuthority(
+      GetCertificateAuthorityRequest request) {
+    return getCertificateAuthorityCallable().call(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Returns a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   GetCertificateAuthorityRequest request =
+   *       GetCertificateAuthorityRequest.newBuilder()
+   *           .setName(
+   *               CertificateAuthorityName.of(
+   *                       "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+   *                   .toString())
+   *           .build();
+   *   ApiFuture<CertificateAuthority> future =
+   *       certificateAuthorityServiceClient.getCertificateAuthorityCallable().futureCall(request);
+   *   // Do something.
+   *   CertificateAuthority response = future.get();
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<GetCertificateAuthorityRequest, CertificateAuthority>
+      getCertificateAuthorityCallable() {
+    return stub.getCertificateAuthorityCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Lists [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   CaPoolName parent = CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]");
+   *   for (CertificateAuthority element :
+   *       certificateAuthorityServiceClient.listCertificateAuthorities(parent).iterateAll()) {
+   *     // doThingsWith(element);
+   *   }
+   * }
+   * }</pre>
+   *
+   * @param parent Required. The resource name of the
+   *     [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+   *     [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the
+   *     format `projects/&#42;/locations/&#42;/caPools/&#42;`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final ListCertificateAuthoritiesPagedResponse listCertificateAuthorities(
+      CaPoolName parent) {
+    ListCertificateAuthoritiesRequest request =
+        ListCertificateAuthoritiesRequest.newBuilder()
+            .setParent(parent == null ? null : parent.toString())
+            .build();
+    return listCertificateAuthorities(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Lists [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   String parent = CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]").toString();
+   *   for (CertificateAuthority element :
+   *       certificateAuthorityServiceClient.listCertificateAuthorities(parent).iterateAll()) {
+   *     // doThingsWith(element);
+   *   }
+   * }
+   * }</pre>
+   *
+   * @param parent Required. The resource name of the
+   *     [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+   *     [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority], in the
+   *     format `projects/&#42;/locations/&#42;/caPools/&#42;`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final ListCertificateAuthoritiesPagedResponse listCertificateAuthorities(String parent) {
+    ListCertificateAuthoritiesRequest request =
+        ListCertificateAuthoritiesRequest.newBuilder().setParent(parent).build();
+    return listCertificateAuthorities(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Lists [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   ListCertificateAuthoritiesRequest request =
+   *       ListCertificateAuthoritiesRequest.newBuilder()
+   *           .setParent(CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]").toString())
+   *           .setPageSize(883849137)
+   *           .setPageToken("pageToken873572522")
+   *           .setFilter("filter-1274492040")
+   *           .setOrderBy("orderBy-1207110587")
+   *           .build();
+   *   for (CertificateAuthority element :
+   *       certificateAuthorityServiceClient.listCertificateAuthorities(request).iterateAll()) {
+   *     // doThingsWith(element);
+   *   }
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final ListCertificateAuthoritiesPagedResponse listCertificateAuthorities(
+      ListCertificateAuthoritiesRequest request) {
+    return listCertificateAuthoritiesPagedCallable().call(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Lists [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   ListCertificateAuthoritiesRequest request =
+   *       ListCertificateAuthoritiesRequest.newBuilder()
+   *           .setParent(CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]").toString())
+   *           .setPageSize(883849137)
+   *           .setPageToken("pageToken873572522")
+   *           .setFilter("filter-1274492040")
+   *           .setOrderBy("orderBy-1207110587")
+   *           .build();
+   *   ApiFuture<CertificateAuthority> future =
+   *       certificateAuthorityServiceClient
+   *           .listCertificateAuthoritiesPagedCallable()
+   *           .futureCall(request);
+   *   // Do something.
+   *   for (CertificateAuthority element : future.get().iterateAll()) {
+   *     // doThingsWith(element);
+   *   }
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<
+          ListCertificateAuthoritiesRequest, ListCertificateAuthoritiesPagedResponse>
+      listCertificateAuthoritiesPagedCallable() {
+    return stub.listCertificateAuthoritiesPagedCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Lists [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   ListCertificateAuthoritiesRequest request =
+   *       ListCertificateAuthoritiesRequest.newBuilder()
+   *           .setParent(CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]").toString())
+   *           .setPageSize(883849137)
+   *           .setPageToken("pageToken873572522")
+   *           .setFilter("filter-1274492040")
+   *           .setOrderBy("orderBy-1207110587")
+   *           .build();
+   *   while (true) {
+   *     ListCertificateAuthoritiesResponse response =
+   *         certificateAuthorityServiceClient.listCertificateAuthoritiesCallable().call(request);
+   *     for (CertificateAuthority element : response.getResponsesList()) {
+   *       // doThingsWith(element);
+   *     }
+   *     String nextPageToken = response.getNextPageToken();
+   *     if (!Strings.isNullOrEmpty(nextPageToken)) {
+   *       request = request.toBuilder().setPageToken(nextPageToken).build();
+   *     } else {
+   *       break;
+   *     }
+   *   }
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<ListCertificateAuthoritiesRequest, ListCertificateAuthoritiesResponse>
+      listCertificateAuthoritiesCallable() {
+    return stub.listCertificateAuthoritiesCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Undelete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that
+   * has been deleted.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   CertificateAuthorityName name =
+   *       CertificateAuthorityName.of(
+   *           "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]");
+   *   CertificateAuthority response =
+   *       certificateAuthorityServiceClient.undeleteCertificateAuthorityAsync(name).get();
+   * }
+   * }</pre>
+   *
+   * @param name Required. The resource name for this
+   *     [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   *     format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/&#42;`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final OperationFuture<CertificateAuthority, OperationMetadata>
+      undeleteCertificateAuthorityAsync(CertificateAuthorityName name) {
+    UndeleteCertificateAuthorityRequest request =
+        UndeleteCertificateAuthorityRequest.newBuilder()
+            .setName(name == null ? null : name.toString())
+            .build();
+    return undeleteCertificateAuthorityAsync(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Undelete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that
+   * has been deleted.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   String name =
+   *       CertificateAuthorityName.of(
+   *               "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+   *           .toString();
+   *   CertificateAuthority response =
+   *       certificateAuthorityServiceClient.undeleteCertificateAuthorityAsync(name).get();
+   * }
+   * }</pre>
+   *
+   * @param name Required. The resource name for this
+   *     [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   *     format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/&#42;`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final OperationFuture<CertificateAuthority, OperationMetadata>
+      undeleteCertificateAuthorityAsync(String name) {
+    UndeleteCertificateAuthorityRequest request =
+        UndeleteCertificateAuthorityRequest.newBuilder().setName(name).build();
+    return undeleteCertificateAuthorityAsync(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Undelete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that
+   * has been deleted.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   UndeleteCertificateAuthorityRequest request =
+   *       UndeleteCertificateAuthorityRequest.newBuilder()
+   *           .setName(
+   *               CertificateAuthorityName.of(
+   *                       "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+   *                   .toString())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   CertificateAuthority response =
+   *       certificateAuthorityServiceClient.undeleteCertificateAuthorityAsync(request).get();
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final OperationFuture<CertificateAuthority, OperationMetadata>
+      undeleteCertificateAuthorityAsync(UndeleteCertificateAuthorityRequest request) {
+    return undeleteCertificateAuthorityOperationCallable().futureCall(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Undelete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that
+   * has been deleted.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   UndeleteCertificateAuthorityRequest request =
+   *       UndeleteCertificateAuthorityRequest.newBuilder()
+   *           .setName(
+   *               CertificateAuthorityName.of(
+   *                       "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+   *                   .toString())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   OperationFuture<CertificateAuthority, OperationMetadata> future =
+   *       certificateAuthorityServiceClient
+   *           .undeleteCertificateAuthorityOperationCallable()
+   *           .futureCall(request);
+   *   // Do something.
+   *   CertificateAuthority response = future.get();
+   * }
+   * }</pre>
+   */
+  public final OperationCallable<
+          UndeleteCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      undeleteCertificateAuthorityOperationCallable() {
+    return stub.undeleteCertificateAuthorityOperationCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Undelete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] that
+   * has been deleted.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   UndeleteCertificateAuthorityRequest request =
+   *       UndeleteCertificateAuthorityRequest.newBuilder()
+   *           .setName(
+   *               CertificateAuthorityName.of(
+   *                       "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+   *                   .toString())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   ApiFuture<Operation> future =
+   *       certificateAuthorityServiceClient
+   *           .undeleteCertificateAuthorityCallable()
+   *           .futureCall(request);
+   *   // Do something.
+   *   Operation response = future.get();
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<UndeleteCertificateAuthorityRequest, Operation>
+      undeleteCertificateAuthorityCallable() {
+    return stub.undeleteCertificateAuthorityCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Delete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   CertificateAuthorityName name =
+   *       CertificateAuthorityName.of(
+   *           "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]");
+   *   CertificateAuthority response =
+   *       certificateAuthorityServiceClient.deleteCertificateAuthorityAsync(name).get();
+   * }
+   * }</pre>
+   *
+   * @param name Required. The resource name for this
+   *     [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   *     format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/&#42;`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final OperationFuture<CertificateAuthority, OperationMetadata>
+      deleteCertificateAuthorityAsync(CertificateAuthorityName name) {
+    DeleteCertificateAuthorityRequest request =
+        DeleteCertificateAuthorityRequest.newBuilder()
+            .setName(name == null ? null : name.toString())
+            .build();
+    return deleteCertificateAuthorityAsync(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Delete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   String name =
+   *       CertificateAuthorityName.of(
+   *               "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+   *           .toString();
+   *   CertificateAuthority response =
+   *       certificateAuthorityServiceClient.deleteCertificateAuthorityAsync(name).get();
+   * }
+   * }</pre>
+   *
+   * @param name Required. The resource name for this
+   *     [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   *     format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/&#42;`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final OperationFuture<CertificateAuthority, OperationMetadata>
+      deleteCertificateAuthorityAsync(String name) {
+    DeleteCertificateAuthorityRequest request =
+        DeleteCertificateAuthorityRequest.newBuilder().setName(name).build();
+    return deleteCertificateAuthorityAsync(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Delete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   DeleteCertificateAuthorityRequest request =
+   *       DeleteCertificateAuthorityRequest.newBuilder()
+   *           .setName(
+   *               CertificateAuthorityName.of(
+   *                       "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+   *                   .toString())
+   *           .setRequestId("requestId693933066")
+   *           .setIgnoreActiveCertificates(true)
+   *           .build();
+   *   CertificateAuthority response =
+   *       certificateAuthorityServiceClient.deleteCertificateAuthorityAsync(request).get();
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final OperationFuture<CertificateAuthority, OperationMetadata>
+      deleteCertificateAuthorityAsync(DeleteCertificateAuthorityRequest request) {
+    return deleteCertificateAuthorityOperationCallable().futureCall(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Delete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   DeleteCertificateAuthorityRequest request =
+   *       DeleteCertificateAuthorityRequest.newBuilder()
+   *           .setName(
+   *               CertificateAuthorityName.of(
+   *                       "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+   *                   .toString())
+   *           .setRequestId("requestId693933066")
+   *           .setIgnoreActiveCertificates(true)
+   *           .build();
+   *   OperationFuture<CertificateAuthority, OperationMetadata> future =
+   *       certificateAuthorityServiceClient
+   *           .deleteCertificateAuthorityOperationCallable()
+   *           .futureCall(request);
+   *   // Do something.
+   *   CertificateAuthority response = future.get();
+   * }
+   * }</pre>
+   */
+  public final OperationCallable<
+          DeleteCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      deleteCertificateAuthorityOperationCallable() {
+    return stub.deleteCertificateAuthorityOperationCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Delete a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   DeleteCertificateAuthorityRequest request =
+   *       DeleteCertificateAuthorityRequest.newBuilder()
+   *           .setName(
+   *               CertificateAuthorityName.of(
+   *                       "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+   *                   .toString())
+   *           .setRequestId("requestId693933066")
+   *           .setIgnoreActiveCertificates(true)
+   *           .build();
+   *   ApiFuture<Operation> future =
+   *       certificateAuthorityServiceClient
+   *           .deleteCertificateAuthorityCallable()
+   *           .futureCall(request);
+   *   // Do something.
+   *   Operation response = future.get();
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<DeleteCertificateAuthorityRequest, Operation>
+      deleteCertificateAuthorityCallable() {
+    return stub.deleteCertificateAuthorityCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Update a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   CertificateAuthority certificateAuthority = CertificateAuthority.newBuilder().build();
+   *   FieldMask updateMask = FieldMask.newBuilder().build();
+   *   CertificateAuthority response =
+   *       certificateAuthorityServiceClient
+   *           .updateCertificateAuthorityAsync(certificateAuthority, updateMask)
+   *           .get();
+   * }
+   * }</pre>
+   *
+   * @param certificateAuthority Required.
+   *     [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] with
+   *     updated values.
+   * @param updateMask Required. A list of fields to be updated in this request.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final OperationFuture<CertificateAuthority, OperationMetadata>
+      updateCertificateAuthorityAsync(
+          CertificateAuthority certificateAuthority, FieldMask updateMask) {
+    UpdateCertificateAuthorityRequest request =
+        UpdateCertificateAuthorityRequest.newBuilder()
+            .setCertificateAuthority(certificateAuthority)
+            .setUpdateMask(updateMask)
+            .build();
+    return updateCertificateAuthorityAsync(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Update a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   UpdateCertificateAuthorityRequest request =
+   *       UpdateCertificateAuthorityRequest.newBuilder()
+   *           .setCertificateAuthority(CertificateAuthority.newBuilder().build())
+   *           .setUpdateMask(FieldMask.newBuilder().build())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   CertificateAuthority response =
+   *       certificateAuthorityServiceClient.updateCertificateAuthorityAsync(request).get();
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final OperationFuture<CertificateAuthority, OperationMetadata>
+      updateCertificateAuthorityAsync(UpdateCertificateAuthorityRequest request) {
+    return updateCertificateAuthorityOperationCallable().futureCall(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Update a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   UpdateCertificateAuthorityRequest request =
+   *       UpdateCertificateAuthorityRequest.newBuilder()
+   *           .setCertificateAuthority(CertificateAuthority.newBuilder().build())
+   *           .setUpdateMask(FieldMask.newBuilder().build())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   OperationFuture<CertificateAuthority, OperationMetadata> future =
+   *       certificateAuthorityServiceClient
+   *           .updateCertificateAuthorityOperationCallable()
+   *           .futureCall(request);
+   *   // Do something.
+   *   CertificateAuthority response = future.get();
+   * }
+   * }</pre>
+   */
+  public final OperationCallable<
+          UpdateCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      updateCertificateAuthorityOperationCallable() {
+    return stub.updateCertificateAuthorityOperationCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Update a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   UpdateCertificateAuthorityRequest request =
+   *       UpdateCertificateAuthorityRequest.newBuilder()
+   *           .setCertificateAuthority(CertificateAuthority.newBuilder().build())
+   *           .setUpdateMask(FieldMask.newBuilder().build())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   ApiFuture<Operation> future =
+   *       certificateAuthorityServiceClient
+   *           .updateCertificateAuthorityCallable()
+   *           .futureCall(request);
+   *   // Do something.
+   *   Operation response = future.get();
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<UpdateCertificateAuthorityRequest, Operation>
+      updateCertificateAuthorityCallable() {
+    return stub.updateCertificateAuthorityCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Create a [CaPool][google.cloud.security.privateca.v1.CaPool].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   LocationName parent = LocationName.of("[PROJECT]", "[LOCATION]");
+   *   CaPool caPool = CaPool.newBuilder().build();
+   *   String caPoolId = "caPoolId-970668971";
+   *   CaPool response =
+   *       certificateAuthorityServiceClient.createCaPoolAsync(parent, caPool, caPoolId).get();
+   * }
+   * }</pre>
+   *
+   * @param parent Required. The resource name of the location associated with the
+   *     [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
+   *     `projects/&#42;/locations/&#42;`.
+   * @param caPool Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with initial
+   *     field values.
+   * @param caPoolId Required. It must be unique within a location and match the regular expression
+   *     `[a-zA-Z0-9_-]{1,63}`
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final OperationFuture<CaPool, OperationMetadata> createCaPoolAsync(
+      LocationName parent, CaPool caPool, String caPoolId) {
+    CreateCaPoolRequest request =
+        CreateCaPoolRequest.newBuilder()
+            .setParent(parent == null ? null : parent.toString())
+            .setCaPool(caPool)
+            .setCaPoolId(caPoolId)
+            .build();
+    return createCaPoolAsync(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Create a [CaPool][google.cloud.security.privateca.v1.CaPool].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   String parent = LocationName.of("[PROJECT]", "[LOCATION]").toString();
+   *   CaPool caPool = CaPool.newBuilder().build();
+   *   String caPoolId = "caPoolId-970668971";
+   *   CaPool response =
+   *       certificateAuthorityServiceClient.createCaPoolAsync(parent, caPool, caPoolId).get();
+   * }
+   * }</pre>
+   *
+   * @param parent Required. The resource name of the location associated with the
+   *     [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
+   *     `projects/&#42;/locations/&#42;`.
+   * @param caPool Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with initial
+   *     field values.
+   * @param caPoolId Required. It must be unique within a location and match the regular expression
+   *     `[a-zA-Z0-9_-]{1,63}`
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final OperationFuture<CaPool, OperationMetadata> createCaPoolAsync(
+      String parent, CaPool caPool, String caPoolId) {
+    CreateCaPoolRequest request =
+        CreateCaPoolRequest.newBuilder()
+            .setParent(parent)
+            .setCaPool(caPool)
+            .setCaPoolId(caPoolId)
+            .build();
+    return createCaPoolAsync(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Create a [CaPool][google.cloud.security.privateca.v1.CaPool].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   CreateCaPoolRequest request =
+   *       CreateCaPoolRequest.newBuilder()
+   *           .setParent(LocationName.of("[PROJECT]", "[LOCATION]").toString())
+   *           .setCaPoolId("caPoolId-970668971")
+   *           .setCaPool(CaPool.newBuilder().build())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   CaPool response = certificateAuthorityServiceClient.createCaPoolAsync(request).get();
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final OperationFuture<CaPool, OperationMetadata> createCaPoolAsync(
+      CreateCaPoolRequest request) {
+    return createCaPoolOperationCallable().futureCall(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Create a [CaPool][google.cloud.security.privateca.v1.CaPool].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   CreateCaPoolRequest request =
+   *       CreateCaPoolRequest.newBuilder()
+   *           .setParent(LocationName.of("[PROJECT]", "[LOCATION]").toString())
+   *           .setCaPoolId("caPoolId-970668971")
+   *           .setCaPool(CaPool.newBuilder().build())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   OperationFuture<CaPool, OperationMetadata> future =
+   *       certificateAuthorityServiceClient.createCaPoolOperationCallable().futureCall(request);
+   *   // Do something.
+   *   CaPool response = future.get();
+   * }
+   * }</pre>
+   */
+  public final OperationCallable<CreateCaPoolRequest, CaPool, OperationMetadata>
+      createCaPoolOperationCallable() {
+    return stub.createCaPoolOperationCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Create a [CaPool][google.cloud.security.privateca.v1.CaPool].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   CreateCaPoolRequest request =
+   *       CreateCaPoolRequest.newBuilder()
+   *           .setParent(LocationName.of("[PROJECT]", "[LOCATION]").toString())
+   *           .setCaPoolId("caPoolId-970668971")
+   *           .setCaPool(CaPool.newBuilder().build())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   ApiFuture<Operation> future =
+   *       certificateAuthorityServiceClient.createCaPoolCallable().futureCall(request);
+   *   // Do something.
+   *   Operation response = future.get();
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<CreateCaPoolRequest, Operation> createCaPoolCallable() {
+    return stub.createCaPoolCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Update a [CaPool][google.cloud.security.privateca.v1.CaPool].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   CaPool caPool = CaPool.newBuilder().build();
+   *   FieldMask updateMask = FieldMask.newBuilder().build();
+   *   CaPool response =
+   *       certificateAuthorityServiceClient.updateCaPoolAsync(caPool, updateMask).get();
+   * }
+   * }</pre>
+   *
+   * @param caPool Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
+   *     values.
+   * @param updateMask Required. A list of fields to be updated in this request.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final OperationFuture<CaPool, OperationMetadata> updateCaPoolAsync(
+      CaPool caPool, FieldMask updateMask) {
+    UpdateCaPoolRequest request =
+        UpdateCaPoolRequest.newBuilder().setCaPool(caPool).setUpdateMask(updateMask).build();
+    return updateCaPoolAsync(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Update a [CaPool][google.cloud.security.privateca.v1.CaPool].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   UpdateCaPoolRequest request =
+   *       UpdateCaPoolRequest.newBuilder()
+   *           .setCaPool(CaPool.newBuilder().build())
+   *           .setUpdateMask(FieldMask.newBuilder().build())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   CaPool response = certificateAuthorityServiceClient.updateCaPoolAsync(request).get();
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final OperationFuture<CaPool, OperationMetadata> updateCaPoolAsync(
+      UpdateCaPoolRequest request) {
+    return updateCaPoolOperationCallable().futureCall(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Update a [CaPool][google.cloud.security.privateca.v1.CaPool].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   UpdateCaPoolRequest request =
+   *       UpdateCaPoolRequest.newBuilder()
+   *           .setCaPool(CaPool.newBuilder().build())
+   *           .setUpdateMask(FieldMask.newBuilder().build())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   OperationFuture<CaPool, OperationMetadata> future =
+   *       certificateAuthorityServiceClient.updateCaPoolOperationCallable().futureCall(request);
+   *   // Do something.
+   *   CaPool response = future.get();
+   * }
+   * }</pre>
+   */
+  public final OperationCallable<UpdateCaPoolRequest, CaPool, OperationMetadata>
+      updateCaPoolOperationCallable() {
+    return stub.updateCaPoolOperationCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Update a [CaPool][google.cloud.security.privateca.v1.CaPool].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   UpdateCaPoolRequest request =
+   *       UpdateCaPoolRequest.newBuilder()
+   *           .setCaPool(CaPool.newBuilder().build())
+   *           .setUpdateMask(FieldMask.newBuilder().build())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   ApiFuture<Operation> future =
+   *       certificateAuthorityServiceClient.updateCaPoolCallable().futureCall(request);
+   *   // Do something.
+   *   Operation response = future.get();
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<UpdateCaPoolRequest, Operation> updateCaPoolCallable() {
+    return stub.updateCaPoolCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Returns a [CaPool][google.cloud.security.privateca.v1.CaPool].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   CaPoolName name = CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]");
+   *   CaPool response = certificateAuthorityServiceClient.getCaPool(name);
+   * }
+   * }</pre>
+   *
+   * @param name Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the
+   *     [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final CaPool getCaPool(CaPoolName name) {
+    GetCaPoolRequest request =
+        GetCaPoolRequest.newBuilder().setName(name == null ? null : name.toString()).build();
+    return getCaPool(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Returns a [CaPool][google.cloud.security.privateca.v1.CaPool].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   String name = CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]").toString();
+   *   CaPool response = certificateAuthorityServiceClient.getCaPool(name);
+   * }
+   * }</pre>
+   *
+   * @param name Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the
+   *     [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final CaPool getCaPool(String name) {
+    GetCaPoolRequest request = GetCaPoolRequest.newBuilder().setName(name).build();
+    return getCaPool(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Returns a [CaPool][google.cloud.security.privateca.v1.CaPool].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   GetCaPoolRequest request =
+   *       GetCaPoolRequest.newBuilder()
+   *           .setName(CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]").toString())
+   *           .build();
+   *   CaPool response = certificateAuthorityServiceClient.getCaPool(request);
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final CaPool getCaPool(GetCaPoolRequest request) {
+    return getCaPoolCallable().call(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Returns a [CaPool][google.cloud.security.privateca.v1.CaPool].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   GetCaPoolRequest request =
+   *       GetCaPoolRequest.newBuilder()
+   *           .setName(CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]").toString())
+   *           .build();
+   *   ApiFuture<CaPool> future =
+   *       certificateAuthorityServiceClient.getCaPoolCallable().futureCall(request);
+   *   // Do something.
+   *   CaPool response = future.get();
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<GetCaPoolRequest, CaPool> getCaPoolCallable() {
+    return stub.getCaPoolCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Lists [CaPools][google.cloud.security.privateca.v1.CaPool].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   LocationName parent = LocationName.of("[PROJECT]", "[LOCATION]");
+   *   for (CaPool element : certificateAuthorityServiceClient.listCaPools(parent).iterateAll()) {
+   *     // doThingsWith(element);
+   *   }
+   * }
+   * }</pre>
+   *
+   * @param parent Required. The resource name of the location associated with the
+   *     [CaPools][google.cloud.security.privateca.v1.CaPool], in the format
+   *     `projects/&#42;/locations/&#42;`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final ListCaPoolsPagedResponse listCaPools(LocationName parent) {
+    ListCaPoolsRequest request =
+        ListCaPoolsRequest.newBuilder()
+            .setParent(parent == null ? null : parent.toString())
+            .build();
+    return listCaPools(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Lists [CaPools][google.cloud.security.privateca.v1.CaPool].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   String parent = LocationName.of("[PROJECT]", "[LOCATION]").toString();
+   *   for (CaPool element : certificateAuthorityServiceClient.listCaPools(parent).iterateAll()) {
+   *     // doThingsWith(element);
+   *   }
+   * }
+   * }</pre>
+   *
+   * @param parent Required. The resource name of the location associated with the
+   *     [CaPools][google.cloud.security.privateca.v1.CaPool], in the format
+   *     `projects/&#42;/locations/&#42;`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final ListCaPoolsPagedResponse listCaPools(String parent) {
+    ListCaPoolsRequest request = ListCaPoolsRequest.newBuilder().setParent(parent).build();
+    return listCaPools(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Lists [CaPools][google.cloud.security.privateca.v1.CaPool].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   ListCaPoolsRequest request =
+   *       ListCaPoolsRequest.newBuilder()
+   *           .setParent(LocationName.of("[PROJECT]", "[LOCATION]").toString())
+   *           .setPageSize(883849137)
+   *           .setPageToken("pageToken873572522")
+   *           .setFilter("filter-1274492040")
+   *           .setOrderBy("orderBy-1207110587")
+   *           .build();
+   *   for (CaPool element : certificateAuthorityServiceClient.listCaPools(request).iterateAll()) {
+   *     // doThingsWith(element);
+   *   }
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final ListCaPoolsPagedResponse listCaPools(ListCaPoolsRequest request) {
+    return listCaPoolsPagedCallable().call(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Lists [CaPools][google.cloud.security.privateca.v1.CaPool].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   ListCaPoolsRequest request =
+   *       ListCaPoolsRequest.newBuilder()
+   *           .setParent(LocationName.of("[PROJECT]", "[LOCATION]").toString())
+   *           .setPageSize(883849137)
+   *           .setPageToken("pageToken873572522")
+   *           .setFilter("filter-1274492040")
+   *           .setOrderBy("orderBy-1207110587")
+   *           .build();
+   *   ApiFuture<CaPool> future =
+   *       certificateAuthorityServiceClient.listCaPoolsPagedCallable().futureCall(request);
+   *   // Do something.
+   *   for (CaPool element : future.get().iterateAll()) {
+   *     // doThingsWith(element);
+   *   }
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<ListCaPoolsRequest, ListCaPoolsPagedResponse>
+      listCaPoolsPagedCallable() {
+    return stub.listCaPoolsPagedCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Lists [CaPools][google.cloud.security.privateca.v1.CaPool].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   ListCaPoolsRequest request =
+   *       ListCaPoolsRequest.newBuilder()
+   *           .setParent(LocationName.of("[PROJECT]", "[LOCATION]").toString())
+   *           .setPageSize(883849137)
+   *           .setPageToken("pageToken873572522")
+   *           .setFilter("filter-1274492040")
+   *           .setOrderBy("orderBy-1207110587")
+   *           .build();
+   *   while (true) {
+   *     ListCaPoolsResponse response =
+   *         certificateAuthorityServiceClient.listCaPoolsCallable().call(request);
+   *     for (CaPool element : response.getResponsesList()) {
+   *       // doThingsWith(element);
+   *     }
+   *     String nextPageToken = response.getNextPageToken();
+   *     if (!Strings.isNullOrEmpty(nextPageToken)) {
+   *       request = request.toBuilder().setPageToken(nextPageToken).build();
+   *     } else {
+   *       break;
+   *     }
+   *   }
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<ListCaPoolsRequest, ListCaPoolsResponse> listCaPoolsCallable() {
+    return stub.listCaPoolsCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Delete a [CaPool][google.cloud.security.privateca.v1.CaPool].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   CaPoolName name = CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]");
+   *   CaPool response = certificateAuthorityServiceClient.deleteCaPoolAsync(name).get();
+   * }
+   * }</pre>
+   *
+   * @param name Required. The resource name for this
+   *     [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+   *     `projects/&#42;/locations/&#42;/caPools/&#42;`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final OperationFuture<CaPool, OperationMetadata> deleteCaPoolAsync(CaPoolName name) {
+    DeleteCaPoolRequest request =
+        DeleteCaPoolRequest.newBuilder().setName(name == null ? null : name.toString()).build();
+    return deleteCaPoolAsync(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Delete a [CaPool][google.cloud.security.privateca.v1.CaPool].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   String name = CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]").toString();
+   *   CaPool response = certificateAuthorityServiceClient.deleteCaPoolAsync(name).get();
+   * }
+   * }</pre>
+   *
+   * @param name Required. The resource name for this
+   *     [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+   *     `projects/&#42;/locations/&#42;/caPools/&#42;`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final OperationFuture<CaPool, OperationMetadata> deleteCaPoolAsync(String name) {
+    DeleteCaPoolRequest request = DeleteCaPoolRequest.newBuilder().setName(name).build();
+    return deleteCaPoolAsync(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Delete a [CaPool][google.cloud.security.privateca.v1.CaPool].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   DeleteCaPoolRequest request =
+   *       DeleteCaPoolRequest.newBuilder()
+   *           .setName(CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]").toString())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   CaPool response = certificateAuthorityServiceClient.deleteCaPoolAsync(request).get();
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final OperationFuture<CaPool, OperationMetadata> deleteCaPoolAsync(
+      DeleteCaPoolRequest request) {
+    return deleteCaPoolOperationCallable().futureCall(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Delete a [CaPool][google.cloud.security.privateca.v1.CaPool].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   DeleteCaPoolRequest request =
+   *       DeleteCaPoolRequest.newBuilder()
+   *           .setName(CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]").toString())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   OperationFuture<CaPool, OperationMetadata> future =
+   *       certificateAuthorityServiceClient.deleteCaPoolOperationCallable().futureCall(request);
+   *   // Do something.
+   *   CaPool response = future.get();
+   * }
+   * }</pre>
+   */
+  public final OperationCallable<DeleteCaPoolRequest, CaPool, OperationMetadata>
+      deleteCaPoolOperationCallable() {
+    return stub.deleteCaPoolOperationCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Delete a [CaPool][google.cloud.security.privateca.v1.CaPool].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   DeleteCaPoolRequest request =
+   *       DeleteCaPoolRequest.newBuilder()
+   *           .setName(CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]").toString())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   ApiFuture<Operation> future =
+   *       certificateAuthorityServiceClient.deleteCaPoolCallable().futureCall(request);
+   *   // Do something.
+   *   Operation response = future.get();
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<DeleteCaPoolRequest, Operation> deleteCaPoolCallable() {
+    return stub.deleteCaPoolCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * FetchCaCerts returns the current trust anchor for the
+   * [CaPool][google.cloud.security.privateca.v1.CaPool]. This will include CA certificate chains
+   * for all ACTIVE [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * resources in the [CaPool][google.cloud.security.privateca.v1.CaPool].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   CaPoolName caPool = CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]");
+   *   FetchCaCertsResponse response = certificateAuthorityServiceClient.fetchCaCerts(caPool);
+   * }
+   * }</pre>
+   *
+   * @param caPool Required. The resource name for the
+   *     [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+   *     `projects/&#42;/locations/&#42;/caPools/&#42;`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final FetchCaCertsResponse fetchCaCerts(CaPoolName caPool) {
+    FetchCaCertsRequest request =
+        FetchCaCertsRequest.newBuilder()
+            .setCaPool(caPool == null ? null : caPool.toString())
+            .build();
+    return fetchCaCerts(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * FetchCaCerts returns the current trust anchor for the
+   * [CaPool][google.cloud.security.privateca.v1.CaPool]. This will include CA certificate chains
+   * for all ACTIVE [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * resources in the [CaPool][google.cloud.security.privateca.v1.CaPool].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   String caPool = CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]").toString();
+   *   FetchCaCertsResponse response = certificateAuthorityServiceClient.fetchCaCerts(caPool);
+   * }
+   * }</pre>
+   *
+   * @param caPool Required. The resource name for the
+   *     [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+   *     `projects/&#42;/locations/&#42;/caPools/&#42;`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final FetchCaCertsResponse fetchCaCerts(String caPool) {
+    FetchCaCertsRequest request = FetchCaCertsRequest.newBuilder().setCaPool(caPool).build();
+    return fetchCaCerts(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * FetchCaCerts returns the current trust anchor for the
+   * [CaPool][google.cloud.security.privateca.v1.CaPool]. This will include CA certificate chains
+   * for all ACTIVE [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * resources in the [CaPool][google.cloud.security.privateca.v1.CaPool].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   FetchCaCertsRequest request =
+   *       FetchCaCertsRequest.newBuilder()
+   *           .setCaPool(CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]").toString())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   FetchCaCertsResponse response = certificateAuthorityServiceClient.fetchCaCerts(request);
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final FetchCaCertsResponse fetchCaCerts(FetchCaCertsRequest request) {
+    return fetchCaCertsCallable().call(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * FetchCaCerts returns the current trust anchor for the
+   * [CaPool][google.cloud.security.privateca.v1.CaPool]. This will include CA certificate chains
+   * for all ACTIVE [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * resources in the [CaPool][google.cloud.security.privateca.v1.CaPool].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   FetchCaCertsRequest request =
+   *       FetchCaCertsRequest.newBuilder()
+   *           .setCaPool(CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]").toString())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   ApiFuture<FetchCaCertsResponse> future =
+   *       certificateAuthorityServiceClient.fetchCaCertsCallable().futureCall(request);
+   *   // Do something.
+   *   FetchCaCertsResponse response = future.get();
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<FetchCaCertsRequest, FetchCaCertsResponse> fetchCaCertsCallable() {
+    return stub.fetchCaCertsCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Returns a
+   * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   CertificateRevocationListName name =
+   *       CertificateRevocationListName.of(
+   *           "[PROJECT]",
+   *           "[LOCATION]",
+   *           "[CA_POOL]",
+   *           "[CERTIFICATE_AUTHORITY]",
+   *           "[CERTIFICATE_REVOCATION_LIST]");
+   *   CertificateRevocationList response =
+   *       certificateAuthorityServiceClient.getCertificateRevocationList(name);
+   * }
+   * }</pre>
+   *
+   * @param name Required. The
+   *     [name][google.cloud.security.privateca.v1.CertificateRevocationList.name] of the
+   *     [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+   *     to get.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final CertificateRevocationList getCertificateRevocationList(
+      CertificateRevocationListName name) {
+    GetCertificateRevocationListRequest request =
+        GetCertificateRevocationListRequest.newBuilder()
+            .setName(name == null ? null : name.toString())
+            .build();
+    return getCertificateRevocationList(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Returns a
+   * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   String name =
+   *       CertificateRevocationListName.of(
+   *               "[PROJECT]",
+   *               "[LOCATION]",
+   *               "[CA_POOL]",
+   *               "[CERTIFICATE_AUTHORITY]",
+   *               "[CERTIFICATE_REVOCATION_LIST]")
+   *           .toString();
+   *   CertificateRevocationList response =
+   *       certificateAuthorityServiceClient.getCertificateRevocationList(name);
+   * }
+   * }</pre>
+   *
+   * @param name Required. The
+   *     [name][google.cloud.security.privateca.v1.CertificateRevocationList.name] of the
+   *     [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+   *     to get.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final CertificateRevocationList getCertificateRevocationList(String name) {
+    GetCertificateRevocationListRequest request =
+        GetCertificateRevocationListRequest.newBuilder().setName(name).build();
+    return getCertificateRevocationList(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Returns a
+   * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   GetCertificateRevocationListRequest request =
+   *       GetCertificateRevocationListRequest.newBuilder()
+   *           .setName(
+   *               CertificateRevocationListName.of(
+   *                       "[PROJECT]",
+   *                       "[LOCATION]",
+   *                       "[CA_POOL]",
+   *                       "[CERTIFICATE_AUTHORITY]",
+   *                       "[CERTIFICATE_REVOCATION_LIST]")
+   *                   .toString())
+   *           .build();
+   *   CertificateRevocationList response =
+   *       certificateAuthorityServiceClient.getCertificateRevocationList(request);
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final CertificateRevocationList getCertificateRevocationList(
+      GetCertificateRevocationListRequest request) {
+    return getCertificateRevocationListCallable().call(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Returns a
+   * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   GetCertificateRevocationListRequest request =
+   *       GetCertificateRevocationListRequest.newBuilder()
+   *           .setName(
+   *               CertificateRevocationListName.of(
+   *                       "[PROJECT]",
+   *                       "[LOCATION]",
+   *                       "[CA_POOL]",
+   *                       "[CERTIFICATE_AUTHORITY]",
+   *                       "[CERTIFICATE_REVOCATION_LIST]")
+   *                   .toString())
+   *           .build();
+   *   ApiFuture<CertificateRevocationList> future =
+   *       certificateAuthorityServiceClient
+   *           .getCertificateRevocationListCallable()
+   *           .futureCall(request);
+   *   // Do something.
+   *   CertificateRevocationList response = future.get();
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<GetCertificateRevocationListRequest, CertificateRevocationList>
+      getCertificateRevocationListCallable() {
+    return stub.getCertificateRevocationListCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Lists
+   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   CertificateAuthorityName parent =
+   *       CertificateAuthorityName.of(
+   *           "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]");
+   *   for (CertificateRevocationList element :
+   *       certificateAuthorityServiceClient.listCertificateRevocationLists(parent).iterateAll()) {
+   *     // doThingsWith(element);
+   *   }
+   * }
+   * }</pre>
+   *
+   * @param parent Required. The resource name of the location associated with the
+   *     [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList],
+   *     in the format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/&#42;`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final ListCertificateRevocationListsPagedResponse listCertificateRevocationLists(
+      CertificateAuthorityName parent) {
+    ListCertificateRevocationListsRequest request =
+        ListCertificateRevocationListsRequest.newBuilder()
+            .setParent(parent == null ? null : parent.toString())
+            .build();
+    return listCertificateRevocationLists(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Lists
+   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   String parent =
+   *       CertificateAuthorityName.of(
+   *               "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+   *           .toString();
+   *   for (CertificateRevocationList element :
+   *       certificateAuthorityServiceClient.listCertificateRevocationLists(parent).iterateAll()) {
+   *     // doThingsWith(element);
+   *   }
+   * }
+   * }</pre>
+   *
+   * @param parent Required. The resource name of the location associated with the
+   *     [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList],
+   *     in the format `projects/&#42;/locations/&#42;/caPools/&#42;/certificateAuthorities/&#42;`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final ListCertificateRevocationListsPagedResponse listCertificateRevocationLists(
+      String parent) {
+    ListCertificateRevocationListsRequest request =
+        ListCertificateRevocationListsRequest.newBuilder().setParent(parent).build();
+    return listCertificateRevocationLists(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Lists
+   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   ListCertificateRevocationListsRequest request =
+   *       ListCertificateRevocationListsRequest.newBuilder()
+   *           .setParent(
+   *               CertificateAuthorityName.of(
+   *                       "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+   *                   .toString())
+   *           .setPageSize(883849137)
+   *           .setPageToken("pageToken873572522")
+   *           .setFilter("filter-1274492040")
+   *           .setOrderBy("orderBy-1207110587")
+   *           .build();
+   *   for (CertificateRevocationList element :
+   *       certificateAuthorityServiceClient.listCertificateRevocationLists(request).iterateAll()) {
+   *     // doThingsWith(element);
+   *   }
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final ListCertificateRevocationListsPagedResponse listCertificateRevocationLists(
+      ListCertificateRevocationListsRequest request) {
+    return listCertificateRevocationListsPagedCallable().call(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Lists
+   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   ListCertificateRevocationListsRequest request =
+   *       ListCertificateRevocationListsRequest.newBuilder()
+   *           .setParent(
+   *               CertificateAuthorityName.of(
+   *                       "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+   *                   .toString())
+   *           .setPageSize(883849137)
+   *           .setPageToken("pageToken873572522")
+   *           .setFilter("filter-1274492040")
+   *           .setOrderBy("orderBy-1207110587")
+   *           .build();
+   *   ApiFuture<CertificateRevocationList> future =
+   *       certificateAuthorityServiceClient
+   *           .listCertificateRevocationListsPagedCallable()
+   *           .futureCall(request);
+   *   // Do something.
+   *   for (CertificateRevocationList element : future.get().iterateAll()) {
+   *     // doThingsWith(element);
+   *   }
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<
+          ListCertificateRevocationListsRequest, ListCertificateRevocationListsPagedResponse>
+      listCertificateRevocationListsPagedCallable() {
+    return stub.listCertificateRevocationListsPagedCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Lists
+   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   ListCertificateRevocationListsRequest request =
+   *       ListCertificateRevocationListsRequest.newBuilder()
+   *           .setParent(
+   *               CertificateAuthorityName.of(
+   *                       "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+   *                   .toString())
+   *           .setPageSize(883849137)
+   *           .setPageToken("pageToken873572522")
+   *           .setFilter("filter-1274492040")
+   *           .setOrderBy("orderBy-1207110587")
+   *           .build();
+   *   while (true) {
+   *     ListCertificateRevocationListsResponse response =
+   *         certificateAuthorityServiceClient
+   *             .listCertificateRevocationListsCallable()
+   *             .call(request);
+   *     for (CertificateRevocationList element : response.getResponsesList()) {
+   *       // doThingsWith(element);
+   *     }
+   *     String nextPageToken = response.getNextPageToken();
+   *     if (!Strings.isNullOrEmpty(nextPageToken)) {
+   *       request = request.toBuilder().setPageToken(nextPageToken).build();
+   *     } else {
+   *       break;
+   *     }
+   *   }
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<
+          ListCertificateRevocationListsRequest, ListCertificateRevocationListsResponse>
+      listCertificateRevocationListsCallable() {
+    return stub.listCertificateRevocationListsCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Update a
+   * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   CertificateRevocationList certificateRevocationList =
+   *       CertificateRevocationList.newBuilder().build();
+   *   FieldMask updateMask = FieldMask.newBuilder().build();
+   *   CertificateRevocationList response =
+   *       certificateAuthorityServiceClient
+   *           .updateCertificateRevocationListAsync(certificateRevocationList, updateMask)
+   *           .get();
+   * }
+   * }</pre>
+   *
+   * @param certificateRevocationList Required.
+   *     [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+   *     with updated values.
+   * @param updateMask Required. A list of fields to be updated in this request.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final OperationFuture<CertificateRevocationList, OperationMetadata>
+      updateCertificateRevocationListAsync(
+          CertificateRevocationList certificateRevocationList, FieldMask updateMask) {
+    UpdateCertificateRevocationListRequest request =
+        UpdateCertificateRevocationListRequest.newBuilder()
+            .setCertificateRevocationList(certificateRevocationList)
+            .setUpdateMask(updateMask)
+            .build();
+    return updateCertificateRevocationListAsync(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Update a
+   * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   UpdateCertificateRevocationListRequest request =
+   *       UpdateCertificateRevocationListRequest.newBuilder()
+   *           .setCertificateRevocationList(CertificateRevocationList.newBuilder().build())
+   *           .setUpdateMask(FieldMask.newBuilder().build())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   CertificateRevocationList response =
+   *       certificateAuthorityServiceClient.updateCertificateRevocationListAsync(request).get();
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final OperationFuture<CertificateRevocationList, OperationMetadata>
+      updateCertificateRevocationListAsync(UpdateCertificateRevocationListRequest request) {
+    return updateCertificateRevocationListOperationCallable().futureCall(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Update a
+   * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   UpdateCertificateRevocationListRequest request =
+   *       UpdateCertificateRevocationListRequest.newBuilder()
+   *           .setCertificateRevocationList(CertificateRevocationList.newBuilder().build())
+   *           .setUpdateMask(FieldMask.newBuilder().build())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   OperationFuture<CertificateRevocationList, OperationMetadata> future =
+   *       certificateAuthorityServiceClient
+   *           .updateCertificateRevocationListOperationCallable()
+   *           .futureCall(request);
+   *   // Do something.
+   *   CertificateRevocationList response = future.get();
+   * }
+   * }</pre>
+   */
+  public final OperationCallable<
+          UpdateCertificateRevocationListRequest, CertificateRevocationList, OperationMetadata>
+      updateCertificateRevocationListOperationCallable() {
+    return stub.updateCertificateRevocationListOperationCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Update a
+   * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   UpdateCertificateRevocationListRequest request =
+   *       UpdateCertificateRevocationListRequest.newBuilder()
+   *           .setCertificateRevocationList(CertificateRevocationList.newBuilder().build())
+   *           .setUpdateMask(FieldMask.newBuilder().build())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   ApiFuture<Operation> future =
+   *       certificateAuthorityServiceClient
+   *           .updateCertificateRevocationListCallable()
+   *           .futureCall(request);
+   *   // Do something.
+   *   Operation response = future.get();
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<UpdateCertificateRevocationListRequest, Operation>
+      updateCertificateRevocationListCallable() {
+    return stub.updateCertificateRevocationListCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Create a new [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in a
+   * given Project and Location.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   LocationName parent = LocationName.of("[PROJECT]", "[LOCATION]");
+   *   CertificateTemplate certificateTemplate = CertificateTemplate.newBuilder().build();
+   *   String certificateTemplateId = "certificateTemplateId1920134188";
+   *   CertificateTemplate response =
+   *       certificateAuthorityServiceClient
+   *           .createCertificateTemplateAsync(parent, certificateTemplate, certificateTemplateId)
+   *           .get();
+   * }
+   * }</pre>
+   *
+   * @param parent Required. The resource name of the location associated with the
+   *     [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate], in the
+   *     format `projects/&#42;/locations/&#42;`.
+   * @param certificateTemplate Required. A
+   *     [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with initial
+   *     field values.
+   * @param certificateTemplateId Required. It must be unique within a location and match the
+   *     regular expression `[a-zA-Z0-9_-]{1,63}`
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final OperationFuture<CertificateTemplate, OperationMetadata>
+      createCertificateTemplateAsync(
+          LocationName parent,
+          CertificateTemplate certificateTemplate,
+          String certificateTemplateId) {
+    CreateCertificateTemplateRequest request =
+        CreateCertificateTemplateRequest.newBuilder()
+            .setParent(parent == null ? null : parent.toString())
+            .setCertificateTemplate(certificateTemplate)
+            .setCertificateTemplateId(certificateTemplateId)
+            .build();
+    return createCertificateTemplateAsync(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Create a new [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in a
+   * given Project and Location.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   String parent = LocationName.of("[PROJECT]", "[LOCATION]").toString();
+   *   CertificateTemplate certificateTemplate = CertificateTemplate.newBuilder().build();
+   *   String certificateTemplateId = "certificateTemplateId1920134188";
+   *   CertificateTemplate response =
+   *       certificateAuthorityServiceClient
+   *           .createCertificateTemplateAsync(parent, certificateTemplate, certificateTemplateId)
+   *           .get();
+   * }
+   * }</pre>
+   *
+   * @param parent Required. The resource name of the location associated with the
+   *     [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate], in the
+   *     format `projects/&#42;/locations/&#42;`.
+   * @param certificateTemplate Required. A
+   *     [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with initial
+   *     field values.
+   * @param certificateTemplateId Required. It must be unique within a location and match the
+   *     regular expression `[a-zA-Z0-9_-]{1,63}`
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final OperationFuture<CertificateTemplate, OperationMetadata>
+      createCertificateTemplateAsync(
+          String parent, CertificateTemplate certificateTemplate, String certificateTemplateId) {
+    CreateCertificateTemplateRequest request =
+        CreateCertificateTemplateRequest.newBuilder()
+            .setParent(parent)
+            .setCertificateTemplate(certificateTemplate)
+            .setCertificateTemplateId(certificateTemplateId)
+            .build();
+    return createCertificateTemplateAsync(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Create a new [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in a
+   * given Project and Location.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   CreateCertificateTemplateRequest request =
+   *       CreateCertificateTemplateRequest.newBuilder()
+   *           .setParent(LocationName.of("[PROJECT]", "[LOCATION]").toString())
+   *           .setCertificateTemplateId("certificateTemplateId1920134188")
+   *           .setCertificateTemplate(CertificateTemplate.newBuilder().build())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   CertificateTemplate response =
+   *       certificateAuthorityServiceClient.createCertificateTemplateAsync(request).get();
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final OperationFuture<CertificateTemplate, OperationMetadata>
+      createCertificateTemplateAsync(CreateCertificateTemplateRequest request) {
+    return createCertificateTemplateOperationCallable().futureCall(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Create a new [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in a
+   * given Project and Location.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   CreateCertificateTemplateRequest request =
+   *       CreateCertificateTemplateRequest.newBuilder()
+   *           .setParent(LocationName.of("[PROJECT]", "[LOCATION]").toString())
+   *           .setCertificateTemplateId("certificateTemplateId1920134188")
+   *           .setCertificateTemplate(CertificateTemplate.newBuilder().build())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   OperationFuture<CertificateTemplate, OperationMetadata> future =
+   *       certificateAuthorityServiceClient
+   *           .createCertificateTemplateOperationCallable()
+   *           .futureCall(request);
+   *   // Do something.
+   *   CertificateTemplate response = future.get();
+   * }
+   * }</pre>
+   */
+  public final OperationCallable<
+          CreateCertificateTemplateRequest, CertificateTemplate, OperationMetadata>
+      createCertificateTemplateOperationCallable() {
+    return stub.createCertificateTemplateOperationCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Create a new [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in a
+   * given Project and Location.
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   CreateCertificateTemplateRequest request =
+   *       CreateCertificateTemplateRequest.newBuilder()
+   *           .setParent(LocationName.of("[PROJECT]", "[LOCATION]").toString())
+   *           .setCertificateTemplateId("certificateTemplateId1920134188")
+   *           .setCertificateTemplate(CertificateTemplate.newBuilder().build())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   ApiFuture<Operation> future =
+   *       certificateAuthorityServiceClient.createCertificateTemplateCallable().futureCall(request);
+   *   // Do something.
+   *   Operation response = future.get();
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<CreateCertificateTemplateRequest, Operation>
+      createCertificateTemplateCallable() {
+    return stub.createCertificateTemplateCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * DeleteCertificateTemplate deletes a
+   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   CertificateTemplateName name =
+   *       CertificateTemplateName.of("[PROJECT]", "[LOCATION]", "[CERTIFICATE_TEMPLATE]");
+   *   certificateAuthorityServiceClient.deleteCertificateTemplateAsync(name).get();
+   * }
+   * }</pre>
+   *
+   * @param name Required. The resource name for this
+   *     [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
+   *     `projects/&#42;/locations/&#42;/certificateTemplates/&#42;`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final OperationFuture<Empty, OperationMetadata> deleteCertificateTemplateAsync(
+      CertificateTemplateName name) {
+    DeleteCertificateTemplateRequest request =
+        DeleteCertificateTemplateRequest.newBuilder()
+            .setName(name == null ? null : name.toString())
+            .build();
+    return deleteCertificateTemplateAsync(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * DeleteCertificateTemplate deletes a
+   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   String name =
+   *       CertificateTemplateName.of("[PROJECT]", "[LOCATION]", "[CERTIFICATE_TEMPLATE]")
+   *           .toString();
+   *   certificateAuthorityServiceClient.deleteCertificateTemplateAsync(name).get();
+   * }
+   * }</pre>
+   *
+   * @param name Required. The resource name for this
+   *     [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
+   *     `projects/&#42;/locations/&#42;/certificateTemplates/&#42;`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final OperationFuture<Empty, OperationMetadata> deleteCertificateTemplateAsync(
+      String name) {
+    DeleteCertificateTemplateRequest request =
+        DeleteCertificateTemplateRequest.newBuilder().setName(name).build();
+    return deleteCertificateTemplateAsync(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * DeleteCertificateTemplate deletes a
+   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   DeleteCertificateTemplateRequest request =
+   *       DeleteCertificateTemplateRequest.newBuilder()
+   *           .setName(
+   *               CertificateTemplateName.of("[PROJECT]", "[LOCATION]", "[CERTIFICATE_TEMPLATE]")
+   *                   .toString())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   certificateAuthorityServiceClient.deleteCertificateTemplateAsync(request).get();
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final OperationFuture<Empty, OperationMetadata> deleteCertificateTemplateAsync(
+      DeleteCertificateTemplateRequest request) {
+    return deleteCertificateTemplateOperationCallable().futureCall(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * DeleteCertificateTemplate deletes a
+   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   DeleteCertificateTemplateRequest request =
+   *       DeleteCertificateTemplateRequest.newBuilder()
+   *           .setName(
+   *               CertificateTemplateName.of("[PROJECT]", "[LOCATION]", "[CERTIFICATE_TEMPLATE]")
+   *                   .toString())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   OperationFuture<Empty, OperationMetadata> future =
+   *       certificateAuthorityServiceClient
+   *           .deleteCertificateTemplateOperationCallable()
+   *           .futureCall(request);
+   *   // Do something.
+   *   future.get();
+   * }
+   * }</pre>
+   */
+  public final OperationCallable<DeleteCertificateTemplateRequest, Empty, OperationMetadata>
+      deleteCertificateTemplateOperationCallable() {
+    return stub.deleteCertificateTemplateOperationCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * DeleteCertificateTemplate deletes a
+   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   DeleteCertificateTemplateRequest request =
+   *       DeleteCertificateTemplateRequest.newBuilder()
+   *           .setName(
+   *               CertificateTemplateName.of("[PROJECT]", "[LOCATION]", "[CERTIFICATE_TEMPLATE]")
+   *                   .toString())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   ApiFuture<Operation> future =
+   *       certificateAuthorityServiceClient.deleteCertificateTemplateCallable().futureCall(request);
+   *   // Do something.
+   *   future.get();
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<DeleteCertificateTemplateRequest, Operation>
+      deleteCertificateTemplateCallable() {
+    return stub.deleteCertificateTemplateCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Returns a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   CertificateTemplateName name =
+   *       CertificateTemplateName.of("[PROJECT]", "[LOCATION]", "[CERTIFICATE_TEMPLATE]");
+   *   CertificateTemplate response = certificateAuthorityServiceClient.getCertificateTemplate(name);
+   * }
+   * }</pre>
+   *
+   * @param name Required. The [name][google.cloud.security.privateca.v1.CertificateTemplate.name]
+   *     of the [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] to
+   *     get.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final CertificateTemplate getCertificateTemplate(CertificateTemplateName name) {
+    GetCertificateTemplateRequest request =
+        GetCertificateTemplateRequest.newBuilder()
+            .setName(name == null ? null : name.toString())
+            .build();
+    return getCertificateTemplate(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Returns a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   String name =
+   *       CertificateTemplateName.of("[PROJECT]", "[LOCATION]", "[CERTIFICATE_TEMPLATE]")
+   *           .toString();
+   *   CertificateTemplate response = certificateAuthorityServiceClient.getCertificateTemplate(name);
+   * }
+   * }</pre>
+   *
+   * @param name Required. The [name][google.cloud.security.privateca.v1.CertificateTemplate.name]
+   *     of the [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] to
+   *     get.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final CertificateTemplate getCertificateTemplate(String name) {
+    GetCertificateTemplateRequest request =
+        GetCertificateTemplateRequest.newBuilder().setName(name).build();
+    return getCertificateTemplate(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Returns a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   GetCertificateTemplateRequest request =
+   *       GetCertificateTemplateRequest.newBuilder()
+   *           .setName(
+   *               CertificateTemplateName.of("[PROJECT]", "[LOCATION]", "[CERTIFICATE_TEMPLATE]")
+   *                   .toString())
+   *           .build();
+   *   CertificateTemplate response =
+   *       certificateAuthorityServiceClient.getCertificateTemplate(request);
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final CertificateTemplate getCertificateTemplate(GetCertificateTemplateRequest request) {
+    return getCertificateTemplateCallable().call(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Returns a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   GetCertificateTemplateRequest request =
+   *       GetCertificateTemplateRequest.newBuilder()
+   *           .setName(
+   *               CertificateTemplateName.of("[PROJECT]", "[LOCATION]", "[CERTIFICATE_TEMPLATE]")
+   *                   .toString())
+   *           .build();
+   *   ApiFuture<CertificateTemplate> future =
+   *       certificateAuthorityServiceClient.getCertificateTemplateCallable().futureCall(request);
+   *   // Do something.
+   *   CertificateTemplate response = future.get();
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<GetCertificateTemplateRequest, CertificateTemplate>
+      getCertificateTemplateCallable() {
+    return stub.getCertificateTemplateCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Lists [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   LocationName parent = LocationName.of("[PROJECT]", "[LOCATION]");
+   *   for (CertificateTemplate element :
+   *       certificateAuthorityServiceClient.listCertificateTemplates(parent).iterateAll()) {
+   *     // doThingsWith(element);
+   *   }
+   * }
+   * }</pre>
+   *
+   * @param parent Required. The resource name of the location associated with the
+   *     [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate], in the
+   *     format `projects/&#42;/locations/&#42;`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final ListCertificateTemplatesPagedResponse listCertificateTemplates(LocationName parent) {
+    ListCertificateTemplatesRequest request =
+        ListCertificateTemplatesRequest.newBuilder()
+            .setParent(parent == null ? null : parent.toString())
+            .build();
+    return listCertificateTemplates(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Lists [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   String parent = LocationName.of("[PROJECT]", "[LOCATION]").toString();
+   *   for (CertificateTemplate element :
+   *       certificateAuthorityServiceClient.listCertificateTemplates(parent).iterateAll()) {
+   *     // doThingsWith(element);
+   *   }
+   * }
+   * }</pre>
+   *
+   * @param parent Required. The resource name of the location associated with the
+   *     [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate], in the
+   *     format `projects/&#42;/locations/&#42;`.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final ListCertificateTemplatesPagedResponse listCertificateTemplates(String parent) {
+    ListCertificateTemplatesRequest request =
+        ListCertificateTemplatesRequest.newBuilder().setParent(parent).build();
+    return listCertificateTemplates(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Lists [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   ListCertificateTemplatesRequest request =
+   *       ListCertificateTemplatesRequest.newBuilder()
+   *           .setParent(LocationName.of("[PROJECT]", "[LOCATION]").toString())
+   *           .setPageSize(883849137)
+   *           .setPageToken("pageToken873572522")
+   *           .setFilter("filter-1274492040")
+   *           .setOrderBy("orderBy-1207110587")
+   *           .build();
+   *   for (CertificateTemplate element :
+   *       certificateAuthorityServiceClient.listCertificateTemplates(request).iterateAll()) {
+   *     // doThingsWith(element);
+   *   }
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final ListCertificateTemplatesPagedResponse listCertificateTemplates(
+      ListCertificateTemplatesRequest request) {
+    return listCertificateTemplatesPagedCallable().call(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Lists [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   ListCertificateTemplatesRequest request =
+   *       ListCertificateTemplatesRequest.newBuilder()
+   *           .setParent(LocationName.of("[PROJECT]", "[LOCATION]").toString())
+   *           .setPageSize(883849137)
+   *           .setPageToken("pageToken873572522")
+   *           .setFilter("filter-1274492040")
+   *           .setOrderBy("orderBy-1207110587")
+   *           .build();
+   *   ApiFuture<CertificateTemplate> future =
+   *       certificateAuthorityServiceClient
+   *           .listCertificateTemplatesPagedCallable()
+   *           .futureCall(request);
+   *   // Do something.
+   *   for (CertificateTemplate element : future.get().iterateAll()) {
+   *     // doThingsWith(element);
+   *   }
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<ListCertificateTemplatesRequest, ListCertificateTemplatesPagedResponse>
+      listCertificateTemplatesPagedCallable() {
+    return stub.listCertificateTemplatesPagedCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Lists [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   ListCertificateTemplatesRequest request =
+   *       ListCertificateTemplatesRequest.newBuilder()
+   *           .setParent(LocationName.of("[PROJECT]", "[LOCATION]").toString())
+   *           .setPageSize(883849137)
+   *           .setPageToken("pageToken873572522")
+   *           .setFilter("filter-1274492040")
+   *           .setOrderBy("orderBy-1207110587")
+   *           .build();
+   *   while (true) {
+   *     ListCertificateTemplatesResponse response =
+   *         certificateAuthorityServiceClient.listCertificateTemplatesCallable().call(request);
+   *     for (CertificateTemplate element : response.getResponsesList()) {
+   *       // doThingsWith(element);
+   *     }
+   *     String nextPageToken = response.getNextPageToken();
+   *     if (!Strings.isNullOrEmpty(nextPageToken)) {
+   *       request = request.toBuilder().setPageToken(nextPageToken).build();
+   *     } else {
+   *       break;
+   *     }
+   *   }
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<ListCertificateTemplatesRequest, ListCertificateTemplatesResponse>
+      listCertificateTemplatesCallable() {
+    return stub.listCertificateTemplatesCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Update a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   CertificateTemplate certificateTemplate = CertificateTemplate.newBuilder().build();
+   *   FieldMask updateMask = FieldMask.newBuilder().build();
+   *   CertificateTemplate response =
+   *       certificateAuthorityServiceClient
+   *           .updateCertificateTemplateAsync(certificateTemplate, updateMask)
+   *           .get();
+   * }
+   * }</pre>
+   *
+   * @param certificateTemplate Required.
+   *     [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with updated
+   *     values.
+   * @param updateMask Required. A list of fields to be updated in this request.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final OperationFuture<CertificateTemplate, OperationMetadata>
+      updateCertificateTemplateAsync(
+          CertificateTemplate certificateTemplate, FieldMask updateMask) {
+    UpdateCertificateTemplateRequest request =
+        UpdateCertificateTemplateRequest.newBuilder()
+            .setCertificateTemplate(certificateTemplate)
+            .setUpdateMask(updateMask)
+            .build();
+    return updateCertificateTemplateAsync(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Update a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   UpdateCertificateTemplateRequest request =
+   *       UpdateCertificateTemplateRequest.newBuilder()
+   *           .setCertificateTemplate(CertificateTemplate.newBuilder().build())
+   *           .setUpdateMask(FieldMask.newBuilder().build())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   CertificateTemplate response =
+   *       certificateAuthorityServiceClient.updateCertificateTemplateAsync(request).get();
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final OperationFuture<CertificateTemplate, OperationMetadata>
+      updateCertificateTemplateAsync(UpdateCertificateTemplateRequest request) {
+    return updateCertificateTemplateOperationCallable().futureCall(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Update a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   UpdateCertificateTemplateRequest request =
+   *       UpdateCertificateTemplateRequest.newBuilder()
+   *           .setCertificateTemplate(CertificateTemplate.newBuilder().build())
+   *           .setUpdateMask(FieldMask.newBuilder().build())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   OperationFuture<CertificateTemplate, OperationMetadata> future =
+   *       certificateAuthorityServiceClient
+   *           .updateCertificateTemplateOperationCallable()
+   *           .futureCall(request);
+   *   // Do something.
+   *   CertificateTemplate response = future.get();
+   * }
+   * }</pre>
+   */
+  public final OperationCallable<
+          UpdateCertificateTemplateRequest, CertificateTemplate, OperationMetadata>
+      updateCertificateTemplateOperationCallable() {
+    return stub.updateCertificateTemplateOperationCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Update a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+   *     CertificateAuthorityServiceClient.create()) {
+   *   UpdateCertificateTemplateRequest request =
+   *       UpdateCertificateTemplateRequest.newBuilder()
+   *           .setCertificateTemplate(CertificateTemplate.newBuilder().build())
+   *           .setUpdateMask(FieldMask.newBuilder().build())
+   *           .setRequestId("requestId693933066")
+   *           .build();
+   *   ApiFuture<Operation> future =
+   *       certificateAuthorityServiceClient.updateCertificateTemplateCallable().futureCall(request);
+   *   // Do something.
+   *   Operation response = future.get();
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<UpdateCertificateTemplateRequest, Operation>
+      updateCertificateTemplateCallable() {
+    return stub.updateCertificateTemplateCallable();
+  }
+
+  @Override
+  public final void close() {
+    stub.close();
+  }
+
+  @Override
+  public void shutdown() {
+    stub.shutdown();
+  }
+
+  @Override
+  public boolean isShutdown() {
+    return stub.isShutdown();
+  }
+
+  @Override
+  public boolean isTerminated() {
+    return stub.isTerminated();
+  }
+
+  @Override
+  public void shutdownNow() {
+    stub.shutdownNow();
+  }
+
+  @Override
+  public boolean awaitTermination(long duration, TimeUnit unit) throws InterruptedException {
+    return stub.awaitTermination(duration, unit);
+  }
+
+  public static class ListCertificatesPagedResponse
+      extends AbstractPagedListResponse<
+          ListCertificatesRequest,
+          ListCertificatesResponse,
+          Certificate,
+          ListCertificatesPage,
+          ListCertificatesFixedSizeCollection> {
+
+    public static ApiFuture<ListCertificatesPagedResponse> createAsync(
+        PageContext<ListCertificatesRequest, ListCertificatesResponse, Certificate> context,
+        ApiFuture<ListCertificatesResponse> futureResponse) {
+      ApiFuture<ListCertificatesPage> futurePage =
+          ListCertificatesPage.createEmptyPage().createPageAsync(context, futureResponse);
+      return ApiFutures.transform(
+          futurePage,
+          new ApiFunction<ListCertificatesPage, ListCertificatesPagedResponse>() {
+            @Override
+            public ListCertificatesPagedResponse apply(ListCertificatesPage input) {
+              return new ListCertificatesPagedResponse(input);
+            }
+          },
+          MoreExecutors.directExecutor());
+    }
+
+    private ListCertificatesPagedResponse(ListCertificatesPage page) {
+      super(page, ListCertificatesFixedSizeCollection.createEmptyCollection());
+    }
+  }
+
+  public static class ListCertificatesPage
+      extends AbstractPage<
+          ListCertificatesRequest, ListCertificatesResponse, Certificate, ListCertificatesPage> {
+
+    private ListCertificatesPage(
+        PageContext<ListCertificatesRequest, ListCertificatesResponse, Certificate> context,
+        ListCertificatesResponse response) {
+      super(context, response);
+    }
+
+    private static ListCertificatesPage createEmptyPage() {
+      return new ListCertificatesPage(null, null);
+    }
+
+    @Override
+    protected ListCertificatesPage createPage(
+        PageContext<ListCertificatesRequest, ListCertificatesResponse, Certificate> context,
+        ListCertificatesResponse response) {
+      return new ListCertificatesPage(context, response);
+    }
+
+    @Override
+    public ApiFuture<ListCertificatesPage> createPageAsync(
+        PageContext<ListCertificatesRequest, ListCertificatesResponse, Certificate> context,
+        ApiFuture<ListCertificatesResponse> futureResponse) {
+      return super.createPageAsync(context, futureResponse);
+    }
+  }
+
+  public static class ListCertificatesFixedSizeCollection
+      extends AbstractFixedSizeCollection<
+          ListCertificatesRequest,
+          ListCertificatesResponse,
+          Certificate,
+          ListCertificatesPage,
+          ListCertificatesFixedSizeCollection> {
+
+    private ListCertificatesFixedSizeCollection(
+        List<ListCertificatesPage> pages, int collectionSize) {
+      super(pages, collectionSize);
+    }
+
+    private static ListCertificatesFixedSizeCollection createEmptyCollection() {
+      return new ListCertificatesFixedSizeCollection(null, 0);
+    }
+
+    @Override
+    protected ListCertificatesFixedSizeCollection createCollection(
+        List<ListCertificatesPage> pages, int collectionSize) {
+      return new ListCertificatesFixedSizeCollection(pages, collectionSize);
+    }
+  }
+
+  public static class ListCertificateAuthoritiesPagedResponse
+      extends AbstractPagedListResponse<
+          ListCertificateAuthoritiesRequest,
+          ListCertificateAuthoritiesResponse,
+          CertificateAuthority,
+          ListCertificateAuthoritiesPage,
+          ListCertificateAuthoritiesFixedSizeCollection> {
+
+    public static ApiFuture<ListCertificateAuthoritiesPagedResponse> createAsync(
+        PageContext<
+                ListCertificateAuthoritiesRequest,
+                ListCertificateAuthoritiesResponse,
+                CertificateAuthority>
+            context,
+        ApiFuture<ListCertificateAuthoritiesResponse> futureResponse) {
+      ApiFuture<ListCertificateAuthoritiesPage> futurePage =
+          ListCertificateAuthoritiesPage.createEmptyPage().createPageAsync(context, futureResponse);
+      return ApiFutures.transform(
+          futurePage,
+          new ApiFunction<
+              ListCertificateAuthoritiesPage, ListCertificateAuthoritiesPagedResponse>() {
+            @Override
+            public ListCertificateAuthoritiesPagedResponse apply(
+                ListCertificateAuthoritiesPage input) {
+              return new ListCertificateAuthoritiesPagedResponse(input);
+            }
+          },
+          MoreExecutors.directExecutor());
+    }
+
+    private ListCertificateAuthoritiesPagedResponse(ListCertificateAuthoritiesPage page) {
+      super(page, ListCertificateAuthoritiesFixedSizeCollection.createEmptyCollection());
+    }
+  }
+
+  public static class ListCertificateAuthoritiesPage
+      extends AbstractPage<
+          ListCertificateAuthoritiesRequest,
+          ListCertificateAuthoritiesResponse,
+          CertificateAuthority,
+          ListCertificateAuthoritiesPage> {
+
+    private ListCertificateAuthoritiesPage(
+        PageContext<
+                ListCertificateAuthoritiesRequest,
+                ListCertificateAuthoritiesResponse,
+                CertificateAuthority>
+            context,
+        ListCertificateAuthoritiesResponse response) {
+      super(context, response);
+    }
+
+    private static ListCertificateAuthoritiesPage createEmptyPage() {
+      return new ListCertificateAuthoritiesPage(null, null);
+    }
+
+    @Override
+    protected ListCertificateAuthoritiesPage createPage(
+        PageContext<
+                ListCertificateAuthoritiesRequest,
+                ListCertificateAuthoritiesResponse,
+                CertificateAuthority>
+            context,
+        ListCertificateAuthoritiesResponse response) {
+      return new ListCertificateAuthoritiesPage(context, response);
+    }
+
+    @Override
+    public ApiFuture<ListCertificateAuthoritiesPage> createPageAsync(
+        PageContext<
+                ListCertificateAuthoritiesRequest,
+                ListCertificateAuthoritiesResponse,
+                CertificateAuthority>
+            context,
+        ApiFuture<ListCertificateAuthoritiesResponse> futureResponse) {
+      return super.createPageAsync(context, futureResponse);
+    }
+  }
+
+  public static class ListCertificateAuthoritiesFixedSizeCollection
+      extends AbstractFixedSizeCollection<
+          ListCertificateAuthoritiesRequest,
+          ListCertificateAuthoritiesResponse,
+          CertificateAuthority,
+          ListCertificateAuthoritiesPage,
+          ListCertificateAuthoritiesFixedSizeCollection> {
+
+    private ListCertificateAuthoritiesFixedSizeCollection(
+        List<ListCertificateAuthoritiesPage> pages, int collectionSize) {
+      super(pages, collectionSize);
+    }
+
+    private static ListCertificateAuthoritiesFixedSizeCollection createEmptyCollection() {
+      return new ListCertificateAuthoritiesFixedSizeCollection(null, 0);
+    }
+
+    @Override
+    protected ListCertificateAuthoritiesFixedSizeCollection createCollection(
+        List<ListCertificateAuthoritiesPage> pages, int collectionSize) {
+      return new ListCertificateAuthoritiesFixedSizeCollection(pages, collectionSize);
+    }
+  }
+
+  public static class ListCaPoolsPagedResponse
+      extends AbstractPagedListResponse<
+          ListCaPoolsRequest,
+          ListCaPoolsResponse,
+          CaPool,
+          ListCaPoolsPage,
+          ListCaPoolsFixedSizeCollection> {
+
+    public static ApiFuture<ListCaPoolsPagedResponse> createAsync(
+        PageContext<ListCaPoolsRequest, ListCaPoolsResponse, CaPool> context,
+        ApiFuture<ListCaPoolsResponse> futureResponse) {
+      ApiFuture<ListCaPoolsPage> futurePage =
+          ListCaPoolsPage.createEmptyPage().createPageAsync(context, futureResponse);
+      return ApiFutures.transform(
+          futurePage,
+          new ApiFunction<ListCaPoolsPage, ListCaPoolsPagedResponse>() {
+            @Override
+            public ListCaPoolsPagedResponse apply(ListCaPoolsPage input) {
+              return new ListCaPoolsPagedResponse(input);
+            }
+          },
+          MoreExecutors.directExecutor());
+    }
+
+    private ListCaPoolsPagedResponse(ListCaPoolsPage page) {
+      super(page, ListCaPoolsFixedSizeCollection.createEmptyCollection());
+    }
+  }
+
+  public static class ListCaPoolsPage
+      extends AbstractPage<ListCaPoolsRequest, ListCaPoolsResponse, CaPool, ListCaPoolsPage> {
+
+    private ListCaPoolsPage(
+        PageContext<ListCaPoolsRequest, ListCaPoolsResponse, CaPool> context,
+        ListCaPoolsResponse response) {
+      super(context, response);
+    }
+
+    private static ListCaPoolsPage createEmptyPage() {
+      return new ListCaPoolsPage(null, null);
+    }
+
+    @Override
+    protected ListCaPoolsPage createPage(
+        PageContext<ListCaPoolsRequest, ListCaPoolsResponse, CaPool> context,
+        ListCaPoolsResponse response) {
+      return new ListCaPoolsPage(context, response);
+    }
+
+    @Override
+    public ApiFuture<ListCaPoolsPage> createPageAsync(
+        PageContext<ListCaPoolsRequest, ListCaPoolsResponse, CaPool> context,
+        ApiFuture<ListCaPoolsResponse> futureResponse) {
+      return super.createPageAsync(context, futureResponse);
+    }
+  }
+
+  public static class ListCaPoolsFixedSizeCollection
+      extends AbstractFixedSizeCollection<
+          ListCaPoolsRequest,
+          ListCaPoolsResponse,
+          CaPool,
+          ListCaPoolsPage,
+          ListCaPoolsFixedSizeCollection> {
+
+    private ListCaPoolsFixedSizeCollection(List<ListCaPoolsPage> pages, int collectionSize) {
+      super(pages, collectionSize);
+    }
+
+    private static ListCaPoolsFixedSizeCollection createEmptyCollection() {
+      return new ListCaPoolsFixedSizeCollection(null, 0);
+    }
+
+    @Override
+    protected ListCaPoolsFixedSizeCollection createCollection(
+        List<ListCaPoolsPage> pages, int collectionSize) {
+      return new ListCaPoolsFixedSizeCollection(pages, collectionSize);
+    }
+  }
+
+  public static class ListCertificateRevocationListsPagedResponse
+      extends AbstractPagedListResponse<
+          ListCertificateRevocationListsRequest,
+          ListCertificateRevocationListsResponse,
+          CertificateRevocationList,
+          ListCertificateRevocationListsPage,
+          ListCertificateRevocationListsFixedSizeCollection> {
+
+    public static ApiFuture<ListCertificateRevocationListsPagedResponse> createAsync(
+        PageContext<
+                ListCertificateRevocationListsRequest,
+                ListCertificateRevocationListsResponse,
+                CertificateRevocationList>
+            context,
+        ApiFuture<ListCertificateRevocationListsResponse> futureResponse) {
+      ApiFuture<ListCertificateRevocationListsPage> futurePage =
+          ListCertificateRevocationListsPage.createEmptyPage()
+              .createPageAsync(context, futureResponse);
+      return ApiFutures.transform(
+          futurePage,
+          new ApiFunction<
+              ListCertificateRevocationListsPage, ListCertificateRevocationListsPagedResponse>() {
+            @Override
+            public ListCertificateRevocationListsPagedResponse apply(
+                ListCertificateRevocationListsPage input) {
+              return new ListCertificateRevocationListsPagedResponse(input);
+            }
+          },
+          MoreExecutors.directExecutor());
+    }
+
+    private ListCertificateRevocationListsPagedResponse(ListCertificateRevocationListsPage page) {
+      super(page, ListCertificateRevocationListsFixedSizeCollection.createEmptyCollection());
+    }
+  }
+
+  public static class ListCertificateRevocationListsPage
+      extends AbstractPage<
+          ListCertificateRevocationListsRequest,
+          ListCertificateRevocationListsResponse,
+          CertificateRevocationList,
+          ListCertificateRevocationListsPage> {
+
+    private ListCertificateRevocationListsPage(
+        PageContext<
+                ListCertificateRevocationListsRequest,
+                ListCertificateRevocationListsResponse,
+                CertificateRevocationList>
+            context,
+        ListCertificateRevocationListsResponse response) {
+      super(context, response);
+    }
+
+    private static ListCertificateRevocationListsPage createEmptyPage() {
+      return new ListCertificateRevocationListsPage(null, null);
+    }
+
+    @Override
+    protected ListCertificateRevocationListsPage createPage(
+        PageContext<
+                ListCertificateRevocationListsRequest,
+                ListCertificateRevocationListsResponse,
+                CertificateRevocationList>
+            context,
+        ListCertificateRevocationListsResponse response) {
+      return new ListCertificateRevocationListsPage(context, response);
+    }
+
+    @Override
+    public ApiFuture<ListCertificateRevocationListsPage> createPageAsync(
+        PageContext<
+                ListCertificateRevocationListsRequest,
+                ListCertificateRevocationListsResponse,
+                CertificateRevocationList>
+            context,
+        ApiFuture<ListCertificateRevocationListsResponse> futureResponse) {
+      return super.createPageAsync(context, futureResponse);
+    }
+  }
+
+  public static class ListCertificateRevocationListsFixedSizeCollection
+      extends AbstractFixedSizeCollection<
+          ListCertificateRevocationListsRequest,
+          ListCertificateRevocationListsResponse,
+          CertificateRevocationList,
+          ListCertificateRevocationListsPage,
+          ListCertificateRevocationListsFixedSizeCollection> {
+
+    private ListCertificateRevocationListsFixedSizeCollection(
+        List<ListCertificateRevocationListsPage> pages, int collectionSize) {
+      super(pages, collectionSize);
+    }
+
+    private static ListCertificateRevocationListsFixedSizeCollection createEmptyCollection() {
+      return new ListCertificateRevocationListsFixedSizeCollection(null, 0);
+    }
+
+    @Override
+    protected ListCertificateRevocationListsFixedSizeCollection createCollection(
+        List<ListCertificateRevocationListsPage> pages, int collectionSize) {
+      return new ListCertificateRevocationListsFixedSizeCollection(pages, collectionSize);
+    }
+  }
+
+  public static class ListCertificateTemplatesPagedResponse
+      extends AbstractPagedListResponse<
+          ListCertificateTemplatesRequest,
+          ListCertificateTemplatesResponse,
+          CertificateTemplate,
+          ListCertificateTemplatesPage,
+          ListCertificateTemplatesFixedSizeCollection> {
+
+    public static ApiFuture<ListCertificateTemplatesPagedResponse> createAsync(
+        PageContext<
+                ListCertificateTemplatesRequest,
+                ListCertificateTemplatesResponse,
+                CertificateTemplate>
+            context,
+        ApiFuture<ListCertificateTemplatesResponse> futureResponse) {
+      ApiFuture<ListCertificateTemplatesPage> futurePage =
+          ListCertificateTemplatesPage.createEmptyPage().createPageAsync(context, futureResponse);
+      return ApiFutures.transform(
+          futurePage,
+          new ApiFunction<ListCertificateTemplatesPage, ListCertificateTemplatesPagedResponse>() {
+            @Override
+            public ListCertificateTemplatesPagedResponse apply(ListCertificateTemplatesPage input) {
+              return new ListCertificateTemplatesPagedResponse(input);
+            }
+          },
+          MoreExecutors.directExecutor());
+    }
+
+    private ListCertificateTemplatesPagedResponse(ListCertificateTemplatesPage page) {
+      super(page, ListCertificateTemplatesFixedSizeCollection.createEmptyCollection());
+    }
+  }
+
+  public static class ListCertificateTemplatesPage
+      extends AbstractPage<
+          ListCertificateTemplatesRequest,
+          ListCertificateTemplatesResponse,
+          CertificateTemplate,
+          ListCertificateTemplatesPage> {
+
+    private ListCertificateTemplatesPage(
+        PageContext<
+                ListCertificateTemplatesRequest,
+                ListCertificateTemplatesResponse,
+                CertificateTemplate>
+            context,
+        ListCertificateTemplatesResponse response) {
+      super(context, response);
+    }
+
+    private static ListCertificateTemplatesPage createEmptyPage() {
+      return new ListCertificateTemplatesPage(null, null);
+    }
+
+    @Override
+    protected ListCertificateTemplatesPage createPage(
+        PageContext<
+                ListCertificateTemplatesRequest,
+                ListCertificateTemplatesResponse,
+                CertificateTemplate>
+            context,
+        ListCertificateTemplatesResponse response) {
+      return new ListCertificateTemplatesPage(context, response);
+    }
+
+    @Override
+    public ApiFuture<ListCertificateTemplatesPage> createPageAsync(
+        PageContext<
+                ListCertificateTemplatesRequest,
+                ListCertificateTemplatesResponse,
+                CertificateTemplate>
+            context,
+        ApiFuture<ListCertificateTemplatesResponse> futureResponse) {
+      return super.createPageAsync(context, futureResponse);
+    }
+  }
+
+  public static class ListCertificateTemplatesFixedSizeCollection
+      extends AbstractFixedSizeCollection<
+          ListCertificateTemplatesRequest,
+          ListCertificateTemplatesResponse,
+          CertificateTemplate,
+          ListCertificateTemplatesPage,
+          ListCertificateTemplatesFixedSizeCollection> {
+
+    private ListCertificateTemplatesFixedSizeCollection(
+        List<ListCertificateTemplatesPage> pages, int collectionSize) {
+      super(pages, collectionSize);
+    }
+
+    private static ListCertificateTemplatesFixedSizeCollection createEmptyCollection() {
+      return new ListCertificateTemplatesFixedSizeCollection(null, 0);
+    }
+
+    @Override
+    protected ListCertificateTemplatesFixedSizeCollection createCollection(
+        List<ListCertificateTemplatesPage> pages, int collectionSize) {
+      return new ListCertificateTemplatesFixedSizeCollection(pages, collectionSize);
+    }
+  }
+}
diff --git a/google-cloud-security-private-ca/src/main/java/com/google/cloud/security/privateca/v1/CertificateAuthorityServiceSettings.java b/google-cloud-security-private-ca/src/main/java/com/google/cloud/security/privateca/v1/CertificateAuthorityServiceSettings.java
new file mode 100644
index 00000000..156b9eaf
--- /dev/null
+++ b/google-cloud-security-private-ca/src/main/java/com/google/cloud/security/privateca/v1/CertificateAuthorityServiceSettings.java
@@ -0,0 +1,765 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.cloud.security.privateca.v1;
+
+import static com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient.ListCaPoolsPagedResponse;
+import static com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient.ListCertificateAuthoritiesPagedResponse;
+import static com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient.ListCertificateRevocationListsPagedResponse;
+import static com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient.ListCertificateTemplatesPagedResponse;
+import static com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient.ListCertificatesPagedResponse;
+
+import com.google.api.core.ApiFunction;
+import com.google.api.core.BetaApi;
+import com.google.api.gax.core.GoogleCredentialsProvider;
+import com.google.api.gax.core.InstantiatingExecutorProvider;
+import com.google.api.gax.grpc.InstantiatingGrpcChannelProvider;
+import com.google.api.gax.rpc.ApiClientHeaderProvider;
+import com.google.api.gax.rpc.ClientContext;
+import com.google.api.gax.rpc.ClientSettings;
+import com.google.api.gax.rpc.OperationCallSettings;
+import com.google.api.gax.rpc.PagedCallSettings;
+import com.google.api.gax.rpc.TransportChannelProvider;
+import com.google.api.gax.rpc.UnaryCallSettings;
+import com.google.cloud.security.privateca.v1.stub.CertificateAuthorityServiceStubSettings;
+import com.google.longrunning.Operation;
+import com.google.protobuf.Empty;
+import java.io.IOException;
+import java.util.List;
+import javax.annotation.Generated;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS.
+/**
+ * Settings class to configure an instance of {@link CertificateAuthorityServiceClient}.
+ *
+ * <p>The default instance has everything set to sensible defaults:
+ *
+ * <ul>
+ *   <li>The default service address (privateca.googleapis.com) and default port (443) are used.
+ *   <li>Credentials are acquired automatically through Application Default Credentials.
+ *   <li>Retries are configured for idempotent methods but not for non-idempotent methods.
+ * </ul>
+ *
+ * <p>The builder of this class is recursive, so contained classes are themselves builders. When
+ * build() is called, the tree of builders is called to create the complete settings object.
+ *
+ * <p>For example, to set the total timeout of createCertificate to 30 seconds:
+ *
+ * <pre>{@code
+ * CertificateAuthorityServiceSettings.Builder certificateAuthorityServiceSettingsBuilder =
+ *     CertificateAuthorityServiceSettings.newBuilder();
+ * certificateAuthorityServiceSettingsBuilder
+ *     .createCertificateSettings()
+ *     .setRetrySettings(
+ *         certificateAuthorityServiceSettingsBuilder
+ *             .createCertificateSettings()
+ *             .getRetrySettings()
+ *             .toBuilder()
+ *             .setTotalTimeout(Duration.ofSeconds(30))
+ *             .build());
+ * CertificateAuthorityServiceSettings certificateAuthorityServiceSettings =
+ *     certificateAuthorityServiceSettingsBuilder.build();
+ * }</pre>
+ */
+@Generated("by gapic-generator-java")
+public class CertificateAuthorityServiceSettings
+    extends ClientSettings<CertificateAuthorityServiceSettings> {
+
+  /** Returns the object with the settings used for calls to createCertificate. */
+  public UnaryCallSettings<CreateCertificateRequest, Certificate> createCertificateSettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings())
+        .createCertificateSettings();
+  }
+
+  /** Returns the object with the settings used for calls to getCertificate. */
+  public UnaryCallSettings<GetCertificateRequest, Certificate> getCertificateSettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings()).getCertificateSettings();
+  }
+
+  /** Returns the object with the settings used for calls to listCertificates. */
+  public PagedCallSettings<
+          ListCertificatesRequest, ListCertificatesResponse, ListCertificatesPagedResponse>
+      listCertificatesSettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings()).listCertificatesSettings();
+  }
+
+  /** Returns the object with the settings used for calls to revokeCertificate. */
+  public UnaryCallSettings<RevokeCertificateRequest, Certificate> revokeCertificateSettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings())
+        .revokeCertificateSettings();
+  }
+
+  /** Returns the object with the settings used for calls to updateCertificate. */
+  public UnaryCallSettings<UpdateCertificateRequest, Certificate> updateCertificateSettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings())
+        .updateCertificateSettings();
+  }
+
+  /** Returns the object with the settings used for calls to activateCertificateAuthority. */
+  public UnaryCallSettings<ActivateCertificateAuthorityRequest, Operation>
+      activateCertificateAuthoritySettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings())
+        .activateCertificateAuthoritySettings();
+  }
+
+  /** Returns the object with the settings used for calls to activateCertificateAuthority. */
+  public OperationCallSettings<
+          ActivateCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      activateCertificateAuthorityOperationSettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings())
+        .activateCertificateAuthorityOperationSettings();
+  }
+
+  /** Returns the object with the settings used for calls to createCertificateAuthority. */
+  public UnaryCallSettings<CreateCertificateAuthorityRequest, Operation>
+      createCertificateAuthoritySettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings())
+        .createCertificateAuthoritySettings();
+  }
+
+  /** Returns the object with the settings used for calls to createCertificateAuthority. */
+  public OperationCallSettings<
+          CreateCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      createCertificateAuthorityOperationSettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings())
+        .createCertificateAuthorityOperationSettings();
+  }
+
+  /** Returns the object with the settings used for calls to disableCertificateAuthority. */
+  public UnaryCallSettings<DisableCertificateAuthorityRequest, Operation>
+      disableCertificateAuthoritySettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings())
+        .disableCertificateAuthoritySettings();
+  }
+
+  /** Returns the object with the settings used for calls to disableCertificateAuthority. */
+  public OperationCallSettings<
+          DisableCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      disableCertificateAuthorityOperationSettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings())
+        .disableCertificateAuthorityOperationSettings();
+  }
+
+  /** Returns the object with the settings used for calls to enableCertificateAuthority. */
+  public UnaryCallSettings<EnableCertificateAuthorityRequest, Operation>
+      enableCertificateAuthoritySettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings())
+        .enableCertificateAuthoritySettings();
+  }
+
+  /** Returns the object with the settings used for calls to enableCertificateAuthority. */
+  public OperationCallSettings<
+          EnableCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      enableCertificateAuthorityOperationSettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings())
+        .enableCertificateAuthorityOperationSettings();
+  }
+
+  /** Returns the object with the settings used for calls to fetchCertificateAuthorityCsr. */
+  public UnaryCallSettings<
+          FetchCertificateAuthorityCsrRequest, FetchCertificateAuthorityCsrResponse>
+      fetchCertificateAuthorityCsrSettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings())
+        .fetchCertificateAuthorityCsrSettings();
+  }
+
+  /** Returns the object with the settings used for calls to getCertificateAuthority. */
+  public UnaryCallSettings<GetCertificateAuthorityRequest, CertificateAuthority>
+      getCertificateAuthoritySettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings())
+        .getCertificateAuthoritySettings();
+  }
+
+  /** Returns the object with the settings used for calls to listCertificateAuthorities. */
+  public PagedCallSettings<
+          ListCertificateAuthoritiesRequest,
+          ListCertificateAuthoritiesResponse,
+          ListCertificateAuthoritiesPagedResponse>
+      listCertificateAuthoritiesSettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings())
+        .listCertificateAuthoritiesSettings();
+  }
+
+  /** Returns the object with the settings used for calls to undeleteCertificateAuthority. */
+  public UnaryCallSettings<UndeleteCertificateAuthorityRequest, Operation>
+      undeleteCertificateAuthoritySettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings())
+        .undeleteCertificateAuthoritySettings();
+  }
+
+  /** Returns the object with the settings used for calls to undeleteCertificateAuthority. */
+  public OperationCallSettings<
+          UndeleteCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      undeleteCertificateAuthorityOperationSettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings())
+        .undeleteCertificateAuthorityOperationSettings();
+  }
+
+  /** Returns the object with the settings used for calls to deleteCertificateAuthority. */
+  public UnaryCallSettings<DeleteCertificateAuthorityRequest, Operation>
+      deleteCertificateAuthoritySettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings())
+        .deleteCertificateAuthoritySettings();
+  }
+
+  /** Returns the object with the settings used for calls to deleteCertificateAuthority. */
+  public OperationCallSettings<
+          DeleteCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      deleteCertificateAuthorityOperationSettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings())
+        .deleteCertificateAuthorityOperationSettings();
+  }
+
+  /** Returns the object with the settings used for calls to updateCertificateAuthority. */
+  public UnaryCallSettings<UpdateCertificateAuthorityRequest, Operation>
+      updateCertificateAuthoritySettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings())
+        .updateCertificateAuthoritySettings();
+  }
+
+  /** Returns the object with the settings used for calls to updateCertificateAuthority. */
+  public OperationCallSettings<
+          UpdateCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      updateCertificateAuthorityOperationSettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings())
+        .updateCertificateAuthorityOperationSettings();
+  }
+
+  /** Returns the object with the settings used for calls to createCaPool. */
+  public UnaryCallSettings<CreateCaPoolRequest, Operation> createCaPoolSettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings()).createCaPoolSettings();
+  }
+
+  /** Returns the object with the settings used for calls to createCaPool. */
+  public OperationCallSettings<CreateCaPoolRequest, CaPool, OperationMetadata>
+      createCaPoolOperationSettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings())
+        .createCaPoolOperationSettings();
+  }
+
+  /** Returns the object with the settings used for calls to updateCaPool. */
+  public UnaryCallSettings<UpdateCaPoolRequest, Operation> updateCaPoolSettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings()).updateCaPoolSettings();
+  }
+
+  /** Returns the object with the settings used for calls to updateCaPool. */
+  public OperationCallSettings<UpdateCaPoolRequest, CaPool, OperationMetadata>
+      updateCaPoolOperationSettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings())
+        .updateCaPoolOperationSettings();
+  }
+
+  /** Returns the object with the settings used for calls to getCaPool. */
+  public UnaryCallSettings<GetCaPoolRequest, CaPool> getCaPoolSettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings()).getCaPoolSettings();
+  }
+
+  /** Returns the object with the settings used for calls to listCaPools. */
+  public PagedCallSettings<ListCaPoolsRequest, ListCaPoolsResponse, ListCaPoolsPagedResponse>
+      listCaPoolsSettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings()).listCaPoolsSettings();
+  }
+
+  /** Returns the object with the settings used for calls to deleteCaPool. */
+  public UnaryCallSettings<DeleteCaPoolRequest, Operation> deleteCaPoolSettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings()).deleteCaPoolSettings();
+  }
+
+  /** Returns the object with the settings used for calls to deleteCaPool. */
+  public OperationCallSettings<DeleteCaPoolRequest, CaPool, OperationMetadata>
+      deleteCaPoolOperationSettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings())
+        .deleteCaPoolOperationSettings();
+  }
+
+  /** Returns the object with the settings used for calls to fetchCaCerts. */
+  public UnaryCallSettings<FetchCaCertsRequest, FetchCaCertsResponse> fetchCaCertsSettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings()).fetchCaCertsSettings();
+  }
+
+  /** Returns the object with the settings used for calls to getCertificateRevocationList. */
+  public UnaryCallSettings<GetCertificateRevocationListRequest, CertificateRevocationList>
+      getCertificateRevocationListSettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings())
+        .getCertificateRevocationListSettings();
+  }
+
+  /** Returns the object with the settings used for calls to listCertificateRevocationLists. */
+  public PagedCallSettings<
+          ListCertificateRevocationListsRequest,
+          ListCertificateRevocationListsResponse,
+          ListCertificateRevocationListsPagedResponse>
+      listCertificateRevocationListsSettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings())
+        .listCertificateRevocationListsSettings();
+  }
+
+  /** Returns the object with the settings used for calls to updateCertificateRevocationList. */
+  public UnaryCallSettings<UpdateCertificateRevocationListRequest, Operation>
+      updateCertificateRevocationListSettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings())
+        .updateCertificateRevocationListSettings();
+  }
+
+  /** Returns the object with the settings used for calls to updateCertificateRevocationList. */
+  public OperationCallSettings<
+          UpdateCertificateRevocationListRequest, CertificateRevocationList, OperationMetadata>
+      updateCertificateRevocationListOperationSettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings())
+        .updateCertificateRevocationListOperationSettings();
+  }
+
+  /** Returns the object with the settings used for calls to createCertificateTemplate. */
+  public UnaryCallSettings<CreateCertificateTemplateRequest, Operation>
+      createCertificateTemplateSettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings())
+        .createCertificateTemplateSettings();
+  }
+
+  /** Returns the object with the settings used for calls to createCertificateTemplate. */
+  public OperationCallSettings<
+          CreateCertificateTemplateRequest, CertificateTemplate, OperationMetadata>
+      createCertificateTemplateOperationSettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings())
+        .createCertificateTemplateOperationSettings();
+  }
+
+  /** Returns the object with the settings used for calls to deleteCertificateTemplate. */
+  public UnaryCallSettings<DeleteCertificateTemplateRequest, Operation>
+      deleteCertificateTemplateSettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings())
+        .deleteCertificateTemplateSettings();
+  }
+
+  /** Returns the object with the settings used for calls to deleteCertificateTemplate. */
+  public OperationCallSettings<DeleteCertificateTemplateRequest, Empty, OperationMetadata>
+      deleteCertificateTemplateOperationSettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings())
+        .deleteCertificateTemplateOperationSettings();
+  }
+
+  /** Returns the object with the settings used for calls to getCertificateTemplate. */
+  public UnaryCallSettings<GetCertificateTemplateRequest, CertificateTemplate>
+      getCertificateTemplateSettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings())
+        .getCertificateTemplateSettings();
+  }
+
+  /** Returns the object with the settings used for calls to listCertificateTemplates. */
+  public PagedCallSettings<
+          ListCertificateTemplatesRequest,
+          ListCertificateTemplatesResponse,
+          ListCertificateTemplatesPagedResponse>
+      listCertificateTemplatesSettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings())
+        .listCertificateTemplatesSettings();
+  }
+
+  /** Returns the object with the settings used for calls to updateCertificateTemplate. */
+  public UnaryCallSettings<UpdateCertificateTemplateRequest, Operation>
+      updateCertificateTemplateSettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings())
+        .updateCertificateTemplateSettings();
+  }
+
+  /** Returns the object with the settings used for calls to updateCertificateTemplate. */
+  public OperationCallSettings<
+          UpdateCertificateTemplateRequest, CertificateTemplate, OperationMetadata>
+      updateCertificateTemplateOperationSettings() {
+    return ((CertificateAuthorityServiceStubSettings) getStubSettings())
+        .updateCertificateTemplateOperationSettings();
+  }
+
+  public static final CertificateAuthorityServiceSettings create(
+      CertificateAuthorityServiceStubSettings stub) throws IOException {
+    return new CertificateAuthorityServiceSettings.Builder(stub.toBuilder()).build();
+  }
+
+  /** Returns a builder for the default ExecutorProvider for this service. */
+  public static InstantiatingExecutorProvider.Builder defaultExecutorProviderBuilder() {
+    return CertificateAuthorityServiceStubSettings.defaultExecutorProviderBuilder();
+  }
+
+  /** Returns the default service endpoint. */
+  public static String getDefaultEndpoint() {
+    return CertificateAuthorityServiceStubSettings.getDefaultEndpoint();
+  }
+
+  /** Returns the default service scopes. */
+  public static List<String> getDefaultServiceScopes() {
+    return CertificateAuthorityServiceStubSettings.getDefaultServiceScopes();
+  }
+
+  /** Returns a builder for the default credentials for this service. */
+  public static GoogleCredentialsProvider.Builder defaultCredentialsProviderBuilder() {
+    return CertificateAuthorityServiceStubSettings.defaultCredentialsProviderBuilder();
+  }
+
+  /** Returns a builder for the default ChannelProvider for this service. */
+  public static InstantiatingGrpcChannelProvider.Builder defaultGrpcTransportProviderBuilder() {
+    return CertificateAuthorityServiceStubSettings.defaultGrpcTransportProviderBuilder();
+  }
+
+  public static TransportChannelProvider defaultTransportChannelProvider() {
+    return CertificateAuthorityServiceStubSettings.defaultTransportChannelProvider();
+  }
+
+  @BetaApi("The surface for customizing headers is not stable yet and may change in the future.")
+  public static ApiClientHeaderProvider.Builder defaultApiClientHeaderProviderBuilder() {
+    return CertificateAuthorityServiceStubSettings.defaultApiClientHeaderProviderBuilder();
+  }
+
+  /** Returns a new builder for this class. */
+  public static Builder newBuilder() {
+    return Builder.createDefault();
+  }
+
+  /** Returns a new builder for this class. */
+  public static Builder newBuilder(ClientContext clientContext) {
+    return new Builder(clientContext);
+  }
+
+  /** Returns a builder containing all the values of this settings class. */
+  public Builder toBuilder() {
+    return new Builder(this);
+  }
+
+  protected CertificateAuthorityServiceSettings(Builder settingsBuilder) throws IOException {
+    super(settingsBuilder);
+  }
+
+  /** Builder for CertificateAuthorityServiceSettings. */
+  public static class Builder
+      extends ClientSettings.Builder<CertificateAuthorityServiceSettings, Builder> {
+
+    protected Builder() throws IOException {
+      this(((ClientContext) null));
+    }
+
+    protected Builder(ClientContext clientContext) {
+      super(CertificateAuthorityServiceStubSettings.newBuilder(clientContext));
+    }
+
+    protected Builder(CertificateAuthorityServiceSettings settings) {
+      super(settings.getStubSettings().toBuilder());
+    }
+
+    protected Builder(CertificateAuthorityServiceStubSettings.Builder stubSettings) {
+      super(stubSettings);
+    }
+
+    private static Builder createDefault() {
+      return new Builder(CertificateAuthorityServiceStubSettings.newBuilder());
+    }
+
+    public CertificateAuthorityServiceStubSettings.Builder getStubSettingsBuilder() {
+      return ((CertificateAuthorityServiceStubSettings.Builder) getStubSettings());
+    }
+
+    // NEXT_MAJOR_VER: remove 'throws Exception'.
+    /**
+     * Applies the given settings updater function to all of the unary API methods in this service.
+     *
+     * <p>Note: This method does not support applying settings to streaming methods.
+     */
+    public Builder applyToAllUnaryMethods(
+        ApiFunction<UnaryCallSettings.Builder<?, ?>, Void> settingsUpdater) throws Exception {
+      super.applyToAllUnaryMethods(
+          getStubSettingsBuilder().unaryMethodSettingsBuilders(), settingsUpdater);
+      return this;
+    }
+
+    /** Returns the builder for the settings used for calls to createCertificate. */
+    public UnaryCallSettings.Builder<CreateCertificateRequest, Certificate>
+        createCertificateSettings() {
+      return getStubSettingsBuilder().createCertificateSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to getCertificate. */
+    public UnaryCallSettings.Builder<GetCertificateRequest, Certificate> getCertificateSettings() {
+      return getStubSettingsBuilder().getCertificateSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to listCertificates. */
+    public PagedCallSettings.Builder<
+            ListCertificatesRequest, ListCertificatesResponse, ListCertificatesPagedResponse>
+        listCertificatesSettings() {
+      return getStubSettingsBuilder().listCertificatesSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to revokeCertificate. */
+    public UnaryCallSettings.Builder<RevokeCertificateRequest, Certificate>
+        revokeCertificateSettings() {
+      return getStubSettingsBuilder().revokeCertificateSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to updateCertificate. */
+    public UnaryCallSettings.Builder<UpdateCertificateRequest, Certificate>
+        updateCertificateSettings() {
+      return getStubSettingsBuilder().updateCertificateSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to activateCertificateAuthority. */
+    public UnaryCallSettings.Builder<ActivateCertificateAuthorityRequest, Operation>
+        activateCertificateAuthoritySettings() {
+      return getStubSettingsBuilder().activateCertificateAuthoritySettings();
+    }
+
+    /** Returns the builder for the settings used for calls to activateCertificateAuthority. */
+    public OperationCallSettings.Builder<
+            ActivateCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+        activateCertificateAuthorityOperationSettings() {
+      return getStubSettingsBuilder().activateCertificateAuthorityOperationSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to createCertificateAuthority. */
+    public UnaryCallSettings.Builder<CreateCertificateAuthorityRequest, Operation>
+        createCertificateAuthoritySettings() {
+      return getStubSettingsBuilder().createCertificateAuthoritySettings();
+    }
+
+    /** Returns the builder for the settings used for calls to createCertificateAuthority. */
+    public OperationCallSettings.Builder<
+            CreateCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+        createCertificateAuthorityOperationSettings() {
+      return getStubSettingsBuilder().createCertificateAuthorityOperationSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to disableCertificateAuthority. */
+    public UnaryCallSettings.Builder<DisableCertificateAuthorityRequest, Operation>
+        disableCertificateAuthoritySettings() {
+      return getStubSettingsBuilder().disableCertificateAuthoritySettings();
+    }
+
+    /** Returns the builder for the settings used for calls to disableCertificateAuthority. */
+    public OperationCallSettings.Builder<
+            DisableCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+        disableCertificateAuthorityOperationSettings() {
+      return getStubSettingsBuilder().disableCertificateAuthorityOperationSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to enableCertificateAuthority. */
+    public UnaryCallSettings.Builder<EnableCertificateAuthorityRequest, Operation>
+        enableCertificateAuthoritySettings() {
+      return getStubSettingsBuilder().enableCertificateAuthoritySettings();
+    }
+
+    /** Returns the builder for the settings used for calls to enableCertificateAuthority. */
+    public OperationCallSettings.Builder<
+            EnableCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+        enableCertificateAuthorityOperationSettings() {
+      return getStubSettingsBuilder().enableCertificateAuthorityOperationSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to fetchCertificateAuthorityCsr. */
+    public UnaryCallSettings.Builder<
+            FetchCertificateAuthorityCsrRequest, FetchCertificateAuthorityCsrResponse>
+        fetchCertificateAuthorityCsrSettings() {
+      return getStubSettingsBuilder().fetchCertificateAuthorityCsrSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to getCertificateAuthority. */
+    public UnaryCallSettings.Builder<GetCertificateAuthorityRequest, CertificateAuthority>
+        getCertificateAuthoritySettings() {
+      return getStubSettingsBuilder().getCertificateAuthoritySettings();
+    }
+
+    /** Returns the builder for the settings used for calls to listCertificateAuthorities. */
+    public PagedCallSettings.Builder<
+            ListCertificateAuthoritiesRequest,
+            ListCertificateAuthoritiesResponse,
+            ListCertificateAuthoritiesPagedResponse>
+        listCertificateAuthoritiesSettings() {
+      return getStubSettingsBuilder().listCertificateAuthoritiesSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to undeleteCertificateAuthority. */
+    public UnaryCallSettings.Builder<UndeleteCertificateAuthorityRequest, Operation>
+        undeleteCertificateAuthoritySettings() {
+      return getStubSettingsBuilder().undeleteCertificateAuthoritySettings();
+    }
+
+    /** Returns the builder for the settings used for calls to undeleteCertificateAuthority. */
+    public OperationCallSettings.Builder<
+            UndeleteCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+        undeleteCertificateAuthorityOperationSettings() {
+      return getStubSettingsBuilder().undeleteCertificateAuthorityOperationSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to deleteCertificateAuthority. */
+    public UnaryCallSettings.Builder<DeleteCertificateAuthorityRequest, Operation>
+        deleteCertificateAuthoritySettings() {
+      return getStubSettingsBuilder().deleteCertificateAuthoritySettings();
+    }
+
+    /** Returns the builder for the settings used for calls to deleteCertificateAuthority. */
+    public OperationCallSettings.Builder<
+            DeleteCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+        deleteCertificateAuthorityOperationSettings() {
+      return getStubSettingsBuilder().deleteCertificateAuthorityOperationSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to updateCertificateAuthority. */
+    public UnaryCallSettings.Builder<UpdateCertificateAuthorityRequest, Operation>
+        updateCertificateAuthoritySettings() {
+      return getStubSettingsBuilder().updateCertificateAuthoritySettings();
+    }
+
+    /** Returns the builder for the settings used for calls to updateCertificateAuthority. */
+    public OperationCallSettings.Builder<
+            UpdateCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+        updateCertificateAuthorityOperationSettings() {
+      return getStubSettingsBuilder().updateCertificateAuthorityOperationSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to createCaPool. */
+    public UnaryCallSettings.Builder<CreateCaPoolRequest, Operation> createCaPoolSettings() {
+      return getStubSettingsBuilder().createCaPoolSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to createCaPool. */
+    public OperationCallSettings.Builder<CreateCaPoolRequest, CaPool, OperationMetadata>
+        createCaPoolOperationSettings() {
+      return getStubSettingsBuilder().createCaPoolOperationSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to updateCaPool. */
+    public UnaryCallSettings.Builder<UpdateCaPoolRequest, Operation> updateCaPoolSettings() {
+      return getStubSettingsBuilder().updateCaPoolSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to updateCaPool. */
+    public OperationCallSettings.Builder<UpdateCaPoolRequest, CaPool, OperationMetadata>
+        updateCaPoolOperationSettings() {
+      return getStubSettingsBuilder().updateCaPoolOperationSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to getCaPool. */
+    public UnaryCallSettings.Builder<GetCaPoolRequest, CaPool> getCaPoolSettings() {
+      return getStubSettingsBuilder().getCaPoolSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to listCaPools. */
+    public PagedCallSettings.Builder<
+            ListCaPoolsRequest, ListCaPoolsResponse, ListCaPoolsPagedResponse>
+        listCaPoolsSettings() {
+      return getStubSettingsBuilder().listCaPoolsSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to deleteCaPool. */
+    public UnaryCallSettings.Builder<DeleteCaPoolRequest, Operation> deleteCaPoolSettings() {
+      return getStubSettingsBuilder().deleteCaPoolSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to deleteCaPool. */
+    public OperationCallSettings.Builder<DeleteCaPoolRequest, CaPool, OperationMetadata>
+        deleteCaPoolOperationSettings() {
+      return getStubSettingsBuilder().deleteCaPoolOperationSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to fetchCaCerts. */
+    public UnaryCallSettings.Builder<FetchCaCertsRequest, FetchCaCertsResponse>
+        fetchCaCertsSettings() {
+      return getStubSettingsBuilder().fetchCaCertsSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to getCertificateRevocationList. */
+    public UnaryCallSettings.Builder<GetCertificateRevocationListRequest, CertificateRevocationList>
+        getCertificateRevocationListSettings() {
+      return getStubSettingsBuilder().getCertificateRevocationListSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to listCertificateRevocationLists. */
+    public PagedCallSettings.Builder<
+            ListCertificateRevocationListsRequest,
+            ListCertificateRevocationListsResponse,
+            ListCertificateRevocationListsPagedResponse>
+        listCertificateRevocationListsSettings() {
+      return getStubSettingsBuilder().listCertificateRevocationListsSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to updateCertificateRevocationList. */
+    public UnaryCallSettings.Builder<UpdateCertificateRevocationListRequest, Operation>
+        updateCertificateRevocationListSettings() {
+      return getStubSettingsBuilder().updateCertificateRevocationListSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to updateCertificateRevocationList. */
+    public OperationCallSettings.Builder<
+            UpdateCertificateRevocationListRequest, CertificateRevocationList, OperationMetadata>
+        updateCertificateRevocationListOperationSettings() {
+      return getStubSettingsBuilder().updateCertificateRevocationListOperationSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to createCertificateTemplate. */
+    public UnaryCallSettings.Builder<CreateCertificateTemplateRequest, Operation>
+        createCertificateTemplateSettings() {
+      return getStubSettingsBuilder().createCertificateTemplateSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to createCertificateTemplate. */
+    public OperationCallSettings.Builder<
+            CreateCertificateTemplateRequest, CertificateTemplate, OperationMetadata>
+        createCertificateTemplateOperationSettings() {
+      return getStubSettingsBuilder().createCertificateTemplateOperationSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to deleteCertificateTemplate. */
+    public UnaryCallSettings.Builder<DeleteCertificateTemplateRequest, Operation>
+        deleteCertificateTemplateSettings() {
+      return getStubSettingsBuilder().deleteCertificateTemplateSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to deleteCertificateTemplate. */
+    public OperationCallSettings.Builder<DeleteCertificateTemplateRequest, Empty, OperationMetadata>
+        deleteCertificateTemplateOperationSettings() {
+      return getStubSettingsBuilder().deleteCertificateTemplateOperationSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to getCertificateTemplate. */
+    public UnaryCallSettings.Builder<GetCertificateTemplateRequest, CertificateTemplate>
+        getCertificateTemplateSettings() {
+      return getStubSettingsBuilder().getCertificateTemplateSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to listCertificateTemplates. */
+    public PagedCallSettings.Builder<
+            ListCertificateTemplatesRequest,
+            ListCertificateTemplatesResponse,
+            ListCertificateTemplatesPagedResponse>
+        listCertificateTemplatesSettings() {
+      return getStubSettingsBuilder().listCertificateTemplatesSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to updateCertificateTemplate. */
+    public UnaryCallSettings.Builder<UpdateCertificateTemplateRequest, Operation>
+        updateCertificateTemplateSettings() {
+      return getStubSettingsBuilder().updateCertificateTemplateSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to updateCertificateTemplate. */
+    public OperationCallSettings.Builder<
+            UpdateCertificateTemplateRequest, CertificateTemplate, OperationMetadata>
+        updateCertificateTemplateOperationSettings() {
+      return getStubSettingsBuilder().updateCertificateTemplateOperationSettings();
+    }
+
+    @Override
+    public CertificateAuthorityServiceSettings build() throws IOException {
+      return new CertificateAuthorityServiceSettings(this);
+    }
+  }
+}
diff --git a/google-cloud-security-private-ca/src/main/java/com/google/cloud/security/privateca/v1/gapic_metadata.json b/google-cloud-security-private-ca/src/main/java/com/google/cloud/security/privateca/v1/gapic_metadata.json
new file mode 100644
index 00000000..8552f024
--- /dev/null
+++ b/google-cloud-security-private-ca/src/main/java/com/google/cloud/security/privateca/v1/gapic_metadata.json
@@ -0,0 +1,105 @@
+{
+  "schema": "1.0",
+  "comment": "This file maps proto services/RPCs to the corresponding library clients/methods",
+  "language": "java",
+  "protoPackage": "google.cloud.security.privateca.v1",
+  "libraryPackage": "com.google.cloud.security.privateca.v1",
+  "services": {
+    "CertificateAuthorityService": {
+      "clients": {
+        "grpc": {
+          "libraryClient": "CertificateAuthorityServiceClient",
+          "rpcs": {
+            "ActivateCertificateAuthority": {
+              "methods": ["activateCertificateAuthorityAsync", "activateCertificateAuthorityAsync", "activateCertificateAuthorityAsync", "activateCertificateAuthorityOperationCallable", "activateCertificateAuthorityCallable"]
+            },
+            "CreateCaPool": {
+              "methods": ["createCaPoolAsync", "createCaPoolAsync", "createCaPoolAsync", "createCaPoolOperationCallable", "createCaPoolCallable"]
+            },
+            "CreateCertificate": {
+              "methods": ["createCertificate", "createCertificate", "createCertificate", "createCertificateCallable"]
+            },
+            "CreateCertificateAuthority": {
+              "methods": ["createCertificateAuthorityAsync", "createCertificateAuthorityAsync", "createCertificateAuthorityAsync", "createCertificateAuthorityOperationCallable", "createCertificateAuthorityCallable"]
+            },
+            "CreateCertificateTemplate": {
+              "methods": ["createCertificateTemplateAsync", "createCertificateTemplateAsync", "createCertificateTemplateAsync", "createCertificateTemplateOperationCallable", "createCertificateTemplateCallable"]
+            },
+            "DeleteCaPool": {
+              "methods": ["deleteCaPoolAsync", "deleteCaPoolAsync", "deleteCaPoolAsync", "deleteCaPoolOperationCallable", "deleteCaPoolCallable"]
+            },
+            "DeleteCertificateAuthority": {
+              "methods": ["deleteCertificateAuthorityAsync", "deleteCertificateAuthorityAsync", "deleteCertificateAuthorityAsync", "deleteCertificateAuthorityOperationCallable", "deleteCertificateAuthorityCallable"]
+            },
+            "DeleteCertificateTemplate": {
+              "methods": ["deleteCertificateTemplateAsync", "deleteCertificateTemplateAsync", "deleteCertificateTemplateAsync", "deleteCertificateTemplateOperationCallable", "deleteCertificateTemplateCallable"]
+            },
+            "DisableCertificateAuthority": {
+              "methods": ["disableCertificateAuthorityAsync", "disableCertificateAuthorityAsync", "disableCertificateAuthorityAsync", "disableCertificateAuthorityOperationCallable", "disableCertificateAuthorityCallable"]
+            },
+            "EnableCertificateAuthority": {
+              "methods": ["enableCertificateAuthorityAsync", "enableCertificateAuthorityAsync", "enableCertificateAuthorityAsync", "enableCertificateAuthorityOperationCallable", "enableCertificateAuthorityCallable"]
+            },
+            "FetchCaCerts": {
+              "methods": ["fetchCaCerts", "fetchCaCerts", "fetchCaCerts", "fetchCaCertsCallable"]
+            },
+            "FetchCertificateAuthorityCsr": {
+              "methods": ["fetchCertificateAuthorityCsr", "fetchCertificateAuthorityCsr", "fetchCertificateAuthorityCsr", "fetchCertificateAuthorityCsrCallable"]
+            },
+            "GetCaPool": {
+              "methods": ["getCaPool", "getCaPool", "getCaPool", "getCaPoolCallable"]
+            },
+            "GetCertificate": {
+              "methods": ["getCertificate", "getCertificate", "getCertificate", "getCertificateCallable"]
+            },
+            "GetCertificateAuthority": {
+              "methods": ["getCertificateAuthority", "getCertificateAuthority", "getCertificateAuthority", "getCertificateAuthorityCallable"]
+            },
+            "GetCertificateRevocationList": {
+              "methods": ["getCertificateRevocationList", "getCertificateRevocationList", "getCertificateRevocationList", "getCertificateRevocationListCallable"]
+            },
+            "GetCertificateTemplate": {
+              "methods": ["getCertificateTemplate", "getCertificateTemplate", "getCertificateTemplate", "getCertificateTemplateCallable"]
+            },
+            "ListCaPools": {
+              "methods": ["listCaPools", "listCaPools", "listCaPools", "listCaPoolsPagedCallable", "listCaPoolsCallable"]
+            },
+            "ListCertificateAuthorities": {
+              "methods": ["listCertificateAuthorities", "listCertificateAuthorities", "listCertificateAuthorities", "listCertificateAuthoritiesPagedCallable", "listCertificateAuthoritiesCallable"]
+            },
+            "ListCertificateRevocationLists": {
+              "methods": ["listCertificateRevocationLists", "listCertificateRevocationLists", "listCertificateRevocationLists", "listCertificateRevocationListsPagedCallable", "listCertificateRevocationListsCallable"]
+            },
+            "ListCertificateTemplates": {
+              "methods": ["listCertificateTemplates", "listCertificateTemplates", "listCertificateTemplates", "listCertificateTemplatesPagedCallable", "listCertificateTemplatesCallable"]
+            },
+            "ListCertificates": {
+              "methods": ["listCertificates", "listCertificates", "listCertificates", "listCertificatesPagedCallable", "listCertificatesCallable"]
+            },
+            "RevokeCertificate": {
+              "methods": ["revokeCertificate", "revokeCertificate", "revokeCertificate", "revokeCertificateCallable"]
+            },
+            "UndeleteCertificateAuthority": {
+              "methods": ["undeleteCertificateAuthorityAsync", "undeleteCertificateAuthorityAsync", "undeleteCertificateAuthorityAsync", "undeleteCertificateAuthorityOperationCallable", "undeleteCertificateAuthorityCallable"]
+            },
+            "UpdateCaPool": {
+              "methods": ["updateCaPoolAsync", "updateCaPoolAsync", "updateCaPoolOperationCallable", "updateCaPoolCallable"]
+            },
+            "UpdateCertificate": {
+              "methods": ["updateCertificate", "updateCertificate", "updateCertificateCallable"]
+            },
+            "UpdateCertificateAuthority": {
+              "methods": ["updateCertificateAuthorityAsync", "updateCertificateAuthorityAsync", "updateCertificateAuthorityOperationCallable", "updateCertificateAuthorityCallable"]
+            },
+            "UpdateCertificateRevocationList": {
+              "methods": ["updateCertificateRevocationListAsync", "updateCertificateRevocationListAsync", "updateCertificateRevocationListOperationCallable", "updateCertificateRevocationListCallable"]
+            },
+            "UpdateCertificateTemplate": {
+              "methods": ["updateCertificateTemplateAsync", "updateCertificateTemplateAsync", "updateCertificateTemplateOperationCallable", "updateCertificateTemplateCallable"]
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/google-cloud-security-private-ca/src/main/java/com/google/cloud/security/privateca/v1/package-info.java b/google-cloud-security-private-ca/src/main/java/com/google/cloud/security/privateca/v1/package-info.java
new file mode 100644
index 00000000..c9807034
--- /dev/null
+++ b/google-cloud-security-private-ca/src/main/java/com/google/cloud/security/privateca/v1/package-info.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * The interfaces provided are listed below, along with usage samples.
+ *
+ * <p>======================= CertificateAuthorityServiceClient =======================
+ *
+ * <p>Service Description: [Certificate Authority
+ * Service][google.cloud.security.privateca.v1.CertificateAuthorityService] manages private
+ * certificate authorities and issued certificates.
+ *
+ * <p>Sample for CertificateAuthorityServiceClient:
+ *
+ * <pre>{@code
+ * try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+ *     CertificateAuthorityServiceClient.create()) {
+ *   CaPoolName parent = CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]");
+ *   Certificate certificate = Certificate.newBuilder().build();
+ *   String certificateId = "certificateId-644529902";
+ *   Certificate response =
+ *       certificateAuthorityServiceClient.createCertificate(parent, certificate, certificateId);
+ * }
+ * }</pre>
+ */
+@Generated("by gapic-generator-java")
+package com.google.cloud.security.privateca.v1;
+
+import javax.annotation.Generated;
diff --git a/google-cloud-security-private-ca/src/main/java/com/google/cloud/security/privateca/v1/stub/CertificateAuthorityServiceStub.java b/google-cloud-security-private-ca/src/main/java/com/google/cloud/security/privateca/v1/stub/CertificateAuthorityServiceStub.java
new file mode 100644
index 00000000..d048311b
--- /dev/null
+++ b/google-cloud-security-private-ca/src/main/java/com/google/cloud/security/privateca/v1/stub/CertificateAuthorityServiceStub.java
@@ -0,0 +1,355 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.cloud.security.privateca.v1.stub;
+
+import static com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient.ListCaPoolsPagedResponse;
+import static com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient.ListCertificateAuthoritiesPagedResponse;
+import static com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient.ListCertificateRevocationListsPagedResponse;
+import static com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient.ListCertificateTemplatesPagedResponse;
+import static com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient.ListCertificatesPagedResponse;
+
+import com.google.api.gax.core.BackgroundResource;
+import com.google.api.gax.rpc.OperationCallable;
+import com.google.api.gax.rpc.UnaryCallable;
+import com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest;
+import com.google.cloud.security.privateca.v1.CaPool;
+import com.google.cloud.security.privateca.v1.Certificate;
+import com.google.cloud.security.privateca.v1.CertificateAuthority;
+import com.google.cloud.security.privateca.v1.CertificateRevocationList;
+import com.google.cloud.security.privateca.v1.CertificateTemplate;
+import com.google.cloud.security.privateca.v1.CreateCaPoolRequest;
+import com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest;
+import com.google.cloud.security.privateca.v1.CreateCertificateRequest;
+import com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest;
+import com.google.cloud.security.privateca.v1.DeleteCaPoolRequest;
+import com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest;
+import com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest;
+import com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest;
+import com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest;
+import com.google.cloud.security.privateca.v1.FetchCaCertsRequest;
+import com.google.cloud.security.privateca.v1.FetchCaCertsResponse;
+import com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest;
+import com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse;
+import com.google.cloud.security.privateca.v1.GetCaPoolRequest;
+import com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest;
+import com.google.cloud.security.privateca.v1.GetCertificateRequest;
+import com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest;
+import com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest;
+import com.google.cloud.security.privateca.v1.ListCaPoolsRequest;
+import com.google.cloud.security.privateca.v1.ListCaPoolsResponse;
+import com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest;
+import com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse;
+import com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest;
+import com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse;
+import com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest;
+import com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse;
+import com.google.cloud.security.privateca.v1.ListCertificatesRequest;
+import com.google.cloud.security.privateca.v1.ListCertificatesResponse;
+import com.google.cloud.security.privateca.v1.OperationMetadata;
+import com.google.cloud.security.privateca.v1.RevokeCertificateRequest;
+import com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest;
+import com.google.cloud.security.privateca.v1.UpdateCaPoolRequest;
+import com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest;
+import com.google.cloud.security.privateca.v1.UpdateCertificateRequest;
+import com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest;
+import com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest;
+import com.google.longrunning.Operation;
+import com.google.longrunning.stub.OperationsStub;
+import com.google.protobuf.Empty;
+import javax.annotation.Generated;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS.
+/**
+ * Base stub class for the CertificateAuthorityService service API.
+ *
+ * <p>This class is for advanced usage and reflects the underlying API directly.
+ */
+@Generated("by gapic-generator-java")
+public abstract class CertificateAuthorityServiceStub implements BackgroundResource {
+
+  public OperationsStub getOperationsStub() {
+    throw new UnsupportedOperationException("Not implemented: getOperationsStub()");
+  }
+
+  public UnaryCallable<CreateCertificateRequest, Certificate> createCertificateCallable() {
+    throw new UnsupportedOperationException("Not implemented: createCertificateCallable()");
+  }
+
+  public UnaryCallable<GetCertificateRequest, Certificate> getCertificateCallable() {
+    throw new UnsupportedOperationException("Not implemented: getCertificateCallable()");
+  }
+
+  public UnaryCallable<ListCertificatesRequest, ListCertificatesPagedResponse>
+      listCertificatesPagedCallable() {
+    throw new UnsupportedOperationException("Not implemented: listCertificatesPagedCallable()");
+  }
+
+  public UnaryCallable<ListCertificatesRequest, ListCertificatesResponse>
+      listCertificatesCallable() {
+    throw new UnsupportedOperationException("Not implemented: listCertificatesCallable()");
+  }
+
+  public UnaryCallable<RevokeCertificateRequest, Certificate> revokeCertificateCallable() {
+    throw new UnsupportedOperationException("Not implemented: revokeCertificateCallable()");
+  }
+
+  public UnaryCallable<UpdateCertificateRequest, Certificate> updateCertificateCallable() {
+    throw new UnsupportedOperationException("Not implemented: updateCertificateCallable()");
+  }
+
+  public OperationCallable<
+          ActivateCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      activateCertificateAuthorityOperationCallable() {
+    throw new UnsupportedOperationException(
+        "Not implemented: activateCertificateAuthorityOperationCallable()");
+  }
+
+  public UnaryCallable<ActivateCertificateAuthorityRequest, Operation>
+      activateCertificateAuthorityCallable() {
+    throw new UnsupportedOperationException(
+        "Not implemented: activateCertificateAuthorityCallable()");
+  }
+
+  public OperationCallable<
+          CreateCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      createCertificateAuthorityOperationCallable() {
+    throw new UnsupportedOperationException(
+        "Not implemented: createCertificateAuthorityOperationCallable()");
+  }
+
+  public UnaryCallable<CreateCertificateAuthorityRequest, Operation>
+      createCertificateAuthorityCallable() {
+    throw new UnsupportedOperationException(
+        "Not implemented: createCertificateAuthorityCallable()");
+  }
+
+  public OperationCallable<
+          DisableCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      disableCertificateAuthorityOperationCallable() {
+    throw new UnsupportedOperationException(
+        "Not implemented: disableCertificateAuthorityOperationCallable()");
+  }
+
+  public UnaryCallable<DisableCertificateAuthorityRequest, Operation>
+      disableCertificateAuthorityCallable() {
+    throw new UnsupportedOperationException(
+        "Not implemented: disableCertificateAuthorityCallable()");
+  }
+
+  public OperationCallable<
+          EnableCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      enableCertificateAuthorityOperationCallable() {
+    throw new UnsupportedOperationException(
+        "Not implemented: enableCertificateAuthorityOperationCallable()");
+  }
+
+  public UnaryCallable<EnableCertificateAuthorityRequest, Operation>
+      enableCertificateAuthorityCallable() {
+    throw new UnsupportedOperationException(
+        "Not implemented: enableCertificateAuthorityCallable()");
+  }
+
+  public UnaryCallable<FetchCertificateAuthorityCsrRequest, FetchCertificateAuthorityCsrResponse>
+      fetchCertificateAuthorityCsrCallable() {
+    throw new UnsupportedOperationException(
+        "Not implemented: fetchCertificateAuthorityCsrCallable()");
+  }
+
+  public UnaryCallable<GetCertificateAuthorityRequest, CertificateAuthority>
+      getCertificateAuthorityCallable() {
+    throw new UnsupportedOperationException("Not implemented: getCertificateAuthorityCallable()");
+  }
+
+  public UnaryCallable<ListCertificateAuthoritiesRequest, ListCertificateAuthoritiesPagedResponse>
+      listCertificateAuthoritiesPagedCallable() {
+    throw new UnsupportedOperationException(
+        "Not implemented: listCertificateAuthoritiesPagedCallable()");
+  }
+
+  public UnaryCallable<ListCertificateAuthoritiesRequest, ListCertificateAuthoritiesResponse>
+      listCertificateAuthoritiesCallable() {
+    throw new UnsupportedOperationException(
+        "Not implemented: listCertificateAuthoritiesCallable()");
+  }
+
+  public OperationCallable<
+          UndeleteCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      undeleteCertificateAuthorityOperationCallable() {
+    throw new UnsupportedOperationException(
+        "Not implemented: undeleteCertificateAuthorityOperationCallable()");
+  }
+
+  public UnaryCallable<UndeleteCertificateAuthorityRequest, Operation>
+      undeleteCertificateAuthorityCallable() {
+    throw new UnsupportedOperationException(
+        "Not implemented: undeleteCertificateAuthorityCallable()");
+  }
+
+  public OperationCallable<
+          DeleteCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      deleteCertificateAuthorityOperationCallable() {
+    throw new UnsupportedOperationException(
+        "Not implemented: deleteCertificateAuthorityOperationCallable()");
+  }
+
+  public UnaryCallable<DeleteCertificateAuthorityRequest, Operation>
+      deleteCertificateAuthorityCallable() {
+    throw new UnsupportedOperationException(
+        "Not implemented: deleteCertificateAuthorityCallable()");
+  }
+
+  public OperationCallable<
+          UpdateCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      updateCertificateAuthorityOperationCallable() {
+    throw new UnsupportedOperationException(
+        "Not implemented: updateCertificateAuthorityOperationCallable()");
+  }
+
+  public UnaryCallable<UpdateCertificateAuthorityRequest, Operation>
+      updateCertificateAuthorityCallable() {
+    throw new UnsupportedOperationException(
+        "Not implemented: updateCertificateAuthorityCallable()");
+  }
+
+  public OperationCallable<CreateCaPoolRequest, CaPool, OperationMetadata>
+      createCaPoolOperationCallable() {
+    throw new UnsupportedOperationException("Not implemented: createCaPoolOperationCallable()");
+  }
+
+  public UnaryCallable<CreateCaPoolRequest, Operation> createCaPoolCallable() {
+    throw new UnsupportedOperationException("Not implemented: createCaPoolCallable()");
+  }
+
+  public OperationCallable<UpdateCaPoolRequest, CaPool, OperationMetadata>
+      updateCaPoolOperationCallable() {
+    throw new UnsupportedOperationException("Not implemented: updateCaPoolOperationCallable()");
+  }
+
+  public UnaryCallable<UpdateCaPoolRequest, Operation> updateCaPoolCallable() {
+    throw new UnsupportedOperationException("Not implemented: updateCaPoolCallable()");
+  }
+
+  public UnaryCallable<GetCaPoolRequest, CaPool> getCaPoolCallable() {
+    throw new UnsupportedOperationException("Not implemented: getCaPoolCallable()");
+  }
+
+  public UnaryCallable<ListCaPoolsRequest, ListCaPoolsPagedResponse> listCaPoolsPagedCallable() {
+    throw new UnsupportedOperationException("Not implemented: listCaPoolsPagedCallable()");
+  }
+
+  public UnaryCallable<ListCaPoolsRequest, ListCaPoolsResponse> listCaPoolsCallable() {
+    throw new UnsupportedOperationException("Not implemented: listCaPoolsCallable()");
+  }
+
+  public OperationCallable<DeleteCaPoolRequest, CaPool, OperationMetadata>
+      deleteCaPoolOperationCallable() {
+    throw new UnsupportedOperationException("Not implemented: deleteCaPoolOperationCallable()");
+  }
+
+  public UnaryCallable<DeleteCaPoolRequest, Operation> deleteCaPoolCallable() {
+    throw new UnsupportedOperationException("Not implemented: deleteCaPoolCallable()");
+  }
+
+  public UnaryCallable<FetchCaCertsRequest, FetchCaCertsResponse> fetchCaCertsCallable() {
+    throw new UnsupportedOperationException("Not implemented: fetchCaCertsCallable()");
+  }
+
+  public UnaryCallable<GetCertificateRevocationListRequest, CertificateRevocationList>
+      getCertificateRevocationListCallable() {
+    throw new UnsupportedOperationException(
+        "Not implemented: getCertificateRevocationListCallable()");
+  }
+
+  public UnaryCallable<
+          ListCertificateRevocationListsRequest, ListCertificateRevocationListsPagedResponse>
+      listCertificateRevocationListsPagedCallable() {
+    throw new UnsupportedOperationException(
+        "Not implemented: listCertificateRevocationListsPagedCallable()");
+  }
+
+  public UnaryCallable<
+          ListCertificateRevocationListsRequest, ListCertificateRevocationListsResponse>
+      listCertificateRevocationListsCallable() {
+    throw new UnsupportedOperationException(
+        "Not implemented: listCertificateRevocationListsCallable()");
+  }
+
+  public OperationCallable<
+          UpdateCertificateRevocationListRequest, CertificateRevocationList, OperationMetadata>
+      updateCertificateRevocationListOperationCallable() {
+    throw new UnsupportedOperationException(
+        "Not implemented: updateCertificateRevocationListOperationCallable()");
+  }
+
+  public UnaryCallable<UpdateCertificateRevocationListRequest, Operation>
+      updateCertificateRevocationListCallable() {
+    throw new UnsupportedOperationException(
+        "Not implemented: updateCertificateRevocationListCallable()");
+  }
+
+  public OperationCallable<CreateCertificateTemplateRequest, CertificateTemplate, OperationMetadata>
+      createCertificateTemplateOperationCallable() {
+    throw new UnsupportedOperationException(
+        "Not implemented: createCertificateTemplateOperationCallable()");
+  }
+
+  public UnaryCallable<CreateCertificateTemplateRequest, Operation>
+      createCertificateTemplateCallable() {
+    throw new UnsupportedOperationException("Not implemented: createCertificateTemplateCallable()");
+  }
+
+  public OperationCallable<DeleteCertificateTemplateRequest, Empty, OperationMetadata>
+      deleteCertificateTemplateOperationCallable() {
+    throw new UnsupportedOperationException(
+        "Not implemented: deleteCertificateTemplateOperationCallable()");
+  }
+
+  public UnaryCallable<DeleteCertificateTemplateRequest, Operation>
+      deleteCertificateTemplateCallable() {
+    throw new UnsupportedOperationException("Not implemented: deleteCertificateTemplateCallable()");
+  }
+
+  public UnaryCallable<GetCertificateTemplateRequest, CertificateTemplate>
+      getCertificateTemplateCallable() {
+    throw new UnsupportedOperationException("Not implemented: getCertificateTemplateCallable()");
+  }
+
+  public UnaryCallable<ListCertificateTemplatesRequest, ListCertificateTemplatesPagedResponse>
+      listCertificateTemplatesPagedCallable() {
+    throw new UnsupportedOperationException(
+        "Not implemented: listCertificateTemplatesPagedCallable()");
+  }
+
+  public UnaryCallable<ListCertificateTemplatesRequest, ListCertificateTemplatesResponse>
+      listCertificateTemplatesCallable() {
+    throw new UnsupportedOperationException("Not implemented: listCertificateTemplatesCallable()");
+  }
+
+  public OperationCallable<UpdateCertificateTemplateRequest, CertificateTemplate, OperationMetadata>
+      updateCertificateTemplateOperationCallable() {
+    throw new UnsupportedOperationException(
+        "Not implemented: updateCertificateTemplateOperationCallable()");
+  }
+
+  public UnaryCallable<UpdateCertificateTemplateRequest, Operation>
+      updateCertificateTemplateCallable() {
+    throw new UnsupportedOperationException("Not implemented: updateCertificateTemplateCallable()");
+  }
+
+  @Override
+  public abstract void close();
+}
diff --git a/google-cloud-security-private-ca/src/main/java/com/google/cloud/security/privateca/v1/stub/CertificateAuthorityServiceStubSettings.java b/google-cloud-security-private-ca/src/main/java/com/google/cloud/security/privateca/v1/stub/CertificateAuthorityServiceStubSettings.java
new file mode 100644
index 00000000..8ffff758
--- /dev/null
+++ b/google-cloud-security-private-ca/src/main/java/com/google/cloud/security/privateca/v1/stub/CertificateAuthorityServiceStubSettings.java
@@ -0,0 +1,2158 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.cloud.security.privateca.v1.stub;
+
+import static com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient.ListCaPoolsPagedResponse;
+import static com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient.ListCertificateAuthoritiesPagedResponse;
+import static com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient.ListCertificateRevocationListsPagedResponse;
+import static com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient.ListCertificateTemplatesPagedResponse;
+import static com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient.ListCertificatesPagedResponse;
+
+import com.google.api.core.ApiFunction;
+import com.google.api.core.ApiFuture;
+import com.google.api.core.BetaApi;
+import com.google.api.gax.core.GaxProperties;
+import com.google.api.gax.core.GoogleCredentialsProvider;
+import com.google.api.gax.core.InstantiatingExecutorProvider;
+import com.google.api.gax.grpc.GaxGrpcProperties;
+import com.google.api.gax.grpc.GrpcTransportChannel;
+import com.google.api.gax.grpc.InstantiatingGrpcChannelProvider;
+import com.google.api.gax.grpc.ProtoOperationTransformers;
+import com.google.api.gax.longrunning.OperationSnapshot;
+import com.google.api.gax.longrunning.OperationTimedPollAlgorithm;
+import com.google.api.gax.retrying.RetrySettings;
+import com.google.api.gax.rpc.ApiCallContext;
+import com.google.api.gax.rpc.ApiClientHeaderProvider;
+import com.google.api.gax.rpc.ClientContext;
+import com.google.api.gax.rpc.OperationCallSettings;
+import com.google.api.gax.rpc.PageContext;
+import com.google.api.gax.rpc.PagedCallSettings;
+import com.google.api.gax.rpc.PagedListDescriptor;
+import com.google.api.gax.rpc.PagedListResponseFactory;
+import com.google.api.gax.rpc.StatusCode;
+import com.google.api.gax.rpc.StubSettings;
+import com.google.api.gax.rpc.TransportChannelProvider;
+import com.google.api.gax.rpc.UnaryCallSettings;
+import com.google.api.gax.rpc.UnaryCallable;
+import com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest;
+import com.google.cloud.security.privateca.v1.CaPool;
+import com.google.cloud.security.privateca.v1.Certificate;
+import com.google.cloud.security.privateca.v1.CertificateAuthority;
+import com.google.cloud.security.privateca.v1.CertificateRevocationList;
+import com.google.cloud.security.privateca.v1.CertificateTemplate;
+import com.google.cloud.security.privateca.v1.CreateCaPoolRequest;
+import com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest;
+import com.google.cloud.security.privateca.v1.CreateCertificateRequest;
+import com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest;
+import com.google.cloud.security.privateca.v1.DeleteCaPoolRequest;
+import com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest;
+import com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest;
+import com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest;
+import com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest;
+import com.google.cloud.security.privateca.v1.FetchCaCertsRequest;
+import com.google.cloud.security.privateca.v1.FetchCaCertsResponse;
+import com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest;
+import com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse;
+import com.google.cloud.security.privateca.v1.GetCaPoolRequest;
+import com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest;
+import com.google.cloud.security.privateca.v1.GetCertificateRequest;
+import com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest;
+import com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest;
+import com.google.cloud.security.privateca.v1.ListCaPoolsRequest;
+import com.google.cloud.security.privateca.v1.ListCaPoolsResponse;
+import com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest;
+import com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse;
+import com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest;
+import com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse;
+import com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest;
+import com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse;
+import com.google.cloud.security.privateca.v1.ListCertificatesRequest;
+import com.google.cloud.security.privateca.v1.ListCertificatesResponse;
+import com.google.cloud.security.privateca.v1.OperationMetadata;
+import com.google.cloud.security.privateca.v1.RevokeCertificateRequest;
+import com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest;
+import com.google.cloud.security.privateca.v1.UpdateCaPoolRequest;
+import com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest;
+import com.google.cloud.security.privateca.v1.UpdateCertificateRequest;
+import com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest;
+import com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
+import com.google.common.collect.Lists;
+import com.google.longrunning.Operation;
+import com.google.protobuf.Empty;
+import java.io.IOException;
+import java.util.List;
+import javax.annotation.Generated;
+import org.threeten.bp.Duration;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS.
+/**
+ * Settings class to configure an instance of {@link CertificateAuthorityServiceStub}.
+ *
+ * <p>The default instance has everything set to sensible defaults:
+ *
+ * <ul>
+ *   <li>The default service address (privateca.googleapis.com) and default port (443) are used.
+ *   <li>Credentials are acquired automatically through Application Default Credentials.
+ *   <li>Retries are configured for idempotent methods but not for non-idempotent methods.
+ * </ul>
+ *
+ * <p>The builder of this class is recursive, so contained classes are themselves builders. When
+ * build() is called, the tree of builders is called to create the complete settings object.
+ *
+ * <p>For example, to set the total timeout of createCertificate to 30 seconds:
+ *
+ * <pre>{@code
+ * CertificateAuthorityServiceStubSettings.Builder certificateAuthorityServiceSettingsBuilder =
+ *     CertificateAuthorityServiceStubSettings.newBuilder();
+ * certificateAuthorityServiceSettingsBuilder
+ *     .createCertificateSettings()
+ *     .setRetrySettings(
+ *         certificateAuthorityServiceSettingsBuilder
+ *             .createCertificateSettings()
+ *             .getRetrySettings()
+ *             .toBuilder()
+ *             .setTotalTimeout(Duration.ofSeconds(30))
+ *             .build());
+ * CertificateAuthorityServiceStubSettings certificateAuthorityServiceSettings =
+ *     certificateAuthorityServiceSettingsBuilder.build();
+ * }</pre>
+ */
+@Generated("by gapic-generator-java")
+public class CertificateAuthorityServiceStubSettings
+    extends StubSettings<CertificateAuthorityServiceStubSettings> {
+  /** The default scopes of the service. */
+  private static final ImmutableList<String> DEFAULT_SERVICE_SCOPES =
+      ImmutableList.<String>builder().add("https://www.googleapis.com/auth/cloud-platform").build();
+
+  private final UnaryCallSettings<CreateCertificateRequest, Certificate> createCertificateSettings;
+  private final UnaryCallSettings<GetCertificateRequest, Certificate> getCertificateSettings;
+  private final PagedCallSettings<
+          ListCertificatesRequest, ListCertificatesResponse, ListCertificatesPagedResponse>
+      listCertificatesSettings;
+  private final UnaryCallSettings<RevokeCertificateRequest, Certificate> revokeCertificateSettings;
+  private final UnaryCallSettings<UpdateCertificateRequest, Certificate> updateCertificateSettings;
+  private final UnaryCallSettings<ActivateCertificateAuthorityRequest, Operation>
+      activateCertificateAuthoritySettings;
+  private final OperationCallSettings<
+          ActivateCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      activateCertificateAuthorityOperationSettings;
+  private final UnaryCallSettings<CreateCertificateAuthorityRequest, Operation>
+      createCertificateAuthoritySettings;
+  private final OperationCallSettings<
+          CreateCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      createCertificateAuthorityOperationSettings;
+  private final UnaryCallSettings<DisableCertificateAuthorityRequest, Operation>
+      disableCertificateAuthoritySettings;
+  private final OperationCallSettings<
+          DisableCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      disableCertificateAuthorityOperationSettings;
+  private final UnaryCallSettings<EnableCertificateAuthorityRequest, Operation>
+      enableCertificateAuthoritySettings;
+  private final OperationCallSettings<
+          EnableCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      enableCertificateAuthorityOperationSettings;
+  private final UnaryCallSettings<
+          FetchCertificateAuthorityCsrRequest, FetchCertificateAuthorityCsrResponse>
+      fetchCertificateAuthorityCsrSettings;
+  private final UnaryCallSettings<GetCertificateAuthorityRequest, CertificateAuthority>
+      getCertificateAuthoritySettings;
+  private final PagedCallSettings<
+          ListCertificateAuthoritiesRequest,
+          ListCertificateAuthoritiesResponse,
+          ListCertificateAuthoritiesPagedResponse>
+      listCertificateAuthoritiesSettings;
+  private final UnaryCallSettings<UndeleteCertificateAuthorityRequest, Operation>
+      undeleteCertificateAuthoritySettings;
+  private final OperationCallSettings<
+          UndeleteCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      undeleteCertificateAuthorityOperationSettings;
+  private final UnaryCallSettings<DeleteCertificateAuthorityRequest, Operation>
+      deleteCertificateAuthoritySettings;
+  private final OperationCallSettings<
+          DeleteCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      deleteCertificateAuthorityOperationSettings;
+  private final UnaryCallSettings<UpdateCertificateAuthorityRequest, Operation>
+      updateCertificateAuthoritySettings;
+  private final OperationCallSettings<
+          UpdateCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      updateCertificateAuthorityOperationSettings;
+  private final UnaryCallSettings<CreateCaPoolRequest, Operation> createCaPoolSettings;
+  private final OperationCallSettings<CreateCaPoolRequest, CaPool, OperationMetadata>
+      createCaPoolOperationSettings;
+  private final UnaryCallSettings<UpdateCaPoolRequest, Operation> updateCaPoolSettings;
+  private final OperationCallSettings<UpdateCaPoolRequest, CaPool, OperationMetadata>
+      updateCaPoolOperationSettings;
+  private final UnaryCallSettings<GetCaPoolRequest, CaPool> getCaPoolSettings;
+  private final PagedCallSettings<ListCaPoolsRequest, ListCaPoolsResponse, ListCaPoolsPagedResponse>
+      listCaPoolsSettings;
+  private final UnaryCallSettings<DeleteCaPoolRequest, Operation> deleteCaPoolSettings;
+  private final OperationCallSettings<DeleteCaPoolRequest, CaPool, OperationMetadata>
+      deleteCaPoolOperationSettings;
+  private final UnaryCallSettings<FetchCaCertsRequest, FetchCaCertsResponse> fetchCaCertsSettings;
+  private final UnaryCallSettings<GetCertificateRevocationListRequest, CertificateRevocationList>
+      getCertificateRevocationListSettings;
+  private final PagedCallSettings<
+          ListCertificateRevocationListsRequest,
+          ListCertificateRevocationListsResponse,
+          ListCertificateRevocationListsPagedResponse>
+      listCertificateRevocationListsSettings;
+  private final UnaryCallSettings<UpdateCertificateRevocationListRequest, Operation>
+      updateCertificateRevocationListSettings;
+  private final OperationCallSettings<
+          UpdateCertificateRevocationListRequest, CertificateRevocationList, OperationMetadata>
+      updateCertificateRevocationListOperationSettings;
+  private final UnaryCallSettings<CreateCertificateTemplateRequest, Operation>
+      createCertificateTemplateSettings;
+  private final OperationCallSettings<
+          CreateCertificateTemplateRequest, CertificateTemplate, OperationMetadata>
+      createCertificateTemplateOperationSettings;
+  private final UnaryCallSettings<DeleteCertificateTemplateRequest, Operation>
+      deleteCertificateTemplateSettings;
+  private final OperationCallSettings<DeleteCertificateTemplateRequest, Empty, OperationMetadata>
+      deleteCertificateTemplateOperationSettings;
+  private final UnaryCallSettings<GetCertificateTemplateRequest, CertificateTemplate>
+      getCertificateTemplateSettings;
+  private final PagedCallSettings<
+          ListCertificateTemplatesRequest,
+          ListCertificateTemplatesResponse,
+          ListCertificateTemplatesPagedResponse>
+      listCertificateTemplatesSettings;
+  private final UnaryCallSettings<UpdateCertificateTemplateRequest, Operation>
+      updateCertificateTemplateSettings;
+  private final OperationCallSettings<
+          UpdateCertificateTemplateRequest, CertificateTemplate, OperationMetadata>
+      updateCertificateTemplateOperationSettings;
+
+  private static final PagedListDescriptor<
+          ListCertificatesRequest, ListCertificatesResponse, Certificate>
+      LIST_CERTIFICATES_PAGE_STR_DESC =
+          new PagedListDescriptor<
+              ListCertificatesRequest, ListCertificatesResponse, Certificate>() {
+            @Override
+            public String emptyToken() {
+              return "";
+            }
+
+            @Override
+            public ListCertificatesRequest injectToken(
+                ListCertificatesRequest payload, String token) {
+              return ListCertificatesRequest.newBuilder(payload).setPageToken(token).build();
+            }
+
+            @Override
+            public ListCertificatesRequest injectPageSize(
+                ListCertificatesRequest payload, int pageSize) {
+              return ListCertificatesRequest.newBuilder(payload).setPageSize(pageSize).build();
+            }
+
+            @Override
+            public Integer extractPageSize(ListCertificatesRequest payload) {
+              return payload.getPageSize();
+            }
+
+            @Override
+            public String extractNextToken(ListCertificatesResponse payload) {
+              return payload.getNextPageToken();
+            }
+
+            @Override
+            public Iterable<Certificate> extractResources(ListCertificatesResponse payload) {
+              return payload.getCertificatesList() == null
+                  ? ImmutableList.<Certificate>of()
+                  : payload.getCertificatesList();
+            }
+          };
+
+  private static final PagedListDescriptor<
+          ListCertificateAuthoritiesRequest,
+          ListCertificateAuthoritiesResponse,
+          CertificateAuthority>
+      LIST_CERTIFICATE_AUTHORITIES_PAGE_STR_DESC =
+          new PagedListDescriptor<
+              ListCertificateAuthoritiesRequest,
+              ListCertificateAuthoritiesResponse,
+              CertificateAuthority>() {
+            @Override
+            public String emptyToken() {
+              return "";
+            }
+
+            @Override
+            public ListCertificateAuthoritiesRequest injectToken(
+                ListCertificateAuthoritiesRequest payload, String token) {
+              return ListCertificateAuthoritiesRequest.newBuilder(payload)
+                  .setPageToken(token)
+                  .build();
+            }
+
+            @Override
+            public ListCertificateAuthoritiesRequest injectPageSize(
+                ListCertificateAuthoritiesRequest payload, int pageSize) {
+              return ListCertificateAuthoritiesRequest.newBuilder(payload)
+                  .setPageSize(pageSize)
+                  .build();
+            }
+
+            @Override
+            public Integer extractPageSize(ListCertificateAuthoritiesRequest payload) {
+              return payload.getPageSize();
+            }
+
+            @Override
+            public String extractNextToken(ListCertificateAuthoritiesResponse payload) {
+              return payload.getNextPageToken();
+            }
+
+            @Override
+            public Iterable<CertificateAuthority> extractResources(
+                ListCertificateAuthoritiesResponse payload) {
+              return payload.getCertificateAuthoritiesList() == null
+                  ? ImmutableList.<CertificateAuthority>of()
+                  : payload.getCertificateAuthoritiesList();
+            }
+          };
+
+  private static final PagedListDescriptor<ListCaPoolsRequest, ListCaPoolsResponse, CaPool>
+      LIST_CA_POOLS_PAGE_STR_DESC =
+          new PagedListDescriptor<ListCaPoolsRequest, ListCaPoolsResponse, CaPool>() {
+            @Override
+            public String emptyToken() {
+              return "";
+            }
+
+            @Override
+            public ListCaPoolsRequest injectToken(ListCaPoolsRequest payload, String token) {
+              return ListCaPoolsRequest.newBuilder(payload).setPageToken(token).build();
+            }
+
+            @Override
+            public ListCaPoolsRequest injectPageSize(ListCaPoolsRequest payload, int pageSize) {
+              return ListCaPoolsRequest.newBuilder(payload).setPageSize(pageSize).build();
+            }
+
+            @Override
+            public Integer extractPageSize(ListCaPoolsRequest payload) {
+              return payload.getPageSize();
+            }
+
+            @Override
+            public String extractNextToken(ListCaPoolsResponse payload) {
+              return payload.getNextPageToken();
+            }
+
+            @Override
+            public Iterable<CaPool> extractResources(ListCaPoolsResponse payload) {
+              return payload.getCaPoolsList() == null
+                  ? ImmutableList.<CaPool>of()
+                  : payload.getCaPoolsList();
+            }
+          };
+
+  private static final PagedListDescriptor<
+          ListCertificateRevocationListsRequest,
+          ListCertificateRevocationListsResponse,
+          CertificateRevocationList>
+      LIST_CERTIFICATE_REVOCATION_LISTS_PAGE_STR_DESC =
+          new PagedListDescriptor<
+              ListCertificateRevocationListsRequest,
+              ListCertificateRevocationListsResponse,
+              CertificateRevocationList>() {
+            @Override
+            public String emptyToken() {
+              return "";
+            }
+
+            @Override
+            public ListCertificateRevocationListsRequest injectToken(
+                ListCertificateRevocationListsRequest payload, String token) {
+              return ListCertificateRevocationListsRequest.newBuilder(payload)
+                  .setPageToken(token)
+                  .build();
+            }
+
+            @Override
+            public ListCertificateRevocationListsRequest injectPageSize(
+                ListCertificateRevocationListsRequest payload, int pageSize) {
+              return ListCertificateRevocationListsRequest.newBuilder(payload)
+                  .setPageSize(pageSize)
+                  .build();
+            }
+
+            @Override
+            public Integer extractPageSize(ListCertificateRevocationListsRequest payload) {
+              return payload.getPageSize();
+            }
+
+            @Override
+            public String extractNextToken(ListCertificateRevocationListsResponse payload) {
+              return payload.getNextPageToken();
+            }
+
+            @Override
+            public Iterable<CertificateRevocationList> extractResources(
+                ListCertificateRevocationListsResponse payload) {
+              return payload.getCertificateRevocationListsList() == null
+                  ? ImmutableList.<CertificateRevocationList>of()
+                  : payload.getCertificateRevocationListsList();
+            }
+          };
+
+  private static final PagedListDescriptor<
+          ListCertificateTemplatesRequest, ListCertificateTemplatesResponse, CertificateTemplate>
+      LIST_CERTIFICATE_TEMPLATES_PAGE_STR_DESC =
+          new PagedListDescriptor<
+              ListCertificateTemplatesRequest,
+              ListCertificateTemplatesResponse,
+              CertificateTemplate>() {
+            @Override
+            public String emptyToken() {
+              return "";
+            }
+
+            @Override
+            public ListCertificateTemplatesRequest injectToken(
+                ListCertificateTemplatesRequest payload, String token) {
+              return ListCertificateTemplatesRequest.newBuilder(payload)
+                  .setPageToken(token)
+                  .build();
+            }
+
+            @Override
+            public ListCertificateTemplatesRequest injectPageSize(
+                ListCertificateTemplatesRequest payload, int pageSize) {
+              return ListCertificateTemplatesRequest.newBuilder(payload)
+                  .setPageSize(pageSize)
+                  .build();
+            }
+
+            @Override
+            public Integer extractPageSize(ListCertificateTemplatesRequest payload) {
+              return payload.getPageSize();
+            }
+
+            @Override
+            public String extractNextToken(ListCertificateTemplatesResponse payload) {
+              return payload.getNextPageToken();
+            }
+
+            @Override
+            public Iterable<CertificateTemplate> extractResources(
+                ListCertificateTemplatesResponse payload) {
+              return payload.getCertificateTemplatesList() == null
+                  ? ImmutableList.<CertificateTemplate>of()
+                  : payload.getCertificateTemplatesList();
+            }
+          };
+
+  private static final PagedListResponseFactory<
+          ListCertificatesRequest, ListCertificatesResponse, ListCertificatesPagedResponse>
+      LIST_CERTIFICATES_PAGE_STR_FACT =
+          new PagedListResponseFactory<
+              ListCertificatesRequest, ListCertificatesResponse, ListCertificatesPagedResponse>() {
+            @Override
+            public ApiFuture<ListCertificatesPagedResponse> getFuturePagedResponse(
+                UnaryCallable<ListCertificatesRequest, ListCertificatesResponse> callable,
+                ListCertificatesRequest request,
+                ApiCallContext context,
+                ApiFuture<ListCertificatesResponse> futureResponse) {
+              PageContext<ListCertificatesRequest, ListCertificatesResponse, Certificate>
+                  pageContext =
+                      PageContext.create(
+                          callable, LIST_CERTIFICATES_PAGE_STR_DESC, request, context);
+              return ListCertificatesPagedResponse.createAsync(pageContext, futureResponse);
+            }
+          };
+
+  private static final PagedListResponseFactory<
+          ListCertificateAuthoritiesRequest,
+          ListCertificateAuthoritiesResponse,
+          ListCertificateAuthoritiesPagedResponse>
+      LIST_CERTIFICATE_AUTHORITIES_PAGE_STR_FACT =
+          new PagedListResponseFactory<
+              ListCertificateAuthoritiesRequest,
+              ListCertificateAuthoritiesResponse,
+              ListCertificateAuthoritiesPagedResponse>() {
+            @Override
+            public ApiFuture<ListCertificateAuthoritiesPagedResponse> getFuturePagedResponse(
+                UnaryCallable<ListCertificateAuthoritiesRequest, ListCertificateAuthoritiesResponse>
+                    callable,
+                ListCertificateAuthoritiesRequest request,
+                ApiCallContext context,
+                ApiFuture<ListCertificateAuthoritiesResponse> futureResponse) {
+              PageContext<
+                      ListCertificateAuthoritiesRequest,
+                      ListCertificateAuthoritiesResponse,
+                      CertificateAuthority>
+                  pageContext =
+                      PageContext.create(
+                          callable, LIST_CERTIFICATE_AUTHORITIES_PAGE_STR_DESC, request, context);
+              return ListCertificateAuthoritiesPagedResponse.createAsync(
+                  pageContext, futureResponse);
+            }
+          };
+
+  private static final PagedListResponseFactory<
+          ListCaPoolsRequest, ListCaPoolsResponse, ListCaPoolsPagedResponse>
+      LIST_CA_POOLS_PAGE_STR_FACT =
+          new PagedListResponseFactory<
+              ListCaPoolsRequest, ListCaPoolsResponse, ListCaPoolsPagedResponse>() {
+            @Override
+            public ApiFuture<ListCaPoolsPagedResponse> getFuturePagedResponse(
+                UnaryCallable<ListCaPoolsRequest, ListCaPoolsResponse> callable,
+                ListCaPoolsRequest request,
+                ApiCallContext context,
+                ApiFuture<ListCaPoolsResponse> futureResponse) {
+              PageContext<ListCaPoolsRequest, ListCaPoolsResponse, CaPool> pageContext =
+                  PageContext.create(callable, LIST_CA_POOLS_PAGE_STR_DESC, request, context);
+              return ListCaPoolsPagedResponse.createAsync(pageContext, futureResponse);
+            }
+          };
+
+  private static final PagedListResponseFactory<
+          ListCertificateRevocationListsRequest,
+          ListCertificateRevocationListsResponse,
+          ListCertificateRevocationListsPagedResponse>
+      LIST_CERTIFICATE_REVOCATION_LISTS_PAGE_STR_FACT =
+          new PagedListResponseFactory<
+              ListCertificateRevocationListsRequest,
+              ListCertificateRevocationListsResponse,
+              ListCertificateRevocationListsPagedResponse>() {
+            @Override
+            public ApiFuture<ListCertificateRevocationListsPagedResponse> getFuturePagedResponse(
+                UnaryCallable<
+                        ListCertificateRevocationListsRequest,
+                        ListCertificateRevocationListsResponse>
+                    callable,
+                ListCertificateRevocationListsRequest request,
+                ApiCallContext context,
+                ApiFuture<ListCertificateRevocationListsResponse> futureResponse) {
+              PageContext<
+                      ListCertificateRevocationListsRequest,
+                      ListCertificateRevocationListsResponse,
+                      CertificateRevocationList>
+                  pageContext =
+                      PageContext.create(
+                          callable,
+                          LIST_CERTIFICATE_REVOCATION_LISTS_PAGE_STR_DESC,
+                          request,
+                          context);
+              return ListCertificateRevocationListsPagedResponse.createAsync(
+                  pageContext, futureResponse);
+            }
+          };
+
+  private static final PagedListResponseFactory<
+          ListCertificateTemplatesRequest,
+          ListCertificateTemplatesResponse,
+          ListCertificateTemplatesPagedResponse>
+      LIST_CERTIFICATE_TEMPLATES_PAGE_STR_FACT =
+          new PagedListResponseFactory<
+              ListCertificateTemplatesRequest,
+              ListCertificateTemplatesResponse,
+              ListCertificateTemplatesPagedResponse>() {
+            @Override
+            public ApiFuture<ListCertificateTemplatesPagedResponse> getFuturePagedResponse(
+                UnaryCallable<ListCertificateTemplatesRequest, ListCertificateTemplatesResponse>
+                    callable,
+                ListCertificateTemplatesRequest request,
+                ApiCallContext context,
+                ApiFuture<ListCertificateTemplatesResponse> futureResponse) {
+              PageContext<
+                      ListCertificateTemplatesRequest,
+                      ListCertificateTemplatesResponse,
+                      CertificateTemplate>
+                  pageContext =
+                      PageContext.create(
+                          callable, LIST_CERTIFICATE_TEMPLATES_PAGE_STR_DESC, request, context);
+              return ListCertificateTemplatesPagedResponse.createAsync(pageContext, futureResponse);
+            }
+          };
+
+  /** Returns the object with the settings used for calls to createCertificate. */
+  public UnaryCallSettings<CreateCertificateRequest, Certificate> createCertificateSettings() {
+    return createCertificateSettings;
+  }
+
+  /** Returns the object with the settings used for calls to getCertificate. */
+  public UnaryCallSettings<GetCertificateRequest, Certificate> getCertificateSettings() {
+    return getCertificateSettings;
+  }
+
+  /** Returns the object with the settings used for calls to listCertificates. */
+  public PagedCallSettings<
+          ListCertificatesRequest, ListCertificatesResponse, ListCertificatesPagedResponse>
+      listCertificatesSettings() {
+    return listCertificatesSettings;
+  }
+
+  /** Returns the object with the settings used for calls to revokeCertificate. */
+  public UnaryCallSettings<RevokeCertificateRequest, Certificate> revokeCertificateSettings() {
+    return revokeCertificateSettings;
+  }
+
+  /** Returns the object with the settings used for calls to updateCertificate. */
+  public UnaryCallSettings<UpdateCertificateRequest, Certificate> updateCertificateSettings() {
+    return updateCertificateSettings;
+  }
+
+  /** Returns the object with the settings used for calls to activateCertificateAuthority. */
+  public UnaryCallSettings<ActivateCertificateAuthorityRequest, Operation>
+      activateCertificateAuthoritySettings() {
+    return activateCertificateAuthoritySettings;
+  }
+
+  /** Returns the object with the settings used for calls to activateCertificateAuthority. */
+  public OperationCallSettings<
+          ActivateCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      activateCertificateAuthorityOperationSettings() {
+    return activateCertificateAuthorityOperationSettings;
+  }
+
+  /** Returns the object with the settings used for calls to createCertificateAuthority. */
+  public UnaryCallSettings<CreateCertificateAuthorityRequest, Operation>
+      createCertificateAuthoritySettings() {
+    return createCertificateAuthoritySettings;
+  }
+
+  /** Returns the object with the settings used for calls to createCertificateAuthority. */
+  public OperationCallSettings<
+          CreateCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      createCertificateAuthorityOperationSettings() {
+    return createCertificateAuthorityOperationSettings;
+  }
+
+  /** Returns the object with the settings used for calls to disableCertificateAuthority. */
+  public UnaryCallSettings<DisableCertificateAuthorityRequest, Operation>
+      disableCertificateAuthoritySettings() {
+    return disableCertificateAuthoritySettings;
+  }
+
+  /** Returns the object with the settings used for calls to disableCertificateAuthority. */
+  public OperationCallSettings<
+          DisableCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      disableCertificateAuthorityOperationSettings() {
+    return disableCertificateAuthorityOperationSettings;
+  }
+
+  /** Returns the object with the settings used for calls to enableCertificateAuthority. */
+  public UnaryCallSettings<EnableCertificateAuthorityRequest, Operation>
+      enableCertificateAuthoritySettings() {
+    return enableCertificateAuthoritySettings;
+  }
+
+  /** Returns the object with the settings used for calls to enableCertificateAuthority. */
+  public OperationCallSettings<
+          EnableCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      enableCertificateAuthorityOperationSettings() {
+    return enableCertificateAuthorityOperationSettings;
+  }
+
+  /** Returns the object with the settings used for calls to fetchCertificateAuthorityCsr. */
+  public UnaryCallSettings<
+          FetchCertificateAuthorityCsrRequest, FetchCertificateAuthorityCsrResponse>
+      fetchCertificateAuthorityCsrSettings() {
+    return fetchCertificateAuthorityCsrSettings;
+  }
+
+  /** Returns the object with the settings used for calls to getCertificateAuthority. */
+  public UnaryCallSettings<GetCertificateAuthorityRequest, CertificateAuthority>
+      getCertificateAuthoritySettings() {
+    return getCertificateAuthoritySettings;
+  }
+
+  /** Returns the object with the settings used for calls to listCertificateAuthorities. */
+  public PagedCallSettings<
+          ListCertificateAuthoritiesRequest,
+          ListCertificateAuthoritiesResponse,
+          ListCertificateAuthoritiesPagedResponse>
+      listCertificateAuthoritiesSettings() {
+    return listCertificateAuthoritiesSettings;
+  }
+
+  /** Returns the object with the settings used for calls to undeleteCertificateAuthority. */
+  public UnaryCallSettings<UndeleteCertificateAuthorityRequest, Operation>
+      undeleteCertificateAuthoritySettings() {
+    return undeleteCertificateAuthoritySettings;
+  }
+
+  /** Returns the object with the settings used for calls to undeleteCertificateAuthority. */
+  public OperationCallSettings<
+          UndeleteCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      undeleteCertificateAuthorityOperationSettings() {
+    return undeleteCertificateAuthorityOperationSettings;
+  }
+
+  /** Returns the object with the settings used for calls to deleteCertificateAuthority. */
+  public UnaryCallSettings<DeleteCertificateAuthorityRequest, Operation>
+      deleteCertificateAuthoritySettings() {
+    return deleteCertificateAuthoritySettings;
+  }
+
+  /** Returns the object with the settings used for calls to deleteCertificateAuthority. */
+  public OperationCallSettings<
+          DeleteCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      deleteCertificateAuthorityOperationSettings() {
+    return deleteCertificateAuthorityOperationSettings;
+  }
+
+  /** Returns the object with the settings used for calls to updateCertificateAuthority. */
+  public UnaryCallSettings<UpdateCertificateAuthorityRequest, Operation>
+      updateCertificateAuthoritySettings() {
+    return updateCertificateAuthoritySettings;
+  }
+
+  /** Returns the object with the settings used for calls to updateCertificateAuthority. */
+  public OperationCallSettings<
+          UpdateCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      updateCertificateAuthorityOperationSettings() {
+    return updateCertificateAuthorityOperationSettings;
+  }
+
+  /** Returns the object with the settings used for calls to createCaPool. */
+  public UnaryCallSettings<CreateCaPoolRequest, Operation> createCaPoolSettings() {
+    return createCaPoolSettings;
+  }
+
+  /** Returns the object with the settings used for calls to createCaPool. */
+  public OperationCallSettings<CreateCaPoolRequest, CaPool, OperationMetadata>
+      createCaPoolOperationSettings() {
+    return createCaPoolOperationSettings;
+  }
+
+  /** Returns the object with the settings used for calls to updateCaPool. */
+  public UnaryCallSettings<UpdateCaPoolRequest, Operation> updateCaPoolSettings() {
+    return updateCaPoolSettings;
+  }
+
+  /** Returns the object with the settings used for calls to updateCaPool. */
+  public OperationCallSettings<UpdateCaPoolRequest, CaPool, OperationMetadata>
+      updateCaPoolOperationSettings() {
+    return updateCaPoolOperationSettings;
+  }
+
+  /** Returns the object with the settings used for calls to getCaPool. */
+  public UnaryCallSettings<GetCaPoolRequest, CaPool> getCaPoolSettings() {
+    return getCaPoolSettings;
+  }
+
+  /** Returns the object with the settings used for calls to listCaPools. */
+  public PagedCallSettings<ListCaPoolsRequest, ListCaPoolsResponse, ListCaPoolsPagedResponse>
+      listCaPoolsSettings() {
+    return listCaPoolsSettings;
+  }
+
+  /** Returns the object with the settings used for calls to deleteCaPool. */
+  public UnaryCallSettings<DeleteCaPoolRequest, Operation> deleteCaPoolSettings() {
+    return deleteCaPoolSettings;
+  }
+
+  /** Returns the object with the settings used for calls to deleteCaPool. */
+  public OperationCallSettings<DeleteCaPoolRequest, CaPool, OperationMetadata>
+      deleteCaPoolOperationSettings() {
+    return deleteCaPoolOperationSettings;
+  }
+
+  /** Returns the object with the settings used for calls to fetchCaCerts. */
+  public UnaryCallSettings<FetchCaCertsRequest, FetchCaCertsResponse> fetchCaCertsSettings() {
+    return fetchCaCertsSettings;
+  }
+
+  /** Returns the object with the settings used for calls to getCertificateRevocationList. */
+  public UnaryCallSettings<GetCertificateRevocationListRequest, CertificateRevocationList>
+      getCertificateRevocationListSettings() {
+    return getCertificateRevocationListSettings;
+  }
+
+  /** Returns the object with the settings used for calls to listCertificateRevocationLists. */
+  public PagedCallSettings<
+          ListCertificateRevocationListsRequest,
+          ListCertificateRevocationListsResponse,
+          ListCertificateRevocationListsPagedResponse>
+      listCertificateRevocationListsSettings() {
+    return listCertificateRevocationListsSettings;
+  }
+
+  /** Returns the object with the settings used for calls to updateCertificateRevocationList. */
+  public UnaryCallSettings<UpdateCertificateRevocationListRequest, Operation>
+      updateCertificateRevocationListSettings() {
+    return updateCertificateRevocationListSettings;
+  }
+
+  /** Returns the object with the settings used for calls to updateCertificateRevocationList. */
+  public OperationCallSettings<
+          UpdateCertificateRevocationListRequest, CertificateRevocationList, OperationMetadata>
+      updateCertificateRevocationListOperationSettings() {
+    return updateCertificateRevocationListOperationSettings;
+  }
+
+  /** Returns the object with the settings used for calls to createCertificateTemplate. */
+  public UnaryCallSettings<CreateCertificateTemplateRequest, Operation>
+      createCertificateTemplateSettings() {
+    return createCertificateTemplateSettings;
+  }
+
+  /** Returns the object with the settings used for calls to createCertificateTemplate. */
+  public OperationCallSettings<
+          CreateCertificateTemplateRequest, CertificateTemplate, OperationMetadata>
+      createCertificateTemplateOperationSettings() {
+    return createCertificateTemplateOperationSettings;
+  }
+
+  /** Returns the object with the settings used for calls to deleteCertificateTemplate. */
+  public UnaryCallSettings<DeleteCertificateTemplateRequest, Operation>
+      deleteCertificateTemplateSettings() {
+    return deleteCertificateTemplateSettings;
+  }
+
+  /** Returns the object with the settings used for calls to deleteCertificateTemplate. */
+  public OperationCallSettings<DeleteCertificateTemplateRequest, Empty, OperationMetadata>
+      deleteCertificateTemplateOperationSettings() {
+    return deleteCertificateTemplateOperationSettings;
+  }
+
+  /** Returns the object with the settings used for calls to getCertificateTemplate. */
+  public UnaryCallSettings<GetCertificateTemplateRequest, CertificateTemplate>
+      getCertificateTemplateSettings() {
+    return getCertificateTemplateSettings;
+  }
+
+  /** Returns the object with the settings used for calls to listCertificateTemplates. */
+  public PagedCallSettings<
+          ListCertificateTemplatesRequest,
+          ListCertificateTemplatesResponse,
+          ListCertificateTemplatesPagedResponse>
+      listCertificateTemplatesSettings() {
+    return listCertificateTemplatesSettings;
+  }
+
+  /** Returns the object with the settings used for calls to updateCertificateTemplate. */
+  public UnaryCallSettings<UpdateCertificateTemplateRequest, Operation>
+      updateCertificateTemplateSettings() {
+    return updateCertificateTemplateSettings;
+  }
+
+  /** Returns the object with the settings used for calls to updateCertificateTemplate. */
+  public OperationCallSettings<
+          UpdateCertificateTemplateRequest, CertificateTemplate, OperationMetadata>
+      updateCertificateTemplateOperationSettings() {
+    return updateCertificateTemplateOperationSettings;
+  }
+
+  @BetaApi("A restructuring of stub classes is planned, so this may break in the future")
+  public CertificateAuthorityServiceStub createStub() throws IOException {
+    if (getTransportChannelProvider()
+        .getTransportName()
+        .equals(GrpcTransportChannel.getGrpcTransportName())) {
+      return GrpcCertificateAuthorityServiceStub.create(this);
+    }
+    throw new UnsupportedOperationException(
+        String.format(
+            "Transport not supported: %s", getTransportChannelProvider().getTransportName()));
+  }
+
+  /** Returns a builder for the default ExecutorProvider for this service. */
+  public static InstantiatingExecutorProvider.Builder defaultExecutorProviderBuilder() {
+    return InstantiatingExecutorProvider.newBuilder();
+  }
+
+  /** Returns the default service endpoint. */
+  public static String getDefaultEndpoint() {
+    return "privateca.googleapis.com:443";
+  }
+
+  /** Returns the default service scopes. */
+  public static List<String> getDefaultServiceScopes() {
+    return DEFAULT_SERVICE_SCOPES;
+  }
+
+  /** Returns a builder for the default credentials for this service. */
+  public static GoogleCredentialsProvider.Builder defaultCredentialsProviderBuilder() {
+    return GoogleCredentialsProvider.newBuilder().setScopesToApply(DEFAULT_SERVICE_SCOPES);
+  }
+
+  /** Returns a builder for the default ChannelProvider for this service. */
+  public static InstantiatingGrpcChannelProvider.Builder defaultGrpcTransportProviderBuilder() {
+    return InstantiatingGrpcChannelProvider.newBuilder()
+        .setMaxInboundMessageSize(Integer.MAX_VALUE);
+  }
+
+  public static TransportChannelProvider defaultTransportChannelProvider() {
+    return defaultGrpcTransportProviderBuilder().build();
+  }
+
+  @BetaApi("The surface for customizing headers is not stable yet and may change in the future.")
+  public static ApiClientHeaderProvider.Builder defaultApiClientHeaderProviderBuilder() {
+    return ApiClientHeaderProvider.newBuilder()
+        .setGeneratedLibToken(
+            "gapic", GaxProperties.getLibraryVersion(CertificateAuthorityServiceStubSettings.class))
+        .setTransportToken(
+            GaxGrpcProperties.getGrpcTokenName(), GaxGrpcProperties.getGrpcVersion());
+  }
+
+  /** Returns a new builder for this class. */
+  public static Builder newBuilder() {
+    return Builder.createDefault();
+  }
+
+  /** Returns a new builder for this class. */
+  public static Builder newBuilder(ClientContext clientContext) {
+    return new Builder(clientContext);
+  }
+
+  /** Returns a builder containing all the values of this settings class. */
+  public Builder toBuilder() {
+    return new Builder(this);
+  }
+
+  protected CertificateAuthorityServiceStubSettings(Builder settingsBuilder) throws IOException {
+    super(settingsBuilder);
+
+    createCertificateSettings = settingsBuilder.createCertificateSettings().build();
+    getCertificateSettings = settingsBuilder.getCertificateSettings().build();
+    listCertificatesSettings = settingsBuilder.listCertificatesSettings().build();
+    revokeCertificateSettings = settingsBuilder.revokeCertificateSettings().build();
+    updateCertificateSettings = settingsBuilder.updateCertificateSettings().build();
+    activateCertificateAuthoritySettings =
+        settingsBuilder.activateCertificateAuthoritySettings().build();
+    activateCertificateAuthorityOperationSettings =
+        settingsBuilder.activateCertificateAuthorityOperationSettings().build();
+    createCertificateAuthoritySettings =
+        settingsBuilder.createCertificateAuthoritySettings().build();
+    createCertificateAuthorityOperationSettings =
+        settingsBuilder.createCertificateAuthorityOperationSettings().build();
+    disableCertificateAuthoritySettings =
+        settingsBuilder.disableCertificateAuthoritySettings().build();
+    disableCertificateAuthorityOperationSettings =
+        settingsBuilder.disableCertificateAuthorityOperationSettings().build();
+    enableCertificateAuthoritySettings =
+        settingsBuilder.enableCertificateAuthoritySettings().build();
+    enableCertificateAuthorityOperationSettings =
+        settingsBuilder.enableCertificateAuthorityOperationSettings().build();
+    fetchCertificateAuthorityCsrSettings =
+        settingsBuilder.fetchCertificateAuthorityCsrSettings().build();
+    getCertificateAuthoritySettings = settingsBuilder.getCertificateAuthoritySettings().build();
+    listCertificateAuthoritiesSettings =
+        settingsBuilder.listCertificateAuthoritiesSettings().build();
+    undeleteCertificateAuthoritySettings =
+        settingsBuilder.undeleteCertificateAuthoritySettings().build();
+    undeleteCertificateAuthorityOperationSettings =
+        settingsBuilder.undeleteCertificateAuthorityOperationSettings().build();
+    deleteCertificateAuthoritySettings =
+        settingsBuilder.deleteCertificateAuthoritySettings().build();
+    deleteCertificateAuthorityOperationSettings =
+        settingsBuilder.deleteCertificateAuthorityOperationSettings().build();
+    updateCertificateAuthoritySettings =
+        settingsBuilder.updateCertificateAuthoritySettings().build();
+    updateCertificateAuthorityOperationSettings =
+        settingsBuilder.updateCertificateAuthorityOperationSettings().build();
+    createCaPoolSettings = settingsBuilder.createCaPoolSettings().build();
+    createCaPoolOperationSettings = settingsBuilder.createCaPoolOperationSettings().build();
+    updateCaPoolSettings = settingsBuilder.updateCaPoolSettings().build();
+    updateCaPoolOperationSettings = settingsBuilder.updateCaPoolOperationSettings().build();
+    getCaPoolSettings = settingsBuilder.getCaPoolSettings().build();
+    listCaPoolsSettings = settingsBuilder.listCaPoolsSettings().build();
+    deleteCaPoolSettings = settingsBuilder.deleteCaPoolSettings().build();
+    deleteCaPoolOperationSettings = settingsBuilder.deleteCaPoolOperationSettings().build();
+    fetchCaCertsSettings = settingsBuilder.fetchCaCertsSettings().build();
+    getCertificateRevocationListSettings =
+        settingsBuilder.getCertificateRevocationListSettings().build();
+    listCertificateRevocationListsSettings =
+        settingsBuilder.listCertificateRevocationListsSettings().build();
+    updateCertificateRevocationListSettings =
+        settingsBuilder.updateCertificateRevocationListSettings().build();
+    updateCertificateRevocationListOperationSettings =
+        settingsBuilder.updateCertificateRevocationListOperationSettings().build();
+    createCertificateTemplateSettings = settingsBuilder.createCertificateTemplateSettings().build();
+    createCertificateTemplateOperationSettings =
+        settingsBuilder.createCertificateTemplateOperationSettings().build();
+    deleteCertificateTemplateSettings = settingsBuilder.deleteCertificateTemplateSettings().build();
+    deleteCertificateTemplateOperationSettings =
+        settingsBuilder.deleteCertificateTemplateOperationSettings().build();
+    getCertificateTemplateSettings = settingsBuilder.getCertificateTemplateSettings().build();
+    listCertificateTemplatesSettings = settingsBuilder.listCertificateTemplatesSettings().build();
+    updateCertificateTemplateSettings = settingsBuilder.updateCertificateTemplateSettings().build();
+    updateCertificateTemplateOperationSettings =
+        settingsBuilder.updateCertificateTemplateOperationSettings().build();
+  }
+
+  /** Builder for CertificateAuthorityServiceStubSettings. */
+  public static class Builder
+      extends StubSettings.Builder<CertificateAuthorityServiceStubSettings, Builder> {
+    private final ImmutableList<UnaryCallSettings.Builder<?, ?>> unaryMethodSettingsBuilders;
+    private final UnaryCallSettings.Builder<CreateCertificateRequest, Certificate>
+        createCertificateSettings;
+    private final UnaryCallSettings.Builder<GetCertificateRequest, Certificate>
+        getCertificateSettings;
+    private final PagedCallSettings.Builder<
+            ListCertificatesRequest, ListCertificatesResponse, ListCertificatesPagedResponse>
+        listCertificatesSettings;
+    private final UnaryCallSettings.Builder<RevokeCertificateRequest, Certificate>
+        revokeCertificateSettings;
+    private final UnaryCallSettings.Builder<UpdateCertificateRequest, Certificate>
+        updateCertificateSettings;
+    private final UnaryCallSettings.Builder<ActivateCertificateAuthorityRequest, Operation>
+        activateCertificateAuthoritySettings;
+    private final OperationCallSettings.Builder<
+            ActivateCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+        activateCertificateAuthorityOperationSettings;
+    private final UnaryCallSettings.Builder<CreateCertificateAuthorityRequest, Operation>
+        createCertificateAuthoritySettings;
+    private final OperationCallSettings.Builder<
+            CreateCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+        createCertificateAuthorityOperationSettings;
+    private final UnaryCallSettings.Builder<DisableCertificateAuthorityRequest, Operation>
+        disableCertificateAuthoritySettings;
+    private final OperationCallSettings.Builder<
+            DisableCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+        disableCertificateAuthorityOperationSettings;
+    private final UnaryCallSettings.Builder<EnableCertificateAuthorityRequest, Operation>
+        enableCertificateAuthoritySettings;
+    private final OperationCallSettings.Builder<
+            EnableCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+        enableCertificateAuthorityOperationSettings;
+    private final UnaryCallSettings.Builder<
+            FetchCertificateAuthorityCsrRequest, FetchCertificateAuthorityCsrResponse>
+        fetchCertificateAuthorityCsrSettings;
+    private final UnaryCallSettings.Builder<GetCertificateAuthorityRequest, CertificateAuthority>
+        getCertificateAuthoritySettings;
+    private final PagedCallSettings.Builder<
+            ListCertificateAuthoritiesRequest,
+            ListCertificateAuthoritiesResponse,
+            ListCertificateAuthoritiesPagedResponse>
+        listCertificateAuthoritiesSettings;
+    private final UnaryCallSettings.Builder<UndeleteCertificateAuthorityRequest, Operation>
+        undeleteCertificateAuthoritySettings;
+    private final OperationCallSettings.Builder<
+            UndeleteCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+        undeleteCertificateAuthorityOperationSettings;
+    private final UnaryCallSettings.Builder<DeleteCertificateAuthorityRequest, Operation>
+        deleteCertificateAuthoritySettings;
+    private final OperationCallSettings.Builder<
+            DeleteCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+        deleteCertificateAuthorityOperationSettings;
+    private final UnaryCallSettings.Builder<UpdateCertificateAuthorityRequest, Operation>
+        updateCertificateAuthoritySettings;
+    private final OperationCallSettings.Builder<
+            UpdateCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+        updateCertificateAuthorityOperationSettings;
+    private final UnaryCallSettings.Builder<CreateCaPoolRequest, Operation> createCaPoolSettings;
+    private final OperationCallSettings.Builder<CreateCaPoolRequest, CaPool, OperationMetadata>
+        createCaPoolOperationSettings;
+    private final UnaryCallSettings.Builder<UpdateCaPoolRequest, Operation> updateCaPoolSettings;
+    private final OperationCallSettings.Builder<UpdateCaPoolRequest, CaPool, OperationMetadata>
+        updateCaPoolOperationSettings;
+    private final UnaryCallSettings.Builder<GetCaPoolRequest, CaPool> getCaPoolSettings;
+    private final PagedCallSettings.Builder<
+            ListCaPoolsRequest, ListCaPoolsResponse, ListCaPoolsPagedResponse>
+        listCaPoolsSettings;
+    private final UnaryCallSettings.Builder<DeleteCaPoolRequest, Operation> deleteCaPoolSettings;
+    private final OperationCallSettings.Builder<DeleteCaPoolRequest, CaPool, OperationMetadata>
+        deleteCaPoolOperationSettings;
+    private final UnaryCallSettings.Builder<FetchCaCertsRequest, FetchCaCertsResponse>
+        fetchCaCertsSettings;
+    private final UnaryCallSettings.Builder<
+            GetCertificateRevocationListRequest, CertificateRevocationList>
+        getCertificateRevocationListSettings;
+    private final PagedCallSettings.Builder<
+            ListCertificateRevocationListsRequest,
+            ListCertificateRevocationListsResponse,
+            ListCertificateRevocationListsPagedResponse>
+        listCertificateRevocationListsSettings;
+    private final UnaryCallSettings.Builder<UpdateCertificateRevocationListRequest, Operation>
+        updateCertificateRevocationListSettings;
+    private final OperationCallSettings.Builder<
+            UpdateCertificateRevocationListRequest, CertificateRevocationList, OperationMetadata>
+        updateCertificateRevocationListOperationSettings;
+    private final UnaryCallSettings.Builder<CreateCertificateTemplateRequest, Operation>
+        createCertificateTemplateSettings;
+    private final OperationCallSettings.Builder<
+            CreateCertificateTemplateRequest, CertificateTemplate, OperationMetadata>
+        createCertificateTemplateOperationSettings;
+    private final UnaryCallSettings.Builder<DeleteCertificateTemplateRequest, Operation>
+        deleteCertificateTemplateSettings;
+    private final OperationCallSettings.Builder<
+            DeleteCertificateTemplateRequest, Empty, OperationMetadata>
+        deleteCertificateTemplateOperationSettings;
+    private final UnaryCallSettings.Builder<GetCertificateTemplateRequest, CertificateTemplate>
+        getCertificateTemplateSettings;
+    private final PagedCallSettings.Builder<
+            ListCertificateTemplatesRequest,
+            ListCertificateTemplatesResponse,
+            ListCertificateTemplatesPagedResponse>
+        listCertificateTemplatesSettings;
+    private final UnaryCallSettings.Builder<UpdateCertificateTemplateRequest, Operation>
+        updateCertificateTemplateSettings;
+    private final OperationCallSettings.Builder<
+            UpdateCertificateTemplateRequest, CertificateTemplate, OperationMetadata>
+        updateCertificateTemplateOperationSettings;
+    private static final ImmutableMap<String, ImmutableSet<StatusCode.Code>>
+        RETRYABLE_CODE_DEFINITIONS;
+
+    static {
+      ImmutableMap.Builder<String, ImmutableSet<StatusCode.Code>> definitions =
+          ImmutableMap.builder();
+      definitions.put(
+          "retry_policy_0_codes",
+          ImmutableSet.copyOf(
+              Lists.<StatusCode.Code>newArrayList(
+                  StatusCode.Code.UNKNOWN,
+                  StatusCode.Code.UNAVAILABLE,
+                  StatusCode.Code.DEADLINE_EXCEEDED)));
+      RETRYABLE_CODE_DEFINITIONS = definitions.build();
+    }
+
+    private static final ImmutableMap<String, RetrySettings> RETRY_PARAM_DEFINITIONS;
+
+    static {
+      ImmutableMap.Builder<String, RetrySettings> definitions = ImmutableMap.builder();
+      RetrySettings settings = null;
+      settings =
+          RetrySettings.newBuilder()
+              .setInitialRetryDelay(Duration.ofMillis(100L))
+              .setRetryDelayMultiplier(1.3)
+              .setMaxRetryDelay(Duration.ofMillis(60000L))
+              .setInitialRpcTimeout(Duration.ofMillis(60000L))
+              .setRpcTimeoutMultiplier(1.0)
+              .setMaxRpcTimeout(Duration.ofMillis(60000L))
+              .setTotalTimeout(Duration.ofMillis(60000L))
+              .build();
+      definitions.put("retry_policy_0_params", settings);
+      RETRY_PARAM_DEFINITIONS = definitions.build();
+    }
+
+    protected Builder() {
+      this(((ClientContext) null));
+    }
+
+    protected Builder(ClientContext clientContext) {
+      super(clientContext);
+
+      createCertificateSettings = UnaryCallSettings.newUnaryCallSettingsBuilder();
+      getCertificateSettings = UnaryCallSettings.newUnaryCallSettingsBuilder();
+      listCertificatesSettings = PagedCallSettings.newBuilder(LIST_CERTIFICATES_PAGE_STR_FACT);
+      revokeCertificateSettings = UnaryCallSettings.newUnaryCallSettingsBuilder();
+      updateCertificateSettings = UnaryCallSettings.newUnaryCallSettingsBuilder();
+      activateCertificateAuthoritySettings = UnaryCallSettings.newUnaryCallSettingsBuilder();
+      activateCertificateAuthorityOperationSettings = OperationCallSettings.newBuilder();
+      createCertificateAuthoritySettings = UnaryCallSettings.newUnaryCallSettingsBuilder();
+      createCertificateAuthorityOperationSettings = OperationCallSettings.newBuilder();
+      disableCertificateAuthoritySettings = UnaryCallSettings.newUnaryCallSettingsBuilder();
+      disableCertificateAuthorityOperationSettings = OperationCallSettings.newBuilder();
+      enableCertificateAuthoritySettings = UnaryCallSettings.newUnaryCallSettingsBuilder();
+      enableCertificateAuthorityOperationSettings = OperationCallSettings.newBuilder();
+      fetchCertificateAuthorityCsrSettings = UnaryCallSettings.newUnaryCallSettingsBuilder();
+      getCertificateAuthoritySettings = UnaryCallSettings.newUnaryCallSettingsBuilder();
+      listCertificateAuthoritiesSettings =
+          PagedCallSettings.newBuilder(LIST_CERTIFICATE_AUTHORITIES_PAGE_STR_FACT);
+      undeleteCertificateAuthoritySettings = UnaryCallSettings.newUnaryCallSettingsBuilder();
+      undeleteCertificateAuthorityOperationSettings = OperationCallSettings.newBuilder();
+      deleteCertificateAuthoritySettings = UnaryCallSettings.newUnaryCallSettingsBuilder();
+      deleteCertificateAuthorityOperationSettings = OperationCallSettings.newBuilder();
+      updateCertificateAuthoritySettings = UnaryCallSettings.newUnaryCallSettingsBuilder();
+      updateCertificateAuthorityOperationSettings = OperationCallSettings.newBuilder();
+      createCaPoolSettings = UnaryCallSettings.newUnaryCallSettingsBuilder();
+      createCaPoolOperationSettings = OperationCallSettings.newBuilder();
+      updateCaPoolSettings = UnaryCallSettings.newUnaryCallSettingsBuilder();
+      updateCaPoolOperationSettings = OperationCallSettings.newBuilder();
+      getCaPoolSettings = UnaryCallSettings.newUnaryCallSettingsBuilder();
+      listCaPoolsSettings = PagedCallSettings.newBuilder(LIST_CA_POOLS_PAGE_STR_FACT);
+      deleteCaPoolSettings = UnaryCallSettings.newUnaryCallSettingsBuilder();
+      deleteCaPoolOperationSettings = OperationCallSettings.newBuilder();
+      fetchCaCertsSettings = UnaryCallSettings.newUnaryCallSettingsBuilder();
+      getCertificateRevocationListSettings = UnaryCallSettings.newUnaryCallSettingsBuilder();
+      listCertificateRevocationListsSettings =
+          PagedCallSettings.newBuilder(LIST_CERTIFICATE_REVOCATION_LISTS_PAGE_STR_FACT);
+      updateCertificateRevocationListSettings = UnaryCallSettings.newUnaryCallSettingsBuilder();
+      updateCertificateRevocationListOperationSettings = OperationCallSettings.newBuilder();
+      createCertificateTemplateSettings = UnaryCallSettings.newUnaryCallSettingsBuilder();
+      createCertificateTemplateOperationSettings = OperationCallSettings.newBuilder();
+      deleteCertificateTemplateSettings = UnaryCallSettings.newUnaryCallSettingsBuilder();
+      deleteCertificateTemplateOperationSettings = OperationCallSettings.newBuilder();
+      getCertificateTemplateSettings = UnaryCallSettings.newUnaryCallSettingsBuilder();
+      listCertificateTemplatesSettings =
+          PagedCallSettings.newBuilder(LIST_CERTIFICATE_TEMPLATES_PAGE_STR_FACT);
+      updateCertificateTemplateSettings = UnaryCallSettings.newUnaryCallSettingsBuilder();
+      updateCertificateTemplateOperationSettings = OperationCallSettings.newBuilder();
+
+      unaryMethodSettingsBuilders =
+          ImmutableList.<UnaryCallSettings.Builder<?, ?>>of(
+              createCertificateSettings,
+              getCertificateSettings,
+              listCertificatesSettings,
+              revokeCertificateSettings,
+              updateCertificateSettings,
+              activateCertificateAuthoritySettings,
+              createCertificateAuthoritySettings,
+              disableCertificateAuthoritySettings,
+              enableCertificateAuthoritySettings,
+              fetchCertificateAuthorityCsrSettings,
+              getCertificateAuthoritySettings,
+              listCertificateAuthoritiesSettings,
+              undeleteCertificateAuthoritySettings,
+              deleteCertificateAuthoritySettings,
+              updateCertificateAuthoritySettings,
+              createCaPoolSettings,
+              updateCaPoolSettings,
+              getCaPoolSettings,
+              listCaPoolsSettings,
+              deleteCaPoolSettings,
+              fetchCaCertsSettings,
+              getCertificateRevocationListSettings,
+              listCertificateRevocationListsSettings,
+              updateCertificateRevocationListSettings,
+              createCertificateTemplateSettings,
+              deleteCertificateTemplateSettings,
+              getCertificateTemplateSettings,
+              listCertificateTemplatesSettings,
+              updateCertificateTemplateSettings);
+      initDefaults(this);
+    }
+
+    protected Builder(CertificateAuthorityServiceStubSettings settings) {
+      super(settings);
+
+      createCertificateSettings = settings.createCertificateSettings.toBuilder();
+      getCertificateSettings = settings.getCertificateSettings.toBuilder();
+      listCertificatesSettings = settings.listCertificatesSettings.toBuilder();
+      revokeCertificateSettings = settings.revokeCertificateSettings.toBuilder();
+      updateCertificateSettings = settings.updateCertificateSettings.toBuilder();
+      activateCertificateAuthoritySettings =
+          settings.activateCertificateAuthoritySettings.toBuilder();
+      activateCertificateAuthorityOperationSettings =
+          settings.activateCertificateAuthorityOperationSettings.toBuilder();
+      createCertificateAuthoritySettings = settings.createCertificateAuthoritySettings.toBuilder();
+      createCertificateAuthorityOperationSettings =
+          settings.createCertificateAuthorityOperationSettings.toBuilder();
+      disableCertificateAuthoritySettings =
+          settings.disableCertificateAuthoritySettings.toBuilder();
+      disableCertificateAuthorityOperationSettings =
+          settings.disableCertificateAuthorityOperationSettings.toBuilder();
+      enableCertificateAuthoritySettings = settings.enableCertificateAuthoritySettings.toBuilder();
+      enableCertificateAuthorityOperationSettings =
+          settings.enableCertificateAuthorityOperationSettings.toBuilder();
+      fetchCertificateAuthorityCsrSettings =
+          settings.fetchCertificateAuthorityCsrSettings.toBuilder();
+      getCertificateAuthoritySettings = settings.getCertificateAuthoritySettings.toBuilder();
+      listCertificateAuthoritiesSettings = settings.listCertificateAuthoritiesSettings.toBuilder();
+      undeleteCertificateAuthoritySettings =
+          settings.undeleteCertificateAuthoritySettings.toBuilder();
+      undeleteCertificateAuthorityOperationSettings =
+          settings.undeleteCertificateAuthorityOperationSettings.toBuilder();
+      deleteCertificateAuthoritySettings = settings.deleteCertificateAuthoritySettings.toBuilder();
+      deleteCertificateAuthorityOperationSettings =
+          settings.deleteCertificateAuthorityOperationSettings.toBuilder();
+      updateCertificateAuthoritySettings = settings.updateCertificateAuthoritySettings.toBuilder();
+      updateCertificateAuthorityOperationSettings =
+          settings.updateCertificateAuthorityOperationSettings.toBuilder();
+      createCaPoolSettings = settings.createCaPoolSettings.toBuilder();
+      createCaPoolOperationSettings = settings.createCaPoolOperationSettings.toBuilder();
+      updateCaPoolSettings = settings.updateCaPoolSettings.toBuilder();
+      updateCaPoolOperationSettings = settings.updateCaPoolOperationSettings.toBuilder();
+      getCaPoolSettings = settings.getCaPoolSettings.toBuilder();
+      listCaPoolsSettings = settings.listCaPoolsSettings.toBuilder();
+      deleteCaPoolSettings = settings.deleteCaPoolSettings.toBuilder();
+      deleteCaPoolOperationSettings = settings.deleteCaPoolOperationSettings.toBuilder();
+      fetchCaCertsSettings = settings.fetchCaCertsSettings.toBuilder();
+      getCertificateRevocationListSettings =
+          settings.getCertificateRevocationListSettings.toBuilder();
+      listCertificateRevocationListsSettings =
+          settings.listCertificateRevocationListsSettings.toBuilder();
+      updateCertificateRevocationListSettings =
+          settings.updateCertificateRevocationListSettings.toBuilder();
+      updateCertificateRevocationListOperationSettings =
+          settings.updateCertificateRevocationListOperationSettings.toBuilder();
+      createCertificateTemplateSettings = settings.createCertificateTemplateSettings.toBuilder();
+      createCertificateTemplateOperationSettings =
+          settings.createCertificateTemplateOperationSettings.toBuilder();
+      deleteCertificateTemplateSettings = settings.deleteCertificateTemplateSettings.toBuilder();
+      deleteCertificateTemplateOperationSettings =
+          settings.deleteCertificateTemplateOperationSettings.toBuilder();
+      getCertificateTemplateSettings = settings.getCertificateTemplateSettings.toBuilder();
+      listCertificateTemplatesSettings = settings.listCertificateTemplatesSettings.toBuilder();
+      updateCertificateTemplateSettings = settings.updateCertificateTemplateSettings.toBuilder();
+      updateCertificateTemplateOperationSettings =
+          settings.updateCertificateTemplateOperationSettings.toBuilder();
+
+      unaryMethodSettingsBuilders =
+          ImmutableList.<UnaryCallSettings.Builder<?, ?>>of(
+              createCertificateSettings,
+              getCertificateSettings,
+              listCertificatesSettings,
+              revokeCertificateSettings,
+              updateCertificateSettings,
+              activateCertificateAuthoritySettings,
+              createCertificateAuthoritySettings,
+              disableCertificateAuthoritySettings,
+              enableCertificateAuthoritySettings,
+              fetchCertificateAuthorityCsrSettings,
+              getCertificateAuthoritySettings,
+              listCertificateAuthoritiesSettings,
+              undeleteCertificateAuthoritySettings,
+              deleteCertificateAuthoritySettings,
+              updateCertificateAuthoritySettings,
+              createCaPoolSettings,
+              updateCaPoolSettings,
+              getCaPoolSettings,
+              listCaPoolsSettings,
+              deleteCaPoolSettings,
+              fetchCaCertsSettings,
+              getCertificateRevocationListSettings,
+              listCertificateRevocationListsSettings,
+              updateCertificateRevocationListSettings,
+              createCertificateTemplateSettings,
+              deleteCertificateTemplateSettings,
+              getCertificateTemplateSettings,
+              listCertificateTemplatesSettings,
+              updateCertificateTemplateSettings);
+    }
+
+    private static Builder createDefault() {
+      Builder builder = new Builder(((ClientContext) null));
+
+      builder.setTransportChannelProvider(defaultTransportChannelProvider());
+      builder.setCredentialsProvider(defaultCredentialsProviderBuilder().build());
+      builder.setInternalHeaderProvider(defaultApiClientHeaderProviderBuilder().build());
+      builder.setEndpoint(getDefaultEndpoint());
+
+      return initDefaults(builder);
+    }
+
+    private static Builder initDefaults(Builder builder) {
+      builder
+          .createCertificateSettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"));
+
+      builder
+          .getCertificateSettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"));
+
+      builder
+          .listCertificatesSettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"));
+
+      builder
+          .revokeCertificateSettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"));
+
+      builder
+          .updateCertificateSettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"));
+
+      builder
+          .activateCertificateAuthoritySettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"));
+
+      builder
+          .createCertificateAuthoritySettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"));
+
+      builder
+          .disableCertificateAuthoritySettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"));
+
+      builder
+          .enableCertificateAuthoritySettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"));
+
+      builder
+          .fetchCertificateAuthorityCsrSettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"));
+
+      builder
+          .getCertificateAuthoritySettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"));
+
+      builder
+          .listCertificateAuthoritiesSettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"));
+
+      builder
+          .undeleteCertificateAuthoritySettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"));
+
+      builder
+          .deleteCertificateAuthoritySettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"));
+
+      builder
+          .updateCertificateAuthoritySettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"));
+
+      builder
+          .createCaPoolSettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"));
+
+      builder
+          .updateCaPoolSettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"));
+
+      builder
+          .getCaPoolSettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"));
+
+      builder
+          .listCaPoolsSettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"));
+
+      builder
+          .deleteCaPoolSettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"));
+
+      builder
+          .fetchCaCertsSettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"));
+
+      builder
+          .getCertificateRevocationListSettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"));
+
+      builder
+          .listCertificateRevocationListsSettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"));
+
+      builder
+          .updateCertificateRevocationListSettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"));
+
+      builder
+          .createCertificateTemplateSettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"));
+
+      builder
+          .deleteCertificateTemplateSettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"));
+
+      builder
+          .getCertificateTemplateSettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"));
+
+      builder
+          .listCertificateTemplatesSettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"));
+
+      builder
+          .updateCertificateTemplateSettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"));
+
+      builder
+          .activateCertificateAuthorityOperationSettings()
+          .setInitialCallSettings(
+              UnaryCallSettings
+                  .<ActivateCertificateAuthorityRequest, OperationSnapshot>
+                      newUnaryCallSettingsBuilder()
+                  .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+                  .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"))
+                  .build())
+          .setResponseTransformer(
+              ProtoOperationTransformers.ResponseTransformer.create(CertificateAuthority.class))
+          .setMetadataTransformer(
+              ProtoOperationTransformers.MetadataTransformer.create(OperationMetadata.class))
+          .setPollingAlgorithm(
+              OperationTimedPollAlgorithm.create(
+                  RetrySettings.newBuilder()
+                      .setInitialRetryDelay(Duration.ofMillis(5000L))
+                      .setRetryDelayMultiplier(1.5)
+                      .setMaxRetryDelay(Duration.ofMillis(45000L))
+                      .setInitialRpcTimeout(Duration.ZERO)
+                      .setRpcTimeoutMultiplier(1.0)
+                      .setMaxRpcTimeout(Duration.ZERO)
+                      .setTotalTimeout(Duration.ofMillis(300000L))
+                      .build()));
+
+      builder
+          .createCertificateAuthorityOperationSettings()
+          .setInitialCallSettings(
+              UnaryCallSettings
+                  .<CreateCertificateAuthorityRequest, OperationSnapshot>
+                      newUnaryCallSettingsBuilder()
+                  .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+                  .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"))
+                  .build())
+          .setResponseTransformer(
+              ProtoOperationTransformers.ResponseTransformer.create(CertificateAuthority.class))
+          .setMetadataTransformer(
+              ProtoOperationTransformers.MetadataTransformer.create(OperationMetadata.class))
+          .setPollingAlgorithm(
+              OperationTimedPollAlgorithm.create(
+                  RetrySettings.newBuilder()
+                      .setInitialRetryDelay(Duration.ofMillis(5000L))
+                      .setRetryDelayMultiplier(1.5)
+                      .setMaxRetryDelay(Duration.ofMillis(45000L))
+                      .setInitialRpcTimeout(Duration.ZERO)
+                      .setRpcTimeoutMultiplier(1.0)
+                      .setMaxRpcTimeout(Duration.ZERO)
+                      .setTotalTimeout(Duration.ofMillis(300000L))
+                      .build()));
+
+      builder
+          .disableCertificateAuthorityOperationSettings()
+          .setInitialCallSettings(
+              UnaryCallSettings
+                  .<DisableCertificateAuthorityRequest, OperationSnapshot>
+                      newUnaryCallSettingsBuilder()
+                  .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+                  .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"))
+                  .build())
+          .setResponseTransformer(
+              ProtoOperationTransformers.ResponseTransformer.create(CertificateAuthority.class))
+          .setMetadataTransformer(
+              ProtoOperationTransformers.MetadataTransformer.create(OperationMetadata.class))
+          .setPollingAlgorithm(
+              OperationTimedPollAlgorithm.create(
+                  RetrySettings.newBuilder()
+                      .setInitialRetryDelay(Duration.ofMillis(5000L))
+                      .setRetryDelayMultiplier(1.5)
+                      .setMaxRetryDelay(Duration.ofMillis(45000L))
+                      .setInitialRpcTimeout(Duration.ZERO)
+                      .setRpcTimeoutMultiplier(1.0)
+                      .setMaxRpcTimeout(Duration.ZERO)
+                      .setTotalTimeout(Duration.ofMillis(300000L))
+                      .build()));
+
+      builder
+          .enableCertificateAuthorityOperationSettings()
+          .setInitialCallSettings(
+              UnaryCallSettings
+                  .<EnableCertificateAuthorityRequest, OperationSnapshot>
+                      newUnaryCallSettingsBuilder()
+                  .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+                  .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"))
+                  .build())
+          .setResponseTransformer(
+              ProtoOperationTransformers.ResponseTransformer.create(CertificateAuthority.class))
+          .setMetadataTransformer(
+              ProtoOperationTransformers.MetadataTransformer.create(OperationMetadata.class))
+          .setPollingAlgorithm(
+              OperationTimedPollAlgorithm.create(
+                  RetrySettings.newBuilder()
+                      .setInitialRetryDelay(Duration.ofMillis(5000L))
+                      .setRetryDelayMultiplier(1.5)
+                      .setMaxRetryDelay(Duration.ofMillis(45000L))
+                      .setInitialRpcTimeout(Duration.ZERO)
+                      .setRpcTimeoutMultiplier(1.0)
+                      .setMaxRpcTimeout(Duration.ZERO)
+                      .setTotalTimeout(Duration.ofMillis(300000L))
+                      .build()));
+
+      builder
+          .undeleteCertificateAuthorityOperationSettings()
+          .setInitialCallSettings(
+              UnaryCallSettings
+                  .<UndeleteCertificateAuthorityRequest, OperationSnapshot>
+                      newUnaryCallSettingsBuilder()
+                  .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+                  .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"))
+                  .build())
+          .setResponseTransformer(
+              ProtoOperationTransformers.ResponseTransformer.create(CertificateAuthority.class))
+          .setMetadataTransformer(
+              ProtoOperationTransformers.MetadataTransformer.create(OperationMetadata.class))
+          .setPollingAlgorithm(
+              OperationTimedPollAlgorithm.create(
+                  RetrySettings.newBuilder()
+                      .setInitialRetryDelay(Duration.ofMillis(5000L))
+                      .setRetryDelayMultiplier(1.5)
+                      .setMaxRetryDelay(Duration.ofMillis(45000L))
+                      .setInitialRpcTimeout(Duration.ZERO)
+                      .setRpcTimeoutMultiplier(1.0)
+                      .setMaxRpcTimeout(Duration.ZERO)
+                      .setTotalTimeout(Duration.ofMillis(300000L))
+                      .build()));
+
+      builder
+          .deleteCertificateAuthorityOperationSettings()
+          .setInitialCallSettings(
+              UnaryCallSettings
+                  .<DeleteCertificateAuthorityRequest, OperationSnapshot>
+                      newUnaryCallSettingsBuilder()
+                  .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+                  .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"))
+                  .build())
+          .setResponseTransformer(
+              ProtoOperationTransformers.ResponseTransformer.create(CertificateAuthority.class))
+          .setMetadataTransformer(
+              ProtoOperationTransformers.MetadataTransformer.create(OperationMetadata.class))
+          .setPollingAlgorithm(
+              OperationTimedPollAlgorithm.create(
+                  RetrySettings.newBuilder()
+                      .setInitialRetryDelay(Duration.ofMillis(5000L))
+                      .setRetryDelayMultiplier(1.5)
+                      .setMaxRetryDelay(Duration.ofMillis(45000L))
+                      .setInitialRpcTimeout(Duration.ZERO)
+                      .setRpcTimeoutMultiplier(1.0)
+                      .setMaxRpcTimeout(Duration.ZERO)
+                      .setTotalTimeout(Duration.ofMillis(300000L))
+                      .build()));
+
+      builder
+          .updateCertificateAuthorityOperationSettings()
+          .setInitialCallSettings(
+              UnaryCallSettings
+                  .<UpdateCertificateAuthorityRequest, OperationSnapshot>
+                      newUnaryCallSettingsBuilder()
+                  .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+                  .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"))
+                  .build())
+          .setResponseTransformer(
+              ProtoOperationTransformers.ResponseTransformer.create(CertificateAuthority.class))
+          .setMetadataTransformer(
+              ProtoOperationTransformers.MetadataTransformer.create(OperationMetadata.class))
+          .setPollingAlgorithm(
+              OperationTimedPollAlgorithm.create(
+                  RetrySettings.newBuilder()
+                      .setInitialRetryDelay(Duration.ofMillis(5000L))
+                      .setRetryDelayMultiplier(1.5)
+                      .setMaxRetryDelay(Duration.ofMillis(45000L))
+                      .setInitialRpcTimeout(Duration.ZERO)
+                      .setRpcTimeoutMultiplier(1.0)
+                      .setMaxRpcTimeout(Duration.ZERO)
+                      .setTotalTimeout(Duration.ofMillis(300000L))
+                      .build()));
+
+      builder
+          .createCaPoolOperationSettings()
+          .setInitialCallSettings(
+              UnaryCallSettings
+                  .<CreateCaPoolRequest, OperationSnapshot>newUnaryCallSettingsBuilder()
+                  .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+                  .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"))
+                  .build())
+          .setResponseTransformer(
+              ProtoOperationTransformers.ResponseTransformer.create(CaPool.class))
+          .setMetadataTransformer(
+              ProtoOperationTransformers.MetadataTransformer.create(OperationMetadata.class))
+          .setPollingAlgorithm(
+              OperationTimedPollAlgorithm.create(
+                  RetrySettings.newBuilder()
+                      .setInitialRetryDelay(Duration.ofMillis(5000L))
+                      .setRetryDelayMultiplier(1.5)
+                      .setMaxRetryDelay(Duration.ofMillis(45000L))
+                      .setInitialRpcTimeout(Duration.ZERO)
+                      .setRpcTimeoutMultiplier(1.0)
+                      .setMaxRpcTimeout(Duration.ZERO)
+                      .setTotalTimeout(Duration.ofMillis(300000L))
+                      .build()));
+
+      builder
+          .updateCaPoolOperationSettings()
+          .setInitialCallSettings(
+              UnaryCallSettings
+                  .<UpdateCaPoolRequest, OperationSnapshot>newUnaryCallSettingsBuilder()
+                  .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+                  .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"))
+                  .build())
+          .setResponseTransformer(
+              ProtoOperationTransformers.ResponseTransformer.create(CaPool.class))
+          .setMetadataTransformer(
+              ProtoOperationTransformers.MetadataTransformer.create(OperationMetadata.class))
+          .setPollingAlgorithm(
+              OperationTimedPollAlgorithm.create(
+                  RetrySettings.newBuilder()
+                      .setInitialRetryDelay(Duration.ofMillis(5000L))
+                      .setRetryDelayMultiplier(1.5)
+                      .setMaxRetryDelay(Duration.ofMillis(45000L))
+                      .setInitialRpcTimeout(Duration.ZERO)
+                      .setRpcTimeoutMultiplier(1.0)
+                      .setMaxRpcTimeout(Duration.ZERO)
+                      .setTotalTimeout(Duration.ofMillis(300000L))
+                      .build()));
+
+      builder
+          .deleteCaPoolOperationSettings()
+          .setInitialCallSettings(
+              UnaryCallSettings
+                  .<DeleteCaPoolRequest, OperationSnapshot>newUnaryCallSettingsBuilder()
+                  .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+                  .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"))
+                  .build())
+          .setResponseTransformer(
+              ProtoOperationTransformers.ResponseTransformer.create(CaPool.class))
+          .setMetadataTransformer(
+              ProtoOperationTransformers.MetadataTransformer.create(OperationMetadata.class))
+          .setPollingAlgorithm(
+              OperationTimedPollAlgorithm.create(
+                  RetrySettings.newBuilder()
+                      .setInitialRetryDelay(Duration.ofMillis(5000L))
+                      .setRetryDelayMultiplier(1.5)
+                      .setMaxRetryDelay(Duration.ofMillis(45000L))
+                      .setInitialRpcTimeout(Duration.ZERO)
+                      .setRpcTimeoutMultiplier(1.0)
+                      .setMaxRpcTimeout(Duration.ZERO)
+                      .setTotalTimeout(Duration.ofMillis(300000L))
+                      .build()));
+
+      builder
+          .updateCertificateRevocationListOperationSettings()
+          .setInitialCallSettings(
+              UnaryCallSettings
+                  .<UpdateCertificateRevocationListRequest, OperationSnapshot>
+                      newUnaryCallSettingsBuilder()
+                  .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+                  .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"))
+                  .build())
+          .setResponseTransformer(
+              ProtoOperationTransformers.ResponseTransformer.create(
+                  CertificateRevocationList.class))
+          .setMetadataTransformer(
+              ProtoOperationTransformers.MetadataTransformer.create(OperationMetadata.class))
+          .setPollingAlgorithm(
+              OperationTimedPollAlgorithm.create(
+                  RetrySettings.newBuilder()
+                      .setInitialRetryDelay(Duration.ofMillis(5000L))
+                      .setRetryDelayMultiplier(1.5)
+                      .setMaxRetryDelay(Duration.ofMillis(45000L))
+                      .setInitialRpcTimeout(Duration.ZERO)
+                      .setRpcTimeoutMultiplier(1.0)
+                      .setMaxRpcTimeout(Duration.ZERO)
+                      .setTotalTimeout(Duration.ofMillis(300000L))
+                      .build()));
+
+      builder
+          .createCertificateTemplateOperationSettings()
+          .setInitialCallSettings(
+              UnaryCallSettings
+                  .<CreateCertificateTemplateRequest, OperationSnapshot>
+                      newUnaryCallSettingsBuilder()
+                  .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+                  .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"))
+                  .build())
+          .setResponseTransformer(
+              ProtoOperationTransformers.ResponseTransformer.create(CertificateTemplate.class))
+          .setMetadataTransformer(
+              ProtoOperationTransformers.MetadataTransformer.create(OperationMetadata.class))
+          .setPollingAlgorithm(
+              OperationTimedPollAlgorithm.create(
+                  RetrySettings.newBuilder()
+                      .setInitialRetryDelay(Duration.ofMillis(5000L))
+                      .setRetryDelayMultiplier(1.5)
+                      .setMaxRetryDelay(Duration.ofMillis(45000L))
+                      .setInitialRpcTimeout(Duration.ZERO)
+                      .setRpcTimeoutMultiplier(1.0)
+                      .setMaxRpcTimeout(Duration.ZERO)
+                      .setTotalTimeout(Duration.ofMillis(300000L))
+                      .build()));
+
+      builder
+          .deleteCertificateTemplateOperationSettings()
+          .setInitialCallSettings(
+              UnaryCallSettings
+                  .<DeleteCertificateTemplateRequest, OperationSnapshot>
+                      newUnaryCallSettingsBuilder()
+                  .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+                  .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"))
+                  .build())
+          .setResponseTransformer(
+              ProtoOperationTransformers.ResponseTransformer.create(Empty.class))
+          .setMetadataTransformer(
+              ProtoOperationTransformers.MetadataTransformer.create(OperationMetadata.class))
+          .setPollingAlgorithm(
+              OperationTimedPollAlgorithm.create(
+                  RetrySettings.newBuilder()
+                      .setInitialRetryDelay(Duration.ofMillis(5000L))
+                      .setRetryDelayMultiplier(1.5)
+                      .setMaxRetryDelay(Duration.ofMillis(45000L))
+                      .setInitialRpcTimeout(Duration.ZERO)
+                      .setRpcTimeoutMultiplier(1.0)
+                      .setMaxRpcTimeout(Duration.ZERO)
+                      .setTotalTimeout(Duration.ofMillis(300000L))
+                      .build()));
+
+      builder
+          .updateCertificateTemplateOperationSettings()
+          .setInitialCallSettings(
+              UnaryCallSettings
+                  .<UpdateCertificateTemplateRequest, OperationSnapshot>
+                      newUnaryCallSettingsBuilder()
+                  .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes"))
+                  .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params"))
+                  .build())
+          .setResponseTransformer(
+              ProtoOperationTransformers.ResponseTransformer.create(CertificateTemplate.class))
+          .setMetadataTransformer(
+              ProtoOperationTransformers.MetadataTransformer.create(OperationMetadata.class))
+          .setPollingAlgorithm(
+              OperationTimedPollAlgorithm.create(
+                  RetrySettings.newBuilder()
+                      .setInitialRetryDelay(Duration.ofMillis(5000L))
+                      .setRetryDelayMultiplier(1.5)
+                      .setMaxRetryDelay(Duration.ofMillis(45000L))
+                      .setInitialRpcTimeout(Duration.ZERO)
+                      .setRpcTimeoutMultiplier(1.0)
+                      .setMaxRpcTimeout(Duration.ZERO)
+                      .setTotalTimeout(Duration.ofMillis(300000L))
+                      .build()));
+
+      return builder;
+    }
+
+    // NEXT_MAJOR_VER: remove 'throws Exception'.
+    /**
+     * Applies the given settings updater function to all of the unary API methods in this service.
+     *
+     * <p>Note: This method does not support applying settings to streaming methods.
+     */
+    public Builder applyToAllUnaryMethods(
+        ApiFunction<UnaryCallSettings.Builder<?, ?>, Void> settingsUpdater) throws Exception {
+      super.applyToAllUnaryMethods(unaryMethodSettingsBuilders, settingsUpdater);
+      return this;
+    }
+
+    public ImmutableList<UnaryCallSettings.Builder<?, ?>> unaryMethodSettingsBuilders() {
+      return unaryMethodSettingsBuilders;
+    }
+
+    /** Returns the builder for the settings used for calls to createCertificate. */
+    public UnaryCallSettings.Builder<CreateCertificateRequest, Certificate>
+        createCertificateSettings() {
+      return createCertificateSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to getCertificate. */
+    public UnaryCallSettings.Builder<GetCertificateRequest, Certificate> getCertificateSettings() {
+      return getCertificateSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to listCertificates. */
+    public PagedCallSettings.Builder<
+            ListCertificatesRequest, ListCertificatesResponse, ListCertificatesPagedResponse>
+        listCertificatesSettings() {
+      return listCertificatesSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to revokeCertificate. */
+    public UnaryCallSettings.Builder<RevokeCertificateRequest, Certificate>
+        revokeCertificateSettings() {
+      return revokeCertificateSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to updateCertificate. */
+    public UnaryCallSettings.Builder<UpdateCertificateRequest, Certificate>
+        updateCertificateSettings() {
+      return updateCertificateSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to activateCertificateAuthority. */
+    public UnaryCallSettings.Builder<ActivateCertificateAuthorityRequest, Operation>
+        activateCertificateAuthoritySettings() {
+      return activateCertificateAuthoritySettings;
+    }
+
+    /** Returns the builder for the settings used for calls to activateCertificateAuthority. */
+    @BetaApi(
+        "The surface for use by generated code is not stable yet and may change in the future.")
+    public OperationCallSettings.Builder<
+            ActivateCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+        activateCertificateAuthorityOperationSettings() {
+      return activateCertificateAuthorityOperationSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to createCertificateAuthority. */
+    public UnaryCallSettings.Builder<CreateCertificateAuthorityRequest, Operation>
+        createCertificateAuthoritySettings() {
+      return createCertificateAuthoritySettings;
+    }
+
+    /** Returns the builder for the settings used for calls to createCertificateAuthority. */
+    @BetaApi(
+        "The surface for use by generated code is not stable yet and may change in the future.")
+    public OperationCallSettings.Builder<
+            CreateCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+        createCertificateAuthorityOperationSettings() {
+      return createCertificateAuthorityOperationSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to disableCertificateAuthority. */
+    public UnaryCallSettings.Builder<DisableCertificateAuthorityRequest, Operation>
+        disableCertificateAuthoritySettings() {
+      return disableCertificateAuthoritySettings;
+    }
+
+    /** Returns the builder for the settings used for calls to disableCertificateAuthority. */
+    @BetaApi(
+        "The surface for use by generated code is not stable yet and may change in the future.")
+    public OperationCallSettings.Builder<
+            DisableCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+        disableCertificateAuthorityOperationSettings() {
+      return disableCertificateAuthorityOperationSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to enableCertificateAuthority. */
+    public UnaryCallSettings.Builder<EnableCertificateAuthorityRequest, Operation>
+        enableCertificateAuthoritySettings() {
+      return enableCertificateAuthoritySettings;
+    }
+
+    /** Returns the builder for the settings used for calls to enableCertificateAuthority. */
+    @BetaApi(
+        "The surface for use by generated code is not stable yet and may change in the future.")
+    public OperationCallSettings.Builder<
+            EnableCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+        enableCertificateAuthorityOperationSettings() {
+      return enableCertificateAuthorityOperationSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to fetchCertificateAuthorityCsr. */
+    public UnaryCallSettings.Builder<
+            FetchCertificateAuthorityCsrRequest, FetchCertificateAuthorityCsrResponse>
+        fetchCertificateAuthorityCsrSettings() {
+      return fetchCertificateAuthorityCsrSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to getCertificateAuthority. */
+    public UnaryCallSettings.Builder<GetCertificateAuthorityRequest, CertificateAuthority>
+        getCertificateAuthoritySettings() {
+      return getCertificateAuthoritySettings;
+    }
+
+    /** Returns the builder for the settings used for calls to listCertificateAuthorities. */
+    public PagedCallSettings.Builder<
+            ListCertificateAuthoritiesRequest,
+            ListCertificateAuthoritiesResponse,
+            ListCertificateAuthoritiesPagedResponse>
+        listCertificateAuthoritiesSettings() {
+      return listCertificateAuthoritiesSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to undeleteCertificateAuthority. */
+    public UnaryCallSettings.Builder<UndeleteCertificateAuthorityRequest, Operation>
+        undeleteCertificateAuthoritySettings() {
+      return undeleteCertificateAuthoritySettings;
+    }
+
+    /** Returns the builder for the settings used for calls to undeleteCertificateAuthority. */
+    @BetaApi(
+        "The surface for use by generated code is not stable yet and may change in the future.")
+    public OperationCallSettings.Builder<
+            UndeleteCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+        undeleteCertificateAuthorityOperationSettings() {
+      return undeleteCertificateAuthorityOperationSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to deleteCertificateAuthority. */
+    public UnaryCallSettings.Builder<DeleteCertificateAuthorityRequest, Operation>
+        deleteCertificateAuthoritySettings() {
+      return deleteCertificateAuthoritySettings;
+    }
+
+    /** Returns the builder for the settings used for calls to deleteCertificateAuthority. */
+    @BetaApi(
+        "The surface for use by generated code is not stable yet and may change in the future.")
+    public OperationCallSettings.Builder<
+            DeleteCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+        deleteCertificateAuthorityOperationSettings() {
+      return deleteCertificateAuthorityOperationSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to updateCertificateAuthority. */
+    public UnaryCallSettings.Builder<UpdateCertificateAuthorityRequest, Operation>
+        updateCertificateAuthoritySettings() {
+      return updateCertificateAuthoritySettings;
+    }
+
+    /** Returns the builder for the settings used for calls to updateCertificateAuthority. */
+    @BetaApi(
+        "The surface for use by generated code is not stable yet and may change in the future.")
+    public OperationCallSettings.Builder<
+            UpdateCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+        updateCertificateAuthorityOperationSettings() {
+      return updateCertificateAuthorityOperationSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to createCaPool. */
+    public UnaryCallSettings.Builder<CreateCaPoolRequest, Operation> createCaPoolSettings() {
+      return createCaPoolSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to createCaPool. */
+    @BetaApi(
+        "The surface for use by generated code is not stable yet and may change in the future.")
+    public OperationCallSettings.Builder<CreateCaPoolRequest, CaPool, OperationMetadata>
+        createCaPoolOperationSettings() {
+      return createCaPoolOperationSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to updateCaPool. */
+    public UnaryCallSettings.Builder<UpdateCaPoolRequest, Operation> updateCaPoolSettings() {
+      return updateCaPoolSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to updateCaPool. */
+    @BetaApi(
+        "The surface for use by generated code is not stable yet and may change in the future.")
+    public OperationCallSettings.Builder<UpdateCaPoolRequest, CaPool, OperationMetadata>
+        updateCaPoolOperationSettings() {
+      return updateCaPoolOperationSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to getCaPool. */
+    public UnaryCallSettings.Builder<GetCaPoolRequest, CaPool> getCaPoolSettings() {
+      return getCaPoolSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to listCaPools. */
+    public PagedCallSettings.Builder<
+            ListCaPoolsRequest, ListCaPoolsResponse, ListCaPoolsPagedResponse>
+        listCaPoolsSettings() {
+      return listCaPoolsSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to deleteCaPool. */
+    public UnaryCallSettings.Builder<DeleteCaPoolRequest, Operation> deleteCaPoolSettings() {
+      return deleteCaPoolSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to deleteCaPool. */
+    @BetaApi(
+        "The surface for use by generated code is not stable yet and may change in the future.")
+    public OperationCallSettings.Builder<DeleteCaPoolRequest, CaPool, OperationMetadata>
+        deleteCaPoolOperationSettings() {
+      return deleteCaPoolOperationSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to fetchCaCerts. */
+    public UnaryCallSettings.Builder<FetchCaCertsRequest, FetchCaCertsResponse>
+        fetchCaCertsSettings() {
+      return fetchCaCertsSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to getCertificateRevocationList. */
+    public UnaryCallSettings.Builder<GetCertificateRevocationListRequest, CertificateRevocationList>
+        getCertificateRevocationListSettings() {
+      return getCertificateRevocationListSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to listCertificateRevocationLists. */
+    public PagedCallSettings.Builder<
+            ListCertificateRevocationListsRequest,
+            ListCertificateRevocationListsResponse,
+            ListCertificateRevocationListsPagedResponse>
+        listCertificateRevocationListsSettings() {
+      return listCertificateRevocationListsSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to updateCertificateRevocationList. */
+    public UnaryCallSettings.Builder<UpdateCertificateRevocationListRequest, Operation>
+        updateCertificateRevocationListSettings() {
+      return updateCertificateRevocationListSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to updateCertificateRevocationList. */
+    @BetaApi(
+        "The surface for use by generated code is not stable yet and may change in the future.")
+    public OperationCallSettings.Builder<
+            UpdateCertificateRevocationListRequest, CertificateRevocationList, OperationMetadata>
+        updateCertificateRevocationListOperationSettings() {
+      return updateCertificateRevocationListOperationSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to createCertificateTemplate. */
+    public UnaryCallSettings.Builder<CreateCertificateTemplateRequest, Operation>
+        createCertificateTemplateSettings() {
+      return createCertificateTemplateSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to createCertificateTemplate. */
+    @BetaApi(
+        "The surface for use by generated code is not stable yet and may change in the future.")
+    public OperationCallSettings.Builder<
+            CreateCertificateTemplateRequest, CertificateTemplate, OperationMetadata>
+        createCertificateTemplateOperationSettings() {
+      return createCertificateTemplateOperationSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to deleteCertificateTemplate. */
+    public UnaryCallSettings.Builder<DeleteCertificateTemplateRequest, Operation>
+        deleteCertificateTemplateSettings() {
+      return deleteCertificateTemplateSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to deleteCertificateTemplate. */
+    @BetaApi(
+        "The surface for use by generated code is not stable yet and may change in the future.")
+    public OperationCallSettings.Builder<DeleteCertificateTemplateRequest, Empty, OperationMetadata>
+        deleteCertificateTemplateOperationSettings() {
+      return deleteCertificateTemplateOperationSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to getCertificateTemplate. */
+    public UnaryCallSettings.Builder<GetCertificateTemplateRequest, CertificateTemplate>
+        getCertificateTemplateSettings() {
+      return getCertificateTemplateSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to listCertificateTemplates. */
+    public PagedCallSettings.Builder<
+            ListCertificateTemplatesRequest,
+            ListCertificateTemplatesResponse,
+            ListCertificateTemplatesPagedResponse>
+        listCertificateTemplatesSettings() {
+      return listCertificateTemplatesSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to updateCertificateTemplate. */
+    public UnaryCallSettings.Builder<UpdateCertificateTemplateRequest, Operation>
+        updateCertificateTemplateSettings() {
+      return updateCertificateTemplateSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to updateCertificateTemplate. */
+    @BetaApi(
+        "The surface for use by generated code is not stable yet and may change in the future.")
+    public OperationCallSettings.Builder<
+            UpdateCertificateTemplateRequest, CertificateTemplate, OperationMetadata>
+        updateCertificateTemplateOperationSettings() {
+      return updateCertificateTemplateOperationSettings;
+    }
+
+    @Override
+    public CertificateAuthorityServiceStubSettings build() throws IOException {
+      return new CertificateAuthorityServiceStubSettings(this);
+    }
+  }
+}
diff --git a/google-cloud-security-private-ca/src/main/java/com/google/cloud/security/privateca/v1/stub/GrpcCertificateAuthorityServiceCallableFactory.java b/google-cloud-security-private-ca/src/main/java/com/google/cloud/security/privateca/v1/stub/GrpcCertificateAuthorityServiceCallableFactory.java
new file mode 100644
index 00000000..c2afe9d4
--- /dev/null
+++ b/google-cloud-security-private-ca/src/main/java/com/google/cloud/security/privateca/v1/stub/GrpcCertificateAuthorityServiceCallableFactory.java
@@ -0,0 +1,113 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.cloud.security.privateca.v1.stub;
+
+import com.google.api.gax.grpc.GrpcCallSettings;
+import com.google.api.gax.grpc.GrpcCallableFactory;
+import com.google.api.gax.grpc.GrpcStubCallableFactory;
+import com.google.api.gax.rpc.BatchingCallSettings;
+import com.google.api.gax.rpc.BidiStreamingCallable;
+import com.google.api.gax.rpc.ClientContext;
+import com.google.api.gax.rpc.ClientStreamingCallable;
+import com.google.api.gax.rpc.OperationCallSettings;
+import com.google.api.gax.rpc.OperationCallable;
+import com.google.api.gax.rpc.PagedCallSettings;
+import com.google.api.gax.rpc.ServerStreamingCallSettings;
+import com.google.api.gax.rpc.ServerStreamingCallable;
+import com.google.api.gax.rpc.StreamingCallSettings;
+import com.google.api.gax.rpc.UnaryCallSettings;
+import com.google.api.gax.rpc.UnaryCallable;
+import com.google.longrunning.Operation;
+import com.google.longrunning.stub.OperationsStub;
+import javax.annotation.Generated;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS.
+/**
+ * gRPC callable factory implementation for the CertificateAuthorityService service API.
+ *
+ * <p>This class is for advanced usage.
+ */
+@Generated("by gapic-generator-java")
+public class GrpcCertificateAuthorityServiceCallableFactory implements GrpcStubCallableFactory {
+
+  @Override
+  public <RequestT, ResponseT> UnaryCallable<RequestT, ResponseT> createUnaryCallable(
+      GrpcCallSettings<RequestT, ResponseT> grpcCallSettings,
+      UnaryCallSettings<RequestT, ResponseT> callSettings,
+      ClientContext clientContext) {
+    return GrpcCallableFactory.createUnaryCallable(grpcCallSettings, callSettings, clientContext);
+  }
+
+  @Override
+  public <RequestT, ResponseT, PagedListResponseT>
+      UnaryCallable<RequestT, PagedListResponseT> createPagedCallable(
+          GrpcCallSettings<RequestT, ResponseT> grpcCallSettings,
+          PagedCallSettings<RequestT, ResponseT, PagedListResponseT> callSettings,
+          ClientContext clientContext) {
+    return GrpcCallableFactory.createPagedCallable(grpcCallSettings, callSettings, clientContext);
+  }
+
+  @Override
+  public <RequestT, ResponseT> UnaryCallable<RequestT, ResponseT> createBatchingCallable(
+      GrpcCallSettings<RequestT, ResponseT> grpcCallSettings,
+      BatchingCallSettings<RequestT, ResponseT> callSettings,
+      ClientContext clientContext) {
+    return GrpcCallableFactory.createBatchingCallable(
+        grpcCallSettings, callSettings, clientContext);
+  }
+
+  @Override
+  public <RequestT, ResponseT, MetadataT>
+      OperationCallable<RequestT, ResponseT, MetadataT> createOperationCallable(
+          GrpcCallSettings<RequestT, Operation> grpcCallSettings,
+          OperationCallSettings<RequestT, ResponseT, MetadataT> callSettings,
+          ClientContext clientContext,
+          OperationsStub operationsStub) {
+    return GrpcCallableFactory.createOperationCallable(
+        grpcCallSettings, callSettings, clientContext, operationsStub);
+  }
+
+  @Override
+  public <RequestT, ResponseT>
+      BidiStreamingCallable<RequestT, ResponseT> createBidiStreamingCallable(
+          GrpcCallSettings<RequestT, ResponseT> grpcCallSettings,
+          StreamingCallSettings<RequestT, ResponseT> callSettings,
+          ClientContext clientContext) {
+    return GrpcCallableFactory.createBidiStreamingCallable(
+        grpcCallSettings, callSettings, clientContext);
+  }
+
+  @Override
+  public <RequestT, ResponseT>
+      ServerStreamingCallable<RequestT, ResponseT> createServerStreamingCallable(
+          GrpcCallSettings<RequestT, ResponseT> grpcCallSettings,
+          ServerStreamingCallSettings<RequestT, ResponseT> callSettings,
+          ClientContext clientContext) {
+    return GrpcCallableFactory.createServerStreamingCallable(
+        grpcCallSettings, callSettings, clientContext);
+  }
+
+  @Override
+  public <RequestT, ResponseT>
+      ClientStreamingCallable<RequestT, ResponseT> createClientStreamingCallable(
+          GrpcCallSettings<RequestT, ResponseT> grpcCallSettings,
+          StreamingCallSettings<RequestT, ResponseT> callSettings,
+          ClientContext clientContext) {
+    return GrpcCallableFactory.createClientStreamingCallable(
+        grpcCallSettings, callSettings, clientContext);
+  }
+}
diff --git a/google-cloud-security-private-ca/src/main/java/com/google/cloud/security/privateca/v1/stub/GrpcCertificateAuthorityServiceStub.java b/google-cloud-security-private-ca/src/main/java/com/google/cloud/security/privateca/v1/stub/GrpcCertificateAuthorityServiceStub.java
new file mode 100644
index 00000000..9d45a166
--- /dev/null
+++ b/google-cloud-security-private-ca/src/main/java/com/google/cloud/security/privateca/v1/stub/GrpcCertificateAuthorityServiceStub.java
@@ -0,0 +1,1561 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.cloud.security.privateca.v1.stub;
+
+import static com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient.ListCaPoolsPagedResponse;
+import static com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient.ListCertificateAuthoritiesPagedResponse;
+import static com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient.ListCertificateRevocationListsPagedResponse;
+import static com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient.ListCertificateTemplatesPagedResponse;
+import static com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient.ListCertificatesPagedResponse;
+
+import com.google.api.gax.core.BackgroundResource;
+import com.google.api.gax.core.BackgroundResourceAggregation;
+import com.google.api.gax.grpc.GrpcCallSettings;
+import com.google.api.gax.grpc.GrpcStubCallableFactory;
+import com.google.api.gax.rpc.ClientContext;
+import com.google.api.gax.rpc.OperationCallable;
+import com.google.api.gax.rpc.RequestParamsExtractor;
+import com.google.api.gax.rpc.UnaryCallable;
+import com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest;
+import com.google.cloud.security.privateca.v1.CaPool;
+import com.google.cloud.security.privateca.v1.Certificate;
+import com.google.cloud.security.privateca.v1.CertificateAuthority;
+import com.google.cloud.security.privateca.v1.CertificateRevocationList;
+import com.google.cloud.security.privateca.v1.CertificateTemplate;
+import com.google.cloud.security.privateca.v1.CreateCaPoolRequest;
+import com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest;
+import com.google.cloud.security.privateca.v1.CreateCertificateRequest;
+import com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest;
+import com.google.cloud.security.privateca.v1.DeleteCaPoolRequest;
+import com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest;
+import com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest;
+import com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest;
+import com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest;
+import com.google.cloud.security.privateca.v1.FetchCaCertsRequest;
+import com.google.cloud.security.privateca.v1.FetchCaCertsResponse;
+import com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest;
+import com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse;
+import com.google.cloud.security.privateca.v1.GetCaPoolRequest;
+import com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest;
+import com.google.cloud.security.privateca.v1.GetCertificateRequest;
+import com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest;
+import com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest;
+import com.google.cloud.security.privateca.v1.ListCaPoolsRequest;
+import com.google.cloud.security.privateca.v1.ListCaPoolsResponse;
+import com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest;
+import com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse;
+import com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest;
+import com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse;
+import com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest;
+import com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse;
+import com.google.cloud.security.privateca.v1.ListCertificatesRequest;
+import com.google.cloud.security.privateca.v1.ListCertificatesResponse;
+import com.google.cloud.security.privateca.v1.OperationMetadata;
+import com.google.cloud.security.privateca.v1.RevokeCertificateRequest;
+import com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest;
+import com.google.cloud.security.privateca.v1.UpdateCaPoolRequest;
+import com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest;
+import com.google.cloud.security.privateca.v1.UpdateCertificateRequest;
+import com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest;
+import com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest;
+import com.google.common.collect.ImmutableMap;
+import com.google.longrunning.Operation;
+import com.google.longrunning.stub.GrpcOperationsStub;
+import com.google.protobuf.Empty;
+import io.grpc.MethodDescriptor;
+import io.grpc.protobuf.ProtoUtils;
+import java.io.IOException;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
+import javax.annotation.Generated;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS.
+/**
+ * gRPC stub implementation for the CertificateAuthorityService service API.
+ *
+ * <p>This class is for advanced usage and reflects the underlying API directly.
+ */
+@Generated("by gapic-generator-java")
+public class GrpcCertificateAuthorityServiceStub extends CertificateAuthorityServiceStub {
+  private static final MethodDescriptor<CreateCertificateRequest, Certificate>
+      createCertificateMethodDescriptor =
+          MethodDescriptor.<CreateCertificateRequest, Certificate>newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName(
+                  "google.cloud.security.privateca.v1.CertificateAuthorityService/CreateCertificate")
+              .setRequestMarshaller(
+                  ProtoUtils.marshaller(CreateCertificateRequest.getDefaultInstance()))
+              .setResponseMarshaller(ProtoUtils.marshaller(Certificate.getDefaultInstance()))
+              .build();
+
+  private static final MethodDescriptor<GetCertificateRequest, Certificate>
+      getCertificateMethodDescriptor =
+          MethodDescriptor.<GetCertificateRequest, Certificate>newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName(
+                  "google.cloud.security.privateca.v1.CertificateAuthorityService/GetCertificate")
+              .setRequestMarshaller(
+                  ProtoUtils.marshaller(GetCertificateRequest.getDefaultInstance()))
+              .setResponseMarshaller(ProtoUtils.marshaller(Certificate.getDefaultInstance()))
+              .build();
+
+  private static final MethodDescriptor<ListCertificatesRequest, ListCertificatesResponse>
+      listCertificatesMethodDescriptor =
+          MethodDescriptor.<ListCertificatesRequest, ListCertificatesResponse>newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName(
+                  "google.cloud.security.privateca.v1.CertificateAuthorityService/ListCertificates")
+              .setRequestMarshaller(
+                  ProtoUtils.marshaller(ListCertificatesRequest.getDefaultInstance()))
+              .setResponseMarshaller(
+                  ProtoUtils.marshaller(ListCertificatesResponse.getDefaultInstance()))
+              .build();
+
+  private static final MethodDescriptor<RevokeCertificateRequest, Certificate>
+      revokeCertificateMethodDescriptor =
+          MethodDescriptor.<RevokeCertificateRequest, Certificate>newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName(
+                  "google.cloud.security.privateca.v1.CertificateAuthorityService/RevokeCertificate")
+              .setRequestMarshaller(
+                  ProtoUtils.marshaller(RevokeCertificateRequest.getDefaultInstance()))
+              .setResponseMarshaller(ProtoUtils.marshaller(Certificate.getDefaultInstance()))
+              .build();
+
+  private static final MethodDescriptor<UpdateCertificateRequest, Certificate>
+      updateCertificateMethodDescriptor =
+          MethodDescriptor.<UpdateCertificateRequest, Certificate>newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName(
+                  "google.cloud.security.privateca.v1.CertificateAuthorityService/UpdateCertificate")
+              .setRequestMarshaller(
+                  ProtoUtils.marshaller(UpdateCertificateRequest.getDefaultInstance()))
+              .setResponseMarshaller(ProtoUtils.marshaller(Certificate.getDefaultInstance()))
+              .build();
+
+  private static final MethodDescriptor<ActivateCertificateAuthorityRequest, Operation>
+      activateCertificateAuthorityMethodDescriptor =
+          MethodDescriptor.<ActivateCertificateAuthorityRequest, Operation>newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName(
+                  "google.cloud.security.privateca.v1.CertificateAuthorityService/ActivateCertificateAuthority")
+              .setRequestMarshaller(
+                  ProtoUtils.marshaller(ActivateCertificateAuthorityRequest.getDefaultInstance()))
+              .setResponseMarshaller(ProtoUtils.marshaller(Operation.getDefaultInstance()))
+              .build();
+
+  private static final MethodDescriptor<CreateCertificateAuthorityRequest, Operation>
+      createCertificateAuthorityMethodDescriptor =
+          MethodDescriptor.<CreateCertificateAuthorityRequest, Operation>newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName(
+                  "google.cloud.security.privateca.v1.CertificateAuthorityService/CreateCertificateAuthority")
+              .setRequestMarshaller(
+                  ProtoUtils.marshaller(CreateCertificateAuthorityRequest.getDefaultInstance()))
+              .setResponseMarshaller(ProtoUtils.marshaller(Operation.getDefaultInstance()))
+              .build();
+
+  private static final MethodDescriptor<DisableCertificateAuthorityRequest, Operation>
+      disableCertificateAuthorityMethodDescriptor =
+          MethodDescriptor.<DisableCertificateAuthorityRequest, Operation>newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName(
+                  "google.cloud.security.privateca.v1.CertificateAuthorityService/DisableCertificateAuthority")
+              .setRequestMarshaller(
+                  ProtoUtils.marshaller(DisableCertificateAuthorityRequest.getDefaultInstance()))
+              .setResponseMarshaller(ProtoUtils.marshaller(Operation.getDefaultInstance()))
+              .build();
+
+  private static final MethodDescriptor<EnableCertificateAuthorityRequest, Operation>
+      enableCertificateAuthorityMethodDescriptor =
+          MethodDescriptor.<EnableCertificateAuthorityRequest, Operation>newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName(
+                  "google.cloud.security.privateca.v1.CertificateAuthorityService/EnableCertificateAuthority")
+              .setRequestMarshaller(
+                  ProtoUtils.marshaller(EnableCertificateAuthorityRequest.getDefaultInstance()))
+              .setResponseMarshaller(ProtoUtils.marshaller(Operation.getDefaultInstance()))
+              .build();
+
+  private static final MethodDescriptor<
+          FetchCertificateAuthorityCsrRequest, FetchCertificateAuthorityCsrResponse>
+      fetchCertificateAuthorityCsrMethodDescriptor =
+          MethodDescriptor
+              .<FetchCertificateAuthorityCsrRequest, FetchCertificateAuthorityCsrResponse>
+                  newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName(
+                  "google.cloud.security.privateca.v1.CertificateAuthorityService/FetchCertificateAuthorityCsr")
+              .setRequestMarshaller(
+                  ProtoUtils.marshaller(FetchCertificateAuthorityCsrRequest.getDefaultInstance()))
+              .setResponseMarshaller(
+                  ProtoUtils.marshaller(FetchCertificateAuthorityCsrResponse.getDefaultInstance()))
+              .build();
+
+  private static final MethodDescriptor<GetCertificateAuthorityRequest, CertificateAuthority>
+      getCertificateAuthorityMethodDescriptor =
+          MethodDescriptor.<GetCertificateAuthorityRequest, CertificateAuthority>newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName(
+                  "google.cloud.security.privateca.v1.CertificateAuthorityService/GetCertificateAuthority")
+              .setRequestMarshaller(
+                  ProtoUtils.marshaller(GetCertificateAuthorityRequest.getDefaultInstance()))
+              .setResponseMarshaller(
+                  ProtoUtils.marshaller(CertificateAuthority.getDefaultInstance()))
+              .build();
+
+  private static final MethodDescriptor<
+          ListCertificateAuthoritiesRequest, ListCertificateAuthoritiesResponse>
+      listCertificateAuthoritiesMethodDescriptor =
+          MethodDescriptor
+              .<ListCertificateAuthoritiesRequest, ListCertificateAuthoritiesResponse>newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName(
+                  "google.cloud.security.privateca.v1.CertificateAuthorityService/ListCertificateAuthorities")
+              .setRequestMarshaller(
+                  ProtoUtils.marshaller(ListCertificateAuthoritiesRequest.getDefaultInstance()))
+              .setResponseMarshaller(
+                  ProtoUtils.marshaller(ListCertificateAuthoritiesResponse.getDefaultInstance()))
+              .build();
+
+  private static final MethodDescriptor<UndeleteCertificateAuthorityRequest, Operation>
+      undeleteCertificateAuthorityMethodDescriptor =
+          MethodDescriptor.<UndeleteCertificateAuthorityRequest, Operation>newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName(
+                  "google.cloud.security.privateca.v1.CertificateAuthorityService/UndeleteCertificateAuthority")
+              .setRequestMarshaller(
+                  ProtoUtils.marshaller(UndeleteCertificateAuthorityRequest.getDefaultInstance()))
+              .setResponseMarshaller(ProtoUtils.marshaller(Operation.getDefaultInstance()))
+              .build();
+
+  private static final MethodDescriptor<DeleteCertificateAuthorityRequest, Operation>
+      deleteCertificateAuthorityMethodDescriptor =
+          MethodDescriptor.<DeleteCertificateAuthorityRequest, Operation>newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName(
+                  "google.cloud.security.privateca.v1.CertificateAuthorityService/DeleteCertificateAuthority")
+              .setRequestMarshaller(
+                  ProtoUtils.marshaller(DeleteCertificateAuthorityRequest.getDefaultInstance()))
+              .setResponseMarshaller(ProtoUtils.marshaller(Operation.getDefaultInstance()))
+              .build();
+
+  private static final MethodDescriptor<UpdateCertificateAuthorityRequest, Operation>
+      updateCertificateAuthorityMethodDescriptor =
+          MethodDescriptor.<UpdateCertificateAuthorityRequest, Operation>newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName(
+                  "google.cloud.security.privateca.v1.CertificateAuthorityService/UpdateCertificateAuthority")
+              .setRequestMarshaller(
+                  ProtoUtils.marshaller(UpdateCertificateAuthorityRequest.getDefaultInstance()))
+              .setResponseMarshaller(ProtoUtils.marshaller(Operation.getDefaultInstance()))
+              .build();
+
+  private static final MethodDescriptor<CreateCaPoolRequest, Operation>
+      createCaPoolMethodDescriptor =
+          MethodDescriptor.<CreateCaPoolRequest, Operation>newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName(
+                  "google.cloud.security.privateca.v1.CertificateAuthorityService/CreateCaPool")
+              .setRequestMarshaller(ProtoUtils.marshaller(CreateCaPoolRequest.getDefaultInstance()))
+              .setResponseMarshaller(ProtoUtils.marshaller(Operation.getDefaultInstance()))
+              .build();
+
+  private static final MethodDescriptor<UpdateCaPoolRequest, Operation>
+      updateCaPoolMethodDescriptor =
+          MethodDescriptor.<UpdateCaPoolRequest, Operation>newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName(
+                  "google.cloud.security.privateca.v1.CertificateAuthorityService/UpdateCaPool")
+              .setRequestMarshaller(ProtoUtils.marshaller(UpdateCaPoolRequest.getDefaultInstance()))
+              .setResponseMarshaller(ProtoUtils.marshaller(Operation.getDefaultInstance()))
+              .build();
+
+  private static final MethodDescriptor<GetCaPoolRequest, CaPool> getCaPoolMethodDescriptor =
+      MethodDescriptor.<GetCaPoolRequest, CaPool>newBuilder()
+          .setType(MethodDescriptor.MethodType.UNARY)
+          .setFullMethodName(
+              "google.cloud.security.privateca.v1.CertificateAuthorityService/GetCaPool")
+          .setRequestMarshaller(ProtoUtils.marshaller(GetCaPoolRequest.getDefaultInstance()))
+          .setResponseMarshaller(ProtoUtils.marshaller(CaPool.getDefaultInstance()))
+          .build();
+
+  private static final MethodDescriptor<ListCaPoolsRequest, ListCaPoolsResponse>
+      listCaPoolsMethodDescriptor =
+          MethodDescriptor.<ListCaPoolsRequest, ListCaPoolsResponse>newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName(
+                  "google.cloud.security.privateca.v1.CertificateAuthorityService/ListCaPools")
+              .setRequestMarshaller(ProtoUtils.marshaller(ListCaPoolsRequest.getDefaultInstance()))
+              .setResponseMarshaller(
+                  ProtoUtils.marshaller(ListCaPoolsResponse.getDefaultInstance()))
+              .build();
+
+  private static final MethodDescriptor<DeleteCaPoolRequest, Operation>
+      deleteCaPoolMethodDescriptor =
+          MethodDescriptor.<DeleteCaPoolRequest, Operation>newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName(
+                  "google.cloud.security.privateca.v1.CertificateAuthorityService/DeleteCaPool")
+              .setRequestMarshaller(ProtoUtils.marshaller(DeleteCaPoolRequest.getDefaultInstance()))
+              .setResponseMarshaller(ProtoUtils.marshaller(Operation.getDefaultInstance()))
+              .build();
+
+  private static final MethodDescriptor<FetchCaCertsRequest, FetchCaCertsResponse>
+      fetchCaCertsMethodDescriptor =
+          MethodDescriptor.<FetchCaCertsRequest, FetchCaCertsResponse>newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName(
+                  "google.cloud.security.privateca.v1.CertificateAuthorityService/FetchCaCerts")
+              .setRequestMarshaller(ProtoUtils.marshaller(FetchCaCertsRequest.getDefaultInstance()))
+              .setResponseMarshaller(
+                  ProtoUtils.marshaller(FetchCaCertsResponse.getDefaultInstance()))
+              .build();
+
+  private static final MethodDescriptor<
+          GetCertificateRevocationListRequest, CertificateRevocationList>
+      getCertificateRevocationListMethodDescriptor =
+          MethodDescriptor
+              .<GetCertificateRevocationListRequest, CertificateRevocationList>newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName(
+                  "google.cloud.security.privateca.v1.CertificateAuthorityService/GetCertificateRevocationList")
+              .setRequestMarshaller(
+                  ProtoUtils.marshaller(GetCertificateRevocationListRequest.getDefaultInstance()))
+              .setResponseMarshaller(
+                  ProtoUtils.marshaller(CertificateRevocationList.getDefaultInstance()))
+              .build();
+
+  private static final MethodDescriptor<
+          ListCertificateRevocationListsRequest, ListCertificateRevocationListsResponse>
+      listCertificateRevocationListsMethodDescriptor =
+          MethodDescriptor
+              .<ListCertificateRevocationListsRequest, ListCertificateRevocationListsResponse>
+                  newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName(
+                  "google.cloud.security.privateca.v1.CertificateAuthorityService/ListCertificateRevocationLists")
+              .setRequestMarshaller(
+                  ProtoUtils.marshaller(ListCertificateRevocationListsRequest.getDefaultInstance()))
+              .setResponseMarshaller(
+                  ProtoUtils.marshaller(
+                      ListCertificateRevocationListsResponse.getDefaultInstance()))
+              .build();
+
+  private static final MethodDescriptor<UpdateCertificateRevocationListRequest, Operation>
+      updateCertificateRevocationListMethodDescriptor =
+          MethodDescriptor.<UpdateCertificateRevocationListRequest, Operation>newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName(
+                  "google.cloud.security.privateca.v1.CertificateAuthorityService/UpdateCertificateRevocationList")
+              .setRequestMarshaller(
+                  ProtoUtils.marshaller(
+                      UpdateCertificateRevocationListRequest.getDefaultInstance()))
+              .setResponseMarshaller(ProtoUtils.marshaller(Operation.getDefaultInstance()))
+              .build();
+
+  private static final MethodDescriptor<CreateCertificateTemplateRequest, Operation>
+      createCertificateTemplateMethodDescriptor =
+          MethodDescriptor.<CreateCertificateTemplateRequest, Operation>newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName(
+                  "google.cloud.security.privateca.v1.CertificateAuthorityService/CreateCertificateTemplate")
+              .setRequestMarshaller(
+                  ProtoUtils.marshaller(CreateCertificateTemplateRequest.getDefaultInstance()))
+              .setResponseMarshaller(ProtoUtils.marshaller(Operation.getDefaultInstance()))
+              .build();
+
+  private static final MethodDescriptor<DeleteCertificateTemplateRequest, Operation>
+      deleteCertificateTemplateMethodDescriptor =
+          MethodDescriptor.<DeleteCertificateTemplateRequest, Operation>newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName(
+                  "google.cloud.security.privateca.v1.CertificateAuthorityService/DeleteCertificateTemplate")
+              .setRequestMarshaller(
+                  ProtoUtils.marshaller(DeleteCertificateTemplateRequest.getDefaultInstance()))
+              .setResponseMarshaller(ProtoUtils.marshaller(Operation.getDefaultInstance()))
+              .build();
+
+  private static final MethodDescriptor<GetCertificateTemplateRequest, CertificateTemplate>
+      getCertificateTemplateMethodDescriptor =
+          MethodDescriptor.<GetCertificateTemplateRequest, CertificateTemplate>newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName(
+                  "google.cloud.security.privateca.v1.CertificateAuthorityService/GetCertificateTemplate")
+              .setRequestMarshaller(
+                  ProtoUtils.marshaller(GetCertificateTemplateRequest.getDefaultInstance()))
+              .setResponseMarshaller(
+                  ProtoUtils.marshaller(CertificateTemplate.getDefaultInstance()))
+              .build();
+
+  private static final MethodDescriptor<
+          ListCertificateTemplatesRequest, ListCertificateTemplatesResponse>
+      listCertificateTemplatesMethodDescriptor =
+          MethodDescriptor
+              .<ListCertificateTemplatesRequest, ListCertificateTemplatesResponse>newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName(
+                  "google.cloud.security.privateca.v1.CertificateAuthorityService/ListCertificateTemplates")
+              .setRequestMarshaller(
+                  ProtoUtils.marshaller(ListCertificateTemplatesRequest.getDefaultInstance()))
+              .setResponseMarshaller(
+                  ProtoUtils.marshaller(ListCertificateTemplatesResponse.getDefaultInstance()))
+              .build();
+
+  private static final MethodDescriptor<UpdateCertificateTemplateRequest, Operation>
+      updateCertificateTemplateMethodDescriptor =
+          MethodDescriptor.<UpdateCertificateTemplateRequest, Operation>newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName(
+                  "google.cloud.security.privateca.v1.CertificateAuthorityService/UpdateCertificateTemplate")
+              .setRequestMarshaller(
+                  ProtoUtils.marshaller(UpdateCertificateTemplateRequest.getDefaultInstance()))
+              .setResponseMarshaller(ProtoUtils.marshaller(Operation.getDefaultInstance()))
+              .build();
+
+  private final UnaryCallable<CreateCertificateRequest, Certificate> createCertificateCallable;
+  private final UnaryCallable<GetCertificateRequest, Certificate> getCertificateCallable;
+  private final UnaryCallable<ListCertificatesRequest, ListCertificatesResponse>
+      listCertificatesCallable;
+  private final UnaryCallable<ListCertificatesRequest, ListCertificatesPagedResponse>
+      listCertificatesPagedCallable;
+  private final UnaryCallable<RevokeCertificateRequest, Certificate> revokeCertificateCallable;
+  private final UnaryCallable<UpdateCertificateRequest, Certificate> updateCertificateCallable;
+  private final UnaryCallable<ActivateCertificateAuthorityRequest, Operation>
+      activateCertificateAuthorityCallable;
+  private final OperationCallable<
+          ActivateCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      activateCertificateAuthorityOperationCallable;
+  private final UnaryCallable<CreateCertificateAuthorityRequest, Operation>
+      createCertificateAuthorityCallable;
+  private final OperationCallable<
+          CreateCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      createCertificateAuthorityOperationCallable;
+  private final UnaryCallable<DisableCertificateAuthorityRequest, Operation>
+      disableCertificateAuthorityCallable;
+  private final OperationCallable<
+          DisableCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      disableCertificateAuthorityOperationCallable;
+  private final UnaryCallable<EnableCertificateAuthorityRequest, Operation>
+      enableCertificateAuthorityCallable;
+  private final OperationCallable<
+          EnableCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      enableCertificateAuthorityOperationCallable;
+  private final UnaryCallable<
+          FetchCertificateAuthorityCsrRequest, FetchCertificateAuthorityCsrResponse>
+      fetchCertificateAuthorityCsrCallable;
+  private final UnaryCallable<GetCertificateAuthorityRequest, CertificateAuthority>
+      getCertificateAuthorityCallable;
+  private final UnaryCallable<ListCertificateAuthoritiesRequest, ListCertificateAuthoritiesResponse>
+      listCertificateAuthoritiesCallable;
+  private final UnaryCallable<
+          ListCertificateAuthoritiesRequest, ListCertificateAuthoritiesPagedResponse>
+      listCertificateAuthoritiesPagedCallable;
+  private final UnaryCallable<UndeleteCertificateAuthorityRequest, Operation>
+      undeleteCertificateAuthorityCallable;
+  private final OperationCallable<
+          UndeleteCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      undeleteCertificateAuthorityOperationCallable;
+  private final UnaryCallable<DeleteCertificateAuthorityRequest, Operation>
+      deleteCertificateAuthorityCallable;
+  private final OperationCallable<
+          DeleteCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      deleteCertificateAuthorityOperationCallable;
+  private final UnaryCallable<UpdateCertificateAuthorityRequest, Operation>
+      updateCertificateAuthorityCallable;
+  private final OperationCallable<
+          UpdateCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      updateCertificateAuthorityOperationCallable;
+  private final UnaryCallable<CreateCaPoolRequest, Operation> createCaPoolCallable;
+  private final OperationCallable<CreateCaPoolRequest, CaPool, OperationMetadata>
+      createCaPoolOperationCallable;
+  private final UnaryCallable<UpdateCaPoolRequest, Operation> updateCaPoolCallable;
+  private final OperationCallable<UpdateCaPoolRequest, CaPool, OperationMetadata>
+      updateCaPoolOperationCallable;
+  private final UnaryCallable<GetCaPoolRequest, CaPool> getCaPoolCallable;
+  private final UnaryCallable<ListCaPoolsRequest, ListCaPoolsResponse> listCaPoolsCallable;
+  private final UnaryCallable<ListCaPoolsRequest, ListCaPoolsPagedResponse>
+      listCaPoolsPagedCallable;
+  private final UnaryCallable<DeleteCaPoolRequest, Operation> deleteCaPoolCallable;
+  private final OperationCallable<DeleteCaPoolRequest, CaPool, OperationMetadata>
+      deleteCaPoolOperationCallable;
+  private final UnaryCallable<FetchCaCertsRequest, FetchCaCertsResponse> fetchCaCertsCallable;
+  private final UnaryCallable<GetCertificateRevocationListRequest, CertificateRevocationList>
+      getCertificateRevocationListCallable;
+  private final UnaryCallable<
+          ListCertificateRevocationListsRequest, ListCertificateRevocationListsResponse>
+      listCertificateRevocationListsCallable;
+  private final UnaryCallable<
+          ListCertificateRevocationListsRequest, ListCertificateRevocationListsPagedResponse>
+      listCertificateRevocationListsPagedCallable;
+  private final UnaryCallable<UpdateCertificateRevocationListRequest, Operation>
+      updateCertificateRevocationListCallable;
+  private final OperationCallable<
+          UpdateCertificateRevocationListRequest, CertificateRevocationList, OperationMetadata>
+      updateCertificateRevocationListOperationCallable;
+  private final UnaryCallable<CreateCertificateTemplateRequest, Operation>
+      createCertificateTemplateCallable;
+  private final OperationCallable<
+          CreateCertificateTemplateRequest, CertificateTemplate, OperationMetadata>
+      createCertificateTemplateOperationCallable;
+  private final UnaryCallable<DeleteCertificateTemplateRequest, Operation>
+      deleteCertificateTemplateCallable;
+  private final OperationCallable<DeleteCertificateTemplateRequest, Empty, OperationMetadata>
+      deleteCertificateTemplateOperationCallable;
+  private final UnaryCallable<GetCertificateTemplateRequest, CertificateTemplate>
+      getCertificateTemplateCallable;
+  private final UnaryCallable<ListCertificateTemplatesRequest, ListCertificateTemplatesResponse>
+      listCertificateTemplatesCallable;
+  private final UnaryCallable<
+          ListCertificateTemplatesRequest, ListCertificateTemplatesPagedResponse>
+      listCertificateTemplatesPagedCallable;
+  private final UnaryCallable<UpdateCertificateTemplateRequest, Operation>
+      updateCertificateTemplateCallable;
+  private final OperationCallable<
+          UpdateCertificateTemplateRequest, CertificateTemplate, OperationMetadata>
+      updateCertificateTemplateOperationCallable;
+
+  private final BackgroundResource backgroundResources;
+  private final GrpcOperationsStub operationsStub;
+  private final GrpcStubCallableFactory callableFactory;
+
+  public static final GrpcCertificateAuthorityServiceStub create(
+      CertificateAuthorityServiceStubSettings settings) throws IOException {
+    return new GrpcCertificateAuthorityServiceStub(settings, ClientContext.create(settings));
+  }
+
+  public static final GrpcCertificateAuthorityServiceStub create(ClientContext clientContext)
+      throws IOException {
+    return new GrpcCertificateAuthorityServiceStub(
+        CertificateAuthorityServiceStubSettings.newBuilder().build(), clientContext);
+  }
+
+  public static final GrpcCertificateAuthorityServiceStub create(
+      ClientContext clientContext, GrpcStubCallableFactory callableFactory) throws IOException {
+    return new GrpcCertificateAuthorityServiceStub(
+        CertificateAuthorityServiceStubSettings.newBuilder().build(),
+        clientContext,
+        callableFactory);
+  }
+
+  /**
+   * Constructs an instance of GrpcCertificateAuthorityServiceStub, using the given settings. This
+   * is protected so that it is easy to make a subclass, but otherwise, the static factory methods
+   * should be preferred.
+   */
+  protected GrpcCertificateAuthorityServiceStub(
+      CertificateAuthorityServiceStubSettings settings, ClientContext clientContext)
+      throws IOException {
+    this(settings, clientContext, new GrpcCertificateAuthorityServiceCallableFactory());
+  }
+
+  /**
+   * Constructs an instance of GrpcCertificateAuthorityServiceStub, using the given settings. This
+   * is protected so that it is easy to make a subclass, but otherwise, the static factory methods
+   * should be preferred.
+   */
+  protected GrpcCertificateAuthorityServiceStub(
+      CertificateAuthorityServiceStubSettings settings,
+      ClientContext clientContext,
+      GrpcStubCallableFactory callableFactory)
+      throws IOException {
+    this.callableFactory = callableFactory;
+    this.operationsStub = GrpcOperationsStub.create(clientContext, callableFactory);
+
+    GrpcCallSettings<CreateCertificateRequest, Certificate> createCertificateTransportSettings =
+        GrpcCallSettings.<CreateCertificateRequest, Certificate>newBuilder()
+            .setMethodDescriptor(createCertificateMethodDescriptor)
+            .setParamsExtractor(
+                new RequestParamsExtractor<CreateCertificateRequest>() {
+                  @Override
+                  public Map<String, String> extract(CreateCertificateRequest request) {
+                    ImmutableMap.Builder<String, String> params = ImmutableMap.builder();
+                    params.put("parent", String.valueOf(request.getParent()));
+                    return params.build();
+                  }
+                })
+            .build();
+    GrpcCallSettings<GetCertificateRequest, Certificate> getCertificateTransportSettings =
+        GrpcCallSettings.<GetCertificateRequest, Certificate>newBuilder()
+            .setMethodDescriptor(getCertificateMethodDescriptor)
+            .setParamsExtractor(
+                new RequestParamsExtractor<GetCertificateRequest>() {
+                  @Override
+                  public Map<String, String> extract(GetCertificateRequest request) {
+                    ImmutableMap.Builder<String, String> params = ImmutableMap.builder();
+                    params.put("name", String.valueOf(request.getName()));
+                    return params.build();
+                  }
+                })
+            .build();
+    GrpcCallSettings<ListCertificatesRequest, ListCertificatesResponse>
+        listCertificatesTransportSettings =
+            GrpcCallSettings.<ListCertificatesRequest, ListCertificatesResponse>newBuilder()
+                .setMethodDescriptor(listCertificatesMethodDescriptor)
+                .setParamsExtractor(
+                    new RequestParamsExtractor<ListCertificatesRequest>() {
+                      @Override
+                      public Map<String, String> extract(ListCertificatesRequest request) {
+                        ImmutableMap.Builder<String, String> params = ImmutableMap.builder();
+                        params.put("parent", String.valueOf(request.getParent()));
+                        return params.build();
+                      }
+                    })
+                .build();
+    GrpcCallSettings<RevokeCertificateRequest, Certificate> revokeCertificateTransportSettings =
+        GrpcCallSettings.<RevokeCertificateRequest, Certificate>newBuilder()
+            .setMethodDescriptor(revokeCertificateMethodDescriptor)
+            .setParamsExtractor(
+                new RequestParamsExtractor<RevokeCertificateRequest>() {
+                  @Override
+                  public Map<String, String> extract(RevokeCertificateRequest request) {
+                    ImmutableMap.Builder<String, String> params = ImmutableMap.builder();
+                    params.put("name", String.valueOf(request.getName()));
+                    return params.build();
+                  }
+                })
+            .build();
+    GrpcCallSettings<UpdateCertificateRequest, Certificate> updateCertificateTransportSettings =
+        GrpcCallSettings.<UpdateCertificateRequest, Certificate>newBuilder()
+            .setMethodDescriptor(updateCertificateMethodDescriptor)
+            .setParamsExtractor(
+                new RequestParamsExtractor<UpdateCertificateRequest>() {
+                  @Override
+                  public Map<String, String> extract(UpdateCertificateRequest request) {
+                    ImmutableMap.Builder<String, String> params = ImmutableMap.builder();
+                    params.put(
+                        "certificate.name", String.valueOf(request.getCertificate().getName()));
+                    return params.build();
+                  }
+                })
+            .build();
+    GrpcCallSettings<ActivateCertificateAuthorityRequest, Operation>
+        activateCertificateAuthorityTransportSettings =
+            GrpcCallSettings.<ActivateCertificateAuthorityRequest, Operation>newBuilder()
+                .setMethodDescriptor(activateCertificateAuthorityMethodDescriptor)
+                .setParamsExtractor(
+                    new RequestParamsExtractor<ActivateCertificateAuthorityRequest>() {
+                      @Override
+                      public Map<String, String> extract(
+                          ActivateCertificateAuthorityRequest request) {
+                        ImmutableMap.Builder<String, String> params = ImmutableMap.builder();
+                        params.put("name", String.valueOf(request.getName()));
+                        return params.build();
+                      }
+                    })
+                .build();
+    GrpcCallSettings<CreateCertificateAuthorityRequest, Operation>
+        createCertificateAuthorityTransportSettings =
+            GrpcCallSettings.<CreateCertificateAuthorityRequest, Operation>newBuilder()
+                .setMethodDescriptor(createCertificateAuthorityMethodDescriptor)
+                .setParamsExtractor(
+                    new RequestParamsExtractor<CreateCertificateAuthorityRequest>() {
+                      @Override
+                      public Map<String, String> extract(
+                          CreateCertificateAuthorityRequest request) {
+                        ImmutableMap.Builder<String, String> params = ImmutableMap.builder();
+                        params.put("parent", String.valueOf(request.getParent()));
+                        return params.build();
+                      }
+                    })
+                .build();
+    GrpcCallSettings<DisableCertificateAuthorityRequest, Operation>
+        disableCertificateAuthorityTransportSettings =
+            GrpcCallSettings.<DisableCertificateAuthorityRequest, Operation>newBuilder()
+                .setMethodDescriptor(disableCertificateAuthorityMethodDescriptor)
+                .setParamsExtractor(
+                    new RequestParamsExtractor<DisableCertificateAuthorityRequest>() {
+                      @Override
+                      public Map<String, String> extract(
+                          DisableCertificateAuthorityRequest request) {
+                        ImmutableMap.Builder<String, String> params = ImmutableMap.builder();
+                        params.put("name", String.valueOf(request.getName()));
+                        return params.build();
+                      }
+                    })
+                .build();
+    GrpcCallSettings<EnableCertificateAuthorityRequest, Operation>
+        enableCertificateAuthorityTransportSettings =
+            GrpcCallSettings.<EnableCertificateAuthorityRequest, Operation>newBuilder()
+                .setMethodDescriptor(enableCertificateAuthorityMethodDescriptor)
+                .setParamsExtractor(
+                    new RequestParamsExtractor<EnableCertificateAuthorityRequest>() {
+                      @Override
+                      public Map<String, String> extract(
+                          EnableCertificateAuthorityRequest request) {
+                        ImmutableMap.Builder<String, String> params = ImmutableMap.builder();
+                        params.put("name", String.valueOf(request.getName()));
+                        return params.build();
+                      }
+                    })
+                .build();
+    GrpcCallSettings<FetchCertificateAuthorityCsrRequest, FetchCertificateAuthorityCsrResponse>
+        fetchCertificateAuthorityCsrTransportSettings =
+            GrpcCallSettings
+                .<FetchCertificateAuthorityCsrRequest, FetchCertificateAuthorityCsrResponse>
+                    newBuilder()
+                .setMethodDescriptor(fetchCertificateAuthorityCsrMethodDescriptor)
+                .setParamsExtractor(
+                    new RequestParamsExtractor<FetchCertificateAuthorityCsrRequest>() {
+                      @Override
+                      public Map<String, String> extract(
+                          FetchCertificateAuthorityCsrRequest request) {
+                        ImmutableMap.Builder<String, String> params = ImmutableMap.builder();
+                        params.put("name", String.valueOf(request.getName()));
+                        return params.build();
+                      }
+                    })
+                .build();
+    GrpcCallSettings<GetCertificateAuthorityRequest, CertificateAuthority>
+        getCertificateAuthorityTransportSettings =
+            GrpcCallSettings.<GetCertificateAuthorityRequest, CertificateAuthority>newBuilder()
+                .setMethodDescriptor(getCertificateAuthorityMethodDescriptor)
+                .setParamsExtractor(
+                    new RequestParamsExtractor<GetCertificateAuthorityRequest>() {
+                      @Override
+                      public Map<String, String> extract(GetCertificateAuthorityRequest request) {
+                        ImmutableMap.Builder<String, String> params = ImmutableMap.builder();
+                        params.put("name", String.valueOf(request.getName()));
+                        return params.build();
+                      }
+                    })
+                .build();
+    GrpcCallSettings<ListCertificateAuthoritiesRequest, ListCertificateAuthoritiesResponse>
+        listCertificateAuthoritiesTransportSettings =
+            GrpcCallSettings
+                .<ListCertificateAuthoritiesRequest, ListCertificateAuthoritiesResponse>newBuilder()
+                .setMethodDescriptor(listCertificateAuthoritiesMethodDescriptor)
+                .setParamsExtractor(
+                    new RequestParamsExtractor<ListCertificateAuthoritiesRequest>() {
+                      @Override
+                      public Map<String, String> extract(
+                          ListCertificateAuthoritiesRequest request) {
+                        ImmutableMap.Builder<String, String> params = ImmutableMap.builder();
+                        params.put("parent", String.valueOf(request.getParent()));
+                        return params.build();
+                      }
+                    })
+                .build();
+    GrpcCallSettings<UndeleteCertificateAuthorityRequest, Operation>
+        undeleteCertificateAuthorityTransportSettings =
+            GrpcCallSettings.<UndeleteCertificateAuthorityRequest, Operation>newBuilder()
+                .setMethodDescriptor(undeleteCertificateAuthorityMethodDescriptor)
+                .setParamsExtractor(
+                    new RequestParamsExtractor<UndeleteCertificateAuthorityRequest>() {
+                      @Override
+                      public Map<String, String> extract(
+                          UndeleteCertificateAuthorityRequest request) {
+                        ImmutableMap.Builder<String, String> params = ImmutableMap.builder();
+                        params.put("name", String.valueOf(request.getName()));
+                        return params.build();
+                      }
+                    })
+                .build();
+    GrpcCallSettings<DeleteCertificateAuthorityRequest, Operation>
+        deleteCertificateAuthorityTransportSettings =
+            GrpcCallSettings.<DeleteCertificateAuthorityRequest, Operation>newBuilder()
+                .setMethodDescriptor(deleteCertificateAuthorityMethodDescriptor)
+                .setParamsExtractor(
+                    new RequestParamsExtractor<DeleteCertificateAuthorityRequest>() {
+                      @Override
+                      public Map<String, String> extract(
+                          DeleteCertificateAuthorityRequest request) {
+                        ImmutableMap.Builder<String, String> params = ImmutableMap.builder();
+                        params.put("name", String.valueOf(request.getName()));
+                        return params.build();
+                      }
+                    })
+                .build();
+    GrpcCallSettings<UpdateCertificateAuthorityRequest, Operation>
+        updateCertificateAuthorityTransportSettings =
+            GrpcCallSettings.<UpdateCertificateAuthorityRequest, Operation>newBuilder()
+                .setMethodDescriptor(updateCertificateAuthorityMethodDescriptor)
+                .setParamsExtractor(
+                    new RequestParamsExtractor<UpdateCertificateAuthorityRequest>() {
+                      @Override
+                      public Map<String, String> extract(
+                          UpdateCertificateAuthorityRequest request) {
+                        ImmutableMap.Builder<String, String> params = ImmutableMap.builder();
+                        params.put(
+                            "certificate_authority.name",
+                            String.valueOf(request.getCertificateAuthority().getName()));
+                        return params.build();
+                      }
+                    })
+                .build();
+    GrpcCallSettings<CreateCaPoolRequest, Operation> createCaPoolTransportSettings =
+        GrpcCallSettings.<CreateCaPoolRequest, Operation>newBuilder()
+            .setMethodDescriptor(createCaPoolMethodDescriptor)
+            .setParamsExtractor(
+                new RequestParamsExtractor<CreateCaPoolRequest>() {
+                  @Override
+                  public Map<String, String> extract(CreateCaPoolRequest request) {
+                    ImmutableMap.Builder<String, String> params = ImmutableMap.builder();
+                    params.put("parent", String.valueOf(request.getParent()));
+                    return params.build();
+                  }
+                })
+            .build();
+    GrpcCallSettings<UpdateCaPoolRequest, Operation> updateCaPoolTransportSettings =
+        GrpcCallSettings.<UpdateCaPoolRequest, Operation>newBuilder()
+            .setMethodDescriptor(updateCaPoolMethodDescriptor)
+            .setParamsExtractor(
+                new RequestParamsExtractor<UpdateCaPoolRequest>() {
+                  @Override
+                  public Map<String, String> extract(UpdateCaPoolRequest request) {
+                    ImmutableMap.Builder<String, String> params = ImmutableMap.builder();
+                    params.put("ca_pool.name", String.valueOf(request.getCaPool().getName()));
+                    return params.build();
+                  }
+                })
+            .build();
+    GrpcCallSettings<GetCaPoolRequest, CaPool> getCaPoolTransportSettings =
+        GrpcCallSettings.<GetCaPoolRequest, CaPool>newBuilder()
+            .setMethodDescriptor(getCaPoolMethodDescriptor)
+            .setParamsExtractor(
+                new RequestParamsExtractor<GetCaPoolRequest>() {
+                  @Override
+                  public Map<String, String> extract(GetCaPoolRequest request) {
+                    ImmutableMap.Builder<String, String> params = ImmutableMap.builder();
+                    params.put("name", String.valueOf(request.getName()));
+                    return params.build();
+                  }
+                })
+            .build();
+    GrpcCallSettings<ListCaPoolsRequest, ListCaPoolsResponse> listCaPoolsTransportSettings =
+        GrpcCallSettings.<ListCaPoolsRequest, ListCaPoolsResponse>newBuilder()
+            .setMethodDescriptor(listCaPoolsMethodDescriptor)
+            .setParamsExtractor(
+                new RequestParamsExtractor<ListCaPoolsRequest>() {
+                  @Override
+                  public Map<String, String> extract(ListCaPoolsRequest request) {
+                    ImmutableMap.Builder<String, String> params = ImmutableMap.builder();
+                    params.put("parent", String.valueOf(request.getParent()));
+                    return params.build();
+                  }
+                })
+            .build();
+    GrpcCallSettings<DeleteCaPoolRequest, Operation> deleteCaPoolTransportSettings =
+        GrpcCallSettings.<DeleteCaPoolRequest, Operation>newBuilder()
+            .setMethodDescriptor(deleteCaPoolMethodDescriptor)
+            .setParamsExtractor(
+                new RequestParamsExtractor<DeleteCaPoolRequest>() {
+                  @Override
+                  public Map<String, String> extract(DeleteCaPoolRequest request) {
+                    ImmutableMap.Builder<String, String> params = ImmutableMap.builder();
+                    params.put("name", String.valueOf(request.getName()));
+                    return params.build();
+                  }
+                })
+            .build();
+    GrpcCallSettings<FetchCaCertsRequest, FetchCaCertsResponse> fetchCaCertsTransportSettings =
+        GrpcCallSettings.<FetchCaCertsRequest, FetchCaCertsResponse>newBuilder()
+            .setMethodDescriptor(fetchCaCertsMethodDescriptor)
+            .setParamsExtractor(
+                new RequestParamsExtractor<FetchCaCertsRequest>() {
+                  @Override
+                  public Map<String, String> extract(FetchCaCertsRequest request) {
+                    ImmutableMap.Builder<String, String> params = ImmutableMap.builder();
+                    params.put("ca_pool", String.valueOf(request.getCaPool()));
+                    return params.build();
+                  }
+                })
+            .build();
+    GrpcCallSettings<GetCertificateRevocationListRequest, CertificateRevocationList>
+        getCertificateRevocationListTransportSettings =
+            GrpcCallSettings
+                .<GetCertificateRevocationListRequest, CertificateRevocationList>newBuilder()
+                .setMethodDescriptor(getCertificateRevocationListMethodDescriptor)
+                .setParamsExtractor(
+                    new RequestParamsExtractor<GetCertificateRevocationListRequest>() {
+                      @Override
+                      public Map<String, String> extract(
+                          GetCertificateRevocationListRequest request) {
+                        ImmutableMap.Builder<String, String> params = ImmutableMap.builder();
+                        params.put("name", String.valueOf(request.getName()));
+                        return params.build();
+                      }
+                    })
+                .build();
+    GrpcCallSettings<ListCertificateRevocationListsRequest, ListCertificateRevocationListsResponse>
+        listCertificateRevocationListsTransportSettings =
+            GrpcCallSettings
+                .<ListCertificateRevocationListsRequest, ListCertificateRevocationListsResponse>
+                    newBuilder()
+                .setMethodDescriptor(listCertificateRevocationListsMethodDescriptor)
+                .setParamsExtractor(
+                    new RequestParamsExtractor<ListCertificateRevocationListsRequest>() {
+                      @Override
+                      public Map<String, String> extract(
+                          ListCertificateRevocationListsRequest request) {
+                        ImmutableMap.Builder<String, String> params = ImmutableMap.builder();
+                        params.put("parent", String.valueOf(request.getParent()));
+                        return params.build();
+                      }
+                    })
+                .build();
+    GrpcCallSettings<UpdateCertificateRevocationListRequest, Operation>
+        updateCertificateRevocationListTransportSettings =
+            GrpcCallSettings.<UpdateCertificateRevocationListRequest, Operation>newBuilder()
+                .setMethodDescriptor(updateCertificateRevocationListMethodDescriptor)
+                .setParamsExtractor(
+                    new RequestParamsExtractor<UpdateCertificateRevocationListRequest>() {
+                      @Override
+                      public Map<String, String> extract(
+                          UpdateCertificateRevocationListRequest request) {
+                        ImmutableMap.Builder<String, String> params = ImmutableMap.builder();
+                        params.put(
+                            "certificate_revocation_list.name",
+                            String.valueOf(request.getCertificateRevocationList().getName()));
+                        return params.build();
+                      }
+                    })
+                .build();
+    GrpcCallSettings<CreateCertificateTemplateRequest, Operation>
+        createCertificateTemplateTransportSettings =
+            GrpcCallSettings.<CreateCertificateTemplateRequest, Operation>newBuilder()
+                .setMethodDescriptor(createCertificateTemplateMethodDescriptor)
+                .setParamsExtractor(
+                    new RequestParamsExtractor<CreateCertificateTemplateRequest>() {
+                      @Override
+                      public Map<String, String> extract(CreateCertificateTemplateRequest request) {
+                        ImmutableMap.Builder<String, String> params = ImmutableMap.builder();
+                        params.put("parent", String.valueOf(request.getParent()));
+                        return params.build();
+                      }
+                    })
+                .build();
+    GrpcCallSettings<DeleteCertificateTemplateRequest, Operation>
+        deleteCertificateTemplateTransportSettings =
+            GrpcCallSettings.<DeleteCertificateTemplateRequest, Operation>newBuilder()
+                .setMethodDescriptor(deleteCertificateTemplateMethodDescriptor)
+                .setParamsExtractor(
+                    new RequestParamsExtractor<DeleteCertificateTemplateRequest>() {
+                      @Override
+                      public Map<String, String> extract(DeleteCertificateTemplateRequest request) {
+                        ImmutableMap.Builder<String, String> params = ImmutableMap.builder();
+                        params.put("name", String.valueOf(request.getName()));
+                        return params.build();
+                      }
+                    })
+                .build();
+    GrpcCallSettings<GetCertificateTemplateRequest, CertificateTemplate>
+        getCertificateTemplateTransportSettings =
+            GrpcCallSettings.<GetCertificateTemplateRequest, CertificateTemplate>newBuilder()
+                .setMethodDescriptor(getCertificateTemplateMethodDescriptor)
+                .setParamsExtractor(
+                    new RequestParamsExtractor<GetCertificateTemplateRequest>() {
+                      @Override
+                      public Map<String, String> extract(GetCertificateTemplateRequest request) {
+                        ImmutableMap.Builder<String, String> params = ImmutableMap.builder();
+                        params.put("name", String.valueOf(request.getName()));
+                        return params.build();
+                      }
+                    })
+                .build();
+    GrpcCallSettings<ListCertificateTemplatesRequest, ListCertificateTemplatesResponse>
+        listCertificateTemplatesTransportSettings =
+            GrpcCallSettings
+                .<ListCertificateTemplatesRequest, ListCertificateTemplatesResponse>newBuilder()
+                .setMethodDescriptor(listCertificateTemplatesMethodDescriptor)
+                .setParamsExtractor(
+                    new RequestParamsExtractor<ListCertificateTemplatesRequest>() {
+                      @Override
+                      public Map<String, String> extract(ListCertificateTemplatesRequest request) {
+                        ImmutableMap.Builder<String, String> params = ImmutableMap.builder();
+                        params.put("parent", String.valueOf(request.getParent()));
+                        return params.build();
+                      }
+                    })
+                .build();
+    GrpcCallSettings<UpdateCertificateTemplateRequest, Operation>
+        updateCertificateTemplateTransportSettings =
+            GrpcCallSettings.<UpdateCertificateTemplateRequest, Operation>newBuilder()
+                .setMethodDescriptor(updateCertificateTemplateMethodDescriptor)
+                .setParamsExtractor(
+                    new RequestParamsExtractor<UpdateCertificateTemplateRequest>() {
+                      @Override
+                      public Map<String, String> extract(UpdateCertificateTemplateRequest request) {
+                        ImmutableMap.Builder<String, String> params = ImmutableMap.builder();
+                        params.put(
+                            "certificate_template.name",
+                            String.valueOf(request.getCertificateTemplate().getName()));
+                        return params.build();
+                      }
+                    })
+                .build();
+
+    this.createCertificateCallable =
+        callableFactory.createUnaryCallable(
+            createCertificateTransportSettings,
+            settings.createCertificateSettings(),
+            clientContext);
+    this.getCertificateCallable =
+        callableFactory.createUnaryCallable(
+            getCertificateTransportSettings, settings.getCertificateSettings(), clientContext);
+    this.listCertificatesCallable =
+        callableFactory.createUnaryCallable(
+            listCertificatesTransportSettings, settings.listCertificatesSettings(), clientContext);
+    this.listCertificatesPagedCallable =
+        callableFactory.createPagedCallable(
+            listCertificatesTransportSettings, settings.listCertificatesSettings(), clientContext);
+    this.revokeCertificateCallable =
+        callableFactory.createUnaryCallable(
+            revokeCertificateTransportSettings,
+            settings.revokeCertificateSettings(),
+            clientContext);
+    this.updateCertificateCallable =
+        callableFactory.createUnaryCallable(
+            updateCertificateTransportSettings,
+            settings.updateCertificateSettings(),
+            clientContext);
+    this.activateCertificateAuthorityCallable =
+        callableFactory.createUnaryCallable(
+            activateCertificateAuthorityTransportSettings,
+            settings.activateCertificateAuthoritySettings(),
+            clientContext);
+    this.activateCertificateAuthorityOperationCallable =
+        callableFactory.createOperationCallable(
+            activateCertificateAuthorityTransportSettings,
+            settings.activateCertificateAuthorityOperationSettings(),
+            clientContext,
+            operationsStub);
+    this.createCertificateAuthorityCallable =
+        callableFactory.createUnaryCallable(
+            createCertificateAuthorityTransportSettings,
+            settings.createCertificateAuthoritySettings(),
+            clientContext);
+    this.createCertificateAuthorityOperationCallable =
+        callableFactory.createOperationCallable(
+            createCertificateAuthorityTransportSettings,
+            settings.createCertificateAuthorityOperationSettings(),
+            clientContext,
+            operationsStub);
+    this.disableCertificateAuthorityCallable =
+        callableFactory.createUnaryCallable(
+            disableCertificateAuthorityTransportSettings,
+            settings.disableCertificateAuthoritySettings(),
+            clientContext);
+    this.disableCertificateAuthorityOperationCallable =
+        callableFactory.createOperationCallable(
+            disableCertificateAuthorityTransportSettings,
+            settings.disableCertificateAuthorityOperationSettings(),
+            clientContext,
+            operationsStub);
+    this.enableCertificateAuthorityCallable =
+        callableFactory.createUnaryCallable(
+            enableCertificateAuthorityTransportSettings,
+            settings.enableCertificateAuthoritySettings(),
+            clientContext);
+    this.enableCertificateAuthorityOperationCallable =
+        callableFactory.createOperationCallable(
+            enableCertificateAuthorityTransportSettings,
+            settings.enableCertificateAuthorityOperationSettings(),
+            clientContext,
+            operationsStub);
+    this.fetchCertificateAuthorityCsrCallable =
+        callableFactory.createUnaryCallable(
+            fetchCertificateAuthorityCsrTransportSettings,
+            settings.fetchCertificateAuthorityCsrSettings(),
+            clientContext);
+    this.getCertificateAuthorityCallable =
+        callableFactory.createUnaryCallable(
+            getCertificateAuthorityTransportSettings,
+            settings.getCertificateAuthoritySettings(),
+            clientContext);
+    this.listCertificateAuthoritiesCallable =
+        callableFactory.createUnaryCallable(
+            listCertificateAuthoritiesTransportSettings,
+            settings.listCertificateAuthoritiesSettings(),
+            clientContext);
+    this.listCertificateAuthoritiesPagedCallable =
+        callableFactory.createPagedCallable(
+            listCertificateAuthoritiesTransportSettings,
+            settings.listCertificateAuthoritiesSettings(),
+            clientContext);
+    this.undeleteCertificateAuthorityCallable =
+        callableFactory.createUnaryCallable(
+            undeleteCertificateAuthorityTransportSettings,
+            settings.undeleteCertificateAuthoritySettings(),
+            clientContext);
+    this.undeleteCertificateAuthorityOperationCallable =
+        callableFactory.createOperationCallable(
+            undeleteCertificateAuthorityTransportSettings,
+            settings.undeleteCertificateAuthorityOperationSettings(),
+            clientContext,
+            operationsStub);
+    this.deleteCertificateAuthorityCallable =
+        callableFactory.createUnaryCallable(
+            deleteCertificateAuthorityTransportSettings,
+            settings.deleteCertificateAuthoritySettings(),
+            clientContext);
+    this.deleteCertificateAuthorityOperationCallable =
+        callableFactory.createOperationCallable(
+            deleteCertificateAuthorityTransportSettings,
+            settings.deleteCertificateAuthorityOperationSettings(),
+            clientContext,
+            operationsStub);
+    this.updateCertificateAuthorityCallable =
+        callableFactory.createUnaryCallable(
+            updateCertificateAuthorityTransportSettings,
+            settings.updateCertificateAuthoritySettings(),
+            clientContext);
+    this.updateCertificateAuthorityOperationCallable =
+        callableFactory.createOperationCallable(
+            updateCertificateAuthorityTransportSettings,
+            settings.updateCertificateAuthorityOperationSettings(),
+            clientContext,
+            operationsStub);
+    this.createCaPoolCallable =
+        callableFactory.createUnaryCallable(
+            createCaPoolTransportSettings, settings.createCaPoolSettings(), clientContext);
+    this.createCaPoolOperationCallable =
+        callableFactory.createOperationCallable(
+            createCaPoolTransportSettings,
+            settings.createCaPoolOperationSettings(),
+            clientContext,
+            operationsStub);
+    this.updateCaPoolCallable =
+        callableFactory.createUnaryCallable(
+            updateCaPoolTransportSettings, settings.updateCaPoolSettings(), clientContext);
+    this.updateCaPoolOperationCallable =
+        callableFactory.createOperationCallable(
+            updateCaPoolTransportSettings,
+            settings.updateCaPoolOperationSettings(),
+            clientContext,
+            operationsStub);
+    this.getCaPoolCallable =
+        callableFactory.createUnaryCallable(
+            getCaPoolTransportSettings, settings.getCaPoolSettings(), clientContext);
+    this.listCaPoolsCallable =
+        callableFactory.createUnaryCallable(
+            listCaPoolsTransportSettings, settings.listCaPoolsSettings(), clientContext);
+    this.listCaPoolsPagedCallable =
+        callableFactory.createPagedCallable(
+            listCaPoolsTransportSettings, settings.listCaPoolsSettings(), clientContext);
+    this.deleteCaPoolCallable =
+        callableFactory.createUnaryCallable(
+            deleteCaPoolTransportSettings, settings.deleteCaPoolSettings(), clientContext);
+    this.deleteCaPoolOperationCallable =
+        callableFactory.createOperationCallable(
+            deleteCaPoolTransportSettings,
+            settings.deleteCaPoolOperationSettings(),
+            clientContext,
+            operationsStub);
+    this.fetchCaCertsCallable =
+        callableFactory.createUnaryCallable(
+            fetchCaCertsTransportSettings, settings.fetchCaCertsSettings(), clientContext);
+    this.getCertificateRevocationListCallable =
+        callableFactory.createUnaryCallable(
+            getCertificateRevocationListTransportSettings,
+            settings.getCertificateRevocationListSettings(),
+            clientContext);
+    this.listCertificateRevocationListsCallable =
+        callableFactory.createUnaryCallable(
+            listCertificateRevocationListsTransportSettings,
+            settings.listCertificateRevocationListsSettings(),
+            clientContext);
+    this.listCertificateRevocationListsPagedCallable =
+        callableFactory.createPagedCallable(
+            listCertificateRevocationListsTransportSettings,
+            settings.listCertificateRevocationListsSettings(),
+            clientContext);
+    this.updateCertificateRevocationListCallable =
+        callableFactory.createUnaryCallable(
+            updateCertificateRevocationListTransportSettings,
+            settings.updateCertificateRevocationListSettings(),
+            clientContext);
+    this.updateCertificateRevocationListOperationCallable =
+        callableFactory.createOperationCallable(
+            updateCertificateRevocationListTransportSettings,
+            settings.updateCertificateRevocationListOperationSettings(),
+            clientContext,
+            operationsStub);
+    this.createCertificateTemplateCallable =
+        callableFactory.createUnaryCallable(
+            createCertificateTemplateTransportSettings,
+            settings.createCertificateTemplateSettings(),
+            clientContext);
+    this.createCertificateTemplateOperationCallable =
+        callableFactory.createOperationCallable(
+            createCertificateTemplateTransportSettings,
+            settings.createCertificateTemplateOperationSettings(),
+            clientContext,
+            operationsStub);
+    this.deleteCertificateTemplateCallable =
+        callableFactory.createUnaryCallable(
+            deleteCertificateTemplateTransportSettings,
+            settings.deleteCertificateTemplateSettings(),
+            clientContext);
+    this.deleteCertificateTemplateOperationCallable =
+        callableFactory.createOperationCallable(
+            deleteCertificateTemplateTransportSettings,
+            settings.deleteCertificateTemplateOperationSettings(),
+            clientContext,
+            operationsStub);
+    this.getCertificateTemplateCallable =
+        callableFactory.createUnaryCallable(
+            getCertificateTemplateTransportSettings,
+            settings.getCertificateTemplateSettings(),
+            clientContext);
+    this.listCertificateTemplatesCallable =
+        callableFactory.createUnaryCallable(
+            listCertificateTemplatesTransportSettings,
+            settings.listCertificateTemplatesSettings(),
+            clientContext);
+    this.listCertificateTemplatesPagedCallable =
+        callableFactory.createPagedCallable(
+            listCertificateTemplatesTransportSettings,
+            settings.listCertificateTemplatesSettings(),
+            clientContext);
+    this.updateCertificateTemplateCallable =
+        callableFactory.createUnaryCallable(
+            updateCertificateTemplateTransportSettings,
+            settings.updateCertificateTemplateSettings(),
+            clientContext);
+    this.updateCertificateTemplateOperationCallable =
+        callableFactory.createOperationCallable(
+            updateCertificateTemplateTransportSettings,
+            settings.updateCertificateTemplateOperationSettings(),
+            clientContext,
+            operationsStub);
+
+    this.backgroundResources =
+        new BackgroundResourceAggregation(clientContext.getBackgroundResources());
+  }
+
+  public GrpcOperationsStub getOperationsStub() {
+    return operationsStub;
+  }
+
+  @Override
+  public UnaryCallable<CreateCertificateRequest, Certificate> createCertificateCallable() {
+    return createCertificateCallable;
+  }
+
+  @Override
+  public UnaryCallable<GetCertificateRequest, Certificate> getCertificateCallable() {
+    return getCertificateCallable;
+  }
+
+  @Override
+  public UnaryCallable<ListCertificatesRequest, ListCertificatesResponse>
+      listCertificatesCallable() {
+    return listCertificatesCallable;
+  }
+
+  @Override
+  public UnaryCallable<ListCertificatesRequest, ListCertificatesPagedResponse>
+      listCertificatesPagedCallable() {
+    return listCertificatesPagedCallable;
+  }
+
+  @Override
+  public UnaryCallable<RevokeCertificateRequest, Certificate> revokeCertificateCallable() {
+    return revokeCertificateCallable;
+  }
+
+  @Override
+  public UnaryCallable<UpdateCertificateRequest, Certificate> updateCertificateCallable() {
+    return updateCertificateCallable;
+  }
+
+  @Override
+  public UnaryCallable<ActivateCertificateAuthorityRequest, Operation>
+      activateCertificateAuthorityCallable() {
+    return activateCertificateAuthorityCallable;
+  }
+
+  @Override
+  public OperationCallable<
+          ActivateCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      activateCertificateAuthorityOperationCallable() {
+    return activateCertificateAuthorityOperationCallable;
+  }
+
+  @Override
+  public UnaryCallable<CreateCertificateAuthorityRequest, Operation>
+      createCertificateAuthorityCallable() {
+    return createCertificateAuthorityCallable;
+  }
+
+  @Override
+  public OperationCallable<
+          CreateCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      createCertificateAuthorityOperationCallable() {
+    return createCertificateAuthorityOperationCallable;
+  }
+
+  @Override
+  public UnaryCallable<DisableCertificateAuthorityRequest, Operation>
+      disableCertificateAuthorityCallable() {
+    return disableCertificateAuthorityCallable;
+  }
+
+  @Override
+  public OperationCallable<
+          DisableCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      disableCertificateAuthorityOperationCallable() {
+    return disableCertificateAuthorityOperationCallable;
+  }
+
+  @Override
+  public UnaryCallable<EnableCertificateAuthorityRequest, Operation>
+      enableCertificateAuthorityCallable() {
+    return enableCertificateAuthorityCallable;
+  }
+
+  @Override
+  public OperationCallable<
+          EnableCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      enableCertificateAuthorityOperationCallable() {
+    return enableCertificateAuthorityOperationCallable;
+  }
+
+  @Override
+  public UnaryCallable<FetchCertificateAuthorityCsrRequest, FetchCertificateAuthorityCsrResponse>
+      fetchCertificateAuthorityCsrCallable() {
+    return fetchCertificateAuthorityCsrCallable;
+  }
+
+  @Override
+  public UnaryCallable<GetCertificateAuthorityRequest, CertificateAuthority>
+      getCertificateAuthorityCallable() {
+    return getCertificateAuthorityCallable;
+  }
+
+  @Override
+  public UnaryCallable<ListCertificateAuthoritiesRequest, ListCertificateAuthoritiesResponse>
+      listCertificateAuthoritiesCallable() {
+    return listCertificateAuthoritiesCallable;
+  }
+
+  @Override
+  public UnaryCallable<ListCertificateAuthoritiesRequest, ListCertificateAuthoritiesPagedResponse>
+      listCertificateAuthoritiesPagedCallable() {
+    return listCertificateAuthoritiesPagedCallable;
+  }
+
+  @Override
+  public UnaryCallable<UndeleteCertificateAuthorityRequest, Operation>
+      undeleteCertificateAuthorityCallable() {
+    return undeleteCertificateAuthorityCallable;
+  }
+
+  @Override
+  public OperationCallable<
+          UndeleteCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      undeleteCertificateAuthorityOperationCallable() {
+    return undeleteCertificateAuthorityOperationCallable;
+  }
+
+  @Override
+  public UnaryCallable<DeleteCertificateAuthorityRequest, Operation>
+      deleteCertificateAuthorityCallable() {
+    return deleteCertificateAuthorityCallable;
+  }
+
+  @Override
+  public OperationCallable<
+          DeleteCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      deleteCertificateAuthorityOperationCallable() {
+    return deleteCertificateAuthorityOperationCallable;
+  }
+
+  @Override
+  public UnaryCallable<UpdateCertificateAuthorityRequest, Operation>
+      updateCertificateAuthorityCallable() {
+    return updateCertificateAuthorityCallable;
+  }
+
+  @Override
+  public OperationCallable<
+          UpdateCertificateAuthorityRequest, CertificateAuthority, OperationMetadata>
+      updateCertificateAuthorityOperationCallable() {
+    return updateCertificateAuthorityOperationCallable;
+  }
+
+  @Override
+  public UnaryCallable<CreateCaPoolRequest, Operation> createCaPoolCallable() {
+    return createCaPoolCallable;
+  }
+
+  @Override
+  public OperationCallable<CreateCaPoolRequest, CaPool, OperationMetadata>
+      createCaPoolOperationCallable() {
+    return createCaPoolOperationCallable;
+  }
+
+  @Override
+  public UnaryCallable<UpdateCaPoolRequest, Operation> updateCaPoolCallable() {
+    return updateCaPoolCallable;
+  }
+
+  @Override
+  public OperationCallable<UpdateCaPoolRequest, CaPool, OperationMetadata>
+      updateCaPoolOperationCallable() {
+    return updateCaPoolOperationCallable;
+  }
+
+  @Override
+  public UnaryCallable<GetCaPoolRequest, CaPool> getCaPoolCallable() {
+    return getCaPoolCallable;
+  }
+
+  @Override
+  public UnaryCallable<ListCaPoolsRequest, ListCaPoolsResponse> listCaPoolsCallable() {
+    return listCaPoolsCallable;
+  }
+
+  @Override
+  public UnaryCallable<ListCaPoolsRequest, ListCaPoolsPagedResponse> listCaPoolsPagedCallable() {
+    return listCaPoolsPagedCallable;
+  }
+
+  @Override
+  public UnaryCallable<DeleteCaPoolRequest, Operation> deleteCaPoolCallable() {
+    return deleteCaPoolCallable;
+  }
+
+  @Override
+  public OperationCallable<DeleteCaPoolRequest, CaPool, OperationMetadata>
+      deleteCaPoolOperationCallable() {
+    return deleteCaPoolOperationCallable;
+  }
+
+  @Override
+  public UnaryCallable<FetchCaCertsRequest, FetchCaCertsResponse> fetchCaCertsCallable() {
+    return fetchCaCertsCallable;
+  }
+
+  @Override
+  public UnaryCallable<GetCertificateRevocationListRequest, CertificateRevocationList>
+      getCertificateRevocationListCallable() {
+    return getCertificateRevocationListCallable;
+  }
+
+  @Override
+  public UnaryCallable<
+          ListCertificateRevocationListsRequest, ListCertificateRevocationListsResponse>
+      listCertificateRevocationListsCallable() {
+    return listCertificateRevocationListsCallable;
+  }
+
+  @Override
+  public UnaryCallable<
+          ListCertificateRevocationListsRequest, ListCertificateRevocationListsPagedResponse>
+      listCertificateRevocationListsPagedCallable() {
+    return listCertificateRevocationListsPagedCallable;
+  }
+
+  @Override
+  public UnaryCallable<UpdateCertificateRevocationListRequest, Operation>
+      updateCertificateRevocationListCallable() {
+    return updateCertificateRevocationListCallable;
+  }
+
+  @Override
+  public OperationCallable<
+          UpdateCertificateRevocationListRequest, CertificateRevocationList, OperationMetadata>
+      updateCertificateRevocationListOperationCallable() {
+    return updateCertificateRevocationListOperationCallable;
+  }
+
+  @Override
+  public UnaryCallable<CreateCertificateTemplateRequest, Operation>
+      createCertificateTemplateCallable() {
+    return createCertificateTemplateCallable;
+  }
+
+  @Override
+  public OperationCallable<CreateCertificateTemplateRequest, CertificateTemplate, OperationMetadata>
+      createCertificateTemplateOperationCallable() {
+    return createCertificateTemplateOperationCallable;
+  }
+
+  @Override
+  public UnaryCallable<DeleteCertificateTemplateRequest, Operation>
+      deleteCertificateTemplateCallable() {
+    return deleteCertificateTemplateCallable;
+  }
+
+  @Override
+  public OperationCallable<DeleteCertificateTemplateRequest, Empty, OperationMetadata>
+      deleteCertificateTemplateOperationCallable() {
+    return deleteCertificateTemplateOperationCallable;
+  }
+
+  @Override
+  public UnaryCallable<GetCertificateTemplateRequest, CertificateTemplate>
+      getCertificateTemplateCallable() {
+    return getCertificateTemplateCallable;
+  }
+
+  @Override
+  public UnaryCallable<ListCertificateTemplatesRequest, ListCertificateTemplatesResponse>
+      listCertificateTemplatesCallable() {
+    return listCertificateTemplatesCallable;
+  }
+
+  @Override
+  public UnaryCallable<ListCertificateTemplatesRequest, ListCertificateTemplatesPagedResponse>
+      listCertificateTemplatesPagedCallable() {
+    return listCertificateTemplatesPagedCallable;
+  }
+
+  @Override
+  public UnaryCallable<UpdateCertificateTemplateRequest, Operation>
+      updateCertificateTemplateCallable() {
+    return updateCertificateTemplateCallable;
+  }
+
+  @Override
+  public OperationCallable<UpdateCertificateTemplateRequest, CertificateTemplate, OperationMetadata>
+      updateCertificateTemplateOperationCallable() {
+    return updateCertificateTemplateOperationCallable;
+  }
+
+  @Override
+  public final void close() {
+    shutdown();
+  }
+
+  @Override
+  public void shutdown() {
+    backgroundResources.shutdown();
+  }
+
+  @Override
+  public boolean isShutdown() {
+    return backgroundResources.isShutdown();
+  }
+
+  @Override
+  public boolean isTerminated() {
+    return backgroundResources.isTerminated();
+  }
+
+  @Override
+  public void shutdownNow() {
+    backgroundResources.shutdownNow();
+  }
+
+  @Override
+  public boolean awaitTermination(long duration, TimeUnit unit) throws InterruptedException {
+    return backgroundResources.awaitTermination(duration, unit);
+  }
+}
diff --git a/google-cloud-security-private-ca/src/test/java/com/google/cloud/security/privateca/v1/CertificateAuthorityServiceClientTest.java b/google-cloud-security-private-ca/src/test/java/com/google/cloud/security/privateca/v1/CertificateAuthorityServiceClientTest.java
new file mode 100644
index 00000000..24f87e6f
--- /dev/null
+++ b/google-cloud-security-private-ca/src/test/java/com/google/cloud/security/privateca/v1/CertificateAuthorityServiceClientTest.java
@@ -0,0 +1,3010 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.cloud.security.privateca.v1;
+
+import static com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient.ListCaPoolsPagedResponse;
+import static com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient.ListCertificateAuthoritiesPagedResponse;
+import static com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient.ListCertificateRevocationListsPagedResponse;
+import static com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient.ListCertificateTemplatesPagedResponse;
+import static com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient.ListCertificatesPagedResponse;
+
+import com.google.api.gax.core.NoCredentialsProvider;
+import com.google.api.gax.grpc.GaxGrpcProperties;
+import com.google.api.gax.grpc.testing.LocalChannelProvider;
+import com.google.api.gax.grpc.testing.MockGrpcService;
+import com.google.api.gax.grpc.testing.MockServiceHelper;
+import com.google.api.gax.rpc.ApiClientHeaderProvider;
+import com.google.api.gax.rpc.InvalidArgumentException;
+import com.google.api.gax.rpc.StatusCode;
+import com.google.common.collect.Lists;
+import com.google.longrunning.Operation;
+import com.google.protobuf.AbstractMessage;
+import com.google.protobuf.Any;
+import com.google.protobuf.Duration;
+import com.google.protobuf.Empty;
+import com.google.protobuf.FieldMask;
+import com.google.protobuf.Timestamp;
+import io.grpc.StatusRuntimeException;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.UUID;
+import java.util.concurrent.ExecutionException;
+import javax.annotation.Generated;
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+@Generated("by gapic-generator-java")
+public class CertificateAuthorityServiceClientTest {
+  private static MockServiceHelper mockServiceHelper;
+  private CertificateAuthorityServiceClient client;
+  private static MockCertificateAuthorityService mockCertificateAuthorityService;
+  private LocalChannelProvider channelProvider;
+
+  @BeforeClass
+  public static void startStaticServer() {
+    mockCertificateAuthorityService = new MockCertificateAuthorityService();
+    mockServiceHelper =
+        new MockServiceHelper(
+            UUID.randomUUID().toString(),
+            Arrays.<MockGrpcService>asList(mockCertificateAuthorityService));
+    mockServiceHelper.start();
+  }
+
+  @AfterClass
+  public static void stopServer() {
+    mockServiceHelper.stop();
+  }
+
+  @Before
+  public void setUp() throws IOException {
+    mockServiceHelper.reset();
+    channelProvider = mockServiceHelper.createChannelProvider();
+    CertificateAuthorityServiceSettings settings =
+        CertificateAuthorityServiceSettings.newBuilder()
+            .setTransportChannelProvider(channelProvider)
+            .setCredentialsProvider(NoCredentialsProvider.create())
+            .build();
+    client = CertificateAuthorityServiceClient.create(settings);
+  }
+
+  @After
+  public void tearDown() throws Exception {
+    client.close();
+  }
+
+  @Test
+  public void createCertificateTest() throws Exception {
+    Certificate expectedResponse =
+        Certificate.newBuilder()
+            .setName(
+                CertificateName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE]")
+                    .toString())
+            .setIssuerCertificateAuthority(
+                CertificateAuthorityName.of(
+                        "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+                    .toString())
+            .setLifetime(Duration.newBuilder().build())
+            .setCertificateTemplate(
+                CertificateTemplateName.of("[PROJECT]", "[LOCATION]", "[CERTIFICATE_TEMPLATE]")
+                    .toString())
+            .setSubjectMode(SubjectRequestMode.forNumber(0))
+            .setRevocationDetails(Certificate.RevocationDetails.newBuilder().build())
+            .setPemCertificate("pemCertificate153491807")
+            .setCertificateDescription(CertificateDescription.newBuilder().build())
+            .addAllPemCertificateChain(new ArrayList<String>())
+            .setCreateTime(Timestamp.newBuilder().build())
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .putAllLabels(new HashMap<String, String>())
+            .build();
+    mockCertificateAuthorityService.addResponse(expectedResponse);
+
+    CaPoolName parent = CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]");
+    Certificate certificate = Certificate.newBuilder().build();
+    String certificateId = "certificateId-644529902";
+
+    Certificate actualResponse = client.createCertificate(parent, certificate, certificateId);
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    CreateCertificateRequest actualRequest = ((CreateCertificateRequest) actualRequests.get(0));
+
+    Assert.assertEquals(parent.toString(), actualRequest.getParent());
+    Assert.assertEquals(certificate, actualRequest.getCertificate());
+    Assert.assertEquals(certificateId, actualRequest.getCertificateId());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void createCertificateExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      CaPoolName parent = CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]");
+      Certificate certificate = Certificate.newBuilder().build();
+      String certificateId = "certificateId-644529902";
+      client.createCertificate(parent, certificate, certificateId);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void createCertificateTest2() throws Exception {
+    Certificate expectedResponse =
+        Certificate.newBuilder()
+            .setName(
+                CertificateName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE]")
+                    .toString())
+            .setIssuerCertificateAuthority(
+                CertificateAuthorityName.of(
+                        "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+                    .toString())
+            .setLifetime(Duration.newBuilder().build())
+            .setCertificateTemplate(
+                CertificateTemplateName.of("[PROJECT]", "[LOCATION]", "[CERTIFICATE_TEMPLATE]")
+                    .toString())
+            .setSubjectMode(SubjectRequestMode.forNumber(0))
+            .setRevocationDetails(Certificate.RevocationDetails.newBuilder().build())
+            .setPemCertificate("pemCertificate153491807")
+            .setCertificateDescription(CertificateDescription.newBuilder().build())
+            .addAllPemCertificateChain(new ArrayList<String>())
+            .setCreateTime(Timestamp.newBuilder().build())
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .putAllLabels(new HashMap<String, String>())
+            .build();
+    mockCertificateAuthorityService.addResponse(expectedResponse);
+
+    String parent = "parent-995424086";
+    Certificate certificate = Certificate.newBuilder().build();
+    String certificateId = "certificateId-644529902";
+
+    Certificate actualResponse = client.createCertificate(parent, certificate, certificateId);
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    CreateCertificateRequest actualRequest = ((CreateCertificateRequest) actualRequests.get(0));
+
+    Assert.assertEquals(parent, actualRequest.getParent());
+    Assert.assertEquals(certificate, actualRequest.getCertificate());
+    Assert.assertEquals(certificateId, actualRequest.getCertificateId());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void createCertificateExceptionTest2() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      String parent = "parent-995424086";
+      Certificate certificate = Certificate.newBuilder().build();
+      String certificateId = "certificateId-644529902";
+      client.createCertificate(parent, certificate, certificateId);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void getCertificateTest() throws Exception {
+    Certificate expectedResponse =
+        Certificate.newBuilder()
+            .setName(
+                CertificateName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE]")
+                    .toString())
+            .setIssuerCertificateAuthority(
+                CertificateAuthorityName.of(
+                        "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+                    .toString())
+            .setLifetime(Duration.newBuilder().build())
+            .setCertificateTemplate(
+                CertificateTemplateName.of("[PROJECT]", "[LOCATION]", "[CERTIFICATE_TEMPLATE]")
+                    .toString())
+            .setSubjectMode(SubjectRequestMode.forNumber(0))
+            .setRevocationDetails(Certificate.RevocationDetails.newBuilder().build())
+            .setPemCertificate("pemCertificate153491807")
+            .setCertificateDescription(CertificateDescription.newBuilder().build())
+            .addAllPemCertificateChain(new ArrayList<String>())
+            .setCreateTime(Timestamp.newBuilder().build())
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .putAllLabels(new HashMap<String, String>())
+            .build();
+    mockCertificateAuthorityService.addResponse(expectedResponse);
+
+    CertificateName name =
+        CertificateName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE]");
+
+    Certificate actualResponse = client.getCertificate(name);
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    GetCertificateRequest actualRequest = ((GetCertificateRequest) actualRequests.get(0));
+
+    Assert.assertEquals(name.toString(), actualRequest.getName());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void getCertificateExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      CertificateName name =
+          CertificateName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE]");
+      client.getCertificate(name);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void getCertificateTest2() throws Exception {
+    Certificate expectedResponse =
+        Certificate.newBuilder()
+            .setName(
+                CertificateName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE]")
+                    .toString())
+            .setIssuerCertificateAuthority(
+                CertificateAuthorityName.of(
+                        "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+                    .toString())
+            .setLifetime(Duration.newBuilder().build())
+            .setCertificateTemplate(
+                CertificateTemplateName.of("[PROJECT]", "[LOCATION]", "[CERTIFICATE_TEMPLATE]")
+                    .toString())
+            .setSubjectMode(SubjectRequestMode.forNumber(0))
+            .setRevocationDetails(Certificate.RevocationDetails.newBuilder().build())
+            .setPemCertificate("pemCertificate153491807")
+            .setCertificateDescription(CertificateDescription.newBuilder().build())
+            .addAllPemCertificateChain(new ArrayList<String>())
+            .setCreateTime(Timestamp.newBuilder().build())
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .putAllLabels(new HashMap<String, String>())
+            .build();
+    mockCertificateAuthorityService.addResponse(expectedResponse);
+
+    String name = "name3373707";
+
+    Certificate actualResponse = client.getCertificate(name);
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    GetCertificateRequest actualRequest = ((GetCertificateRequest) actualRequests.get(0));
+
+    Assert.assertEquals(name, actualRequest.getName());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void getCertificateExceptionTest2() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      String name = "name3373707";
+      client.getCertificate(name);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void listCertificatesTest() throws Exception {
+    Certificate responsesElement = Certificate.newBuilder().build();
+    ListCertificatesResponse expectedResponse =
+        ListCertificatesResponse.newBuilder()
+            .setNextPageToken("")
+            .addAllCertificates(Arrays.asList(responsesElement))
+            .build();
+    mockCertificateAuthorityService.addResponse(expectedResponse);
+
+    CaPoolName parent = CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]");
+
+    ListCertificatesPagedResponse pagedListResponse = client.listCertificates(parent);
+
+    List<Certificate> resources = Lists.newArrayList(pagedListResponse.iterateAll());
+
+    Assert.assertEquals(1, resources.size());
+    Assert.assertEquals(expectedResponse.getCertificatesList().get(0), resources.get(0));
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    ListCertificatesRequest actualRequest = ((ListCertificatesRequest) actualRequests.get(0));
+
+    Assert.assertEquals(parent.toString(), actualRequest.getParent());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void listCertificatesExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      CaPoolName parent = CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]");
+      client.listCertificates(parent);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void listCertificatesTest2() throws Exception {
+    Certificate responsesElement = Certificate.newBuilder().build();
+    ListCertificatesResponse expectedResponse =
+        ListCertificatesResponse.newBuilder()
+            .setNextPageToken("")
+            .addAllCertificates(Arrays.asList(responsesElement))
+            .build();
+    mockCertificateAuthorityService.addResponse(expectedResponse);
+
+    String parent = "parent-995424086";
+
+    ListCertificatesPagedResponse pagedListResponse = client.listCertificates(parent);
+
+    List<Certificate> resources = Lists.newArrayList(pagedListResponse.iterateAll());
+
+    Assert.assertEquals(1, resources.size());
+    Assert.assertEquals(expectedResponse.getCertificatesList().get(0), resources.get(0));
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    ListCertificatesRequest actualRequest = ((ListCertificatesRequest) actualRequests.get(0));
+
+    Assert.assertEquals(parent, actualRequest.getParent());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void listCertificatesExceptionTest2() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      String parent = "parent-995424086";
+      client.listCertificates(parent);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void revokeCertificateTest() throws Exception {
+    Certificate expectedResponse =
+        Certificate.newBuilder()
+            .setName(
+                CertificateName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE]")
+                    .toString())
+            .setIssuerCertificateAuthority(
+                CertificateAuthorityName.of(
+                        "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+                    .toString())
+            .setLifetime(Duration.newBuilder().build())
+            .setCertificateTemplate(
+                CertificateTemplateName.of("[PROJECT]", "[LOCATION]", "[CERTIFICATE_TEMPLATE]")
+                    .toString())
+            .setSubjectMode(SubjectRequestMode.forNumber(0))
+            .setRevocationDetails(Certificate.RevocationDetails.newBuilder().build())
+            .setPemCertificate("pemCertificate153491807")
+            .setCertificateDescription(CertificateDescription.newBuilder().build())
+            .addAllPemCertificateChain(new ArrayList<String>())
+            .setCreateTime(Timestamp.newBuilder().build())
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .putAllLabels(new HashMap<String, String>())
+            .build();
+    mockCertificateAuthorityService.addResponse(expectedResponse);
+
+    CertificateName name =
+        CertificateName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE]");
+
+    Certificate actualResponse = client.revokeCertificate(name);
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    RevokeCertificateRequest actualRequest = ((RevokeCertificateRequest) actualRequests.get(0));
+
+    Assert.assertEquals(name.toString(), actualRequest.getName());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void revokeCertificateExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      CertificateName name =
+          CertificateName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE]");
+      client.revokeCertificate(name);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void revokeCertificateTest2() throws Exception {
+    Certificate expectedResponse =
+        Certificate.newBuilder()
+            .setName(
+                CertificateName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE]")
+                    .toString())
+            .setIssuerCertificateAuthority(
+                CertificateAuthorityName.of(
+                        "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+                    .toString())
+            .setLifetime(Duration.newBuilder().build())
+            .setCertificateTemplate(
+                CertificateTemplateName.of("[PROJECT]", "[LOCATION]", "[CERTIFICATE_TEMPLATE]")
+                    .toString())
+            .setSubjectMode(SubjectRequestMode.forNumber(0))
+            .setRevocationDetails(Certificate.RevocationDetails.newBuilder().build())
+            .setPemCertificate("pemCertificate153491807")
+            .setCertificateDescription(CertificateDescription.newBuilder().build())
+            .addAllPemCertificateChain(new ArrayList<String>())
+            .setCreateTime(Timestamp.newBuilder().build())
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .putAllLabels(new HashMap<String, String>())
+            .build();
+    mockCertificateAuthorityService.addResponse(expectedResponse);
+
+    String name = "name3373707";
+
+    Certificate actualResponse = client.revokeCertificate(name);
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    RevokeCertificateRequest actualRequest = ((RevokeCertificateRequest) actualRequests.get(0));
+
+    Assert.assertEquals(name, actualRequest.getName());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void revokeCertificateExceptionTest2() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      String name = "name3373707";
+      client.revokeCertificate(name);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void updateCertificateTest() throws Exception {
+    Certificate expectedResponse =
+        Certificate.newBuilder()
+            .setName(
+                CertificateName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE]")
+                    .toString())
+            .setIssuerCertificateAuthority(
+                CertificateAuthorityName.of(
+                        "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+                    .toString())
+            .setLifetime(Duration.newBuilder().build())
+            .setCertificateTemplate(
+                CertificateTemplateName.of("[PROJECT]", "[LOCATION]", "[CERTIFICATE_TEMPLATE]")
+                    .toString())
+            .setSubjectMode(SubjectRequestMode.forNumber(0))
+            .setRevocationDetails(Certificate.RevocationDetails.newBuilder().build())
+            .setPemCertificate("pemCertificate153491807")
+            .setCertificateDescription(CertificateDescription.newBuilder().build())
+            .addAllPemCertificateChain(new ArrayList<String>())
+            .setCreateTime(Timestamp.newBuilder().build())
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .putAllLabels(new HashMap<String, String>())
+            .build();
+    mockCertificateAuthorityService.addResponse(expectedResponse);
+
+    Certificate certificate = Certificate.newBuilder().build();
+    FieldMask updateMask = FieldMask.newBuilder().build();
+
+    Certificate actualResponse = client.updateCertificate(certificate, updateMask);
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    UpdateCertificateRequest actualRequest = ((UpdateCertificateRequest) actualRequests.get(0));
+
+    Assert.assertEquals(certificate, actualRequest.getCertificate());
+    Assert.assertEquals(updateMask, actualRequest.getUpdateMask());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void updateCertificateExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      Certificate certificate = Certificate.newBuilder().build();
+      FieldMask updateMask = FieldMask.newBuilder().build();
+      client.updateCertificate(certificate, updateMask);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void activateCertificateAuthorityTest() throws Exception {
+    CertificateAuthority expectedResponse =
+        CertificateAuthority.newBuilder()
+            .setName(
+                CertificateAuthorityName.of(
+                        "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+                    .toString())
+            .setConfig(CertificateConfig.newBuilder().build())
+            .setLifetime(Duration.newBuilder().build())
+            .setKeySpec(CertificateAuthority.KeyVersionSpec.newBuilder().build())
+            .setSubordinateConfig(SubordinateConfig.newBuilder().build())
+            .addAllPemCaCertificates(new ArrayList<String>())
+            .addAllCaCertificateDescriptions(new ArrayList<CertificateDescription>())
+            .setGcsBucket("gcsBucket239654881")
+            .setAccessUrls(CertificateAuthority.AccessUrls.newBuilder().build())
+            .setCreateTime(Timestamp.newBuilder().build())
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .setDeleteTime(Timestamp.newBuilder().build())
+            .setExpireTime(Timestamp.newBuilder().build())
+            .putAllLabels(new HashMap<String, String>())
+            .build();
+    Operation resultOperation =
+        Operation.newBuilder()
+            .setName("activateCertificateAuthorityTest")
+            .setDone(true)
+            .setResponse(Any.pack(expectedResponse))
+            .build();
+    mockCertificateAuthorityService.addResponse(resultOperation);
+
+    CertificateAuthorityName name =
+        CertificateAuthorityName.of(
+            "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]");
+
+    CertificateAuthority actualResponse = client.activateCertificateAuthorityAsync(name).get();
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    ActivateCertificateAuthorityRequest actualRequest =
+        ((ActivateCertificateAuthorityRequest) actualRequests.get(0));
+
+    Assert.assertEquals(name.toString(), actualRequest.getName());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void activateCertificateAuthorityExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      CertificateAuthorityName name =
+          CertificateAuthorityName.of(
+              "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]");
+      client.activateCertificateAuthorityAsync(name).get();
+      Assert.fail("No exception raised");
+    } catch (ExecutionException e) {
+      Assert.assertEquals(InvalidArgumentException.class, e.getCause().getClass());
+      InvalidArgumentException apiException = ((InvalidArgumentException) e.getCause());
+      Assert.assertEquals(StatusCode.Code.INVALID_ARGUMENT, apiException.getStatusCode().getCode());
+    }
+  }
+
+  @Test
+  public void activateCertificateAuthorityTest2() throws Exception {
+    CertificateAuthority expectedResponse =
+        CertificateAuthority.newBuilder()
+            .setName(
+                CertificateAuthorityName.of(
+                        "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+                    .toString())
+            .setConfig(CertificateConfig.newBuilder().build())
+            .setLifetime(Duration.newBuilder().build())
+            .setKeySpec(CertificateAuthority.KeyVersionSpec.newBuilder().build())
+            .setSubordinateConfig(SubordinateConfig.newBuilder().build())
+            .addAllPemCaCertificates(new ArrayList<String>())
+            .addAllCaCertificateDescriptions(new ArrayList<CertificateDescription>())
+            .setGcsBucket("gcsBucket239654881")
+            .setAccessUrls(CertificateAuthority.AccessUrls.newBuilder().build())
+            .setCreateTime(Timestamp.newBuilder().build())
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .setDeleteTime(Timestamp.newBuilder().build())
+            .setExpireTime(Timestamp.newBuilder().build())
+            .putAllLabels(new HashMap<String, String>())
+            .build();
+    Operation resultOperation =
+        Operation.newBuilder()
+            .setName("activateCertificateAuthorityTest")
+            .setDone(true)
+            .setResponse(Any.pack(expectedResponse))
+            .build();
+    mockCertificateAuthorityService.addResponse(resultOperation);
+
+    String name = "name3373707";
+
+    CertificateAuthority actualResponse = client.activateCertificateAuthorityAsync(name).get();
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    ActivateCertificateAuthorityRequest actualRequest =
+        ((ActivateCertificateAuthorityRequest) actualRequests.get(0));
+
+    Assert.assertEquals(name, actualRequest.getName());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void activateCertificateAuthorityExceptionTest2() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      String name = "name3373707";
+      client.activateCertificateAuthorityAsync(name).get();
+      Assert.fail("No exception raised");
+    } catch (ExecutionException e) {
+      Assert.assertEquals(InvalidArgumentException.class, e.getCause().getClass());
+      InvalidArgumentException apiException = ((InvalidArgumentException) e.getCause());
+      Assert.assertEquals(StatusCode.Code.INVALID_ARGUMENT, apiException.getStatusCode().getCode());
+    }
+  }
+
+  @Test
+  public void createCertificateAuthorityTest() throws Exception {
+    CertificateAuthority expectedResponse =
+        CertificateAuthority.newBuilder()
+            .setName(
+                CertificateAuthorityName.of(
+                        "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+                    .toString())
+            .setConfig(CertificateConfig.newBuilder().build())
+            .setLifetime(Duration.newBuilder().build())
+            .setKeySpec(CertificateAuthority.KeyVersionSpec.newBuilder().build())
+            .setSubordinateConfig(SubordinateConfig.newBuilder().build())
+            .addAllPemCaCertificates(new ArrayList<String>())
+            .addAllCaCertificateDescriptions(new ArrayList<CertificateDescription>())
+            .setGcsBucket("gcsBucket239654881")
+            .setAccessUrls(CertificateAuthority.AccessUrls.newBuilder().build())
+            .setCreateTime(Timestamp.newBuilder().build())
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .setDeleteTime(Timestamp.newBuilder().build())
+            .setExpireTime(Timestamp.newBuilder().build())
+            .putAllLabels(new HashMap<String, String>())
+            .build();
+    Operation resultOperation =
+        Operation.newBuilder()
+            .setName("createCertificateAuthorityTest")
+            .setDone(true)
+            .setResponse(Any.pack(expectedResponse))
+            .build();
+    mockCertificateAuthorityService.addResponse(resultOperation);
+
+    CaPoolName parent = CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]");
+    CertificateAuthority certificateAuthority = CertificateAuthority.newBuilder().build();
+    String certificateAuthorityId = "certificateAuthorityId-1652580953";
+
+    CertificateAuthority actualResponse =
+        client
+            .createCertificateAuthorityAsync(parent, certificateAuthority, certificateAuthorityId)
+            .get();
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    CreateCertificateAuthorityRequest actualRequest =
+        ((CreateCertificateAuthorityRequest) actualRequests.get(0));
+
+    Assert.assertEquals(parent.toString(), actualRequest.getParent());
+    Assert.assertEquals(certificateAuthority, actualRequest.getCertificateAuthority());
+    Assert.assertEquals(certificateAuthorityId, actualRequest.getCertificateAuthorityId());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void createCertificateAuthorityExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      CaPoolName parent = CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]");
+      CertificateAuthority certificateAuthority = CertificateAuthority.newBuilder().build();
+      String certificateAuthorityId = "certificateAuthorityId-1652580953";
+      client
+          .createCertificateAuthorityAsync(parent, certificateAuthority, certificateAuthorityId)
+          .get();
+      Assert.fail("No exception raised");
+    } catch (ExecutionException e) {
+      Assert.assertEquals(InvalidArgumentException.class, e.getCause().getClass());
+      InvalidArgumentException apiException = ((InvalidArgumentException) e.getCause());
+      Assert.assertEquals(StatusCode.Code.INVALID_ARGUMENT, apiException.getStatusCode().getCode());
+    }
+  }
+
+  @Test
+  public void createCertificateAuthorityTest2() throws Exception {
+    CertificateAuthority expectedResponse =
+        CertificateAuthority.newBuilder()
+            .setName(
+                CertificateAuthorityName.of(
+                        "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+                    .toString())
+            .setConfig(CertificateConfig.newBuilder().build())
+            .setLifetime(Duration.newBuilder().build())
+            .setKeySpec(CertificateAuthority.KeyVersionSpec.newBuilder().build())
+            .setSubordinateConfig(SubordinateConfig.newBuilder().build())
+            .addAllPemCaCertificates(new ArrayList<String>())
+            .addAllCaCertificateDescriptions(new ArrayList<CertificateDescription>())
+            .setGcsBucket("gcsBucket239654881")
+            .setAccessUrls(CertificateAuthority.AccessUrls.newBuilder().build())
+            .setCreateTime(Timestamp.newBuilder().build())
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .setDeleteTime(Timestamp.newBuilder().build())
+            .setExpireTime(Timestamp.newBuilder().build())
+            .putAllLabels(new HashMap<String, String>())
+            .build();
+    Operation resultOperation =
+        Operation.newBuilder()
+            .setName("createCertificateAuthorityTest")
+            .setDone(true)
+            .setResponse(Any.pack(expectedResponse))
+            .build();
+    mockCertificateAuthorityService.addResponse(resultOperation);
+
+    String parent = "parent-995424086";
+    CertificateAuthority certificateAuthority = CertificateAuthority.newBuilder().build();
+    String certificateAuthorityId = "certificateAuthorityId-1652580953";
+
+    CertificateAuthority actualResponse =
+        client
+            .createCertificateAuthorityAsync(parent, certificateAuthority, certificateAuthorityId)
+            .get();
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    CreateCertificateAuthorityRequest actualRequest =
+        ((CreateCertificateAuthorityRequest) actualRequests.get(0));
+
+    Assert.assertEquals(parent, actualRequest.getParent());
+    Assert.assertEquals(certificateAuthority, actualRequest.getCertificateAuthority());
+    Assert.assertEquals(certificateAuthorityId, actualRequest.getCertificateAuthorityId());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void createCertificateAuthorityExceptionTest2() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      String parent = "parent-995424086";
+      CertificateAuthority certificateAuthority = CertificateAuthority.newBuilder().build();
+      String certificateAuthorityId = "certificateAuthorityId-1652580953";
+      client
+          .createCertificateAuthorityAsync(parent, certificateAuthority, certificateAuthorityId)
+          .get();
+      Assert.fail("No exception raised");
+    } catch (ExecutionException e) {
+      Assert.assertEquals(InvalidArgumentException.class, e.getCause().getClass());
+      InvalidArgumentException apiException = ((InvalidArgumentException) e.getCause());
+      Assert.assertEquals(StatusCode.Code.INVALID_ARGUMENT, apiException.getStatusCode().getCode());
+    }
+  }
+
+  @Test
+  public void disableCertificateAuthorityTest() throws Exception {
+    CertificateAuthority expectedResponse =
+        CertificateAuthority.newBuilder()
+            .setName(
+                CertificateAuthorityName.of(
+                        "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+                    .toString())
+            .setConfig(CertificateConfig.newBuilder().build())
+            .setLifetime(Duration.newBuilder().build())
+            .setKeySpec(CertificateAuthority.KeyVersionSpec.newBuilder().build())
+            .setSubordinateConfig(SubordinateConfig.newBuilder().build())
+            .addAllPemCaCertificates(new ArrayList<String>())
+            .addAllCaCertificateDescriptions(new ArrayList<CertificateDescription>())
+            .setGcsBucket("gcsBucket239654881")
+            .setAccessUrls(CertificateAuthority.AccessUrls.newBuilder().build())
+            .setCreateTime(Timestamp.newBuilder().build())
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .setDeleteTime(Timestamp.newBuilder().build())
+            .setExpireTime(Timestamp.newBuilder().build())
+            .putAllLabels(new HashMap<String, String>())
+            .build();
+    Operation resultOperation =
+        Operation.newBuilder()
+            .setName("disableCertificateAuthorityTest")
+            .setDone(true)
+            .setResponse(Any.pack(expectedResponse))
+            .build();
+    mockCertificateAuthorityService.addResponse(resultOperation);
+
+    CertificateAuthorityName name =
+        CertificateAuthorityName.of(
+            "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]");
+
+    CertificateAuthority actualResponse = client.disableCertificateAuthorityAsync(name).get();
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    DisableCertificateAuthorityRequest actualRequest =
+        ((DisableCertificateAuthorityRequest) actualRequests.get(0));
+
+    Assert.assertEquals(name.toString(), actualRequest.getName());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void disableCertificateAuthorityExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      CertificateAuthorityName name =
+          CertificateAuthorityName.of(
+              "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]");
+      client.disableCertificateAuthorityAsync(name).get();
+      Assert.fail("No exception raised");
+    } catch (ExecutionException e) {
+      Assert.assertEquals(InvalidArgumentException.class, e.getCause().getClass());
+      InvalidArgumentException apiException = ((InvalidArgumentException) e.getCause());
+      Assert.assertEquals(StatusCode.Code.INVALID_ARGUMENT, apiException.getStatusCode().getCode());
+    }
+  }
+
+  @Test
+  public void disableCertificateAuthorityTest2() throws Exception {
+    CertificateAuthority expectedResponse =
+        CertificateAuthority.newBuilder()
+            .setName(
+                CertificateAuthorityName.of(
+                        "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+                    .toString())
+            .setConfig(CertificateConfig.newBuilder().build())
+            .setLifetime(Duration.newBuilder().build())
+            .setKeySpec(CertificateAuthority.KeyVersionSpec.newBuilder().build())
+            .setSubordinateConfig(SubordinateConfig.newBuilder().build())
+            .addAllPemCaCertificates(new ArrayList<String>())
+            .addAllCaCertificateDescriptions(new ArrayList<CertificateDescription>())
+            .setGcsBucket("gcsBucket239654881")
+            .setAccessUrls(CertificateAuthority.AccessUrls.newBuilder().build())
+            .setCreateTime(Timestamp.newBuilder().build())
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .setDeleteTime(Timestamp.newBuilder().build())
+            .setExpireTime(Timestamp.newBuilder().build())
+            .putAllLabels(new HashMap<String, String>())
+            .build();
+    Operation resultOperation =
+        Operation.newBuilder()
+            .setName("disableCertificateAuthorityTest")
+            .setDone(true)
+            .setResponse(Any.pack(expectedResponse))
+            .build();
+    mockCertificateAuthorityService.addResponse(resultOperation);
+
+    String name = "name3373707";
+
+    CertificateAuthority actualResponse = client.disableCertificateAuthorityAsync(name).get();
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    DisableCertificateAuthorityRequest actualRequest =
+        ((DisableCertificateAuthorityRequest) actualRequests.get(0));
+
+    Assert.assertEquals(name, actualRequest.getName());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void disableCertificateAuthorityExceptionTest2() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      String name = "name3373707";
+      client.disableCertificateAuthorityAsync(name).get();
+      Assert.fail("No exception raised");
+    } catch (ExecutionException e) {
+      Assert.assertEquals(InvalidArgumentException.class, e.getCause().getClass());
+      InvalidArgumentException apiException = ((InvalidArgumentException) e.getCause());
+      Assert.assertEquals(StatusCode.Code.INVALID_ARGUMENT, apiException.getStatusCode().getCode());
+    }
+  }
+
+  @Test
+  public void enableCertificateAuthorityTest() throws Exception {
+    CertificateAuthority expectedResponse =
+        CertificateAuthority.newBuilder()
+            .setName(
+                CertificateAuthorityName.of(
+                        "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+                    .toString())
+            .setConfig(CertificateConfig.newBuilder().build())
+            .setLifetime(Duration.newBuilder().build())
+            .setKeySpec(CertificateAuthority.KeyVersionSpec.newBuilder().build())
+            .setSubordinateConfig(SubordinateConfig.newBuilder().build())
+            .addAllPemCaCertificates(new ArrayList<String>())
+            .addAllCaCertificateDescriptions(new ArrayList<CertificateDescription>())
+            .setGcsBucket("gcsBucket239654881")
+            .setAccessUrls(CertificateAuthority.AccessUrls.newBuilder().build())
+            .setCreateTime(Timestamp.newBuilder().build())
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .setDeleteTime(Timestamp.newBuilder().build())
+            .setExpireTime(Timestamp.newBuilder().build())
+            .putAllLabels(new HashMap<String, String>())
+            .build();
+    Operation resultOperation =
+        Operation.newBuilder()
+            .setName("enableCertificateAuthorityTest")
+            .setDone(true)
+            .setResponse(Any.pack(expectedResponse))
+            .build();
+    mockCertificateAuthorityService.addResponse(resultOperation);
+
+    CertificateAuthorityName name =
+        CertificateAuthorityName.of(
+            "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]");
+
+    CertificateAuthority actualResponse = client.enableCertificateAuthorityAsync(name).get();
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    EnableCertificateAuthorityRequest actualRequest =
+        ((EnableCertificateAuthorityRequest) actualRequests.get(0));
+
+    Assert.assertEquals(name.toString(), actualRequest.getName());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void enableCertificateAuthorityExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      CertificateAuthorityName name =
+          CertificateAuthorityName.of(
+              "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]");
+      client.enableCertificateAuthorityAsync(name).get();
+      Assert.fail("No exception raised");
+    } catch (ExecutionException e) {
+      Assert.assertEquals(InvalidArgumentException.class, e.getCause().getClass());
+      InvalidArgumentException apiException = ((InvalidArgumentException) e.getCause());
+      Assert.assertEquals(StatusCode.Code.INVALID_ARGUMENT, apiException.getStatusCode().getCode());
+    }
+  }
+
+  @Test
+  public void enableCertificateAuthorityTest2() throws Exception {
+    CertificateAuthority expectedResponse =
+        CertificateAuthority.newBuilder()
+            .setName(
+                CertificateAuthorityName.of(
+                        "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+                    .toString())
+            .setConfig(CertificateConfig.newBuilder().build())
+            .setLifetime(Duration.newBuilder().build())
+            .setKeySpec(CertificateAuthority.KeyVersionSpec.newBuilder().build())
+            .setSubordinateConfig(SubordinateConfig.newBuilder().build())
+            .addAllPemCaCertificates(new ArrayList<String>())
+            .addAllCaCertificateDescriptions(new ArrayList<CertificateDescription>())
+            .setGcsBucket("gcsBucket239654881")
+            .setAccessUrls(CertificateAuthority.AccessUrls.newBuilder().build())
+            .setCreateTime(Timestamp.newBuilder().build())
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .setDeleteTime(Timestamp.newBuilder().build())
+            .setExpireTime(Timestamp.newBuilder().build())
+            .putAllLabels(new HashMap<String, String>())
+            .build();
+    Operation resultOperation =
+        Operation.newBuilder()
+            .setName("enableCertificateAuthorityTest")
+            .setDone(true)
+            .setResponse(Any.pack(expectedResponse))
+            .build();
+    mockCertificateAuthorityService.addResponse(resultOperation);
+
+    String name = "name3373707";
+
+    CertificateAuthority actualResponse = client.enableCertificateAuthorityAsync(name).get();
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    EnableCertificateAuthorityRequest actualRequest =
+        ((EnableCertificateAuthorityRequest) actualRequests.get(0));
+
+    Assert.assertEquals(name, actualRequest.getName());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void enableCertificateAuthorityExceptionTest2() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      String name = "name3373707";
+      client.enableCertificateAuthorityAsync(name).get();
+      Assert.fail("No exception raised");
+    } catch (ExecutionException e) {
+      Assert.assertEquals(InvalidArgumentException.class, e.getCause().getClass());
+      InvalidArgumentException apiException = ((InvalidArgumentException) e.getCause());
+      Assert.assertEquals(StatusCode.Code.INVALID_ARGUMENT, apiException.getStatusCode().getCode());
+    }
+  }
+
+  @Test
+  public void fetchCertificateAuthorityCsrTest() throws Exception {
+    FetchCertificateAuthorityCsrResponse expectedResponse =
+        FetchCertificateAuthorityCsrResponse.newBuilder().setPemCsr("pemCsr-991911478").build();
+    mockCertificateAuthorityService.addResponse(expectedResponse);
+
+    CertificateAuthorityName name =
+        CertificateAuthorityName.of(
+            "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]");
+
+    FetchCertificateAuthorityCsrResponse actualResponse = client.fetchCertificateAuthorityCsr(name);
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    FetchCertificateAuthorityCsrRequest actualRequest =
+        ((FetchCertificateAuthorityCsrRequest) actualRequests.get(0));
+
+    Assert.assertEquals(name.toString(), actualRequest.getName());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void fetchCertificateAuthorityCsrExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      CertificateAuthorityName name =
+          CertificateAuthorityName.of(
+              "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]");
+      client.fetchCertificateAuthorityCsr(name);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void fetchCertificateAuthorityCsrTest2() throws Exception {
+    FetchCertificateAuthorityCsrResponse expectedResponse =
+        FetchCertificateAuthorityCsrResponse.newBuilder().setPemCsr("pemCsr-991911478").build();
+    mockCertificateAuthorityService.addResponse(expectedResponse);
+
+    String name = "name3373707";
+
+    FetchCertificateAuthorityCsrResponse actualResponse = client.fetchCertificateAuthorityCsr(name);
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    FetchCertificateAuthorityCsrRequest actualRequest =
+        ((FetchCertificateAuthorityCsrRequest) actualRequests.get(0));
+
+    Assert.assertEquals(name, actualRequest.getName());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void fetchCertificateAuthorityCsrExceptionTest2() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      String name = "name3373707";
+      client.fetchCertificateAuthorityCsr(name);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void getCertificateAuthorityTest() throws Exception {
+    CertificateAuthority expectedResponse =
+        CertificateAuthority.newBuilder()
+            .setName(
+                CertificateAuthorityName.of(
+                        "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+                    .toString())
+            .setConfig(CertificateConfig.newBuilder().build())
+            .setLifetime(Duration.newBuilder().build())
+            .setKeySpec(CertificateAuthority.KeyVersionSpec.newBuilder().build())
+            .setSubordinateConfig(SubordinateConfig.newBuilder().build())
+            .addAllPemCaCertificates(new ArrayList<String>())
+            .addAllCaCertificateDescriptions(new ArrayList<CertificateDescription>())
+            .setGcsBucket("gcsBucket239654881")
+            .setAccessUrls(CertificateAuthority.AccessUrls.newBuilder().build())
+            .setCreateTime(Timestamp.newBuilder().build())
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .setDeleteTime(Timestamp.newBuilder().build())
+            .setExpireTime(Timestamp.newBuilder().build())
+            .putAllLabels(new HashMap<String, String>())
+            .build();
+    mockCertificateAuthorityService.addResponse(expectedResponse);
+
+    CertificateAuthorityName name =
+        CertificateAuthorityName.of(
+            "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]");
+
+    CertificateAuthority actualResponse = client.getCertificateAuthority(name);
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    GetCertificateAuthorityRequest actualRequest =
+        ((GetCertificateAuthorityRequest) actualRequests.get(0));
+
+    Assert.assertEquals(name.toString(), actualRequest.getName());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void getCertificateAuthorityExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      CertificateAuthorityName name =
+          CertificateAuthorityName.of(
+              "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]");
+      client.getCertificateAuthority(name);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void getCertificateAuthorityTest2() throws Exception {
+    CertificateAuthority expectedResponse =
+        CertificateAuthority.newBuilder()
+            .setName(
+                CertificateAuthorityName.of(
+                        "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+                    .toString())
+            .setConfig(CertificateConfig.newBuilder().build())
+            .setLifetime(Duration.newBuilder().build())
+            .setKeySpec(CertificateAuthority.KeyVersionSpec.newBuilder().build())
+            .setSubordinateConfig(SubordinateConfig.newBuilder().build())
+            .addAllPemCaCertificates(new ArrayList<String>())
+            .addAllCaCertificateDescriptions(new ArrayList<CertificateDescription>())
+            .setGcsBucket("gcsBucket239654881")
+            .setAccessUrls(CertificateAuthority.AccessUrls.newBuilder().build())
+            .setCreateTime(Timestamp.newBuilder().build())
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .setDeleteTime(Timestamp.newBuilder().build())
+            .setExpireTime(Timestamp.newBuilder().build())
+            .putAllLabels(new HashMap<String, String>())
+            .build();
+    mockCertificateAuthorityService.addResponse(expectedResponse);
+
+    String name = "name3373707";
+
+    CertificateAuthority actualResponse = client.getCertificateAuthority(name);
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    GetCertificateAuthorityRequest actualRequest =
+        ((GetCertificateAuthorityRequest) actualRequests.get(0));
+
+    Assert.assertEquals(name, actualRequest.getName());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void getCertificateAuthorityExceptionTest2() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      String name = "name3373707";
+      client.getCertificateAuthority(name);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void listCertificateAuthoritiesTest() throws Exception {
+    CertificateAuthority responsesElement = CertificateAuthority.newBuilder().build();
+    ListCertificateAuthoritiesResponse expectedResponse =
+        ListCertificateAuthoritiesResponse.newBuilder()
+            .setNextPageToken("")
+            .addAllCertificateAuthorities(Arrays.asList(responsesElement))
+            .build();
+    mockCertificateAuthorityService.addResponse(expectedResponse);
+
+    CaPoolName parent = CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]");
+
+    ListCertificateAuthoritiesPagedResponse pagedListResponse =
+        client.listCertificateAuthorities(parent);
+
+    List<CertificateAuthority> resources = Lists.newArrayList(pagedListResponse.iterateAll());
+
+    Assert.assertEquals(1, resources.size());
+    Assert.assertEquals(expectedResponse.getCertificateAuthoritiesList().get(0), resources.get(0));
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    ListCertificateAuthoritiesRequest actualRequest =
+        ((ListCertificateAuthoritiesRequest) actualRequests.get(0));
+
+    Assert.assertEquals(parent.toString(), actualRequest.getParent());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void listCertificateAuthoritiesExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      CaPoolName parent = CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]");
+      client.listCertificateAuthorities(parent);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void listCertificateAuthoritiesTest2() throws Exception {
+    CertificateAuthority responsesElement = CertificateAuthority.newBuilder().build();
+    ListCertificateAuthoritiesResponse expectedResponse =
+        ListCertificateAuthoritiesResponse.newBuilder()
+            .setNextPageToken("")
+            .addAllCertificateAuthorities(Arrays.asList(responsesElement))
+            .build();
+    mockCertificateAuthorityService.addResponse(expectedResponse);
+
+    String parent = "parent-995424086";
+
+    ListCertificateAuthoritiesPagedResponse pagedListResponse =
+        client.listCertificateAuthorities(parent);
+
+    List<CertificateAuthority> resources = Lists.newArrayList(pagedListResponse.iterateAll());
+
+    Assert.assertEquals(1, resources.size());
+    Assert.assertEquals(expectedResponse.getCertificateAuthoritiesList().get(0), resources.get(0));
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    ListCertificateAuthoritiesRequest actualRequest =
+        ((ListCertificateAuthoritiesRequest) actualRequests.get(0));
+
+    Assert.assertEquals(parent, actualRequest.getParent());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void listCertificateAuthoritiesExceptionTest2() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      String parent = "parent-995424086";
+      client.listCertificateAuthorities(parent);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void undeleteCertificateAuthorityTest() throws Exception {
+    CertificateAuthority expectedResponse =
+        CertificateAuthority.newBuilder()
+            .setName(
+                CertificateAuthorityName.of(
+                        "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+                    .toString())
+            .setConfig(CertificateConfig.newBuilder().build())
+            .setLifetime(Duration.newBuilder().build())
+            .setKeySpec(CertificateAuthority.KeyVersionSpec.newBuilder().build())
+            .setSubordinateConfig(SubordinateConfig.newBuilder().build())
+            .addAllPemCaCertificates(new ArrayList<String>())
+            .addAllCaCertificateDescriptions(new ArrayList<CertificateDescription>())
+            .setGcsBucket("gcsBucket239654881")
+            .setAccessUrls(CertificateAuthority.AccessUrls.newBuilder().build())
+            .setCreateTime(Timestamp.newBuilder().build())
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .setDeleteTime(Timestamp.newBuilder().build())
+            .setExpireTime(Timestamp.newBuilder().build())
+            .putAllLabels(new HashMap<String, String>())
+            .build();
+    Operation resultOperation =
+        Operation.newBuilder()
+            .setName("undeleteCertificateAuthorityTest")
+            .setDone(true)
+            .setResponse(Any.pack(expectedResponse))
+            .build();
+    mockCertificateAuthorityService.addResponse(resultOperation);
+
+    CertificateAuthorityName name =
+        CertificateAuthorityName.of(
+            "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]");
+
+    CertificateAuthority actualResponse = client.undeleteCertificateAuthorityAsync(name).get();
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    UndeleteCertificateAuthorityRequest actualRequest =
+        ((UndeleteCertificateAuthorityRequest) actualRequests.get(0));
+
+    Assert.assertEquals(name.toString(), actualRequest.getName());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void undeleteCertificateAuthorityExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      CertificateAuthorityName name =
+          CertificateAuthorityName.of(
+              "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]");
+      client.undeleteCertificateAuthorityAsync(name).get();
+      Assert.fail("No exception raised");
+    } catch (ExecutionException e) {
+      Assert.assertEquals(InvalidArgumentException.class, e.getCause().getClass());
+      InvalidArgumentException apiException = ((InvalidArgumentException) e.getCause());
+      Assert.assertEquals(StatusCode.Code.INVALID_ARGUMENT, apiException.getStatusCode().getCode());
+    }
+  }
+
+  @Test
+  public void undeleteCertificateAuthorityTest2() throws Exception {
+    CertificateAuthority expectedResponse =
+        CertificateAuthority.newBuilder()
+            .setName(
+                CertificateAuthorityName.of(
+                        "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+                    .toString())
+            .setConfig(CertificateConfig.newBuilder().build())
+            .setLifetime(Duration.newBuilder().build())
+            .setKeySpec(CertificateAuthority.KeyVersionSpec.newBuilder().build())
+            .setSubordinateConfig(SubordinateConfig.newBuilder().build())
+            .addAllPemCaCertificates(new ArrayList<String>())
+            .addAllCaCertificateDescriptions(new ArrayList<CertificateDescription>())
+            .setGcsBucket("gcsBucket239654881")
+            .setAccessUrls(CertificateAuthority.AccessUrls.newBuilder().build())
+            .setCreateTime(Timestamp.newBuilder().build())
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .setDeleteTime(Timestamp.newBuilder().build())
+            .setExpireTime(Timestamp.newBuilder().build())
+            .putAllLabels(new HashMap<String, String>())
+            .build();
+    Operation resultOperation =
+        Operation.newBuilder()
+            .setName("undeleteCertificateAuthorityTest")
+            .setDone(true)
+            .setResponse(Any.pack(expectedResponse))
+            .build();
+    mockCertificateAuthorityService.addResponse(resultOperation);
+
+    String name = "name3373707";
+
+    CertificateAuthority actualResponse = client.undeleteCertificateAuthorityAsync(name).get();
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    UndeleteCertificateAuthorityRequest actualRequest =
+        ((UndeleteCertificateAuthorityRequest) actualRequests.get(0));
+
+    Assert.assertEquals(name, actualRequest.getName());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void undeleteCertificateAuthorityExceptionTest2() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      String name = "name3373707";
+      client.undeleteCertificateAuthorityAsync(name).get();
+      Assert.fail("No exception raised");
+    } catch (ExecutionException e) {
+      Assert.assertEquals(InvalidArgumentException.class, e.getCause().getClass());
+      InvalidArgumentException apiException = ((InvalidArgumentException) e.getCause());
+      Assert.assertEquals(StatusCode.Code.INVALID_ARGUMENT, apiException.getStatusCode().getCode());
+    }
+  }
+
+  @Test
+  public void deleteCertificateAuthorityTest() throws Exception {
+    CertificateAuthority expectedResponse =
+        CertificateAuthority.newBuilder()
+            .setName(
+                CertificateAuthorityName.of(
+                        "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+                    .toString())
+            .setConfig(CertificateConfig.newBuilder().build())
+            .setLifetime(Duration.newBuilder().build())
+            .setKeySpec(CertificateAuthority.KeyVersionSpec.newBuilder().build())
+            .setSubordinateConfig(SubordinateConfig.newBuilder().build())
+            .addAllPemCaCertificates(new ArrayList<String>())
+            .addAllCaCertificateDescriptions(new ArrayList<CertificateDescription>())
+            .setGcsBucket("gcsBucket239654881")
+            .setAccessUrls(CertificateAuthority.AccessUrls.newBuilder().build())
+            .setCreateTime(Timestamp.newBuilder().build())
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .setDeleteTime(Timestamp.newBuilder().build())
+            .setExpireTime(Timestamp.newBuilder().build())
+            .putAllLabels(new HashMap<String, String>())
+            .build();
+    Operation resultOperation =
+        Operation.newBuilder()
+            .setName("deleteCertificateAuthorityTest")
+            .setDone(true)
+            .setResponse(Any.pack(expectedResponse))
+            .build();
+    mockCertificateAuthorityService.addResponse(resultOperation);
+
+    CertificateAuthorityName name =
+        CertificateAuthorityName.of(
+            "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]");
+
+    CertificateAuthority actualResponse = client.deleteCertificateAuthorityAsync(name).get();
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    DeleteCertificateAuthorityRequest actualRequest =
+        ((DeleteCertificateAuthorityRequest) actualRequests.get(0));
+
+    Assert.assertEquals(name.toString(), actualRequest.getName());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void deleteCertificateAuthorityExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      CertificateAuthorityName name =
+          CertificateAuthorityName.of(
+              "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]");
+      client.deleteCertificateAuthorityAsync(name).get();
+      Assert.fail("No exception raised");
+    } catch (ExecutionException e) {
+      Assert.assertEquals(InvalidArgumentException.class, e.getCause().getClass());
+      InvalidArgumentException apiException = ((InvalidArgumentException) e.getCause());
+      Assert.assertEquals(StatusCode.Code.INVALID_ARGUMENT, apiException.getStatusCode().getCode());
+    }
+  }
+
+  @Test
+  public void deleteCertificateAuthorityTest2() throws Exception {
+    CertificateAuthority expectedResponse =
+        CertificateAuthority.newBuilder()
+            .setName(
+                CertificateAuthorityName.of(
+                        "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+                    .toString())
+            .setConfig(CertificateConfig.newBuilder().build())
+            .setLifetime(Duration.newBuilder().build())
+            .setKeySpec(CertificateAuthority.KeyVersionSpec.newBuilder().build())
+            .setSubordinateConfig(SubordinateConfig.newBuilder().build())
+            .addAllPemCaCertificates(new ArrayList<String>())
+            .addAllCaCertificateDescriptions(new ArrayList<CertificateDescription>())
+            .setGcsBucket("gcsBucket239654881")
+            .setAccessUrls(CertificateAuthority.AccessUrls.newBuilder().build())
+            .setCreateTime(Timestamp.newBuilder().build())
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .setDeleteTime(Timestamp.newBuilder().build())
+            .setExpireTime(Timestamp.newBuilder().build())
+            .putAllLabels(new HashMap<String, String>())
+            .build();
+    Operation resultOperation =
+        Operation.newBuilder()
+            .setName("deleteCertificateAuthorityTest")
+            .setDone(true)
+            .setResponse(Any.pack(expectedResponse))
+            .build();
+    mockCertificateAuthorityService.addResponse(resultOperation);
+
+    String name = "name3373707";
+
+    CertificateAuthority actualResponse = client.deleteCertificateAuthorityAsync(name).get();
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    DeleteCertificateAuthorityRequest actualRequest =
+        ((DeleteCertificateAuthorityRequest) actualRequests.get(0));
+
+    Assert.assertEquals(name, actualRequest.getName());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void deleteCertificateAuthorityExceptionTest2() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      String name = "name3373707";
+      client.deleteCertificateAuthorityAsync(name).get();
+      Assert.fail("No exception raised");
+    } catch (ExecutionException e) {
+      Assert.assertEquals(InvalidArgumentException.class, e.getCause().getClass());
+      InvalidArgumentException apiException = ((InvalidArgumentException) e.getCause());
+      Assert.assertEquals(StatusCode.Code.INVALID_ARGUMENT, apiException.getStatusCode().getCode());
+    }
+  }
+
+  @Test
+  public void updateCertificateAuthorityTest() throws Exception {
+    CertificateAuthority expectedResponse =
+        CertificateAuthority.newBuilder()
+            .setName(
+                CertificateAuthorityName.of(
+                        "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]")
+                    .toString())
+            .setConfig(CertificateConfig.newBuilder().build())
+            .setLifetime(Duration.newBuilder().build())
+            .setKeySpec(CertificateAuthority.KeyVersionSpec.newBuilder().build())
+            .setSubordinateConfig(SubordinateConfig.newBuilder().build())
+            .addAllPemCaCertificates(new ArrayList<String>())
+            .addAllCaCertificateDescriptions(new ArrayList<CertificateDescription>())
+            .setGcsBucket("gcsBucket239654881")
+            .setAccessUrls(CertificateAuthority.AccessUrls.newBuilder().build())
+            .setCreateTime(Timestamp.newBuilder().build())
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .setDeleteTime(Timestamp.newBuilder().build())
+            .setExpireTime(Timestamp.newBuilder().build())
+            .putAllLabels(new HashMap<String, String>())
+            .build();
+    Operation resultOperation =
+        Operation.newBuilder()
+            .setName("updateCertificateAuthorityTest")
+            .setDone(true)
+            .setResponse(Any.pack(expectedResponse))
+            .build();
+    mockCertificateAuthorityService.addResponse(resultOperation);
+
+    CertificateAuthority certificateAuthority = CertificateAuthority.newBuilder().build();
+    FieldMask updateMask = FieldMask.newBuilder().build();
+
+    CertificateAuthority actualResponse =
+        client.updateCertificateAuthorityAsync(certificateAuthority, updateMask).get();
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    UpdateCertificateAuthorityRequest actualRequest =
+        ((UpdateCertificateAuthorityRequest) actualRequests.get(0));
+
+    Assert.assertEquals(certificateAuthority, actualRequest.getCertificateAuthority());
+    Assert.assertEquals(updateMask, actualRequest.getUpdateMask());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void updateCertificateAuthorityExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      CertificateAuthority certificateAuthority = CertificateAuthority.newBuilder().build();
+      FieldMask updateMask = FieldMask.newBuilder().build();
+      client.updateCertificateAuthorityAsync(certificateAuthority, updateMask).get();
+      Assert.fail("No exception raised");
+    } catch (ExecutionException e) {
+      Assert.assertEquals(InvalidArgumentException.class, e.getCause().getClass());
+      InvalidArgumentException apiException = ((InvalidArgumentException) e.getCause());
+      Assert.assertEquals(StatusCode.Code.INVALID_ARGUMENT, apiException.getStatusCode().getCode());
+    }
+  }
+
+  @Test
+  public void createCaPoolTest() throws Exception {
+    CaPool expectedResponse =
+        CaPool.newBuilder()
+            .setName(CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]").toString())
+            .setIssuancePolicy(CaPool.IssuancePolicy.newBuilder().build())
+            .setPublishingOptions(CaPool.PublishingOptions.newBuilder().build())
+            .putAllLabels(new HashMap<String, String>())
+            .build();
+    Operation resultOperation =
+        Operation.newBuilder()
+            .setName("createCaPoolTest")
+            .setDone(true)
+            .setResponse(Any.pack(expectedResponse))
+            .build();
+    mockCertificateAuthorityService.addResponse(resultOperation);
+
+    LocationName parent = LocationName.of("[PROJECT]", "[LOCATION]");
+    CaPool caPool = CaPool.newBuilder().build();
+    String caPoolId = "caPoolId-970668971";
+
+    CaPool actualResponse = client.createCaPoolAsync(parent, caPool, caPoolId).get();
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    CreateCaPoolRequest actualRequest = ((CreateCaPoolRequest) actualRequests.get(0));
+
+    Assert.assertEquals(parent.toString(), actualRequest.getParent());
+    Assert.assertEquals(caPool, actualRequest.getCaPool());
+    Assert.assertEquals(caPoolId, actualRequest.getCaPoolId());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void createCaPoolExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      LocationName parent = LocationName.of("[PROJECT]", "[LOCATION]");
+      CaPool caPool = CaPool.newBuilder().build();
+      String caPoolId = "caPoolId-970668971";
+      client.createCaPoolAsync(parent, caPool, caPoolId).get();
+      Assert.fail("No exception raised");
+    } catch (ExecutionException e) {
+      Assert.assertEquals(InvalidArgumentException.class, e.getCause().getClass());
+      InvalidArgumentException apiException = ((InvalidArgumentException) e.getCause());
+      Assert.assertEquals(StatusCode.Code.INVALID_ARGUMENT, apiException.getStatusCode().getCode());
+    }
+  }
+
+  @Test
+  public void createCaPoolTest2() throws Exception {
+    CaPool expectedResponse =
+        CaPool.newBuilder()
+            .setName(CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]").toString())
+            .setIssuancePolicy(CaPool.IssuancePolicy.newBuilder().build())
+            .setPublishingOptions(CaPool.PublishingOptions.newBuilder().build())
+            .putAllLabels(new HashMap<String, String>())
+            .build();
+    Operation resultOperation =
+        Operation.newBuilder()
+            .setName("createCaPoolTest")
+            .setDone(true)
+            .setResponse(Any.pack(expectedResponse))
+            .build();
+    mockCertificateAuthorityService.addResponse(resultOperation);
+
+    String parent = "parent-995424086";
+    CaPool caPool = CaPool.newBuilder().build();
+    String caPoolId = "caPoolId-970668971";
+
+    CaPool actualResponse = client.createCaPoolAsync(parent, caPool, caPoolId).get();
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    CreateCaPoolRequest actualRequest = ((CreateCaPoolRequest) actualRequests.get(0));
+
+    Assert.assertEquals(parent, actualRequest.getParent());
+    Assert.assertEquals(caPool, actualRequest.getCaPool());
+    Assert.assertEquals(caPoolId, actualRequest.getCaPoolId());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void createCaPoolExceptionTest2() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      String parent = "parent-995424086";
+      CaPool caPool = CaPool.newBuilder().build();
+      String caPoolId = "caPoolId-970668971";
+      client.createCaPoolAsync(parent, caPool, caPoolId).get();
+      Assert.fail("No exception raised");
+    } catch (ExecutionException e) {
+      Assert.assertEquals(InvalidArgumentException.class, e.getCause().getClass());
+      InvalidArgumentException apiException = ((InvalidArgumentException) e.getCause());
+      Assert.assertEquals(StatusCode.Code.INVALID_ARGUMENT, apiException.getStatusCode().getCode());
+    }
+  }
+
+  @Test
+  public void updateCaPoolTest() throws Exception {
+    CaPool expectedResponse =
+        CaPool.newBuilder()
+            .setName(CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]").toString())
+            .setIssuancePolicy(CaPool.IssuancePolicy.newBuilder().build())
+            .setPublishingOptions(CaPool.PublishingOptions.newBuilder().build())
+            .putAllLabels(new HashMap<String, String>())
+            .build();
+    Operation resultOperation =
+        Operation.newBuilder()
+            .setName("updateCaPoolTest")
+            .setDone(true)
+            .setResponse(Any.pack(expectedResponse))
+            .build();
+    mockCertificateAuthorityService.addResponse(resultOperation);
+
+    CaPool caPool = CaPool.newBuilder().build();
+    FieldMask updateMask = FieldMask.newBuilder().build();
+
+    CaPool actualResponse = client.updateCaPoolAsync(caPool, updateMask).get();
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    UpdateCaPoolRequest actualRequest = ((UpdateCaPoolRequest) actualRequests.get(0));
+
+    Assert.assertEquals(caPool, actualRequest.getCaPool());
+    Assert.assertEquals(updateMask, actualRequest.getUpdateMask());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void updateCaPoolExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      CaPool caPool = CaPool.newBuilder().build();
+      FieldMask updateMask = FieldMask.newBuilder().build();
+      client.updateCaPoolAsync(caPool, updateMask).get();
+      Assert.fail("No exception raised");
+    } catch (ExecutionException e) {
+      Assert.assertEquals(InvalidArgumentException.class, e.getCause().getClass());
+      InvalidArgumentException apiException = ((InvalidArgumentException) e.getCause());
+      Assert.assertEquals(StatusCode.Code.INVALID_ARGUMENT, apiException.getStatusCode().getCode());
+    }
+  }
+
+  @Test
+  public void getCaPoolTest() throws Exception {
+    CaPool expectedResponse =
+        CaPool.newBuilder()
+            .setName(CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]").toString())
+            .setIssuancePolicy(CaPool.IssuancePolicy.newBuilder().build())
+            .setPublishingOptions(CaPool.PublishingOptions.newBuilder().build())
+            .putAllLabels(new HashMap<String, String>())
+            .build();
+    mockCertificateAuthorityService.addResponse(expectedResponse);
+
+    CaPoolName name = CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]");
+
+    CaPool actualResponse = client.getCaPool(name);
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    GetCaPoolRequest actualRequest = ((GetCaPoolRequest) actualRequests.get(0));
+
+    Assert.assertEquals(name.toString(), actualRequest.getName());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void getCaPoolExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      CaPoolName name = CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]");
+      client.getCaPool(name);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void getCaPoolTest2() throws Exception {
+    CaPool expectedResponse =
+        CaPool.newBuilder()
+            .setName(CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]").toString())
+            .setIssuancePolicy(CaPool.IssuancePolicy.newBuilder().build())
+            .setPublishingOptions(CaPool.PublishingOptions.newBuilder().build())
+            .putAllLabels(new HashMap<String, String>())
+            .build();
+    mockCertificateAuthorityService.addResponse(expectedResponse);
+
+    String name = "name3373707";
+
+    CaPool actualResponse = client.getCaPool(name);
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    GetCaPoolRequest actualRequest = ((GetCaPoolRequest) actualRequests.get(0));
+
+    Assert.assertEquals(name, actualRequest.getName());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void getCaPoolExceptionTest2() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      String name = "name3373707";
+      client.getCaPool(name);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void listCaPoolsTest() throws Exception {
+    CaPool responsesElement = CaPool.newBuilder().build();
+    ListCaPoolsResponse expectedResponse =
+        ListCaPoolsResponse.newBuilder()
+            .setNextPageToken("")
+            .addAllCaPools(Arrays.asList(responsesElement))
+            .build();
+    mockCertificateAuthorityService.addResponse(expectedResponse);
+
+    LocationName parent = LocationName.of("[PROJECT]", "[LOCATION]");
+
+    ListCaPoolsPagedResponse pagedListResponse = client.listCaPools(parent);
+
+    List<CaPool> resources = Lists.newArrayList(pagedListResponse.iterateAll());
+
+    Assert.assertEquals(1, resources.size());
+    Assert.assertEquals(expectedResponse.getCaPoolsList().get(0), resources.get(0));
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    ListCaPoolsRequest actualRequest = ((ListCaPoolsRequest) actualRequests.get(0));
+
+    Assert.assertEquals(parent.toString(), actualRequest.getParent());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void listCaPoolsExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      LocationName parent = LocationName.of("[PROJECT]", "[LOCATION]");
+      client.listCaPools(parent);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void listCaPoolsTest2() throws Exception {
+    CaPool responsesElement = CaPool.newBuilder().build();
+    ListCaPoolsResponse expectedResponse =
+        ListCaPoolsResponse.newBuilder()
+            .setNextPageToken("")
+            .addAllCaPools(Arrays.asList(responsesElement))
+            .build();
+    mockCertificateAuthorityService.addResponse(expectedResponse);
+
+    String parent = "parent-995424086";
+
+    ListCaPoolsPagedResponse pagedListResponse = client.listCaPools(parent);
+
+    List<CaPool> resources = Lists.newArrayList(pagedListResponse.iterateAll());
+
+    Assert.assertEquals(1, resources.size());
+    Assert.assertEquals(expectedResponse.getCaPoolsList().get(0), resources.get(0));
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    ListCaPoolsRequest actualRequest = ((ListCaPoolsRequest) actualRequests.get(0));
+
+    Assert.assertEquals(parent, actualRequest.getParent());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void listCaPoolsExceptionTest2() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      String parent = "parent-995424086";
+      client.listCaPools(parent);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void deleteCaPoolTest() throws Exception {
+    CaPool expectedResponse =
+        CaPool.newBuilder()
+            .setName(CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]").toString())
+            .setIssuancePolicy(CaPool.IssuancePolicy.newBuilder().build())
+            .setPublishingOptions(CaPool.PublishingOptions.newBuilder().build())
+            .putAllLabels(new HashMap<String, String>())
+            .build();
+    Operation resultOperation =
+        Operation.newBuilder()
+            .setName("deleteCaPoolTest")
+            .setDone(true)
+            .setResponse(Any.pack(expectedResponse))
+            .build();
+    mockCertificateAuthorityService.addResponse(resultOperation);
+
+    CaPoolName name = CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]");
+
+    CaPool actualResponse = client.deleteCaPoolAsync(name).get();
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    DeleteCaPoolRequest actualRequest = ((DeleteCaPoolRequest) actualRequests.get(0));
+
+    Assert.assertEquals(name.toString(), actualRequest.getName());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void deleteCaPoolExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      CaPoolName name = CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]");
+      client.deleteCaPoolAsync(name).get();
+      Assert.fail("No exception raised");
+    } catch (ExecutionException e) {
+      Assert.assertEquals(InvalidArgumentException.class, e.getCause().getClass());
+      InvalidArgumentException apiException = ((InvalidArgumentException) e.getCause());
+      Assert.assertEquals(StatusCode.Code.INVALID_ARGUMENT, apiException.getStatusCode().getCode());
+    }
+  }
+
+  @Test
+  public void deleteCaPoolTest2() throws Exception {
+    CaPool expectedResponse =
+        CaPool.newBuilder()
+            .setName(CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]").toString())
+            .setIssuancePolicy(CaPool.IssuancePolicy.newBuilder().build())
+            .setPublishingOptions(CaPool.PublishingOptions.newBuilder().build())
+            .putAllLabels(new HashMap<String, String>())
+            .build();
+    Operation resultOperation =
+        Operation.newBuilder()
+            .setName("deleteCaPoolTest")
+            .setDone(true)
+            .setResponse(Any.pack(expectedResponse))
+            .build();
+    mockCertificateAuthorityService.addResponse(resultOperation);
+
+    String name = "name3373707";
+
+    CaPool actualResponse = client.deleteCaPoolAsync(name).get();
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    DeleteCaPoolRequest actualRequest = ((DeleteCaPoolRequest) actualRequests.get(0));
+
+    Assert.assertEquals(name, actualRequest.getName());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void deleteCaPoolExceptionTest2() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      String name = "name3373707";
+      client.deleteCaPoolAsync(name).get();
+      Assert.fail("No exception raised");
+    } catch (ExecutionException e) {
+      Assert.assertEquals(InvalidArgumentException.class, e.getCause().getClass());
+      InvalidArgumentException apiException = ((InvalidArgumentException) e.getCause());
+      Assert.assertEquals(StatusCode.Code.INVALID_ARGUMENT, apiException.getStatusCode().getCode());
+    }
+  }
+
+  @Test
+  public void fetchCaCertsTest() throws Exception {
+    FetchCaCertsResponse expectedResponse =
+        FetchCaCertsResponse.newBuilder()
+            .addAllCaCerts(new ArrayList<FetchCaCertsResponse.CertChain>())
+            .build();
+    mockCertificateAuthorityService.addResponse(expectedResponse);
+
+    CaPoolName caPool = CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]");
+
+    FetchCaCertsResponse actualResponse = client.fetchCaCerts(caPool);
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    FetchCaCertsRequest actualRequest = ((FetchCaCertsRequest) actualRequests.get(0));
+
+    Assert.assertEquals(caPool.toString(), actualRequest.getCaPool());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void fetchCaCertsExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      CaPoolName caPool = CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]");
+      client.fetchCaCerts(caPool);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void fetchCaCertsTest2() throws Exception {
+    FetchCaCertsResponse expectedResponse =
+        FetchCaCertsResponse.newBuilder()
+            .addAllCaCerts(new ArrayList<FetchCaCertsResponse.CertChain>())
+            .build();
+    mockCertificateAuthorityService.addResponse(expectedResponse);
+
+    String caPool = "caPool-1368606310";
+
+    FetchCaCertsResponse actualResponse = client.fetchCaCerts(caPool);
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    FetchCaCertsRequest actualRequest = ((FetchCaCertsRequest) actualRequests.get(0));
+
+    Assert.assertEquals(caPool, actualRequest.getCaPool());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void fetchCaCertsExceptionTest2() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      String caPool = "caPool-1368606310";
+      client.fetchCaCerts(caPool);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void getCertificateRevocationListTest() throws Exception {
+    CertificateRevocationList expectedResponse =
+        CertificateRevocationList.newBuilder()
+            .setName(
+                CertificateRevocationListName.of(
+                        "[PROJECT]",
+                        "[LOCATION]",
+                        "[CA_POOL]",
+                        "[CERTIFICATE_AUTHORITY]",
+                        "[CERTIFICATE_REVOCATION_LIST]")
+                    .toString())
+            .setSequenceNumber(-1309190777)
+            .addAllRevokedCertificates(
+                new ArrayList<CertificateRevocationList.RevokedCertificate>())
+            .setPemCrl("pemCrl-991911515")
+            .setAccessUrl("accessUrl-2115048085")
+            .setCreateTime(Timestamp.newBuilder().build())
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .setRevisionId("revisionId-1507445162")
+            .putAllLabels(new HashMap<String, String>())
+            .build();
+    mockCertificateAuthorityService.addResponse(expectedResponse);
+
+    CertificateRevocationListName name =
+        CertificateRevocationListName.of(
+            "[PROJECT]",
+            "[LOCATION]",
+            "[CA_POOL]",
+            "[CERTIFICATE_AUTHORITY]",
+            "[CERTIFICATE_REVOCATION_LIST]");
+
+    CertificateRevocationList actualResponse = client.getCertificateRevocationList(name);
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    GetCertificateRevocationListRequest actualRequest =
+        ((GetCertificateRevocationListRequest) actualRequests.get(0));
+
+    Assert.assertEquals(name.toString(), actualRequest.getName());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void getCertificateRevocationListExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      CertificateRevocationListName name =
+          CertificateRevocationListName.of(
+              "[PROJECT]",
+              "[LOCATION]",
+              "[CA_POOL]",
+              "[CERTIFICATE_AUTHORITY]",
+              "[CERTIFICATE_REVOCATION_LIST]");
+      client.getCertificateRevocationList(name);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void getCertificateRevocationListTest2() throws Exception {
+    CertificateRevocationList expectedResponse =
+        CertificateRevocationList.newBuilder()
+            .setName(
+                CertificateRevocationListName.of(
+                        "[PROJECT]",
+                        "[LOCATION]",
+                        "[CA_POOL]",
+                        "[CERTIFICATE_AUTHORITY]",
+                        "[CERTIFICATE_REVOCATION_LIST]")
+                    .toString())
+            .setSequenceNumber(-1309190777)
+            .addAllRevokedCertificates(
+                new ArrayList<CertificateRevocationList.RevokedCertificate>())
+            .setPemCrl("pemCrl-991911515")
+            .setAccessUrl("accessUrl-2115048085")
+            .setCreateTime(Timestamp.newBuilder().build())
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .setRevisionId("revisionId-1507445162")
+            .putAllLabels(new HashMap<String, String>())
+            .build();
+    mockCertificateAuthorityService.addResponse(expectedResponse);
+
+    String name = "name3373707";
+
+    CertificateRevocationList actualResponse = client.getCertificateRevocationList(name);
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    GetCertificateRevocationListRequest actualRequest =
+        ((GetCertificateRevocationListRequest) actualRequests.get(0));
+
+    Assert.assertEquals(name, actualRequest.getName());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void getCertificateRevocationListExceptionTest2() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      String name = "name3373707";
+      client.getCertificateRevocationList(name);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void listCertificateRevocationListsTest() throws Exception {
+    CertificateRevocationList responsesElement = CertificateRevocationList.newBuilder().build();
+    ListCertificateRevocationListsResponse expectedResponse =
+        ListCertificateRevocationListsResponse.newBuilder()
+            .setNextPageToken("")
+            .addAllCertificateRevocationLists(Arrays.asList(responsesElement))
+            .build();
+    mockCertificateAuthorityService.addResponse(expectedResponse);
+
+    CertificateAuthorityName parent =
+        CertificateAuthorityName.of(
+            "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]");
+
+    ListCertificateRevocationListsPagedResponse pagedListResponse =
+        client.listCertificateRevocationLists(parent);
+
+    List<CertificateRevocationList> resources = Lists.newArrayList(pagedListResponse.iterateAll());
+
+    Assert.assertEquals(1, resources.size());
+    Assert.assertEquals(
+        expectedResponse.getCertificateRevocationListsList().get(0), resources.get(0));
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    ListCertificateRevocationListsRequest actualRequest =
+        ((ListCertificateRevocationListsRequest) actualRequests.get(0));
+
+    Assert.assertEquals(parent.toString(), actualRequest.getParent());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void listCertificateRevocationListsExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      CertificateAuthorityName parent =
+          CertificateAuthorityName.of(
+              "[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]");
+      client.listCertificateRevocationLists(parent);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void listCertificateRevocationListsTest2() throws Exception {
+    CertificateRevocationList responsesElement = CertificateRevocationList.newBuilder().build();
+    ListCertificateRevocationListsResponse expectedResponse =
+        ListCertificateRevocationListsResponse.newBuilder()
+            .setNextPageToken("")
+            .addAllCertificateRevocationLists(Arrays.asList(responsesElement))
+            .build();
+    mockCertificateAuthorityService.addResponse(expectedResponse);
+
+    String parent = "parent-995424086";
+
+    ListCertificateRevocationListsPagedResponse pagedListResponse =
+        client.listCertificateRevocationLists(parent);
+
+    List<CertificateRevocationList> resources = Lists.newArrayList(pagedListResponse.iterateAll());
+
+    Assert.assertEquals(1, resources.size());
+    Assert.assertEquals(
+        expectedResponse.getCertificateRevocationListsList().get(0), resources.get(0));
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    ListCertificateRevocationListsRequest actualRequest =
+        ((ListCertificateRevocationListsRequest) actualRequests.get(0));
+
+    Assert.assertEquals(parent, actualRequest.getParent());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void listCertificateRevocationListsExceptionTest2() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      String parent = "parent-995424086";
+      client.listCertificateRevocationLists(parent);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void updateCertificateRevocationListTest() throws Exception {
+    CertificateRevocationList expectedResponse =
+        CertificateRevocationList.newBuilder()
+            .setName(
+                CertificateRevocationListName.of(
+                        "[PROJECT]",
+                        "[LOCATION]",
+                        "[CA_POOL]",
+                        "[CERTIFICATE_AUTHORITY]",
+                        "[CERTIFICATE_REVOCATION_LIST]")
+                    .toString())
+            .setSequenceNumber(-1309190777)
+            .addAllRevokedCertificates(
+                new ArrayList<CertificateRevocationList.RevokedCertificate>())
+            .setPemCrl("pemCrl-991911515")
+            .setAccessUrl("accessUrl-2115048085")
+            .setCreateTime(Timestamp.newBuilder().build())
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .setRevisionId("revisionId-1507445162")
+            .putAllLabels(new HashMap<String, String>())
+            .build();
+    Operation resultOperation =
+        Operation.newBuilder()
+            .setName("updateCertificateRevocationListTest")
+            .setDone(true)
+            .setResponse(Any.pack(expectedResponse))
+            .build();
+    mockCertificateAuthorityService.addResponse(resultOperation);
+
+    CertificateRevocationList certificateRevocationList =
+        CertificateRevocationList.newBuilder().build();
+    FieldMask updateMask = FieldMask.newBuilder().build();
+
+    CertificateRevocationList actualResponse =
+        client.updateCertificateRevocationListAsync(certificateRevocationList, updateMask).get();
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    UpdateCertificateRevocationListRequest actualRequest =
+        ((UpdateCertificateRevocationListRequest) actualRequests.get(0));
+
+    Assert.assertEquals(certificateRevocationList, actualRequest.getCertificateRevocationList());
+    Assert.assertEquals(updateMask, actualRequest.getUpdateMask());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void updateCertificateRevocationListExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      CertificateRevocationList certificateRevocationList =
+          CertificateRevocationList.newBuilder().build();
+      FieldMask updateMask = FieldMask.newBuilder().build();
+      client.updateCertificateRevocationListAsync(certificateRevocationList, updateMask).get();
+      Assert.fail("No exception raised");
+    } catch (ExecutionException e) {
+      Assert.assertEquals(InvalidArgumentException.class, e.getCause().getClass());
+      InvalidArgumentException apiException = ((InvalidArgumentException) e.getCause());
+      Assert.assertEquals(StatusCode.Code.INVALID_ARGUMENT, apiException.getStatusCode().getCode());
+    }
+  }
+
+  @Test
+  public void createCertificateTemplateTest() throws Exception {
+    CertificateTemplate expectedResponse =
+        CertificateTemplate.newBuilder()
+            .setName(
+                CertificateTemplateName.of("[PROJECT]", "[LOCATION]", "[CERTIFICATE_TEMPLATE]")
+                    .toString())
+            .setPredefinedValues(X509Parameters.newBuilder().build())
+            .setIdentityConstraints(CertificateIdentityConstraints.newBuilder().build())
+            .setPassthroughExtensions(CertificateExtensionConstraints.newBuilder().build())
+            .setDescription("description-1724546052")
+            .setCreateTime(Timestamp.newBuilder().build())
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .putAllLabels(new HashMap<String, String>())
+            .build();
+    Operation resultOperation =
+        Operation.newBuilder()
+            .setName("createCertificateTemplateTest")
+            .setDone(true)
+            .setResponse(Any.pack(expectedResponse))
+            .build();
+    mockCertificateAuthorityService.addResponse(resultOperation);
+
+    LocationName parent = LocationName.of("[PROJECT]", "[LOCATION]");
+    CertificateTemplate certificateTemplate = CertificateTemplate.newBuilder().build();
+    String certificateTemplateId = "certificateTemplateId1920134188";
+
+    CertificateTemplate actualResponse =
+        client
+            .createCertificateTemplateAsync(parent, certificateTemplate, certificateTemplateId)
+            .get();
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    CreateCertificateTemplateRequest actualRequest =
+        ((CreateCertificateTemplateRequest) actualRequests.get(0));
+
+    Assert.assertEquals(parent.toString(), actualRequest.getParent());
+    Assert.assertEquals(certificateTemplate, actualRequest.getCertificateTemplate());
+    Assert.assertEquals(certificateTemplateId, actualRequest.getCertificateTemplateId());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void createCertificateTemplateExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      LocationName parent = LocationName.of("[PROJECT]", "[LOCATION]");
+      CertificateTemplate certificateTemplate = CertificateTemplate.newBuilder().build();
+      String certificateTemplateId = "certificateTemplateId1920134188";
+      client
+          .createCertificateTemplateAsync(parent, certificateTemplate, certificateTemplateId)
+          .get();
+      Assert.fail("No exception raised");
+    } catch (ExecutionException e) {
+      Assert.assertEquals(InvalidArgumentException.class, e.getCause().getClass());
+      InvalidArgumentException apiException = ((InvalidArgumentException) e.getCause());
+      Assert.assertEquals(StatusCode.Code.INVALID_ARGUMENT, apiException.getStatusCode().getCode());
+    }
+  }
+
+  @Test
+  public void createCertificateTemplateTest2() throws Exception {
+    CertificateTemplate expectedResponse =
+        CertificateTemplate.newBuilder()
+            .setName(
+                CertificateTemplateName.of("[PROJECT]", "[LOCATION]", "[CERTIFICATE_TEMPLATE]")
+                    .toString())
+            .setPredefinedValues(X509Parameters.newBuilder().build())
+            .setIdentityConstraints(CertificateIdentityConstraints.newBuilder().build())
+            .setPassthroughExtensions(CertificateExtensionConstraints.newBuilder().build())
+            .setDescription("description-1724546052")
+            .setCreateTime(Timestamp.newBuilder().build())
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .putAllLabels(new HashMap<String, String>())
+            .build();
+    Operation resultOperation =
+        Operation.newBuilder()
+            .setName("createCertificateTemplateTest")
+            .setDone(true)
+            .setResponse(Any.pack(expectedResponse))
+            .build();
+    mockCertificateAuthorityService.addResponse(resultOperation);
+
+    String parent = "parent-995424086";
+    CertificateTemplate certificateTemplate = CertificateTemplate.newBuilder().build();
+    String certificateTemplateId = "certificateTemplateId1920134188";
+
+    CertificateTemplate actualResponse =
+        client
+            .createCertificateTemplateAsync(parent, certificateTemplate, certificateTemplateId)
+            .get();
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    CreateCertificateTemplateRequest actualRequest =
+        ((CreateCertificateTemplateRequest) actualRequests.get(0));
+
+    Assert.assertEquals(parent, actualRequest.getParent());
+    Assert.assertEquals(certificateTemplate, actualRequest.getCertificateTemplate());
+    Assert.assertEquals(certificateTemplateId, actualRequest.getCertificateTemplateId());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void createCertificateTemplateExceptionTest2() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      String parent = "parent-995424086";
+      CertificateTemplate certificateTemplate = CertificateTemplate.newBuilder().build();
+      String certificateTemplateId = "certificateTemplateId1920134188";
+      client
+          .createCertificateTemplateAsync(parent, certificateTemplate, certificateTemplateId)
+          .get();
+      Assert.fail("No exception raised");
+    } catch (ExecutionException e) {
+      Assert.assertEquals(InvalidArgumentException.class, e.getCause().getClass());
+      InvalidArgumentException apiException = ((InvalidArgumentException) e.getCause());
+      Assert.assertEquals(StatusCode.Code.INVALID_ARGUMENT, apiException.getStatusCode().getCode());
+    }
+  }
+
+  @Test
+  public void deleteCertificateTemplateTest() throws Exception {
+    Empty expectedResponse = Empty.newBuilder().build();
+    Operation resultOperation =
+        Operation.newBuilder()
+            .setName("deleteCertificateTemplateTest")
+            .setDone(true)
+            .setResponse(Any.pack(expectedResponse))
+            .build();
+    mockCertificateAuthorityService.addResponse(resultOperation);
+
+    CertificateTemplateName name =
+        CertificateTemplateName.of("[PROJECT]", "[LOCATION]", "[CERTIFICATE_TEMPLATE]");
+
+    client.deleteCertificateTemplateAsync(name).get();
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    DeleteCertificateTemplateRequest actualRequest =
+        ((DeleteCertificateTemplateRequest) actualRequests.get(0));
+
+    Assert.assertEquals(name.toString(), actualRequest.getName());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void deleteCertificateTemplateExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      CertificateTemplateName name =
+          CertificateTemplateName.of("[PROJECT]", "[LOCATION]", "[CERTIFICATE_TEMPLATE]");
+      client.deleteCertificateTemplateAsync(name).get();
+      Assert.fail("No exception raised");
+    } catch (ExecutionException e) {
+      Assert.assertEquals(InvalidArgumentException.class, e.getCause().getClass());
+      InvalidArgumentException apiException = ((InvalidArgumentException) e.getCause());
+      Assert.assertEquals(StatusCode.Code.INVALID_ARGUMENT, apiException.getStatusCode().getCode());
+    }
+  }
+
+  @Test
+  public void deleteCertificateTemplateTest2() throws Exception {
+    Empty expectedResponse = Empty.newBuilder().build();
+    Operation resultOperation =
+        Operation.newBuilder()
+            .setName("deleteCertificateTemplateTest")
+            .setDone(true)
+            .setResponse(Any.pack(expectedResponse))
+            .build();
+    mockCertificateAuthorityService.addResponse(resultOperation);
+
+    String name = "name3373707";
+
+    client.deleteCertificateTemplateAsync(name).get();
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    DeleteCertificateTemplateRequest actualRequest =
+        ((DeleteCertificateTemplateRequest) actualRequests.get(0));
+
+    Assert.assertEquals(name, actualRequest.getName());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void deleteCertificateTemplateExceptionTest2() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      String name = "name3373707";
+      client.deleteCertificateTemplateAsync(name).get();
+      Assert.fail("No exception raised");
+    } catch (ExecutionException e) {
+      Assert.assertEquals(InvalidArgumentException.class, e.getCause().getClass());
+      InvalidArgumentException apiException = ((InvalidArgumentException) e.getCause());
+      Assert.assertEquals(StatusCode.Code.INVALID_ARGUMENT, apiException.getStatusCode().getCode());
+    }
+  }
+
+  @Test
+  public void getCertificateTemplateTest() throws Exception {
+    CertificateTemplate expectedResponse =
+        CertificateTemplate.newBuilder()
+            .setName(
+                CertificateTemplateName.of("[PROJECT]", "[LOCATION]", "[CERTIFICATE_TEMPLATE]")
+                    .toString())
+            .setPredefinedValues(X509Parameters.newBuilder().build())
+            .setIdentityConstraints(CertificateIdentityConstraints.newBuilder().build())
+            .setPassthroughExtensions(CertificateExtensionConstraints.newBuilder().build())
+            .setDescription("description-1724546052")
+            .setCreateTime(Timestamp.newBuilder().build())
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .putAllLabels(new HashMap<String, String>())
+            .build();
+    mockCertificateAuthorityService.addResponse(expectedResponse);
+
+    CertificateTemplateName name =
+        CertificateTemplateName.of("[PROJECT]", "[LOCATION]", "[CERTIFICATE_TEMPLATE]");
+
+    CertificateTemplate actualResponse = client.getCertificateTemplate(name);
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    GetCertificateTemplateRequest actualRequest =
+        ((GetCertificateTemplateRequest) actualRequests.get(0));
+
+    Assert.assertEquals(name.toString(), actualRequest.getName());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void getCertificateTemplateExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      CertificateTemplateName name =
+          CertificateTemplateName.of("[PROJECT]", "[LOCATION]", "[CERTIFICATE_TEMPLATE]");
+      client.getCertificateTemplate(name);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void getCertificateTemplateTest2() throws Exception {
+    CertificateTemplate expectedResponse =
+        CertificateTemplate.newBuilder()
+            .setName(
+                CertificateTemplateName.of("[PROJECT]", "[LOCATION]", "[CERTIFICATE_TEMPLATE]")
+                    .toString())
+            .setPredefinedValues(X509Parameters.newBuilder().build())
+            .setIdentityConstraints(CertificateIdentityConstraints.newBuilder().build())
+            .setPassthroughExtensions(CertificateExtensionConstraints.newBuilder().build())
+            .setDescription("description-1724546052")
+            .setCreateTime(Timestamp.newBuilder().build())
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .putAllLabels(new HashMap<String, String>())
+            .build();
+    mockCertificateAuthorityService.addResponse(expectedResponse);
+
+    String name = "name3373707";
+
+    CertificateTemplate actualResponse = client.getCertificateTemplate(name);
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    GetCertificateTemplateRequest actualRequest =
+        ((GetCertificateTemplateRequest) actualRequests.get(0));
+
+    Assert.assertEquals(name, actualRequest.getName());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void getCertificateTemplateExceptionTest2() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      String name = "name3373707";
+      client.getCertificateTemplate(name);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void listCertificateTemplatesTest() throws Exception {
+    CertificateTemplate responsesElement = CertificateTemplate.newBuilder().build();
+    ListCertificateTemplatesResponse expectedResponse =
+        ListCertificateTemplatesResponse.newBuilder()
+            .setNextPageToken("")
+            .addAllCertificateTemplates(Arrays.asList(responsesElement))
+            .build();
+    mockCertificateAuthorityService.addResponse(expectedResponse);
+
+    LocationName parent = LocationName.of("[PROJECT]", "[LOCATION]");
+
+    ListCertificateTemplatesPagedResponse pagedListResponse =
+        client.listCertificateTemplates(parent);
+
+    List<CertificateTemplate> resources = Lists.newArrayList(pagedListResponse.iterateAll());
+
+    Assert.assertEquals(1, resources.size());
+    Assert.assertEquals(expectedResponse.getCertificateTemplatesList().get(0), resources.get(0));
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    ListCertificateTemplatesRequest actualRequest =
+        ((ListCertificateTemplatesRequest) actualRequests.get(0));
+
+    Assert.assertEquals(parent.toString(), actualRequest.getParent());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void listCertificateTemplatesExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      LocationName parent = LocationName.of("[PROJECT]", "[LOCATION]");
+      client.listCertificateTemplates(parent);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void listCertificateTemplatesTest2() throws Exception {
+    CertificateTemplate responsesElement = CertificateTemplate.newBuilder().build();
+    ListCertificateTemplatesResponse expectedResponse =
+        ListCertificateTemplatesResponse.newBuilder()
+            .setNextPageToken("")
+            .addAllCertificateTemplates(Arrays.asList(responsesElement))
+            .build();
+    mockCertificateAuthorityService.addResponse(expectedResponse);
+
+    String parent = "parent-995424086";
+
+    ListCertificateTemplatesPagedResponse pagedListResponse =
+        client.listCertificateTemplates(parent);
+
+    List<CertificateTemplate> resources = Lists.newArrayList(pagedListResponse.iterateAll());
+
+    Assert.assertEquals(1, resources.size());
+    Assert.assertEquals(expectedResponse.getCertificateTemplatesList().get(0), resources.get(0));
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    ListCertificateTemplatesRequest actualRequest =
+        ((ListCertificateTemplatesRequest) actualRequests.get(0));
+
+    Assert.assertEquals(parent, actualRequest.getParent());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void listCertificateTemplatesExceptionTest2() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      String parent = "parent-995424086";
+      client.listCertificateTemplates(parent);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception.
+    }
+  }
+
+  @Test
+  public void updateCertificateTemplateTest() throws Exception {
+    CertificateTemplate expectedResponse =
+        CertificateTemplate.newBuilder()
+            .setName(
+                CertificateTemplateName.of("[PROJECT]", "[LOCATION]", "[CERTIFICATE_TEMPLATE]")
+                    .toString())
+            .setPredefinedValues(X509Parameters.newBuilder().build())
+            .setIdentityConstraints(CertificateIdentityConstraints.newBuilder().build())
+            .setPassthroughExtensions(CertificateExtensionConstraints.newBuilder().build())
+            .setDescription("description-1724546052")
+            .setCreateTime(Timestamp.newBuilder().build())
+            .setUpdateTime(Timestamp.newBuilder().build())
+            .putAllLabels(new HashMap<String, String>())
+            .build();
+    Operation resultOperation =
+        Operation.newBuilder()
+            .setName("updateCertificateTemplateTest")
+            .setDone(true)
+            .setResponse(Any.pack(expectedResponse))
+            .build();
+    mockCertificateAuthorityService.addResponse(resultOperation);
+
+    CertificateTemplate certificateTemplate = CertificateTemplate.newBuilder().build();
+    FieldMask updateMask = FieldMask.newBuilder().build();
+
+    CertificateTemplate actualResponse =
+        client.updateCertificateTemplateAsync(certificateTemplate, updateMask).get();
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    UpdateCertificateTemplateRequest actualRequest =
+        ((UpdateCertificateTemplateRequest) actualRequests.get(0));
+
+    Assert.assertEquals(certificateTemplate, actualRequest.getCertificateTemplate());
+    Assert.assertEquals(updateMask, actualRequest.getUpdateMask());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  public void updateCertificateTemplateExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
+    mockCertificateAuthorityService.addException(exception);
+
+    try {
+      CertificateTemplate certificateTemplate = CertificateTemplate.newBuilder().build();
+      FieldMask updateMask = FieldMask.newBuilder().build();
+      client.updateCertificateTemplateAsync(certificateTemplate, updateMask).get();
+      Assert.fail("No exception raised");
+    } catch (ExecutionException e) {
+      Assert.assertEquals(InvalidArgumentException.class, e.getCause().getClass());
+      InvalidArgumentException apiException = ((InvalidArgumentException) e.getCause());
+      Assert.assertEquals(StatusCode.Code.INVALID_ARGUMENT, apiException.getStatusCode().getCode());
+    }
+  }
+}
diff --git a/google-cloud-security-private-ca/src/test/java/com/google/cloud/security/privateca/v1/MockCertificateAuthorityService.java b/google-cloud-security-private-ca/src/test/java/com/google/cloud/security/privateca/v1/MockCertificateAuthorityService.java
new file mode 100644
index 00000000..f722ef39
--- /dev/null
+++ b/google-cloud-security-private-ca/src/test/java/com/google/cloud/security/privateca/v1/MockCertificateAuthorityService.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.cloud.security.privateca.v1;
+
+import com.google.api.core.BetaApi;
+import com.google.api.gax.grpc.testing.MockGrpcService;
+import com.google.protobuf.AbstractMessage;
+import io.grpc.ServerServiceDefinition;
+import java.util.List;
+import javax.annotation.Generated;
+
+@BetaApi
+@Generated("by gapic-generator-java")
+public class MockCertificateAuthorityService implements MockGrpcService {
+  private final MockCertificateAuthorityServiceImpl serviceImpl;
+
+  public MockCertificateAuthorityService() {
+    serviceImpl = new MockCertificateAuthorityServiceImpl();
+  }
+
+  @Override
+  public List<AbstractMessage> getRequests() {
+    return serviceImpl.getRequests();
+  }
+
+  @Override
+  public void addResponse(AbstractMessage response) {
+    serviceImpl.addResponse(response);
+  }
+
+  @Override
+  public void addException(Exception exception) {
+    serviceImpl.addException(exception);
+  }
+
+  @Override
+  public ServerServiceDefinition getServiceDefinition() {
+    return serviceImpl.bindService();
+  }
+
+  @Override
+  public void reset() {
+    serviceImpl.reset();
+  }
+}
diff --git a/google-cloud-security-private-ca/src/test/java/com/google/cloud/security/privateca/v1/MockCertificateAuthorityServiceImpl.java b/google-cloud-security-private-ca/src/test/java/com/google/cloud/security/privateca/v1/MockCertificateAuthorityServiceImpl.java
new file mode 100644
index 00000000..d5a99756
--- /dev/null
+++ b/google-cloud-security-private-ca/src/test/java/com/google/cloud/security/privateca/v1/MockCertificateAuthorityServiceImpl.java
@@ -0,0 +1,675 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.cloud.security.privateca.v1;
+
+import com.google.api.core.BetaApi;
+import com.google.cloud.security.privateca.v1.CertificateAuthorityServiceGrpc.CertificateAuthorityServiceImplBase;
+import com.google.longrunning.Operation;
+import com.google.protobuf.AbstractMessage;
+import io.grpc.stub.StreamObserver;
+import java.util.ArrayList;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Queue;
+import javax.annotation.Generated;
+
+@BetaApi
+@Generated("by gapic-generator-java")
+public class MockCertificateAuthorityServiceImpl extends CertificateAuthorityServiceImplBase {
+  private List<AbstractMessage> requests;
+  private Queue<Object> responses;
+
+  public MockCertificateAuthorityServiceImpl() {
+    requests = new ArrayList<>();
+    responses = new LinkedList<>();
+  }
+
+  public List<AbstractMessage> getRequests() {
+    return requests;
+  }
+
+  public void addResponse(AbstractMessage response) {
+    responses.add(response);
+  }
+
+  public void setResponses(List<AbstractMessage> responses) {
+    this.responses = new LinkedList<Object>(responses);
+  }
+
+  public void addException(Exception exception) {
+    responses.add(exception);
+  }
+
+  public void reset() {
+    requests = new ArrayList<>();
+    responses = new LinkedList<>();
+  }
+
+  @Override
+  public void createCertificate(
+      CreateCertificateRequest request, StreamObserver<Certificate> responseObserver) {
+    Object response = responses.poll();
+    if (response instanceof Certificate) {
+      requests.add(request);
+      responseObserver.onNext(((Certificate) response));
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError(((Exception) response));
+    } else {
+      responseObserver.onError(
+          new IllegalArgumentException(
+              String.format(
+                  "Unrecognized response type %s for method CreateCertificate, expected %s or %s",
+                  response == null ? "null" : response.getClass().getName(),
+                  Certificate.class.getName(),
+                  Exception.class.getName())));
+    }
+  }
+
+  @Override
+  public void getCertificate(
+      GetCertificateRequest request, StreamObserver<Certificate> responseObserver) {
+    Object response = responses.poll();
+    if (response instanceof Certificate) {
+      requests.add(request);
+      responseObserver.onNext(((Certificate) response));
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError(((Exception) response));
+    } else {
+      responseObserver.onError(
+          new IllegalArgumentException(
+              String.format(
+                  "Unrecognized response type %s for method GetCertificate, expected %s or %s",
+                  response == null ? "null" : response.getClass().getName(),
+                  Certificate.class.getName(),
+                  Exception.class.getName())));
+    }
+  }
+
+  @Override
+  public void listCertificates(
+      ListCertificatesRequest request, StreamObserver<ListCertificatesResponse> responseObserver) {
+    Object response = responses.poll();
+    if (response instanceof ListCertificatesResponse) {
+      requests.add(request);
+      responseObserver.onNext(((ListCertificatesResponse) response));
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError(((Exception) response));
+    } else {
+      responseObserver.onError(
+          new IllegalArgumentException(
+              String.format(
+                  "Unrecognized response type %s for method ListCertificates, expected %s or %s",
+                  response == null ? "null" : response.getClass().getName(),
+                  ListCertificatesResponse.class.getName(),
+                  Exception.class.getName())));
+    }
+  }
+
+  @Override
+  public void revokeCertificate(
+      RevokeCertificateRequest request, StreamObserver<Certificate> responseObserver) {
+    Object response = responses.poll();
+    if (response instanceof Certificate) {
+      requests.add(request);
+      responseObserver.onNext(((Certificate) response));
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError(((Exception) response));
+    } else {
+      responseObserver.onError(
+          new IllegalArgumentException(
+              String.format(
+                  "Unrecognized response type %s for method RevokeCertificate, expected %s or %s",
+                  response == null ? "null" : response.getClass().getName(),
+                  Certificate.class.getName(),
+                  Exception.class.getName())));
+    }
+  }
+
+  @Override
+  public void updateCertificate(
+      UpdateCertificateRequest request, StreamObserver<Certificate> responseObserver) {
+    Object response = responses.poll();
+    if (response instanceof Certificate) {
+      requests.add(request);
+      responseObserver.onNext(((Certificate) response));
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError(((Exception) response));
+    } else {
+      responseObserver.onError(
+          new IllegalArgumentException(
+              String.format(
+                  "Unrecognized response type %s for method UpdateCertificate, expected %s or %s",
+                  response == null ? "null" : response.getClass().getName(),
+                  Certificate.class.getName(),
+                  Exception.class.getName())));
+    }
+  }
+
+  @Override
+  public void activateCertificateAuthority(
+      ActivateCertificateAuthorityRequest request, StreamObserver<Operation> responseObserver) {
+    Object response = responses.poll();
+    if (response instanceof Operation) {
+      requests.add(request);
+      responseObserver.onNext(((Operation) response));
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError(((Exception) response));
+    } else {
+      responseObserver.onError(
+          new IllegalArgumentException(
+              String.format(
+                  "Unrecognized response type %s for method ActivateCertificateAuthority, expected %s or %s",
+                  response == null ? "null" : response.getClass().getName(),
+                  Operation.class.getName(),
+                  Exception.class.getName())));
+    }
+  }
+
+  @Override
+  public void createCertificateAuthority(
+      CreateCertificateAuthorityRequest request, StreamObserver<Operation> responseObserver) {
+    Object response = responses.poll();
+    if (response instanceof Operation) {
+      requests.add(request);
+      responseObserver.onNext(((Operation) response));
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError(((Exception) response));
+    } else {
+      responseObserver.onError(
+          new IllegalArgumentException(
+              String.format(
+                  "Unrecognized response type %s for method CreateCertificateAuthority, expected %s or %s",
+                  response == null ? "null" : response.getClass().getName(),
+                  Operation.class.getName(),
+                  Exception.class.getName())));
+    }
+  }
+
+  @Override
+  public void disableCertificateAuthority(
+      DisableCertificateAuthorityRequest request, StreamObserver<Operation> responseObserver) {
+    Object response = responses.poll();
+    if (response instanceof Operation) {
+      requests.add(request);
+      responseObserver.onNext(((Operation) response));
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError(((Exception) response));
+    } else {
+      responseObserver.onError(
+          new IllegalArgumentException(
+              String.format(
+                  "Unrecognized response type %s for method DisableCertificateAuthority, expected %s or %s",
+                  response == null ? "null" : response.getClass().getName(),
+                  Operation.class.getName(),
+                  Exception.class.getName())));
+    }
+  }
+
+  @Override
+  public void enableCertificateAuthority(
+      EnableCertificateAuthorityRequest request, StreamObserver<Operation> responseObserver) {
+    Object response = responses.poll();
+    if (response instanceof Operation) {
+      requests.add(request);
+      responseObserver.onNext(((Operation) response));
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError(((Exception) response));
+    } else {
+      responseObserver.onError(
+          new IllegalArgumentException(
+              String.format(
+                  "Unrecognized response type %s for method EnableCertificateAuthority, expected %s or %s",
+                  response == null ? "null" : response.getClass().getName(),
+                  Operation.class.getName(),
+                  Exception.class.getName())));
+    }
+  }
+
+  @Override
+  public void fetchCertificateAuthorityCsr(
+      FetchCertificateAuthorityCsrRequest request,
+      StreamObserver<FetchCertificateAuthorityCsrResponse> responseObserver) {
+    Object response = responses.poll();
+    if (response instanceof FetchCertificateAuthorityCsrResponse) {
+      requests.add(request);
+      responseObserver.onNext(((FetchCertificateAuthorityCsrResponse) response));
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError(((Exception) response));
+    } else {
+      responseObserver.onError(
+          new IllegalArgumentException(
+              String.format(
+                  "Unrecognized response type %s for method FetchCertificateAuthorityCsr, expected %s or %s",
+                  response == null ? "null" : response.getClass().getName(),
+                  FetchCertificateAuthorityCsrResponse.class.getName(),
+                  Exception.class.getName())));
+    }
+  }
+
+  @Override
+  public void getCertificateAuthority(
+      GetCertificateAuthorityRequest request,
+      StreamObserver<CertificateAuthority> responseObserver) {
+    Object response = responses.poll();
+    if (response instanceof CertificateAuthority) {
+      requests.add(request);
+      responseObserver.onNext(((CertificateAuthority) response));
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError(((Exception) response));
+    } else {
+      responseObserver.onError(
+          new IllegalArgumentException(
+              String.format(
+                  "Unrecognized response type %s for method GetCertificateAuthority, expected %s or %s",
+                  response == null ? "null" : response.getClass().getName(),
+                  CertificateAuthority.class.getName(),
+                  Exception.class.getName())));
+    }
+  }
+
+  @Override
+  public void listCertificateAuthorities(
+      ListCertificateAuthoritiesRequest request,
+      StreamObserver<ListCertificateAuthoritiesResponse> responseObserver) {
+    Object response = responses.poll();
+    if (response instanceof ListCertificateAuthoritiesResponse) {
+      requests.add(request);
+      responseObserver.onNext(((ListCertificateAuthoritiesResponse) response));
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError(((Exception) response));
+    } else {
+      responseObserver.onError(
+          new IllegalArgumentException(
+              String.format(
+                  "Unrecognized response type %s for method ListCertificateAuthorities, expected %s or %s",
+                  response == null ? "null" : response.getClass().getName(),
+                  ListCertificateAuthoritiesResponse.class.getName(),
+                  Exception.class.getName())));
+    }
+  }
+
+  @Override
+  public void undeleteCertificateAuthority(
+      UndeleteCertificateAuthorityRequest request, StreamObserver<Operation> responseObserver) {
+    Object response = responses.poll();
+    if (response instanceof Operation) {
+      requests.add(request);
+      responseObserver.onNext(((Operation) response));
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError(((Exception) response));
+    } else {
+      responseObserver.onError(
+          new IllegalArgumentException(
+              String.format(
+                  "Unrecognized response type %s for method UndeleteCertificateAuthority, expected %s or %s",
+                  response == null ? "null" : response.getClass().getName(),
+                  Operation.class.getName(),
+                  Exception.class.getName())));
+    }
+  }
+
+  @Override
+  public void deleteCertificateAuthority(
+      DeleteCertificateAuthorityRequest request, StreamObserver<Operation> responseObserver) {
+    Object response = responses.poll();
+    if (response instanceof Operation) {
+      requests.add(request);
+      responseObserver.onNext(((Operation) response));
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError(((Exception) response));
+    } else {
+      responseObserver.onError(
+          new IllegalArgumentException(
+              String.format(
+                  "Unrecognized response type %s for method DeleteCertificateAuthority, expected %s or %s",
+                  response == null ? "null" : response.getClass().getName(),
+                  Operation.class.getName(),
+                  Exception.class.getName())));
+    }
+  }
+
+  @Override
+  public void updateCertificateAuthority(
+      UpdateCertificateAuthorityRequest request, StreamObserver<Operation> responseObserver) {
+    Object response = responses.poll();
+    if (response instanceof Operation) {
+      requests.add(request);
+      responseObserver.onNext(((Operation) response));
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError(((Exception) response));
+    } else {
+      responseObserver.onError(
+          new IllegalArgumentException(
+              String.format(
+                  "Unrecognized response type %s for method UpdateCertificateAuthority, expected %s or %s",
+                  response == null ? "null" : response.getClass().getName(),
+                  Operation.class.getName(),
+                  Exception.class.getName())));
+    }
+  }
+
+  @Override
+  public void createCaPool(
+      CreateCaPoolRequest request, StreamObserver<Operation> responseObserver) {
+    Object response = responses.poll();
+    if (response instanceof Operation) {
+      requests.add(request);
+      responseObserver.onNext(((Operation) response));
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError(((Exception) response));
+    } else {
+      responseObserver.onError(
+          new IllegalArgumentException(
+              String.format(
+                  "Unrecognized response type %s for method CreateCaPool, expected %s or %s",
+                  response == null ? "null" : response.getClass().getName(),
+                  Operation.class.getName(),
+                  Exception.class.getName())));
+    }
+  }
+
+  @Override
+  public void updateCaPool(
+      UpdateCaPoolRequest request, StreamObserver<Operation> responseObserver) {
+    Object response = responses.poll();
+    if (response instanceof Operation) {
+      requests.add(request);
+      responseObserver.onNext(((Operation) response));
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError(((Exception) response));
+    } else {
+      responseObserver.onError(
+          new IllegalArgumentException(
+              String.format(
+                  "Unrecognized response type %s for method UpdateCaPool, expected %s or %s",
+                  response == null ? "null" : response.getClass().getName(),
+                  Operation.class.getName(),
+                  Exception.class.getName())));
+    }
+  }
+
+  @Override
+  public void getCaPool(GetCaPoolRequest request, StreamObserver<CaPool> responseObserver) {
+    Object response = responses.poll();
+    if (response instanceof CaPool) {
+      requests.add(request);
+      responseObserver.onNext(((CaPool) response));
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError(((Exception) response));
+    } else {
+      responseObserver.onError(
+          new IllegalArgumentException(
+              String.format(
+                  "Unrecognized response type %s for method GetCaPool, expected %s or %s",
+                  response == null ? "null" : response.getClass().getName(),
+                  CaPool.class.getName(),
+                  Exception.class.getName())));
+    }
+  }
+
+  @Override
+  public void listCaPools(
+      ListCaPoolsRequest request, StreamObserver<ListCaPoolsResponse> responseObserver) {
+    Object response = responses.poll();
+    if (response instanceof ListCaPoolsResponse) {
+      requests.add(request);
+      responseObserver.onNext(((ListCaPoolsResponse) response));
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError(((Exception) response));
+    } else {
+      responseObserver.onError(
+          new IllegalArgumentException(
+              String.format(
+                  "Unrecognized response type %s for method ListCaPools, expected %s or %s",
+                  response == null ? "null" : response.getClass().getName(),
+                  ListCaPoolsResponse.class.getName(),
+                  Exception.class.getName())));
+    }
+  }
+
+  @Override
+  public void deleteCaPool(
+      DeleteCaPoolRequest request, StreamObserver<Operation> responseObserver) {
+    Object response = responses.poll();
+    if (response instanceof Operation) {
+      requests.add(request);
+      responseObserver.onNext(((Operation) response));
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError(((Exception) response));
+    } else {
+      responseObserver.onError(
+          new IllegalArgumentException(
+              String.format(
+                  "Unrecognized response type %s for method DeleteCaPool, expected %s or %s",
+                  response == null ? "null" : response.getClass().getName(),
+                  Operation.class.getName(),
+                  Exception.class.getName())));
+    }
+  }
+
+  @Override
+  public void fetchCaCerts(
+      FetchCaCertsRequest request, StreamObserver<FetchCaCertsResponse> responseObserver) {
+    Object response = responses.poll();
+    if (response instanceof FetchCaCertsResponse) {
+      requests.add(request);
+      responseObserver.onNext(((FetchCaCertsResponse) response));
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError(((Exception) response));
+    } else {
+      responseObserver.onError(
+          new IllegalArgumentException(
+              String.format(
+                  "Unrecognized response type %s for method FetchCaCerts, expected %s or %s",
+                  response == null ? "null" : response.getClass().getName(),
+                  FetchCaCertsResponse.class.getName(),
+                  Exception.class.getName())));
+    }
+  }
+
+  @Override
+  public void getCertificateRevocationList(
+      GetCertificateRevocationListRequest request,
+      StreamObserver<CertificateRevocationList> responseObserver) {
+    Object response = responses.poll();
+    if (response instanceof CertificateRevocationList) {
+      requests.add(request);
+      responseObserver.onNext(((CertificateRevocationList) response));
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError(((Exception) response));
+    } else {
+      responseObserver.onError(
+          new IllegalArgumentException(
+              String.format(
+                  "Unrecognized response type %s for method GetCertificateRevocationList, expected %s or %s",
+                  response == null ? "null" : response.getClass().getName(),
+                  CertificateRevocationList.class.getName(),
+                  Exception.class.getName())));
+    }
+  }
+
+  @Override
+  public void listCertificateRevocationLists(
+      ListCertificateRevocationListsRequest request,
+      StreamObserver<ListCertificateRevocationListsResponse> responseObserver) {
+    Object response = responses.poll();
+    if (response instanceof ListCertificateRevocationListsResponse) {
+      requests.add(request);
+      responseObserver.onNext(((ListCertificateRevocationListsResponse) response));
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError(((Exception) response));
+    } else {
+      responseObserver.onError(
+          new IllegalArgumentException(
+              String.format(
+                  "Unrecognized response type %s for method ListCertificateRevocationLists, expected %s or %s",
+                  response == null ? "null" : response.getClass().getName(),
+                  ListCertificateRevocationListsResponse.class.getName(),
+                  Exception.class.getName())));
+    }
+  }
+
+  @Override
+  public void updateCertificateRevocationList(
+      UpdateCertificateRevocationListRequest request, StreamObserver<Operation> responseObserver) {
+    Object response = responses.poll();
+    if (response instanceof Operation) {
+      requests.add(request);
+      responseObserver.onNext(((Operation) response));
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError(((Exception) response));
+    } else {
+      responseObserver.onError(
+          new IllegalArgumentException(
+              String.format(
+                  "Unrecognized response type %s for method UpdateCertificateRevocationList, expected %s or %s",
+                  response == null ? "null" : response.getClass().getName(),
+                  Operation.class.getName(),
+                  Exception.class.getName())));
+    }
+  }
+
+  @Override
+  public void createCertificateTemplate(
+      CreateCertificateTemplateRequest request, StreamObserver<Operation> responseObserver) {
+    Object response = responses.poll();
+    if (response instanceof Operation) {
+      requests.add(request);
+      responseObserver.onNext(((Operation) response));
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError(((Exception) response));
+    } else {
+      responseObserver.onError(
+          new IllegalArgumentException(
+              String.format(
+                  "Unrecognized response type %s for method CreateCertificateTemplate, expected %s or %s",
+                  response == null ? "null" : response.getClass().getName(),
+                  Operation.class.getName(),
+                  Exception.class.getName())));
+    }
+  }
+
+  @Override
+  public void deleteCertificateTemplate(
+      DeleteCertificateTemplateRequest request, StreamObserver<Operation> responseObserver) {
+    Object response = responses.poll();
+    if (response instanceof Operation) {
+      requests.add(request);
+      responseObserver.onNext(((Operation) response));
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError(((Exception) response));
+    } else {
+      responseObserver.onError(
+          new IllegalArgumentException(
+              String.format(
+                  "Unrecognized response type %s for method DeleteCertificateTemplate, expected %s or %s",
+                  response == null ? "null" : response.getClass().getName(),
+                  Operation.class.getName(),
+                  Exception.class.getName())));
+    }
+  }
+
+  @Override
+  public void getCertificateTemplate(
+      GetCertificateTemplateRequest request, StreamObserver<CertificateTemplate> responseObserver) {
+    Object response = responses.poll();
+    if (response instanceof CertificateTemplate) {
+      requests.add(request);
+      responseObserver.onNext(((CertificateTemplate) response));
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError(((Exception) response));
+    } else {
+      responseObserver.onError(
+          new IllegalArgumentException(
+              String.format(
+                  "Unrecognized response type %s for method GetCertificateTemplate, expected %s or %s",
+                  response == null ? "null" : response.getClass().getName(),
+                  CertificateTemplate.class.getName(),
+                  Exception.class.getName())));
+    }
+  }
+
+  @Override
+  public void listCertificateTemplates(
+      ListCertificateTemplatesRequest request,
+      StreamObserver<ListCertificateTemplatesResponse> responseObserver) {
+    Object response = responses.poll();
+    if (response instanceof ListCertificateTemplatesResponse) {
+      requests.add(request);
+      responseObserver.onNext(((ListCertificateTemplatesResponse) response));
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError(((Exception) response));
+    } else {
+      responseObserver.onError(
+          new IllegalArgumentException(
+              String.format(
+                  "Unrecognized response type %s for method ListCertificateTemplates, expected %s or %s",
+                  response == null ? "null" : response.getClass().getName(),
+                  ListCertificateTemplatesResponse.class.getName(),
+                  Exception.class.getName())));
+    }
+  }
+
+  @Override
+  public void updateCertificateTemplate(
+      UpdateCertificateTemplateRequest request, StreamObserver<Operation> responseObserver) {
+    Object response = responses.poll();
+    if (response instanceof Operation) {
+      requests.add(request);
+      responseObserver.onNext(((Operation) response));
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError(((Exception) response));
+    } else {
+      responseObserver.onError(
+          new IllegalArgumentException(
+              String.format(
+                  "Unrecognized response type %s for method UpdateCertificateTemplate, expected %s or %s",
+                  response == null ? "null" : response.getClass().getName(),
+                  Operation.class.getName(),
+                  Exception.class.getName())));
+    }
+  }
+}
diff --git a/grpc-google-cloud-security-private-ca-v1/pom.xml b/grpc-google-cloud-security-private-ca-v1/pom.xml
new file mode 100644
index 00000000..d3c5507a
--- /dev/null
+++ b/grpc-google-cloud-security-private-ca-v1/pom.xml
@@ -0,0 +1,69 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>com.google.api.grpc</groupId>
+  <artifactId>grpc-google-cloud-security-private-ca-v1</artifactId>
+  <version>0.2.9-SNAPSHOT</version><!-- {x-version-update:grpc-google-cloud-security-private-ca-v1:current} -->
+  <name>grpc-google-cloud-security-private-ca-v1</name>
+  <description>GRPC library for google-cloud-security-private-ca</description>
+  <parent>
+    <groupId>com.google.cloud</groupId>
+    <artifactId>google-cloud-security-private-ca-parent</artifactId>
+    <version>0.2.9-SNAPSHOT</version><!-- {x-version-update:google-cloud-security-private-ca:current} -->
+  </parent>
+  <dependencies>
+    <dependency>
+      <groupId>io.grpc</groupId>
+      <artifactId>grpc-api</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>io.grpc</groupId>
+      <artifactId>grpc-stub</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>io.grpc</groupId>
+      <artifactId>grpc-protobuf</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>com.google.protobuf</groupId>
+      <artifactId>protobuf-java</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>com.google.api.grpc</groupId>
+      <artifactId>proto-google-common-protos</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>com.google.api.grpc</groupId>
+      <artifactId>proto-google-cloud-security-private-ca-v1</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>com.google.guava</groupId>
+      <artifactId>guava</artifactId>
+    </dependency>
+  </dependencies>
+
+  <profiles>
+    <profile>
+      <id>java9</id>
+      <activation>
+        <jdk>[9,)</jdk>
+      </activation>
+      <dependencies>
+        <dependency>
+          <groupId>javax.annotation</groupId>
+          <artifactId>javax.annotation-api</artifactId>
+        </dependency>
+      </dependencies>
+    </profile>
+  </profiles>
+
+  <build>
+    <plugins>
+      <plugin>
+          <groupId>org.codehaus.mojo</groupId>
+          <artifactId>flatten-maven-plugin</artifactId>
+        </plugin>
+    </plugins>
+  </build>
+</project>
\ No newline at end of file
diff --git a/grpc-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateAuthorityServiceGrpc.java b/grpc-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateAuthorityServiceGrpc.java
new file mode 100644
index 00000000..eee77a08
--- /dev/null
+++ b/grpc-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateAuthorityServiceGrpc.java
@@ -0,0 +1,4063 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.google.cloud.security.privateca.v1;
+
+import static io.grpc.MethodDescriptor.generateFullMethodName;
+
+/**
+ *
+ *
+ * <pre>
+ * [Certificate Authority
+ * Service][google.cloud.security.privateca.v1.CertificateAuthorityService]
+ * manages private certificate authorities and issued certificates.
+ * </pre>
+ */
+@javax.annotation.Generated(
+    value = "by gRPC proto compiler",
+    comments = "Source: google/cloud/security/privateca/v1/service.proto")
+public final class CertificateAuthorityServiceGrpc {
+
+  private CertificateAuthorityServiceGrpc() {}
+
+  public static final String SERVICE_NAME =
+      "google.cloud.security.privateca.v1.CertificateAuthorityService";
+
+  // Static method descriptors that strictly reflect the proto.
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.CreateCertificateRequest,
+          com.google.cloud.security.privateca.v1.Certificate>
+      getCreateCertificateMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "CreateCertificate",
+      requestType = com.google.cloud.security.privateca.v1.CreateCertificateRequest.class,
+      responseType = com.google.cloud.security.privateca.v1.Certificate.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+  public static io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.CreateCertificateRequest,
+          com.google.cloud.security.privateca.v1.Certificate>
+      getCreateCertificateMethod() {
+    io.grpc.MethodDescriptor<
+            com.google.cloud.security.privateca.v1.CreateCertificateRequest,
+            com.google.cloud.security.privateca.v1.Certificate>
+        getCreateCertificateMethod;
+    if ((getCreateCertificateMethod = CertificateAuthorityServiceGrpc.getCreateCertificateMethod)
+        == null) {
+      synchronized (CertificateAuthorityServiceGrpc.class) {
+        if ((getCreateCertificateMethod =
+                CertificateAuthorityServiceGrpc.getCreateCertificateMethod)
+            == null) {
+          CertificateAuthorityServiceGrpc.getCreateCertificateMethod =
+              getCreateCertificateMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.cloud.security.privateca.v1.CreateCertificateRequest,
+                          com.google.cloud.security.privateca.v1.Certificate>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(generateFullMethodName(SERVICE_NAME, "CreateCertificate"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1.CreateCertificateRequest
+                                  .getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1.Certificate
+                                  .getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new CertificateAuthorityServiceMethodDescriptorSupplier(
+                              "CreateCertificate"))
+                      .build();
+        }
+      }
+    }
+    return getCreateCertificateMethod;
+  }
+
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.GetCertificateRequest,
+          com.google.cloud.security.privateca.v1.Certificate>
+      getGetCertificateMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "GetCertificate",
+      requestType = com.google.cloud.security.privateca.v1.GetCertificateRequest.class,
+      responseType = com.google.cloud.security.privateca.v1.Certificate.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+  public static io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.GetCertificateRequest,
+          com.google.cloud.security.privateca.v1.Certificate>
+      getGetCertificateMethod() {
+    io.grpc.MethodDescriptor<
+            com.google.cloud.security.privateca.v1.GetCertificateRequest,
+            com.google.cloud.security.privateca.v1.Certificate>
+        getGetCertificateMethod;
+    if ((getGetCertificateMethod = CertificateAuthorityServiceGrpc.getGetCertificateMethod)
+        == null) {
+      synchronized (CertificateAuthorityServiceGrpc.class) {
+        if ((getGetCertificateMethod = CertificateAuthorityServiceGrpc.getGetCertificateMethod)
+            == null) {
+          CertificateAuthorityServiceGrpc.getGetCertificateMethod =
+              getGetCertificateMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.cloud.security.privateca.v1.GetCertificateRequest,
+                          com.google.cloud.security.privateca.v1.Certificate>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(generateFullMethodName(SERVICE_NAME, "GetCertificate"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1.GetCertificateRequest
+                                  .getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1.Certificate
+                                  .getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new CertificateAuthorityServiceMethodDescriptorSupplier("GetCertificate"))
+                      .build();
+        }
+      }
+    }
+    return getGetCertificateMethod;
+  }
+
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.ListCertificatesRequest,
+          com.google.cloud.security.privateca.v1.ListCertificatesResponse>
+      getListCertificatesMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "ListCertificates",
+      requestType = com.google.cloud.security.privateca.v1.ListCertificatesRequest.class,
+      responseType = com.google.cloud.security.privateca.v1.ListCertificatesResponse.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+  public static io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.ListCertificatesRequest,
+          com.google.cloud.security.privateca.v1.ListCertificatesResponse>
+      getListCertificatesMethod() {
+    io.grpc.MethodDescriptor<
+            com.google.cloud.security.privateca.v1.ListCertificatesRequest,
+            com.google.cloud.security.privateca.v1.ListCertificatesResponse>
+        getListCertificatesMethod;
+    if ((getListCertificatesMethod = CertificateAuthorityServiceGrpc.getListCertificatesMethod)
+        == null) {
+      synchronized (CertificateAuthorityServiceGrpc.class) {
+        if ((getListCertificatesMethod = CertificateAuthorityServiceGrpc.getListCertificatesMethod)
+            == null) {
+          CertificateAuthorityServiceGrpc.getListCertificatesMethod =
+              getListCertificatesMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.cloud.security.privateca.v1.ListCertificatesRequest,
+                          com.google.cloud.security.privateca.v1.ListCertificatesResponse>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(generateFullMethodName(SERVICE_NAME, "ListCertificates"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1.ListCertificatesRequest
+                                  .getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1.ListCertificatesResponse
+                                  .getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new CertificateAuthorityServiceMethodDescriptorSupplier(
+                              "ListCertificates"))
+                      .build();
+        }
+      }
+    }
+    return getListCertificatesMethod;
+  }
+
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.RevokeCertificateRequest,
+          com.google.cloud.security.privateca.v1.Certificate>
+      getRevokeCertificateMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "RevokeCertificate",
+      requestType = com.google.cloud.security.privateca.v1.RevokeCertificateRequest.class,
+      responseType = com.google.cloud.security.privateca.v1.Certificate.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+  public static io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.RevokeCertificateRequest,
+          com.google.cloud.security.privateca.v1.Certificate>
+      getRevokeCertificateMethod() {
+    io.grpc.MethodDescriptor<
+            com.google.cloud.security.privateca.v1.RevokeCertificateRequest,
+            com.google.cloud.security.privateca.v1.Certificate>
+        getRevokeCertificateMethod;
+    if ((getRevokeCertificateMethod = CertificateAuthorityServiceGrpc.getRevokeCertificateMethod)
+        == null) {
+      synchronized (CertificateAuthorityServiceGrpc.class) {
+        if ((getRevokeCertificateMethod =
+                CertificateAuthorityServiceGrpc.getRevokeCertificateMethod)
+            == null) {
+          CertificateAuthorityServiceGrpc.getRevokeCertificateMethod =
+              getRevokeCertificateMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.cloud.security.privateca.v1.RevokeCertificateRequest,
+                          com.google.cloud.security.privateca.v1.Certificate>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(generateFullMethodName(SERVICE_NAME, "RevokeCertificate"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1.RevokeCertificateRequest
+                                  .getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1.Certificate
+                                  .getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new CertificateAuthorityServiceMethodDescriptorSupplier(
+                              "RevokeCertificate"))
+                      .build();
+        }
+      }
+    }
+    return getRevokeCertificateMethod;
+  }
+
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.UpdateCertificateRequest,
+          com.google.cloud.security.privateca.v1.Certificate>
+      getUpdateCertificateMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "UpdateCertificate",
+      requestType = com.google.cloud.security.privateca.v1.UpdateCertificateRequest.class,
+      responseType = com.google.cloud.security.privateca.v1.Certificate.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+  public static io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.UpdateCertificateRequest,
+          com.google.cloud.security.privateca.v1.Certificate>
+      getUpdateCertificateMethod() {
+    io.grpc.MethodDescriptor<
+            com.google.cloud.security.privateca.v1.UpdateCertificateRequest,
+            com.google.cloud.security.privateca.v1.Certificate>
+        getUpdateCertificateMethod;
+    if ((getUpdateCertificateMethod = CertificateAuthorityServiceGrpc.getUpdateCertificateMethod)
+        == null) {
+      synchronized (CertificateAuthorityServiceGrpc.class) {
+        if ((getUpdateCertificateMethod =
+                CertificateAuthorityServiceGrpc.getUpdateCertificateMethod)
+            == null) {
+          CertificateAuthorityServiceGrpc.getUpdateCertificateMethod =
+              getUpdateCertificateMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.cloud.security.privateca.v1.UpdateCertificateRequest,
+                          com.google.cloud.security.privateca.v1.Certificate>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(generateFullMethodName(SERVICE_NAME, "UpdateCertificate"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1.UpdateCertificateRequest
+                                  .getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1.Certificate
+                                  .getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new CertificateAuthorityServiceMethodDescriptorSupplier(
+                              "UpdateCertificate"))
+                      .build();
+        }
+      }
+    }
+    return getUpdateCertificateMethod;
+  }
+
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest,
+          com.google.longrunning.Operation>
+      getActivateCertificateAuthorityMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "ActivateCertificateAuthority",
+      requestType =
+          com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest.class,
+      responseType = com.google.longrunning.Operation.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+  public static io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest,
+          com.google.longrunning.Operation>
+      getActivateCertificateAuthorityMethod() {
+    io.grpc.MethodDescriptor<
+            com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest,
+            com.google.longrunning.Operation>
+        getActivateCertificateAuthorityMethod;
+    if ((getActivateCertificateAuthorityMethod =
+            CertificateAuthorityServiceGrpc.getActivateCertificateAuthorityMethod)
+        == null) {
+      synchronized (CertificateAuthorityServiceGrpc.class) {
+        if ((getActivateCertificateAuthorityMethod =
+                CertificateAuthorityServiceGrpc.getActivateCertificateAuthorityMethod)
+            == null) {
+          CertificateAuthorityServiceGrpc.getActivateCertificateAuthorityMethod =
+              getActivateCertificateAuthorityMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest,
+                          com.google.longrunning.Operation>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(
+                          generateFullMethodName(SERVICE_NAME, "ActivateCertificateAuthority"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1
+                                  .ActivateCertificateAuthorityRequest.getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.longrunning.Operation.getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new CertificateAuthorityServiceMethodDescriptorSupplier(
+                              "ActivateCertificateAuthority"))
+                      .build();
+        }
+      }
+    }
+    return getActivateCertificateAuthorityMethod;
+  }
+
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest,
+          com.google.longrunning.Operation>
+      getCreateCertificateAuthorityMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "CreateCertificateAuthority",
+      requestType = com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest.class,
+      responseType = com.google.longrunning.Operation.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+  public static io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest,
+          com.google.longrunning.Operation>
+      getCreateCertificateAuthorityMethod() {
+    io.grpc.MethodDescriptor<
+            com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest,
+            com.google.longrunning.Operation>
+        getCreateCertificateAuthorityMethod;
+    if ((getCreateCertificateAuthorityMethod =
+            CertificateAuthorityServiceGrpc.getCreateCertificateAuthorityMethod)
+        == null) {
+      synchronized (CertificateAuthorityServiceGrpc.class) {
+        if ((getCreateCertificateAuthorityMethod =
+                CertificateAuthorityServiceGrpc.getCreateCertificateAuthorityMethod)
+            == null) {
+          CertificateAuthorityServiceGrpc.getCreateCertificateAuthorityMethod =
+              getCreateCertificateAuthorityMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest,
+                          com.google.longrunning.Operation>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(
+                          generateFullMethodName(SERVICE_NAME, "CreateCertificateAuthority"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1
+                                  .CreateCertificateAuthorityRequest.getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.longrunning.Operation.getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new CertificateAuthorityServiceMethodDescriptorSupplier(
+                              "CreateCertificateAuthority"))
+                      .build();
+        }
+      }
+    }
+    return getCreateCertificateAuthorityMethod;
+  }
+
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest,
+          com.google.longrunning.Operation>
+      getDisableCertificateAuthorityMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "DisableCertificateAuthority",
+      requestType = com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest.class,
+      responseType = com.google.longrunning.Operation.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+  public static io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest,
+          com.google.longrunning.Operation>
+      getDisableCertificateAuthorityMethod() {
+    io.grpc.MethodDescriptor<
+            com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest,
+            com.google.longrunning.Operation>
+        getDisableCertificateAuthorityMethod;
+    if ((getDisableCertificateAuthorityMethod =
+            CertificateAuthorityServiceGrpc.getDisableCertificateAuthorityMethod)
+        == null) {
+      synchronized (CertificateAuthorityServiceGrpc.class) {
+        if ((getDisableCertificateAuthorityMethod =
+                CertificateAuthorityServiceGrpc.getDisableCertificateAuthorityMethod)
+            == null) {
+          CertificateAuthorityServiceGrpc.getDisableCertificateAuthorityMethod =
+              getDisableCertificateAuthorityMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest,
+                          com.google.longrunning.Operation>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(
+                          generateFullMethodName(SERVICE_NAME, "DisableCertificateAuthority"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1
+                                  .DisableCertificateAuthorityRequest.getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.longrunning.Operation.getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new CertificateAuthorityServiceMethodDescriptorSupplier(
+                              "DisableCertificateAuthority"))
+                      .build();
+        }
+      }
+    }
+    return getDisableCertificateAuthorityMethod;
+  }
+
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest,
+          com.google.longrunning.Operation>
+      getEnableCertificateAuthorityMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "EnableCertificateAuthority",
+      requestType = com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest.class,
+      responseType = com.google.longrunning.Operation.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+  public static io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest,
+          com.google.longrunning.Operation>
+      getEnableCertificateAuthorityMethod() {
+    io.grpc.MethodDescriptor<
+            com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest,
+            com.google.longrunning.Operation>
+        getEnableCertificateAuthorityMethod;
+    if ((getEnableCertificateAuthorityMethod =
+            CertificateAuthorityServiceGrpc.getEnableCertificateAuthorityMethod)
+        == null) {
+      synchronized (CertificateAuthorityServiceGrpc.class) {
+        if ((getEnableCertificateAuthorityMethod =
+                CertificateAuthorityServiceGrpc.getEnableCertificateAuthorityMethod)
+            == null) {
+          CertificateAuthorityServiceGrpc.getEnableCertificateAuthorityMethod =
+              getEnableCertificateAuthorityMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest,
+                          com.google.longrunning.Operation>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(
+                          generateFullMethodName(SERVICE_NAME, "EnableCertificateAuthority"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1
+                                  .EnableCertificateAuthorityRequest.getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.longrunning.Operation.getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new CertificateAuthorityServiceMethodDescriptorSupplier(
+                              "EnableCertificateAuthority"))
+                      .build();
+        }
+      }
+    }
+    return getEnableCertificateAuthorityMethod;
+  }
+
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest,
+          com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse>
+      getFetchCertificateAuthorityCsrMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "FetchCertificateAuthorityCsr",
+      requestType =
+          com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest.class,
+      responseType =
+          com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+  public static io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest,
+          com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse>
+      getFetchCertificateAuthorityCsrMethod() {
+    io.grpc.MethodDescriptor<
+            com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest,
+            com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse>
+        getFetchCertificateAuthorityCsrMethod;
+    if ((getFetchCertificateAuthorityCsrMethod =
+            CertificateAuthorityServiceGrpc.getFetchCertificateAuthorityCsrMethod)
+        == null) {
+      synchronized (CertificateAuthorityServiceGrpc.class) {
+        if ((getFetchCertificateAuthorityCsrMethod =
+                CertificateAuthorityServiceGrpc.getFetchCertificateAuthorityCsrMethod)
+            == null) {
+          CertificateAuthorityServiceGrpc.getFetchCertificateAuthorityCsrMethod =
+              getFetchCertificateAuthorityCsrMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest,
+                          com.google.cloud.security.privateca.v1
+                              .FetchCertificateAuthorityCsrResponse>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(
+                          generateFullMethodName(SERVICE_NAME, "FetchCertificateAuthorityCsr"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1
+                                  .FetchCertificateAuthorityCsrRequest.getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1
+                                  .FetchCertificateAuthorityCsrResponse.getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new CertificateAuthorityServiceMethodDescriptorSupplier(
+                              "FetchCertificateAuthorityCsr"))
+                      .build();
+        }
+      }
+    }
+    return getFetchCertificateAuthorityCsrMethod;
+  }
+
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest,
+          com.google.cloud.security.privateca.v1.CertificateAuthority>
+      getGetCertificateAuthorityMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "GetCertificateAuthority",
+      requestType = com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest.class,
+      responseType = com.google.cloud.security.privateca.v1.CertificateAuthority.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+  public static io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest,
+          com.google.cloud.security.privateca.v1.CertificateAuthority>
+      getGetCertificateAuthorityMethod() {
+    io.grpc.MethodDescriptor<
+            com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest,
+            com.google.cloud.security.privateca.v1.CertificateAuthority>
+        getGetCertificateAuthorityMethod;
+    if ((getGetCertificateAuthorityMethod =
+            CertificateAuthorityServiceGrpc.getGetCertificateAuthorityMethod)
+        == null) {
+      synchronized (CertificateAuthorityServiceGrpc.class) {
+        if ((getGetCertificateAuthorityMethod =
+                CertificateAuthorityServiceGrpc.getGetCertificateAuthorityMethod)
+            == null) {
+          CertificateAuthorityServiceGrpc.getGetCertificateAuthorityMethod =
+              getGetCertificateAuthorityMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest,
+                          com.google.cloud.security.privateca.v1.CertificateAuthority>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(
+                          generateFullMethodName(SERVICE_NAME, "GetCertificateAuthority"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest
+                                  .getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1.CertificateAuthority
+                                  .getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new CertificateAuthorityServiceMethodDescriptorSupplier(
+                              "GetCertificateAuthority"))
+                      .build();
+        }
+      }
+    }
+    return getGetCertificateAuthorityMethod;
+  }
+
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest,
+          com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse>
+      getListCertificateAuthoritiesMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "ListCertificateAuthorities",
+      requestType = com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest.class,
+      responseType =
+          com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+  public static io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest,
+          com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse>
+      getListCertificateAuthoritiesMethod() {
+    io.grpc.MethodDescriptor<
+            com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest,
+            com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse>
+        getListCertificateAuthoritiesMethod;
+    if ((getListCertificateAuthoritiesMethod =
+            CertificateAuthorityServiceGrpc.getListCertificateAuthoritiesMethod)
+        == null) {
+      synchronized (CertificateAuthorityServiceGrpc.class) {
+        if ((getListCertificateAuthoritiesMethod =
+                CertificateAuthorityServiceGrpc.getListCertificateAuthoritiesMethod)
+            == null) {
+          CertificateAuthorityServiceGrpc.getListCertificateAuthoritiesMethod =
+              getListCertificateAuthoritiesMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest,
+                          com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(
+                          generateFullMethodName(SERVICE_NAME, "ListCertificateAuthorities"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1
+                                  .ListCertificateAuthoritiesRequest.getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1
+                                  .ListCertificateAuthoritiesResponse.getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new CertificateAuthorityServiceMethodDescriptorSupplier(
+                              "ListCertificateAuthorities"))
+                      .build();
+        }
+      }
+    }
+    return getListCertificateAuthoritiesMethod;
+  }
+
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest,
+          com.google.longrunning.Operation>
+      getUndeleteCertificateAuthorityMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "UndeleteCertificateAuthority",
+      requestType =
+          com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest.class,
+      responseType = com.google.longrunning.Operation.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+  public static io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest,
+          com.google.longrunning.Operation>
+      getUndeleteCertificateAuthorityMethod() {
+    io.grpc.MethodDescriptor<
+            com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest,
+            com.google.longrunning.Operation>
+        getUndeleteCertificateAuthorityMethod;
+    if ((getUndeleteCertificateAuthorityMethod =
+            CertificateAuthorityServiceGrpc.getUndeleteCertificateAuthorityMethod)
+        == null) {
+      synchronized (CertificateAuthorityServiceGrpc.class) {
+        if ((getUndeleteCertificateAuthorityMethod =
+                CertificateAuthorityServiceGrpc.getUndeleteCertificateAuthorityMethod)
+            == null) {
+          CertificateAuthorityServiceGrpc.getUndeleteCertificateAuthorityMethod =
+              getUndeleteCertificateAuthorityMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest,
+                          com.google.longrunning.Operation>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(
+                          generateFullMethodName(SERVICE_NAME, "UndeleteCertificateAuthority"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1
+                                  .UndeleteCertificateAuthorityRequest.getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.longrunning.Operation.getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new CertificateAuthorityServiceMethodDescriptorSupplier(
+                              "UndeleteCertificateAuthority"))
+                      .build();
+        }
+      }
+    }
+    return getUndeleteCertificateAuthorityMethod;
+  }
+
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest,
+          com.google.longrunning.Operation>
+      getDeleteCertificateAuthorityMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "DeleteCertificateAuthority",
+      requestType = com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest.class,
+      responseType = com.google.longrunning.Operation.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+  public static io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest,
+          com.google.longrunning.Operation>
+      getDeleteCertificateAuthorityMethod() {
+    io.grpc.MethodDescriptor<
+            com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest,
+            com.google.longrunning.Operation>
+        getDeleteCertificateAuthorityMethod;
+    if ((getDeleteCertificateAuthorityMethod =
+            CertificateAuthorityServiceGrpc.getDeleteCertificateAuthorityMethod)
+        == null) {
+      synchronized (CertificateAuthorityServiceGrpc.class) {
+        if ((getDeleteCertificateAuthorityMethod =
+                CertificateAuthorityServiceGrpc.getDeleteCertificateAuthorityMethod)
+            == null) {
+          CertificateAuthorityServiceGrpc.getDeleteCertificateAuthorityMethod =
+              getDeleteCertificateAuthorityMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest,
+                          com.google.longrunning.Operation>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(
+                          generateFullMethodName(SERVICE_NAME, "DeleteCertificateAuthority"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1
+                                  .DeleteCertificateAuthorityRequest.getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.longrunning.Operation.getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new CertificateAuthorityServiceMethodDescriptorSupplier(
+                              "DeleteCertificateAuthority"))
+                      .build();
+        }
+      }
+    }
+    return getDeleteCertificateAuthorityMethod;
+  }
+
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest,
+          com.google.longrunning.Operation>
+      getUpdateCertificateAuthorityMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "UpdateCertificateAuthority",
+      requestType = com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest.class,
+      responseType = com.google.longrunning.Operation.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+  public static io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest,
+          com.google.longrunning.Operation>
+      getUpdateCertificateAuthorityMethod() {
+    io.grpc.MethodDescriptor<
+            com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest,
+            com.google.longrunning.Operation>
+        getUpdateCertificateAuthorityMethod;
+    if ((getUpdateCertificateAuthorityMethod =
+            CertificateAuthorityServiceGrpc.getUpdateCertificateAuthorityMethod)
+        == null) {
+      synchronized (CertificateAuthorityServiceGrpc.class) {
+        if ((getUpdateCertificateAuthorityMethod =
+                CertificateAuthorityServiceGrpc.getUpdateCertificateAuthorityMethod)
+            == null) {
+          CertificateAuthorityServiceGrpc.getUpdateCertificateAuthorityMethod =
+              getUpdateCertificateAuthorityMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest,
+                          com.google.longrunning.Operation>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(
+                          generateFullMethodName(SERVICE_NAME, "UpdateCertificateAuthority"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1
+                                  .UpdateCertificateAuthorityRequest.getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.longrunning.Operation.getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new CertificateAuthorityServiceMethodDescriptorSupplier(
+                              "UpdateCertificateAuthority"))
+                      .build();
+        }
+      }
+    }
+    return getUpdateCertificateAuthorityMethod;
+  }
+
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.CreateCaPoolRequest,
+          com.google.longrunning.Operation>
+      getCreateCaPoolMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "CreateCaPool",
+      requestType = com.google.cloud.security.privateca.v1.CreateCaPoolRequest.class,
+      responseType = com.google.longrunning.Operation.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+  public static io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.CreateCaPoolRequest,
+          com.google.longrunning.Operation>
+      getCreateCaPoolMethod() {
+    io.grpc.MethodDescriptor<
+            com.google.cloud.security.privateca.v1.CreateCaPoolRequest,
+            com.google.longrunning.Operation>
+        getCreateCaPoolMethod;
+    if ((getCreateCaPoolMethod = CertificateAuthorityServiceGrpc.getCreateCaPoolMethod) == null) {
+      synchronized (CertificateAuthorityServiceGrpc.class) {
+        if ((getCreateCaPoolMethod = CertificateAuthorityServiceGrpc.getCreateCaPoolMethod)
+            == null) {
+          CertificateAuthorityServiceGrpc.getCreateCaPoolMethod =
+              getCreateCaPoolMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.cloud.security.privateca.v1.CreateCaPoolRequest,
+                          com.google.longrunning.Operation>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(generateFullMethodName(SERVICE_NAME, "CreateCaPool"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1.CreateCaPoolRequest
+                                  .getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.longrunning.Operation.getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new CertificateAuthorityServiceMethodDescriptorSupplier("CreateCaPool"))
+                      .build();
+        }
+      }
+    }
+    return getCreateCaPoolMethod;
+  }
+
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.UpdateCaPoolRequest,
+          com.google.longrunning.Operation>
+      getUpdateCaPoolMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "UpdateCaPool",
+      requestType = com.google.cloud.security.privateca.v1.UpdateCaPoolRequest.class,
+      responseType = com.google.longrunning.Operation.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+  public static io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.UpdateCaPoolRequest,
+          com.google.longrunning.Operation>
+      getUpdateCaPoolMethod() {
+    io.grpc.MethodDescriptor<
+            com.google.cloud.security.privateca.v1.UpdateCaPoolRequest,
+            com.google.longrunning.Operation>
+        getUpdateCaPoolMethod;
+    if ((getUpdateCaPoolMethod = CertificateAuthorityServiceGrpc.getUpdateCaPoolMethod) == null) {
+      synchronized (CertificateAuthorityServiceGrpc.class) {
+        if ((getUpdateCaPoolMethod = CertificateAuthorityServiceGrpc.getUpdateCaPoolMethod)
+            == null) {
+          CertificateAuthorityServiceGrpc.getUpdateCaPoolMethod =
+              getUpdateCaPoolMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.cloud.security.privateca.v1.UpdateCaPoolRequest,
+                          com.google.longrunning.Operation>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(generateFullMethodName(SERVICE_NAME, "UpdateCaPool"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1.UpdateCaPoolRequest
+                                  .getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.longrunning.Operation.getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new CertificateAuthorityServiceMethodDescriptorSupplier("UpdateCaPool"))
+                      .build();
+        }
+      }
+    }
+    return getUpdateCaPoolMethod;
+  }
+
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.GetCaPoolRequest,
+          com.google.cloud.security.privateca.v1.CaPool>
+      getGetCaPoolMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "GetCaPool",
+      requestType = com.google.cloud.security.privateca.v1.GetCaPoolRequest.class,
+      responseType = com.google.cloud.security.privateca.v1.CaPool.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+  public static io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.GetCaPoolRequest,
+          com.google.cloud.security.privateca.v1.CaPool>
+      getGetCaPoolMethod() {
+    io.grpc.MethodDescriptor<
+            com.google.cloud.security.privateca.v1.GetCaPoolRequest,
+            com.google.cloud.security.privateca.v1.CaPool>
+        getGetCaPoolMethod;
+    if ((getGetCaPoolMethod = CertificateAuthorityServiceGrpc.getGetCaPoolMethod) == null) {
+      synchronized (CertificateAuthorityServiceGrpc.class) {
+        if ((getGetCaPoolMethod = CertificateAuthorityServiceGrpc.getGetCaPoolMethod) == null) {
+          CertificateAuthorityServiceGrpc.getGetCaPoolMethod =
+              getGetCaPoolMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.cloud.security.privateca.v1.GetCaPoolRequest,
+                          com.google.cloud.security.privateca.v1.CaPool>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(generateFullMethodName(SERVICE_NAME, "GetCaPool"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1.GetCaPoolRequest
+                                  .getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1.CaPool.getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new CertificateAuthorityServiceMethodDescriptorSupplier("GetCaPool"))
+                      .build();
+        }
+      }
+    }
+    return getGetCaPoolMethod;
+  }
+
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.ListCaPoolsRequest,
+          com.google.cloud.security.privateca.v1.ListCaPoolsResponse>
+      getListCaPoolsMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "ListCaPools",
+      requestType = com.google.cloud.security.privateca.v1.ListCaPoolsRequest.class,
+      responseType = com.google.cloud.security.privateca.v1.ListCaPoolsResponse.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+  public static io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.ListCaPoolsRequest,
+          com.google.cloud.security.privateca.v1.ListCaPoolsResponse>
+      getListCaPoolsMethod() {
+    io.grpc.MethodDescriptor<
+            com.google.cloud.security.privateca.v1.ListCaPoolsRequest,
+            com.google.cloud.security.privateca.v1.ListCaPoolsResponse>
+        getListCaPoolsMethod;
+    if ((getListCaPoolsMethod = CertificateAuthorityServiceGrpc.getListCaPoolsMethod) == null) {
+      synchronized (CertificateAuthorityServiceGrpc.class) {
+        if ((getListCaPoolsMethod = CertificateAuthorityServiceGrpc.getListCaPoolsMethod) == null) {
+          CertificateAuthorityServiceGrpc.getListCaPoolsMethod =
+              getListCaPoolsMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.cloud.security.privateca.v1.ListCaPoolsRequest,
+                          com.google.cloud.security.privateca.v1.ListCaPoolsResponse>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(generateFullMethodName(SERVICE_NAME, "ListCaPools"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1.ListCaPoolsRequest
+                                  .getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1.ListCaPoolsResponse
+                                  .getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new CertificateAuthorityServiceMethodDescriptorSupplier("ListCaPools"))
+                      .build();
+        }
+      }
+    }
+    return getListCaPoolsMethod;
+  }
+
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.DeleteCaPoolRequest,
+          com.google.longrunning.Operation>
+      getDeleteCaPoolMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "DeleteCaPool",
+      requestType = com.google.cloud.security.privateca.v1.DeleteCaPoolRequest.class,
+      responseType = com.google.longrunning.Operation.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+  public static io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.DeleteCaPoolRequest,
+          com.google.longrunning.Operation>
+      getDeleteCaPoolMethod() {
+    io.grpc.MethodDescriptor<
+            com.google.cloud.security.privateca.v1.DeleteCaPoolRequest,
+            com.google.longrunning.Operation>
+        getDeleteCaPoolMethod;
+    if ((getDeleteCaPoolMethod = CertificateAuthorityServiceGrpc.getDeleteCaPoolMethod) == null) {
+      synchronized (CertificateAuthorityServiceGrpc.class) {
+        if ((getDeleteCaPoolMethod = CertificateAuthorityServiceGrpc.getDeleteCaPoolMethod)
+            == null) {
+          CertificateAuthorityServiceGrpc.getDeleteCaPoolMethod =
+              getDeleteCaPoolMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.cloud.security.privateca.v1.DeleteCaPoolRequest,
+                          com.google.longrunning.Operation>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(generateFullMethodName(SERVICE_NAME, "DeleteCaPool"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1.DeleteCaPoolRequest
+                                  .getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.longrunning.Operation.getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new CertificateAuthorityServiceMethodDescriptorSupplier("DeleteCaPool"))
+                      .build();
+        }
+      }
+    }
+    return getDeleteCaPoolMethod;
+  }
+
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.FetchCaCertsRequest,
+          com.google.cloud.security.privateca.v1.FetchCaCertsResponse>
+      getFetchCaCertsMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "FetchCaCerts",
+      requestType = com.google.cloud.security.privateca.v1.FetchCaCertsRequest.class,
+      responseType = com.google.cloud.security.privateca.v1.FetchCaCertsResponse.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+  public static io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.FetchCaCertsRequest,
+          com.google.cloud.security.privateca.v1.FetchCaCertsResponse>
+      getFetchCaCertsMethod() {
+    io.grpc.MethodDescriptor<
+            com.google.cloud.security.privateca.v1.FetchCaCertsRequest,
+            com.google.cloud.security.privateca.v1.FetchCaCertsResponse>
+        getFetchCaCertsMethod;
+    if ((getFetchCaCertsMethod = CertificateAuthorityServiceGrpc.getFetchCaCertsMethod) == null) {
+      synchronized (CertificateAuthorityServiceGrpc.class) {
+        if ((getFetchCaCertsMethod = CertificateAuthorityServiceGrpc.getFetchCaCertsMethod)
+            == null) {
+          CertificateAuthorityServiceGrpc.getFetchCaCertsMethod =
+              getFetchCaCertsMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.cloud.security.privateca.v1.FetchCaCertsRequest,
+                          com.google.cloud.security.privateca.v1.FetchCaCertsResponse>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(generateFullMethodName(SERVICE_NAME, "FetchCaCerts"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1.FetchCaCertsRequest
+                                  .getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1.FetchCaCertsResponse
+                                  .getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new CertificateAuthorityServiceMethodDescriptorSupplier("FetchCaCerts"))
+                      .build();
+        }
+      }
+    }
+    return getFetchCaCertsMethod;
+  }
+
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest,
+          com.google.cloud.security.privateca.v1.CertificateRevocationList>
+      getGetCertificateRevocationListMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "GetCertificateRevocationList",
+      requestType =
+          com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest.class,
+      responseType = com.google.cloud.security.privateca.v1.CertificateRevocationList.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+  public static io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest,
+          com.google.cloud.security.privateca.v1.CertificateRevocationList>
+      getGetCertificateRevocationListMethod() {
+    io.grpc.MethodDescriptor<
+            com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest,
+            com.google.cloud.security.privateca.v1.CertificateRevocationList>
+        getGetCertificateRevocationListMethod;
+    if ((getGetCertificateRevocationListMethod =
+            CertificateAuthorityServiceGrpc.getGetCertificateRevocationListMethod)
+        == null) {
+      synchronized (CertificateAuthorityServiceGrpc.class) {
+        if ((getGetCertificateRevocationListMethod =
+                CertificateAuthorityServiceGrpc.getGetCertificateRevocationListMethod)
+            == null) {
+          CertificateAuthorityServiceGrpc.getGetCertificateRevocationListMethod =
+              getGetCertificateRevocationListMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest,
+                          com.google.cloud.security.privateca.v1.CertificateRevocationList>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(
+                          generateFullMethodName(SERVICE_NAME, "GetCertificateRevocationList"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1
+                                  .GetCertificateRevocationListRequest.getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1.CertificateRevocationList
+                                  .getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new CertificateAuthorityServiceMethodDescriptorSupplier(
+                              "GetCertificateRevocationList"))
+                      .build();
+        }
+      }
+    }
+    return getGetCertificateRevocationListMethod;
+  }
+
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest,
+          com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse>
+      getListCertificateRevocationListsMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "ListCertificateRevocationLists",
+      requestType =
+          com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest.class,
+      responseType =
+          com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+  public static io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest,
+          com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse>
+      getListCertificateRevocationListsMethod() {
+    io.grpc.MethodDescriptor<
+            com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest,
+            com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse>
+        getListCertificateRevocationListsMethod;
+    if ((getListCertificateRevocationListsMethod =
+            CertificateAuthorityServiceGrpc.getListCertificateRevocationListsMethod)
+        == null) {
+      synchronized (CertificateAuthorityServiceGrpc.class) {
+        if ((getListCertificateRevocationListsMethod =
+                CertificateAuthorityServiceGrpc.getListCertificateRevocationListsMethod)
+            == null) {
+          CertificateAuthorityServiceGrpc.getListCertificateRevocationListsMethod =
+              getListCertificateRevocationListsMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.cloud.security.privateca.v1
+                              .ListCertificateRevocationListsRequest,
+                          com.google.cloud.security.privateca.v1
+                              .ListCertificateRevocationListsResponse>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(
+                          generateFullMethodName(SERVICE_NAME, "ListCertificateRevocationLists"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1
+                                  .ListCertificateRevocationListsRequest.getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1
+                                  .ListCertificateRevocationListsResponse.getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new CertificateAuthorityServiceMethodDescriptorSupplier(
+                              "ListCertificateRevocationLists"))
+                      .build();
+        }
+      }
+    }
+    return getListCertificateRevocationListsMethod;
+  }
+
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest,
+          com.google.longrunning.Operation>
+      getUpdateCertificateRevocationListMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "UpdateCertificateRevocationList",
+      requestType =
+          com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest.class,
+      responseType = com.google.longrunning.Operation.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+  public static io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest,
+          com.google.longrunning.Operation>
+      getUpdateCertificateRevocationListMethod() {
+    io.grpc.MethodDescriptor<
+            com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest,
+            com.google.longrunning.Operation>
+        getUpdateCertificateRevocationListMethod;
+    if ((getUpdateCertificateRevocationListMethod =
+            CertificateAuthorityServiceGrpc.getUpdateCertificateRevocationListMethod)
+        == null) {
+      synchronized (CertificateAuthorityServiceGrpc.class) {
+        if ((getUpdateCertificateRevocationListMethod =
+                CertificateAuthorityServiceGrpc.getUpdateCertificateRevocationListMethod)
+            == null) {
+          CertificateAuthorityServiceGrpc.getUpdateCertificateRevocationListMethod =
+              getUpdateCertificateRevocationListMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.cloud.security.privateca.v1
+                              .UpdateCertificateRevocationListRequest,
+                          com.google.longrunning.Operation>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(
+                          generateFullMethodName(SERVICE_NAME, "UpdateCertificateRevocationList"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1
+                                  .UpdateCertificateRevocationListRequest.getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.longrunning.Operation.getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new CertificateAuthorityServiceMethodDescriptorSupplier(
+                              "UpdateCertificateRevocationList"))
+                      .build();
+        }
+      }
+    }
+    return getUpdateCertificateRevocationListMethod;
+  }
+
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest,
+          com.google.longrunning.Operation>
+      getCreateCertificateTemplateMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "CreateCertificateTemplate",
+      requestType = com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest.class,
+      responseType = com.google.longrunning.Operation.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+  public static io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest,
+          com.google.longrunning.Operation>
+      getCreateCertificateTemplateMethod() {
+    io.grpc.MethodDescriptor<
+            com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest,
+            com.google.longrunning.Operation>
+        getCreateCertificateTemplateMethod;
+    if ((getCreateCertificateTemplateMethod =
+            CertificateAuthorityServiceGrpc.getCreateCertificateTemplateMethod)
+        == null) {
+      synchronized (CertificateAuthorityServiceGrpc.class) {
+        if ((getCreateCertificateTemplateMethod =
+                CertificateAuthorityServiceGrpc.getCreateCertificateTemplateMethod)
+            == null) {
+          CertificateAuthorityServiceGrpc.getCreateCertificateTemplateMethod =
+              getCreateCertificateTemplateMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest,
+                          com.google.longrunning.Operation>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(
+                          generateFullMethodName(SERVICE_NAME, "CreateCertificateTemplate"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1
+                                  .CreateCertificateTemplateRequest.getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.longrunning.Operation.getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new CertificateAuthorityServiceMethodDescriptorSupplier(
+                              "CreateCertificateTemplate"))
+                      .build();
+        }
+      }
+    }
+    return getCreateCertificateTemplateMethod;
+  }
+
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest,
+          com.google.longrunning.Operation>
+      getDeleteCertificateTemplateMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "DeleteCertificateTemplate",
+      requestType = com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest.class,
+      responseType = com.google.longrunning.Operation.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+  public static io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest,
+          com.google.longrunning.Operation>
+      getDeleteCertificateTemplateMethod() {
+    io.grpc.MethodDescriptor<
+            com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest,
+            com.google.longrunning.Operation>
+        getDeleteCertificateTemplateMethod;
+    if ((getDeleteCertificateTemplateMethod =
+            CertificateAuthorityServiceGrpc.getDeleteCertificateTemplateMethod)
+        == null) {
+      synchronized (CertificateAuthorityServiceGrpc.class) {
+        if ((getDeleteCertificateTemplateMethod =
+                CertificateAuthorityServiceGrpc.getDeleteCertificateTemplateMethod)
+            == null) {
+          CertificateAuthorityServiceGrpc.getDeleteCertificateTemplateMethod =
+              getDeleteCertificateTemplateMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest,
+                          com.google.longrunning.Operation>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(
+                          generateFullMethodName(SERVICE_NAME, "DeleteCertificateTemplate"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1
+                                  .DeleteCertificateTemplateRequest.getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.longrunning.Operation.getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new CertificateAuthorityServiceMethodDescriptorSupplier(
+                              "DeleteCertificateTemplate"))
+                      .build();
+        }
+      }
+    }
+    return getDeleteCertificateTemplateMethod;
+  }
+
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest,
+          com.google.cloud.security.privateca.v1.CertificateTemplate>
+      getGetCertificateTemplateMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "GetCertificateTemplate",
+      requestType = com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest.class,
+      responseType = com.google.cloud.security.privateca.v1.CertificateTemplate.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+  public static io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest,
+          com.google.cloud.security.privateca.v1.CertificateTemplate>
+      getGetCertificateTemplateMethod() {
+    io.grpc.MethodDescriptor<
+            com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest,
+            com.google.cloud.security.privateca.v1.CertificateTemplate>
+        getGetCertificateTemplateMethod;
+    if ((getGetCertificateTemplateMethod =
+            CertificateAuthorityServiceGrpc.getGetCertificateTemplateMethod)
+        == null) {
+      synchronized (CertificateAuthorityServiceGrpc.class) {
+        if ((getGetCertificateTemplateMethod =
+                CertificateAuthorityServiceGrpc.getGetCertificateTemplateMethod)
+            == null) {
+          CertificateAuthorityServiceGrpc.getGetCertificateTemplateMethod =
+              getGetCertificateTemplateMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest,
+                          com.google.cloud.security.privateca.v1.CertificateTemplate>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(
+                          generateFullMethodName(SERVICE_NAME, "GetCertificateTemplate"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest
+                                  .getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1.CertificateTemplate
+                                  .getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new CertificateAuthorityServiceMethodDescriptorSupplier(
+                              "GetCertificateTemplate"))
+                      .build();
+        }
+      }
+    }
+    return getGetCertificateTemplateMethod;
+  }
+
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest,
+          com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse>
+      getListCertificateTemplatesMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "ListCertificateTemplates",
+      requestType = com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest.class,
+      responseType = com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+  public static io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest,
+          com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse>
+      getListCertificateTemplatesMethod() {
+    io.grpc.MethodDescriptor<
+            com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest,
+            com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse>
+        getListCertificateTemplatesMethod;
+    if ((getListCertificateTemplatesMethod =
+            CertificateAuthorityServiceGrpc.getListCertificateTemplatesMethod)
+        == null) {
+      synchronized (CertificateAuthorityServiceGrpc.class) {
+        if ((getListCertificateTemplatesMethod =
+                CertificateAuthorityServiceGrpc.getListCertificateTemplatesMethod)
+            == null) {
+          CertificateAuthorityServiceGrpc.getListCertificateTemplatesMethod =
+              getListCertificateTemplatesMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest,
+                          com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(
+                          generateFullMethodName(SERVICE_NAME, "ListCertificateTemplates"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest
+                                  .getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1
+                                  .ListCertificateTemplatesResponse.getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new CertificateAuthorityServiceMethodDescriptorSupplier(
+                              "ListCertificateTemplates"))
+                      .build();
+        }
+      }
+    }
+    return getListCertificateTemplatesMethod;
+  }
+
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest,
+          com.google.longrunning.Operation>
+      getUpdateCertificateTemplateMethod;
+
+  @io.grpc.stub.annotations.RpcMethod(
+      fullMethodName = SERVICE_NAME + '/' + "UpdateCertificateTemplate",
+      requestType = com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest.class,
+      responseType = com.google.longrunning.Operation.class,
+      methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+  public static io.grpc.MethodDescriptor<
+          com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest,
+          com.google.longrunning.Operation>
+      getUpdateCertificateTemplateMethod() {
+    io.grpc.MethodDescriptor<
+            com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest,
+            com.google.longrunning.Operation>
+        getUpdateCertificateTemplateMethod;
+    if ((getUpdateCertificateTemplateMethod =
+            CertificateAuthorityServiceGrpc.getUpdateCertificateTemplateMethod)
+        == null) {
+      synchronized (CertificateAuthorityServiceGrpc.class) {
+        if ((getUpdateCertificateTemplateMethod =
+                CertificateAuthorityServiceGrpc.getUpdateCertificateTemplateMethod)
+            == null) {
+          CertificateAuthorityServiceGrpc.getUpdateCertificateTemplateMethod =
+              getUpdateCertificateTemplateMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest,
+                          com.google.longrunning.Operation>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(
+                          generateFullMethodName(SERVICE_NAME, "UpdateCertificateTemplate"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.security.privateca.v1
+                                  .UpdateCertificateTemplateRequest.getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.longrunning.Operation.getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new CertificateAuthorityServiceMethodDescriptorSupplier(
+                              "UpdateCertificateTemplate"))
+                      .build();
+        }
+      }
+    }
+    return getUpdateCertificateTemplateMethod;
+  }
+
+  /** Creates a new async stub that supports all call types for the service */
+  public static CertificateAuthorityServiceStub newStub(io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<CertificateAuthorityServiceStub> factory =
+        new io.grpc.stub.AbstractStub.StubFactory<CertificateAuthorityServiceStub>() {
+          @java.lang.Override
+          public CertificateAuthorityServiceStub newStub(
+              io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+            return new CertificateAuthorityServiceStub(channel, callOptions);
+          }
+        };
+    return CertificateAuthorityServiceStub.newStub(factory, channel);
+  }
+
+  /**
+   * Creates a new blocking-style stub that supports unary and streaming output calls on the service
+   */
+  public static CertificateAuthorityServiceBlockingStub newBlockingStub(io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<CertificateAuthorityServiceBlockingStub> factory =
+        new io.grpc.stub.AbstractStub.StubFactory<CertificateAuthorityServiceBlockingStub>() {
+          @java.lang.Override
+          public CertificateAuthorityServiceBlockingStub newStub(
+              io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+            return new CertificateAuthorityServiceBlockingStub(channel, callOptions);
+          }
+        };
+    return CertificateAuthorityServiceBlockingStub.newStub(factory, channel);
+  }
+
+  /** Creates a new ListenableFuture-style stub that supports unary calls on the service */
+  public static CertificateAuthorityServiceFutureStub newFutureStub(io.grpc.Channel channel) {
+    io.grpc.stub.AbstractStub.StubFactory<CertificateAuthorityServiceFutureStub> factory =
+        new io.grpc.stub.AbstractStub.StubFactory<CertificateAuthorityServiceFutureStub>() {
+          @java.lang.Override
+          public CertificateAuthorityServiceFutureStub newStub(
+              io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+            return new CertificateAuthorityServiceFutureStub(channel, callOptions);
+          }
+        };
+    return CertificateAuthorityServiceFutureStub.newStub(factory, channel);
+  }
+
+  /**
+   *
+   *
+   * <pre>
+   * [Certificate Authority
+   * Service][google.cloud.security.privateca.v1.CertificateAuthorityService]
+   * manages private certificate authorities and issued certificates.
+   * </pre>
+   */
+  public abstract static class CertificateAuthorityServiceImplBase
+      implements io.grpc.BindableService {
+
+    /**
+     *
+     *
+     * <pre>
+     * Create a new [Certificate][google.cloud.security.privateca.v1.Certificate]
+     * in a given Project, Location from a particular
+     * [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     */
+    public void createCertificate(
+        com.google.cloud.security.privateca.v1.CreateCertificateRequest request,
+        io.grpc.stub.StreamObserver<com.google.cloud.security.privateca.v1.Certificate>
+            responseObserver) {
+      io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall(
+          getCreateCertificateMethod(), responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Returns a [Certificate][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     */
+    public void getCertificate(
+        com.google.cloud.security.privateca.v1.GetCertificateRequest request,
+        io.grpc.stub.StreamObserver<com.google.cloud.security.privateca.v1.Certificate>
+            responseObserver) {
+      io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall(
+          getGetCertificateMethod(), responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Lists [Certificates][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     */
+    public void listCertificates(
+        com.google.cloud.security.privateca.v1.ListCertificatesRequest request,
+        io.grpc.stub.StreamObserver<com.google.cloud.security.privateca.v1.ListCertificatesResponse>
+            responseObserver) {
+      io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall(
+          getListCertificatesMethod(), responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Revoke a [Certificate][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     */
+    public void revokeCertificate(
+        com.google.cloud.security.privateca.v1.RevokeCertificateRequest request,
+        io.grpc.stub.StreamObserver<com.google.cloud.security.privateca.v1.Certificate>
+            responseObserver) {
+      io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall(
+          getRevokeCertificateMethod(), responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Update a [Certificate][google.cloud.security.privateca.v1.Certificate].
+     * Currently, the only field you can update is the
+     * [labels][google.cloud.security.privateca.v1.Certificate.labels] field.
+     * </pre>
+     */
+    public void updateCertificate(
+        com.google.cloud.security.privateca.v1.UpdateCertificateRequest request,
+        io.grpc.stub.StreamObserver<com.google.cloud.security.privateca.v1.Certificate>
+            responseObserver) {
+      io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall(
+          getUpdateCertificateMethod(), responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Activate a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * that is in state
+     * [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
+     * and is of type
+     * [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+     * After the parent Certificate Authority signs a certificate signing request
+     * from
+     * [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr],
+     * this method can complete the activation process.
+     * </pre>
+     */
+    public void activateCertificateAuthority(
+        com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest request,
+        io.grpc.stub.StreamObserver<com.google.longrunning.Operation> responseObserver) {
+      io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall(
+          getActivateCertificateAuthorityMethod(), responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Create a new
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in a given Project and Location.
+     * </pre>
+     */
+    public void createCertificateAuthority(
+        com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest request,
+        io.grpc.stub.StreamObserver<com.google.longrunning.Operation> responseObserver) {
+      io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall(
+          getCreateCertificateAuthorityMethod(), responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Disable a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     */
+    public void disableCertificateAuthority(
+        com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest request,
+        io.grpc.stub.StreamObserver<com.google.longrunning.Operation> responseObserver) {
+      io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall(
+          getDisableCertificateAuthorityMethod(), responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Enable a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     */
+    public void enableCertificateAuthority(
+        com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest request,
+        io.grpc.stub.StreamObserver<com.google.longrunning.Operation> responseObserver) {
+      io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall(
+          getEnableCertificateAuthorityMethod(), responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Fetch a certificate signing request (CSR) from a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * that is in state
+     * [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
+     * and is of type
+     * [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+     * The CSR must then be signed by the desired parent Certificate Authority,
+     * which could be another
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * resource, or could be an on-prem certificate authority. See also
+     * [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
+     * </pre>
+     */
+    public void fetchCertificateAuthorityCsr(
+        com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest request,
+        io.grpc.stub.StreamObserver<
+                com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse>
+            responseObserver) {
+      io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall(
+          getFetchCertificateAuthorityCsrMethod(), responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Returns a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     */
+    public void getCertificateAuthority(
+        com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest request,
+        io.grpc.stub.StreamObserver<com.google.cloud.security.privateca.v1.CertificateAuthority>
+            responseObserver) {
+      io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall(
+          getGetCertificateAuthorityMethod(), responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Lists
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     */
+    public void listCertificateAuthorities(
+        com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest request,
+        io.grpc.stub.StreamObserver<
+                com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse>
+            responseObserver) {
+      io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall(
+          getListCertificateAuthoritiesMethod(), responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Undelete a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * that has been deleted.
+     * </pre>
+     */
+    public void undeleteCertificateAuthority(
+        com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest request,
+        io.grpc.stub.StreamObserver<com.google.longrunning.Operation> responseObserver) {
+      io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall(
+          getUndeleteCertificateAuthorityMethod(), responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Delete a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     */
+    public void deleteCertificateAuthority(
+        com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest request,
+        io.grpc.stub.StreamObserver<com.google.longrunning.Operation> responseObserver) {
+      io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall(
+          getDeleteCertificateAuthorityMethod(), responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Update a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     */
+    public void updateCertificateAuthority(
+        com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest request,
+        io.grpc.stub.StreamObserver<com.google.longrunning.Operation> responseObserver) {
+      io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall(
+          getUpdateCertificateAuthorityMethod(), responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Create a [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     */
+    public void createCaPool(
+        com.google.cloud.security.privateca.v1.CreateCaPoolRequest request,
+        io.grpc.stub.StreamObserver<com.google.longrunning.Operation> responseObserver) {
+      io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall(
+          getCreateCaPoolMethod(), responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Update a [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     */
+    public void updateCaPool(
+        com.google.cloud.security.privateca.v1.UpdateCaPoolRequest request,
+        io.grpc.stub.StreamObserver<com.google.longrunning.Operation> responseObserver) {
+      io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall(
+          getUpdateCaPoolMethod(), responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Returns a [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     */
+    public void getCaPool(
+        com.google.cloud.security.privateca.v1.GetCaPoolRequest request,
+        io.grpc.stub.StreamObserver<com.google.cloud.security.privateca.v1.CaPool>
+            responseObserver) {
+      io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall(getGetCaPoolMethod(), responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Lists [CaPools][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     */
+    public void listCaPools(
+        com.google.cloud.security.privateca.v1.ListCaPoolsRequest request,
+        io.grpc.stub.StreamObserver<com.google.cloud.security.privateca.v1.ListCaPoolsResponse>
+            responseObserver) {
+      io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall(
+          getListCaPoolsMethod(), responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Delete a [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     */
+    public void deleteCaPool(
+        com.google.cloud.security.privateca.v1.DeleteCaPoolRequest request,
+        io.grpc.stub.StreamObserver<com.google.longrunning.Operation> responseObserver) {
+      io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall(
+          getDeleteCaPoolMethod(), responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * FetchCaCerts returns the current trust anchor for the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool]. This will include CA
+     * certificate chains for all ACTIVE
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * resources in the [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     */
+    public void fetchCaCerts(
+        com.google.cloud.security.privateca.v1.FetchCaCertsRequest request,
+        io.grpc.stub.StreamObserver<com.google.cloud.security.privateca.v1.FetchCaCertsResponse>
+            responseObserver) {
+      io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall(
+          getFetchCaCertsMethod(), responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Returns a
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * </pre>
+     */
+    public void getCertificateRevocationList(
+        com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest request,
+        io.grpc.stub.StreamObserver<
+                com.google.cloud.security.privateca.v1.CertificateRevocationList>
+            responseObserver) {
+      io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall(
+          getGetCertificateRevocationListMethod(), responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Lists
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * </pre>
+     */
+    public void listCertificateRevocationLists(
+        com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest request,
+        io.grpc.stub.StreamObserver<
+                com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse>
+            responseObserver) {
+      io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall(
+          getListCertificateRevocationListsMethod(), responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Update a
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * </pre>
+     */
+    public void updateCertificateRevocationList(
+        com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest request,
+        io.grpc.stub.StreamObserver<com.google.longrunning.Operation> responseObserver) {
+      io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall(
+          getUpdateCertificateRevocationListMethod(), responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Create a new
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * in a given Project and Location.
+     * </pre>
+     */
+    public void createCertificateTemplate(
+        com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest request,
+        io.grpc.stub.StreamObserver<com.google.longrunning.Operation> responseObserver) {
+      io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall(
+          getCreateCertificateTemplateMethod(), responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * DeleteCertificateTemplate deletes a
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+     * </pre>
+     */
+    public void deleteCertificateTemplate(
+        com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest request,
+        io.grpc.stub.StreamObserver<com.google.longrunning.Operation> responseObserver) {
+      io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall(
+          getDeleteCertificateTemplateMethod(), responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Returns a
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+     * </pre>
+     */
+    public void getCertificateTemplate(
+        com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest request,
+        io.grpc.stub.StreamObserver<com.google.cloud.security.privateca.v1.CertificateTemplate>
+            responseObserver) {
+      io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall(
+          getGetCertificateTemplateMethod(), responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Lists
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * </pre>
+     */
+    public void listCertificateTemplates(
+        com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest request,
+        io.grpc.stub.StreamObserver<
+                com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse>
+            responseObserver) {
+      io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall(
+          getListCertificateTemplatesMethod(), responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Update a
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+     * </pre>
+     */
+    public void updateCertificateTemplate(
+        com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest request,
+        io.grpc.stub.StreamObserver<com.google.longrunning.Operation> responseObserver) {
+      io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall(
+          getUpdateCertificateTemplateMethod(), responseObserver);
+    }
+
+    @java.lang.Override
+    public final io.grpc.ServerServiceDefinition bindService() {
+      return io.grpc.ServerServiceDefinition.builder(getServiceDescriptor())
+          .addMethod(
+              getCreateCertificateMethod(),
+              io.grpc.stub.ServerCalls.asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.cloud.security.privateca.v1.CreateCertificateRequest,
+                      com.google.cloud.security.privateca.v1.Certificate>(
+                      this, METHODID_CREATE_CERTIFICATE)))
+          .addMethod(
+              getGetCertificateMethod(),
+              io.grpc.stub.ServerCalls.asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.cloud.security.privateca.v1.GetCertificateRequest,
+                      com.google.cloud.security.privateca.v1.Certificate>(
+                      this, METHODID_GET_CERTIFICATE)))
+          .addMethod(
+              getListCertificatesMethod(),
+              io.grpc.stub.ServerCalls.asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.cloud.security.privateca.v1.ListCertificatesRequest,
+                      com.google.cloud.security.privateca.v1.ListCertificatesResponse>(
+                      this, METHODID_LIST_CERTIFICATES)))
+          .addMethod(
+              getRevokeCertificateMethod(),
+              io.grpc.stub.ServerCalls.asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.cloud.security.privateca.v1.RevokeCertificateRequest,
+                      com.google.cloud.security.privateca.v1.Certificate>(
+                      this, METHODID_REVOKE_CERTIFICATE)))
+          .addMethod(
+              getUpdateCertificateMethod(),
+              io.grpc.stub.ServerCalls.asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.cloud.security.privateca.v1.UpdateCertificateRequest,
+                      com.google.cloud.security.privateca.v1.Certificate>(
+                      this, METHODID_UPDATE_CERTIFICATE)))
+          .addMethod(
+              getActivateCertificateAuthorityMethod(),
+              io.grpc.stub.ServerCalls.asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest,
+                      com.google.longrunning.Operation>(
+                      this, METHODID_ACTIVATE_CERTIFICATE_AUTHORITY)))
+          .addMethod(
+              getCreateCertificateAuthorityMethod(),
+              io.grpc.stub.ServerCalls.asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest,
+                      com.google.longrunning.Operation>(
+                      this, METHODID_CREATE_CERTIFICATE_AUTHORITY)))
+          .addMethod(
+              getDisableCertificateAuthorityMethod(),
+              io.grpc.stub.ServerCalls.asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest,
+                      com.google.longrunning.Operation>(
+                      this, METHODID_DISABLE_CERTIFICATE_AUTHORITY)))
+          .addMethod(
+              getEnableCertificateAuthorityMethod(),
+              io.grpc.stub.ServerCalls.asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest,
+                      com.google.longrunning.Operation>(
+                      this, METHODID_ENABLE_CERTIFICATE_AUTHORITY)))
+          .addMethod(
+              getFetchCertificateAuthorityCsrMethod(),
+              io.grpc.stub.ServerCalls.asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest,
+                      com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse>(
+                      this, METHODID_FETCH_CERTIFICATE_AUTHORITY_CSR)))
+          .addMethod(
+              getGetCertificateAuthorityMethod(),
+              io.grpc.stub.ServerCalls.asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest,
+                      com.google.cloud.security.privateca.v1.CertificateAuthority>(
+                      this, METHODID_GET_CERTIFICATE_AUTHORITY)))
+          .addMethod(
+              getListCertificateAuthoritiesMethod(),
+              io.grpc.stub.ServerCalls.asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest,
+                      com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse>(
+                      this, METHODID_LIST_CERTIFICATE_AUTHORITIES)))
+          .addMethod(
+              getUndeleteCertificateAuthorityMethod(),
+              io.grpc.stub.ServerCalls.asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest,
+                      com.google.longrunning.Operation>(
+                      this, METHODID_UNDELETE_CERTIFICATE_AUTHORITY)))
+          .addMethod(
+              getDeleteCertificateAuthorityMethod(),
+              io.grpc.stub.ServerCalls.asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest,
+                      com.google.longrunning.Operation>(
+                      this, METHODID_DELETE_CERTIFICATE_AUTHORITY)))
+          .addMethod(
+              getUpdateCertificateAuthorityMethod(),
+              io.grpc.stub.ServerCalls.asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest,
+                      com.google.longrunning.Operation>(
+                      this, METHODID_UPDATE_CERTIFICATE_AUTHORITY)))
+          .addMethod(
+              getCreateCaPoolMethod(),
+              io.grpc.stub.ServerCalls.asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.cloud.security.privateca.v1.CreateCaPoolRequest,
+                      com.google.longrunning.Operation>(this, METHODID_CREATE_CA_POOL)))
+          .addMethod(
+              getUpdateCaPoolMethod(),
+              io.grpc.stub.ServerCalls.asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.cloud.security.privateca.v1.UpdateCaPoolRequest,
+                      com.google.longrunning.Operation>(this, METHODID_UPDATE_CA_POOL)))
+          .addMethod(
+              getGetCaPoolMethod(),
+              io.grpc.stub.ServerCalls.asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.cloud.security.privateca.v1.GetCaPoolRequest,
+                      com.google.cloud.security.privateca.v1.CaPool>(this, METHODID_GET_CA_POOL)))
+          .addMethod(
+              getListCaPoolsMethod(),
+              io.grpc.stub.ServerCalls.asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.cloud.security.privateca.v1.ListCaPoolsRequest,
+                      com.google.cloud.security.privateca.v1.ListCaPoolsResponse>(
+                      this, METHODID_LIST_CA_POOLS)))
+          .addMethod(
+              getDeleteCaPoolMethod(),
+              io.grpc.stub.ServerCalls.asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.cloud.security.privateca.v1.DeleteCaPoolRequest,
+                      com.google.longrunning.Operation>(this, METHODID_DELETE_CA_POOL)))
+          .addMethod(
+              getFetchCaCertsMethod(),
+              io.grpc.stub.ServerCalls.asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.cloud.security.privateca.v1.FetchCaCertsRequest,
+                      com.google.cloud.security.privateca.v1.FetchCaCertsResponse>(
+                      this, METHODID_FETCH_CA_CERTS)))
+          .addMethod(
+              getGetCertificateRevocationListMethod(),
+              io.grpc.stub.ServerCalls.asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest,
+                      com.google.cloud.security.privateca.v1.CertificateRevocationList>(
+                      this, METHODID_GET_CERTIFICATE_REVOCATION_LIST)))
+          .addMethod(
+              getListCertificateRevocationListsMethod(),
+              io.grpc.stub.ServerCalls.asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest,
+                      com.google.cloud.security.privateca.v1
+                          .ListCertificateRevocationListsResponse>(
+                      this, METHODID_LIST_CERTIFICATE_REVOCATION_LISTS)))
+          .addMethod(
+              getUpdateCertificateRevocationListMethod(),
+              io.grpc.stub.ServerCalls.asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest,
+                      com.google.longrunning.Operation>(
+                      this, METHODID_UPDATE_CERTIFICATE_REVOCATION_LIST)))
+          .addMethod(
+              getCreateCertificateTemplateMethod(),
+              io.grpc.stub.ServerCalls.asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest,
+                      com.google.longrunning.Operation>(
+                      this, METHODID_CREATE_CERTIFICATE_TEMPLATE)))
+          .addMethod(
+              getDeleteCertificateTemplateMethod(),
+              io.grpc.stub.ServerCalls.asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest,
+                      com.google.longrunning.Operation>(
+                      this, METHODID_DELETE_CERTIFICATE_TEMPLATE)))
+          .addMethod(
+              getGetCertificateTemplateMethod(),
+              io.grpc.stub.ServerCalls.asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest,
+                      com.google.cloud.security.privateca.v1.CertificateTemplate>(
+                      this, METHODID_GET_CERTIFICATE_TEMPLATE)))
+          .addMethod(
+              getListCertificateTemplatesMethod(),
+              io.grpc.stub.ServerCalls.asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest,
+                      com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse>(
+                      this, METHODID_LIST_CERTIFICATE_TEMPLATES)))
+          .addMethod(
+              getUpdateCertificateTemplateMethod(),
+              io.grpc.stub.ServerCalls.asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest,
+                      com.google.longrunning.Operation>(
+                      this, METHODID_UPDATE_CERTIFICATE_TEMPLATE)))
+          .build();
+    }
+  }
+
+  /**
+   *
+   *
+   * <pre>
+   * [Certificate Authority
+   * Service][google.cloud.security.privateca.v1.CertificateAuthorityService]
+   * manages private certificate authorities and issued certificates.
+   * </pre>
+   */
+  public static final class CertificateAuthorityServiceStub
+      extends io.grpc.stub.AbstractAsyncStub<CertificateAuthorityServiceStub> {
+    private CertificateAuthorityServiceStub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected CertificateAuthorityServiceStub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new CertificateAuthorityServiceStub(channel, callOptions);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Create a new [Certificate][google.cloud.security.privateca.v1.Certificate]
+     * in a given Project, Location from a particular
+     * [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     */
+    public void createCertificate(
+        com.google.cloud.security.privateca.v1.CreateCertificateRequest request,
+        io.grpc.stub.StreamObserver<com.google.cloud.security.privateca.v1.Certificate>
+            responseObserver) {
+      io.grpc.stub.ClientCalls.asyncUnaryCall(
+          getChannel().newCall(getCreateCertificateMethod(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Returns a [Certificate][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     */
+    public void getCertificate(
+        com.google.cloud.security.privateca.v1.GetCertificateRequest request,
+        io.grpc.stub.StreamObserver<com.google.cloud.security.privateca.v1.Certificate>
+            responseObserver) {
+      io.grpc.stub.ClientCalls.asyncUnaryCall(
+          getChannel().newCall(getGetCertificateMethod(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Lists [Certificates][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     */
+    public void listCertificates(
+        com.google.cloud.security.privateca.v1.ListCertificatesRequest request,
+        io.grpc.stub.StreamObserver<com.google.cloud.security.privateca.v1.ListCertificatesResponse>
+            responseObserver) {
+      io.grpc.stub.ClientCalls.asyncUnaryCall(
+          getChannel().newCall(getListCertificatesMethod(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Revoke a [Certificate][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     */
+    public void revokeCertificate(
+        com.google.cloud.security.privateca.v1.RevokeCertificateRequest request,
+        io.grpc.stub.StreamObserver<com.google.cloud.security.privateca.v1.Certificate>
+            responseObserver) {
+      io.grpc.stub.ClientCalls.asyncUnaryCall(
+          getChannel().newCall(getRevokeCertificateMethod(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Update a [Certificate][google.cloud.security.privateca.v1.Certificate].
+     * Currently, the only field you can update is the
+     * [labels][google.cloud.security.privateca.v1.Certificate.labels] field.
+     * </pre>
+     */
+    public void updateCertificate(
+        com.google.cloud.security.privateca.v1.UpdateCertificateRequest request,
+        io.grpc.stub.StreamObserver<com.google.cloud.security.privateca.v1.Certificate>
+            responseObserver) {
+      io.grpc.stub.ClientCalls.asyncUnaryCall(
+          getChannel().newCall(getUpdateCertificateMethod(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Activate a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * that is in state
+     * [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
+     * and is of type
+     * [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+     * After the parent Certificate Authority signs a certificate signing request
+     * from
+     * [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr],
+     * this method can complete the activation process.
+     * </pre>
+     */
+    public void activateCertificateAuthority(
+        com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest request,
+        io.grpc.stub.StreamObserver<com.google.longrunning.Operation> responseObserver) {
+      io.grpc.stub.ClientCalls.asyncUnaryCall(
+          getChannel().newCall(getActivateCertificateAuthorityMethod(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Create a new
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in a given Project and Location.
+     * </pre>
+     */
+    public void createCertificateAuthority(
+        com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest request,
+        io.grpc.stub.StreamObserver<com.google.longrunning.Operation> responseObserver) {
+      io.grpc.stub.ClientCalls.asyncUnaryCall(
+          getChannel().newCall(getCreateCertificateAuthorityMethod(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Disable a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     */
+    public void disableCertificateAuthority(
+        com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest request,
+        io.grpc.stub.StreamObserver<com.google.longrunning.Operation> responseObserver) {
+      io.grpc.stub.ClientCalls.asyncUnaryCall(
+          getChannel().newCall(getDisableCertificateAuthorityMethod(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Enable a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     */
+    public void enableCertificateAuthority(
+        com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest request,
+        io.grpc.stub.StreamObserver<com.google.longrunning.Operation> responseObserver) {
+      io.grpc.stub.ClientCalls.asyncUnaryCall(
+          getChannel().newCall(getEnableCertificateAuthorityMethod(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Fetch a certificate signing request (CSR) from a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * that is in state
+     * [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
+     * and is of type
+     * [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+     * The CSR must then be signed by the desired parent Certificate Authority,
+     * which could be another
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * resource, or could be an on-prem certificate authority. See also
+     * [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
+     * </pre>
+     */
+    public void fetchCertificateAuthorityCsr(
+        com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest request,
+        io.grpc.stub.StreamObserver<
+                com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse>
+            responseObserver) {
+      io.grpc.stub.ClientCalls.asyncUnaryCall(
+          getChannel().newCall(getFetchCertificateAuthorityCsrMethod(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Returns a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     */
+    public void getCertificateAuthority(
+        com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest request,
+        io.grpc.stub.StreamObserver<com.google.cloud.security.privateca.v1.CertificateAuthority>
+            responseObserver) {
+      io.grpc.stub.ClientCalls.asyncUnaryCall(
+          getChannel().newCall(getGetCertificateAuthorityMethod(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Lists
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     */
+    public void listCertificateAuthorities(
+        com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest request,
+        io.grpc.stub.StreamObserver<
+                com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse>
+            responseObserver) {
+      io.grpc.stub.ClientCalls.asyncUnaryCall(
+          getChannel().newCall(getListCertificateAuthoritiesMethod(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Undelete a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * that has been deleted.
+     * </pre>
+     */
+    public void undeleteCertificateAuthority(
+        com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest request,
+        io.grpc.stub.StreamObserver<com.google.longrunning.Operation> responseObserver) {
+      io.grpc.stub.ClientCalls.asyncUnaryCall(
+          getChannel().newCall(getUndeleteCertificateAuthorityMethod(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Delete a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     */
+    public void deleteCertificateAuthority(
+        com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest request,
+        io.grpc.stub.StreamObserver<com.google.longrunning.Operation> responseObserver) {
+      io.grpc.stub.ClientCalls.asyncUnaryCall(
+          getChannel().newCall(getDeleteCertificateAuthorityMethod(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Update a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     */
+    public void updateCertificateAuthority(
+        com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest request,
+        io.grpc.stub.StreamObserver<com.google.longrunning.Operation> responseObserver) {
+      io.grpc.stub.ClientCalls.asyncUnaryCall(
+          getChannel().newCall(getUpdateCertificateAuthorityMethod(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Create a [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     */
+    public void createCaPool(
+        com.google.cloud.security.privateca.v1.CreateCaPoolRequest request,
+        io.grpc.stub.StreamObserver<com.google.longrunning.Operation> responseObserver) {
+      io.grpc.stub.ClientCalls.asyncUnaryCall(
+          getChannel().newCall(getCreateCaPoolMethod(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Update a [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     */
+    public void updateCaPool(
+        com.google.cloud.security.privateca.v1.UpdateCaPoolRequest request,
+        io.grpc.stub.StreamObserver<com.google.longrunning.Operation> responseObserver) {
+      io.grpc.stub.ClientCalls.asyncUnaryCall(
+          getChannel().newCall(getUpdateCaPoolMethod(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Returns a [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     */
+    public void getCaPool(
+        com.google.cloud.security.privateca.v1.GetCaPoolRequest request,
+        io.grpc.stub.StreamObserver<com.google.cloud.security.privateca.v1.CaPool>
+            responseObserver) {
+      io.grpc.stub.ClientCalls.asyncUnaryCall(
+          getChannel().newCall(getGetCaPoolMethod(), getCallOptions()), request, responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Lists [CaPools][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     */
+    public void listCaPools(
+        com.google.cloud.security.privateca.v1.ListCaPoolsRequest request,
+        io.grpc.stub.StreamObserver<com.google.cloud.security.privateca.v1.ListCaPoolsResponse>
+            responseObserver) {
+      io.grpc.stub.ClientCalls.asyncUnaryCall(
+          getChannel().newCall(getListCaPoolsMethod(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Delete a [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     */
+    public void deleteCaPool(
+        com.google.cloud.security.privateca.v1.DeleteCaPoolRequest request,
+        io.grpc.stub.StreamObserver<com.google.longrunning.Operation> responseObserver) {
+      io.grpc.stub.ClientCalls.asyncUnaryCall(
+          getChannel().newCall(getDeleteCaPoolMethod(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * FetchCaCerts returns the current trust anchor for the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool]. This will include CA
+     * certificate chains for all ACTIVE
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * resources in the [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     */
+    public void fetchCaCerts(
+        com.google.cloud.security.privateca.v1.FetchCaCertsRequest request,
+        io.grpc.stub.StreamObserver<com.google.cloud.security.privateca.v1.FetchCaCertsResponse>
+            responseObserver) {
+      io.grpc.stub.ClientCalls.asyncUnaryCall(
+          getChannel().newCall(getFetchCaCertsMethod(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Returns a
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * </pre>
+     */
+    public void getCertificateRevocationList(
+        com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest request,
+        io.grpc.stub.StreamObserver<
+                com.google.cloud.security.privateca.v1.CertificateRevocationList>
+            responseObserver) {
+      io.grpc.stub.ClientCalls.asyncUnaryCall(
+          getChannel().newCall(getGetCertificateRevocationListMethod(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Lists
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * </pre>
+     */
+    public void listCertificateRevocationLists(
+        com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest request,
+        io.grpc.stub.StreamObserver<
+                com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse>
+            responseObserver) {
+      io.grpc.stub.ClientCalls.asyncUnaryCall(
+          getChannel().newCall(getListCertificateRevocationListsMethod(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Update a
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * </pre>
+     */
+    public void updateCertificateRevocationList(
+        com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest request,
+        io.grpc.stub.StreamObserver<com.google.longrunning.Operation> responseObserver) {
+      io.grpc.stub.ClientCalls.asyncUnaryCall(
+          getChannel().newCall(getUpdateCertificateRevocationListMethod(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Create a new
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * in a given Project and Location.
+     * </pre>
+     */
+    public void createCertificateTemplate(
+        com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest request,
+        io.grpc.stub.StreamObserver<com.google.longrunning.Operation> responseObserver) {
+      io.grpc.stub.ClientCalls.asyncUnaryCall(
+          getChannel().newCall(getCreateCertificateTemplateMethod(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * DeleteCertificateTemplate deletes a
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+     * </pre>
+     */
+    public void deleteCertificateTemplate(
+        com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest request,
+        io.grpc.stub.StreamObserver<com.google.longrunning.Operation> responseObserver) {
+      io.grpc.stub.ClientCalls.asyncUnaryCall(
+          getChannel().newCall(getDeleteCertificateTemplateMethod(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Returns a
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+     * </pre>
+     */
+    public void getCertificateTemplate(
+        com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest request,
+        io.grpc.stub.StreamObserver<com.google.cloud.security.privateca.v1.CertificateTemplate>
+            responseObserver) {
+      io.grpc.stub.ClientCalls.asyncUnaryCall(
+          getChannel().newCall(getGetCertificateTemplateMethod(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Lists
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * </pre>
+     */
+    public void listCertificateTemplates(
+        com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest request,
+        io.grpc.stub.StreamObserver<
+                com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse>
+            responseObserver) {
+      io.grpc.stub.ClientCalls.asyncUnaryCall(
+          getChannel().newCall(getListCertificateTemplatesMethod(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Update a
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+     * </pre>
+     */
+    public void updateCertificateTemplate(
+        com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest request,
+        io.grpc.stub.StreamObserver<com.google.longrunning.Operation> responseObserver) {
+      io.grpc.stub.ClientCalls.asyncUnaryCall(
+          getChannel().newCall(getUpdateCertificateTemplateMethod(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+  }
+
+  /**
+   *
+   *
+   * <pre>
+   * [Certificate Authority
+   * Service][google.cloud.security.privateca.v1.CertificateAuthorityService]
+   * manages private certificate authorities and issued certificates.
+   * </pre>
+   */
+  public static final class CertificateAuthorityServiceBlockingStub
+      extends io.grpc.stub.AbstractBlockingStub<CertificateAuthorityServiceBlockingStub> {
+    private CertificateAuthorityServiceBlockingStub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected CertificateAuthorityServiceBlockingStub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new CertificateAuthorityServiceBlockingStub(channel, callOptions);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Create a new [Certificate][google.cloud.security.privateca.v1.Certificate]
+     * in a given Project, Location from a particular
+     * [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     */
+    public com.google.cloud.security.privateca.v1.Certificate createCertificate(
+        com.google.cloud.security.privateca.v1.CreateCertificateRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getCreateCertificateMethod(), getCallOptions(), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Returns a [Certificate][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     */
+    public com.google.cloud.security.privateca.v1.Certificate getCertificate(
+        com.google.cloud.security.privateca.v1.GetCertificateRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getGetCertificateMethod(), getCallOptions(), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Lists [Certificates][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     */
+    public com.google.cloud.security.privateca.v1.ListCertificatesResponse listCertificates(
+        com.google.cloud.security.privateca.v1.ListCertificatesRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getListCertificatesMethod(), getCallOptions(), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Revoke a [Certificate][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     */
+    public com.google.cloud.security.privateca.v1.Certificate revokeCertificate(
+        com.google.cloud.security.privateca.v1.RevokeCertificateRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getRevokeCertificateMethod(), getCallOptions(), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Update a [Certificate][google.cloud.security.privateca.v1.Certificate].
+     * Currently, the only field you can update is the
+     * [labels][google.cloud.security.privateca.v1.Certificate.labels] field.
+     * </pre>
+     */
+    public com.google.cloud.security.privateca.v1.Certificate updateCertificate(
+        com.google.cloud.security.privateca.v1.UpdateCertificateRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getUpdateCertificateMethod(), getCallOptions(), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Activate a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * that is in state
+     * [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
+     * and is of type
+     * [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+     * After the parent Certificate Authority signs a certificate signing request
+     * from
+     * [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr],
+     * this method can complete the activation process.
+     * </pre>
+     */
+    public com.google.longrunning.Operation activateCertificateAuthority(
+        com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getActivateCertificateAuthorityMethod(), getCallOptions(), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Create a new
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in a given Project and Location.
+     * </pre>
+     */
+    public com.google.longrunning.Operation createCertificateAuthority(
+        com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getCreateCertificateAuthorityMethod(), getCallOptions(), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Disable a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     */
+    public com.google.longrunning.Operation disableCertificateAuthority(
+        com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getDisableCertificateAuthorityMethod(), getCallOptions(), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Enable a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     */
+    public com.google.longrunning.Operation enableCertificateAuthority(
+        com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getEnableCertificateAuthorityMethod(), getCallOptions(), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Fetch a certificate signing request (CSR) from a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * that is in state
+     * [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
+     * and is of type
+     * [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+     * The CSR must then be signed by the desired parent Certificate Authority,
+     * which could be another
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * resource, or could be an on-prem certificate authority. See also
+     * [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
+     * </pre>
+     */
+    public com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse
+        fetchCertificateAuthorityCsr(
+            com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getFetchCertificateAuthorityCsrMethod(), getCallOptions(), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Returns a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateAuthority getCertificateAuthority(
+        com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getGetCertificateAuthorityMethod(), getCallOptions(), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Lists
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     */
+    public com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse
+        listCertificateAuthorities(
+            com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getListCertificateAuthoritiesMethod(), getCallOptions(), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Undelete a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * that has been deleted.
+     * </pre>
+     */
+    public com.google.longrunning.Operation undeleteCertificateAuthority(
+        com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getUndeleteCertificateAuthorityMethod(), getCallOptions(), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Delete a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     */
+    public com.google.longrunning.Operation deleteCertificateAuthority(
+        com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getDeleteCertificateAuthorityMethod(), getCallOptions(), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Update a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     */
+    public com.google.longrunning.Operation updateCertificateAuthority(
+        com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getUpdateCertificateAuthorityMethod(), getCallOptions(), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Create a [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     */
+    public com.google.longrunning.Operation createCaPool(
+        com.google.cloud.security.privateca.v1.CreateCaPoolRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getCreateCaPoolMethod(), getCallOptions(), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Update a [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     */
+    public com.google.longrunning.Operation updateCaPool(
+        com.google.cloud.security.privateca.v1.UpdateCaPoolRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getUpdateCaPoolMethod(), getCallOptions(), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Returns a [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     */
+    public com.google.cloud.security.privateca.v1.CaPool getCaPool(
+        com.google.cloud.security.privateca.v1.GetCaPoolRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getGetCaPoolMethod(), getCallOptions(), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Lists [CaPools][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     */
+    public com.google.cloud.security.privateca.v1.ListCaPoolsResponse listCaPools(
+        com.google.cloud.security.privateca.v1.ListCaPoolsRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getListCaPoolsMethod(), getCallOptions(), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Delete a [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     */
+    public com.google.longrunning.Operation deleteCaPool(
+        com.google.cloud.security.privateca.v1.DeleteCaPoolRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getDeleteCaPoolMethod(), getCallOptions(), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * FetchCaCerts returns the current trust anchor for the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool]. This will include CA
+     * certificate chains for all ACTIVE
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * resources in the [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     */
+    public com.google.cloud.security.privateca.v1.FetchCaCertsResponse fetchCaCerts(
+        com.google.cloud.security.privateca.v1.FetchCaCertsRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getFetchCaCertsMethod(), getCallOptions(), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Returns a
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * </pre>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateRevocationList
+        getCertificateRevocationList(
+            com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getGetCertificateRevocationListMethod(), getCallOptions(), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Lists
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * </pre>
+     */
+    public com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse
+        listCertificateRevocationLists(
+            com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getListCertificateRevocationListsMethod(), getCallOptions(), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Update a
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * </pre>
+     */
+    public com.google.longrunning.Operation updateCertificateRevocationList(
+        com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getUpdateCertificateRevocationListMethod(), getCallOptions(), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Create a new
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * in a given Project and Location.
+     * </pre>
+     */
+    public com.google.longrunning.Operation createCertificateTemplate(
+        com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getCreateCertificateTemplateMethod(), getCallOptions(), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * DeleteCertificateTemplate deletes a
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+     * </pre>
+     */
+    public com.google.longrunning.Operation deleteCertificateTemplate(
+        com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getDeleteCertificateTemplateMethod(), getCallOptions(), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Returns a
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+     * </pre>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateTemplate getCertificateTemplate(
+        com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getGetCertificateTemplateMethod(), getCallOptions(), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Lists
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * </pre>
+     */
+    public com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse
+        listCertificateTemplates(
+            com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getListCertificateTemplatesMethod(), getCallOptions(), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Update a
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+     * </pre>
+     */
+    public com.google.longrunning.Operation updateCertificateTemplate(
+        com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest request) {
+      return io.grpc.stub.ClientCalls.blockingUnaryCall(
+          getChannel(), getUpdateCertificateTemplateMethod(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   *
+   *
+   * <pre>
+   * [Certificate Authority
+   * Service][google.cloud.security.privateca.v1.CertificateAuthorityService]
+   * manages private certificate authorities and issued certificates.
+   * </pre>
+   */
+  public static final class CertificateAuthorityServiceFutureStub
+      extends io.grpc.stub.AbstractFutureStub<CertificateAuthorityServiceFutureStub> {
+    private CertificateAuthorityServiceFutureStub(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected CertificateAuthorityServiceFutureStub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new CertificateAuthorityServiceFutureStub(channel, callOptions);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Create a new [Certificate][google.cloud.security.privateca.v1.Certificate]
+     * in a given Project, Location from a particular
+     * [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<
+            com.google.cloud.security.privateca.v1.Certificate>
+        createCertificate(com.google.cloud.security.privateca.v1.CreateCertificateRequest request) {
+      return io.grpc.stub.ClientCalls.futureUnaryCall(
+          getChannel().newCall(getCreateCertificateMethod(), getCallOptions()), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Returns a [Certificate][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<
+            com.google.cloud.security.privateca.v1.Certificate>
+        getCertificate(com.google.cloud.security.privateca.v1.GetCertificateRequest request) {
+      return io.grpc.stub.ClientCalls.futureUnaryCall(
+          getChannel().newCall(getGetCertificateMethod(), getCallOptions()), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Lists [Certificates][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<
+            com.google.cloud.security.privateca.v1.ListCertificatesResponse>
+        listCertificates(com.google.cloud.security.privateca.v1.ListCertificatesRequest request) {
+      return io.grpc.stub.ClientCalls.futureUnaryCall(
+          getChannel().newCall(getListCertificatesMethod(), getCallOptions()), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Revoke a [Certificate][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<
+            com.google.cloud.security.privateca.v1.Certificate>
+        revokeCertificate(com.google.cloud.security.privateca.v1.RevokeCertificateRequest request) {
+      return io.grpc.stub.ClientCalls.futureUnaryCall(
+          getChannel().newCall(getRevokeCertificateMethod(), getCallOptions()), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Update a [Certificate][google.cloud.security.privateca.v1.Certificate].
+     * Currently, the only field you can update is the
+     * [labels][google.cloud.security.privateca.v1.Certificate.labels] field.
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<
+            com.google.cloud.security.privateca.v1.Certificate>
+        updateCertificate(com.google.cloud.security.privateca.v1.UpdateCertificateRequest request) {
+      return io.grpc.stub.ClientCalls.futureUnaryCall(
+          getChannel().newCall(getUpdateCertificateMethod(), getCallOptions()), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Activate a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * that is in state
+     * [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
+     * and is of type
+     * [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+     * After the parent Certificate Authority signs a certificate signing request
+     * from
+     * [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr],
+     * this method can complete the activation process.
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<com.google.longrunning.Operation>
+        activateCertificateAuthority(
+            com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest request) {
+      return io.grpc.stub.ClientCalls.futureUnaryCall(
+          getChannel().newCall(getActivateCertificateAuthorityMethod(), getCallOptions()), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Create a new
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in a given Project and Location.
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<com.google.longrunning.Operation>
+        createCertificateAuthority(
+            com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest request) {
+      return io.grpc.stub.ClientCalls.futureUnaryCall(
+          getChannel().newCall(getCreateCertificateAuthorityMethod(), getCallOptions()), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Disable a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<com.google.longrunning.Operation>
+        disableCertificateAuthority(
+            com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest request) {
+      return io.grpc.stub.ClientCalls.futureUnaryCall(
+          getChannel().newCall(getDisableCertificateAuthorityMethod(), getCallOptions()), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Enable a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<com.google.longrunning.Operation>
+        enableCertificateAuthority(
+            com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest request) {
+      return io.grpc.stub.ClientCalls.futureUnaryCall(
+          getChannel().newCall(getEnableCertificateAuthorityMethod(), getCallOptions()), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Fetch a certificate signing request (CSR) from a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * that is in state
+     * [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
+     * and is of type
+     * [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+     * The CSR must then be signed by the desired parent Certificate Authority,
+     * which could be another
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * resource, or could be an on-prem certificate authority. See also
+     * [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<
+            com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse>
+        fetchCertificateAuthorityCsr(
+            com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest request) {
+      return io.grpc.stub.ClientCalls.futureUnaryCall(
+          getChannel().newCall(getFetchCertificateAuthorityCsrMethod(), getCallOptions()), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Returns a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<
+            com.google.cloud.security.privateca.v1.CertificateAuthority>
+        getCertificateAuthority(
+            com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest request) {
+      return io.grpc.stub.ClientCalls.futureUnaryCall(
+          getChannel().newCall(getGetCertificateAuthorityMethod(), getCallOptions()), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Lists
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<
+            com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse>
+        listCertificateAuthorities(
+            com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest request) {
+      return io.grpc.stub.ClientCalls.futureUnaryCall(
+          getChannel().newCall(getListCertificateAuthoritiesMethod(), getCallOptions()), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Undelete a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * that has been deleted.
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<com.google.longrunning.Operation>
+        undeleteCertificateAuthority(
+            com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest request) {
+      return io.grpc.stub.ClientCalls.futureUnaryCall(
+          getChannel().newCall(getUndeleteCertificateAuthorityMethod(), getCallOptions()), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Delete a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<com.google.longrunning.Operation>
+        deleteCertificateAuthority(
+            com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest request) {
+      return io.grpc.stub.ClientCalls.futureUnaryCall(
+          getChannel().newCall(getDeleteCertificateAuthorityMethod(), getCallOptions()), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Update a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<com.google.longrunning.Operation>
+        updateCertificateAuthority(
+            com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest request) {
+      return io.grpc.stub.ClientCalls.futureUnaryCall(
+          getChannel().newCall(getUpdateCertificateAuthorityMethod(), getCallOptions()), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Create a [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<com.google.longrunning.Operation>
+        createCaPool(com.google.cloud.security.privateca.v1.CreateCaPoolRequest request) {
+      return io.grpc.stub.ClientCalls.futureUnaryCall(
+          getChannel().newCall(getCreateCaPoolMethod(), getCallOptions()), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Update a [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<com.google.longrunning.Operation>
+        updateCaPool(com.google.cloud.security.privateca.v1.UpdateCaPoolRequest request) {
+      return io.grpc.stub.ClientCalls.futureUnaryCall(
+          getChannel().newCall(getUpdateCaPoolMethod(), getCallOptions()), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Returns a [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<
+            com.google.cloud.security.privateca.v1.CaPool>
+        getCaPool(com.google.cloud.security.privateca.v1.GetCaPoolRequest request) {
+      return io.grpc.stub.ClientCalls.futureUnaryCall(
+          getChannel().newCall(getGetCaPoolMethod(), getCallOptions()), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Lists [CaPools][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<
+            com.google.cloud.security.privateca.v1.ListCaPoolsResponse>
+        listCaPools(com.google.cloud.security.privateca.v1.ListCaPoolsRequest request) {
+      return io.grpc.stub.ClientCalls.futureUnaryCall(
+          getChannel().newCall(getListCaPoolsMethod(), getCallOptions()), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Delete a [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<com.google.longrunning.Operation>
+        deleteCaPool(com.google.cloud.security.privateca.v1.DeleteCaPoolRequest request) {
+      return io.grpc.stub.ClientCalls.futureUnaryCall(
+          getChannel().newCall(getDeleteCaPoolMethod(), getCallOptions()), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * FetchCaCerts returns the current trust anchor for the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool]. This will include CA
+     * certificate chains for all ACTIVE
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * resources in the [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<
+            com.google.cloud.security.privateca.v1.FetchCaCertsResponse>
+        fetchCaCerts(com.google.cloud.security.privateca.v1.FetchCaCertsRequest request) {
+      return io.grpc.stub.ClientCalls.futureUnaryCall(
+          getChannel().newCall(getFetchCaCertsMethod(), getCallOptions()), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Returns a
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<
+            com.google.cloud.security.privateca.v1.CertificateRevocationList>
+        getCertificateRevocationList(
+            com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest request) {
+      return io.grpc.stub.ClientCalls.futureUnaryCall(
+          getChannel().newCall(getGetCertificateRevocationListMethod(), getCallOptions()), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Lists
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<
+            com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse>
+        listCertificateRevocationLists(
+            com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest request) {
+      return io.grpc.stub.ClientCalls.futureUnaryCall(
+          getChannel().newCall(getListCertificateRevocationListsMethod(), getCallOptions()),
+          request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Update a
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<com.google.longrunning.Operation>
+        updateCertificateRevocationList(
+            com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest request) {
+      return io.grpc.stub.ClientCalls.futureUnaryCall(
+          getChannel().newCall(getUpdateCertificateRevocationListMethod(), getCallOptions()),
+          request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Create a new
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * in a given Project and Location.
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<com.google.longrunning.Operation>
+        createCertificateTemplate(
+            com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest request) {
+      return io.grpc.stub.ClientCalls.futureUnaryCall(
+          getChannel().newCall(getCreateCertificateTemplateMethod(), getCallOptions()), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * DeleteCertificateTemplate deletes a
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<com.google.longrunning.Operation>
+        deleteCertificateTemplate(
+            com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest request) {
+      return io.grpc.stub.ClientCalls.futureUnaryCall(
+          getChannel().newCall(getDeleteCertificateTemplateMethod(), getCallOptions()), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Returns a
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<
+            com.google.cloud.security.privateca.v1.CertificateTemplate>
+        getCertificateTemplate(
+            com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest request) {
+      return io.grpc.stub.ClientCalls.futureUnaryCall(
+          getChannel().newCall(getGetCertificateTemplateMethod(), getCallOptions()), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Lists
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<
+            com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse>
+        listCertificateTemplates(
+            com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest request) {
+      return io.grpc.stub.ClientCalls.futureUnaryCall(
+          getChannel().newCall(getListCertificateTemplatesMethod(), getCallOptions()), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Update a
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<com.google.longrunning.Operation>
+        updateCertificateTemplate(
+            com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest request) {
+      return io.grpc.stub.ClientCalls.futureUnaryCall(
+          getChannel().newCall(getUpdateCertificateTemplateMethod(), getCallOptions()), request);
+    }
+  }
+
+  private static final int METHODID_CREATE_CERTIFICATE = 0;
+  private static final int METHODID_GET_CERTIFICATE = 1;
+  private static final int METHODID_LIST_CERTIFICATES = 2;
+  private static final int METHODID_REVOKE_CERTIFICATE = 3;
+  private static final int METHODID_UPDATE_CERTIFICATE = 4;
+  private static final int METHODID_ACTIVATE_CERTIFICATE_AUTHORITY = 5;
+  private static final int METHODID_CREATE_CERTIFICATE_AUTHORITY = 6;
+  private static final int METHODID_DISABLE_CERTIFICATE_AUTHORITY = 7;
+  private static final int METHODID_ENABLE_CERTIFICATE_AUTHORITY = 8;
+  private static final int METHODID_FETCH_CERTIFICATE_AUTHORITY_CSR = 9;
+  private static final int METHODID_GET_CERTIFICATE_AUTHORITY = 10;
+  private static final int METHODID_LIST_CERTIFICATE_AUTHORITIES = 11;
+  private static final int METHODID_UNDELETE_CERTIFICATE_AUTHORITY = 12;
+  private static final int METHODID_DELETE_CERTIFICATE_AUTHORITY = 13;
+  private static final int METHODID_UPDATE_CERTIFICATE_AUTHORITY = 14;
+  private static final int METHODID_CREATE_CA_POOL = 15;
+  private static final int METHODID_UPDATE_CA_POOL = 16;
+  private static final int METHODID_GET_CA_POOL = 17;
+  private static final int METHODID_LIST_CA_POOLS = 18;
+  private static final int METHODID_DELETE_CA_POOL = 19;
+  private static final int METHODID_FETCH_CA_CERTS = 20;
+  private static final int METHODID_GET_CERTIFICATE_REVOCATION_LIST = 21;
+  private static final int METHODID_LIST_CERTIFICATE_REVOCATION_LISTS = 22;
+  private static final int METHODID_UPDATE_CERTIFICATE_REVOCATION_LIST = 23;
+  private static final int METHODID_CREATE_CERTIFICATE_TEMPLATE = 24;
+  private static final int METHODID_DELETE_CERTIFICATE_TEMPLATE = 25;
+  private static final int METHODID_GET_CERTIFICATE_TEMPLATE = 26;
+  private static final int METHODID_LIST_CERTIFICATE_TEMPLATES = 27;
+  private static final int METHODID_UPDATE_CERTIFICATE_TEMPLATE = 28;
+
+  private static final class MethodHandlers<Req, Resp>
+      implements io.grpc.stub.ServerCalls.UnaryMethod<Req, Resp>,
+          io.grpc.stub.ServerCalls.ServerStreamingMethod<Req, Resp>,
+          io.grpc.stub.ServerCalls.ClientStreamingMethod<Req, Resp>,
+          io.grpc.stub.ServerCalls.BidiStreamingMethod<Req, Resp> {
+    private final CertificateAuthorityServiceImplBase serviceImpl;
+    private final int methodId;
+
+    MethodHandlers(CertificateAuthorityServiceImplBase serviceImpl, int methodId) {
+      this.serviceImpl = serviceImpl;
+      this.methodId = methodId;
+    }
+
+    @java.lang.Override
+    @java.lang.SuppressWarnings("unchecked")
+    public void invoke(Req request, io.grpc.stub.StreamObserver<Resp> responseObserver) {
+      switch (methodId) {
+        case METHODID_CREATE_CERTIFICATE:
+          serviceImpl.createCertificate(
+              (com.google.cloud.security.privateca.v1.CreateCertificateRequest) request,
+              (io.grpc.stub.StreamObserver<com.google.cloud.security.privateca.v1.Certificate>)
+                  responseObserver);
+          break;
+        case METHODID_GET_CERTIFICATE:
+          serviceImpl.getCertificate(
+              (com.google.cloud.security.privateca.v1.GetCertificateRequest) request,
+              (io.grpc.stub.StreamObserver<com.google.cloud.security.privateca.v1.Certificate>)
+                  responseObserver);
+          break;
+        case METHODID_LIST_CERTIFICATES:
+          serviceImpl.listCertificates(
+              (com.google.cloud.security.privateca.v1.ListCertificatesRequest) request,
+              (io.grpc.stub.StreamObserver<
+                      com.google.cloud.security.privateca.v1.ListCertificatesResponse>)
+                  responseObserver);
+          break;
+        case METHODID_REVOKE_CERTIFICATE:
+          serviceImpl.revokeCertificate(
+              (com.google.cloud.security.privateca.v1.RevokeCertificateRequest) request,
+              (io.grpc.stub.StreamObserver<com.google.cloud.security.privateca.v1.Certificate>)
+                  responseObserver);
+          break;
+        case METHODID_UPDATE_CERTIFICATE:
+          serviceImpl.updateCertificate(
+              (com.google.cloud.security.privateca.v1.UpdateCertificateRequest) request,
+              (io.grpc.stub.StreamObserver<com.google.cloud.security.privateca.v1.Certificate>)
+                  responseObserver);
+          break;
+        case METHODID_ACTIVATE_CERTIFICATE_AUTHORITY:
+          serviceImpl.activateCertificateAuthority(
+              (com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest) request,
+              (io.grpc.stub.StreamObserver<com.google.longrunning.Operation>) responseObserver);
+          break;
+        case METHODID_CREATE_CERTIFICATE_AUTHORITY:
+          serviceImpl.createCertificateAuthority(
+              (com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest) request,
+              (io.grpc.stub.StreamObserver<com.google.longrunning.Operation>) responseObserver);
+          break;
+        case METHODID_DISABLE_CERTIFICATE_AUTHORITY:
+          serviceImpl.disableCertificateAuthority(
+              (com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest) request,
+              (io.grpc.stub.StreamObserver<com.google.longrunning.Operation>) responseObserver);
+          break;
+        case METHODID_ENABLE_CERTIFICATE_AUTHORITY:
+          serviceImpl.enableCertificateAuthority(
+              (com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest) request,
+              (io.grpc.stub.StreamObserver<com.google.longrunning.Operation>) responseObserver);
+          break;
+        case METHODID_FETCH_CERTIFICATE_AUTHORITY_CSR:
+          serviceImpl.fetchCertificateAuthorityCsr(
+              (com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest) request,
+              (io.grpc.stub.StreamObserver<
+                      com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse>)
+                  responseObserver);
+          break;
+        case METHODID_GET_CERTIFICATE_AUTHORITY:
+          serviceImpl.getCertificateAuthority(
+              (com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest) request,
+              (io.grpc.stub.StreamObserver<
+                      com.google.cloud.security.privateca.v1.CertificateAuthority>)
+                  responseObserver);
+          break;
+        case METHODID_LIST_CERTIFICATE_AUTHORITIES:
+          serviceImpl.listCertificateAuthorities(
+              (com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest) request,
+              (io.grpc.stub.StreamObserver<
+                      com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse>)
+                  responseObserver);
+          break;
+        case METHODID_UNDELETE_CERTIFICATE_AUTHORITY:
+          serviceImpl.undeleteCertificateAuthority(
+              (com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest) request,
+              (io.grpc.stub.StreamObserver<com.google.longrunning.Operation>) responseObserver);
+          break;
+        case METHODID_DELETE_CERTIFICATE_AUTHORITY:
+          serviceImpl.deleteCertificateAuthority(
+              (com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest) request,
+              (io.grpc.stub.StreamObserver<com.google.longrunning.Operation>) responseObserver);
+          break;
+        case METHODID_UPDATE_CERTIFICATE_AUTHORITY:
+          serviceImpl.updateCertificateAuthority(
+              (com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest) request,
+              (io.grpc.stub.StreamObserver<com.google.longrunning.Operation>) responseObserver);
+          break;
+        case METHODID_CREATE_CA_POOL:
+          serviceImpl.createCaPool(
+              (com.google.cloud.security.privateca.v1.CreateCaPoolRequest) request,
+              (io.grpc.stub.StreamObserver<com.google.longrunning.Operation>) responseObserver);
+          break;
+        case METHODID_UPDATE_CA_POOL:
+          serviceImpl.updateCaPool(
+              (com.google.cloud.security.privateca.v1.UpdateCaPoolRequest) request,
+              (io.grpc.stub.StreamObserver<com.google.longrunning.Operation>) responseObserver);
+          break;
+        case METHODID_GET_CA_POOL:
+          serviceImpl.getCaPool(
+              (com.google.cloud.security.privateca.v1.GetCaPoolRequest) request,
+              (io.grpc.stub.StreamObserver<com.google.cloud.security.privateca.v1.CaPool>)
+                  responseObserver);
+          break;
+        case METHODID_LIST_CA_POOLS:
+          serviceImpl.listCaPools(
+              (com.google.cloud.security.privateca.v1.ListCaPoolsRequest) request,
+              (io.grpc.stub.StreamObserver<
+                      com.google.cloud.security.privateca.v1.ListCaPoolsResponse>)
+                  responseObserver);
+          break;
+        case METHODID_DELETE_CA_POOL:
+          serviceImpl.deleteCaPool(
+              (com.google.cloud.security.privateca.v1.DeleteCaPoolRequest) request,
+              (io.grpc.stub.StreamObserver<com.google.longrunning.Operation>) responseObserver);
+          break;
+        case METHODID_FETCH_CA_CERTS:
+          serviceImpl.fetchCaCerts(
+              (com.google.cloud.security.privateca.v1.FetchCaCertsRequest) request,
+              (io.grpc.stub.StreamObserver<
+                      com.google.cloud.security.privateca.v1.FetchCaCertsResponse>)
+                  responseObserver);
+          break;
+        case METHODID_GET_CERTIFICATE_REVOCATION_LIST:
+          serviceImpl.getCertificateRevocationList(
+              (com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest) request,
+              (io.grpc.stub.StreamObserver<
+                      com.google.cloud.security.privateca.v1.CertificateRevocationList>)
+                  responseObserver);
+          break;
+        case METHODID_LIST_CERTIFICATE_REVOCATION_LISTS:
+          serviceImpl.listCertificateRevocationLists(
+              (com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest)
+                  request,
+              (io.grpc.stub.StreamObserver<
+                      com.google.cloud.security.privateca.v1
+                          .ListCertificateRevocationListsResponse>)
+                  responseObserver);
+          break;
+        case METHODID_UPDATE_CERTIFICATE_REVOCATION_LIST:
+          serviceImpl.updateCertificateRevocationList(
+              (com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest)
+                  request,
+              (io.grpc.stub.StreamObserver<com.google.longrunning.Operation>) responseObserver);
+          break;
+        case METHODID_CREATE_CERTIFICATE_TEMPLATE:
+          serviceImpl.createCertificateTemplate(
+              (com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest) request,
+              (io.grpc.stub.StreamObserver<com.google.longrunning.Operation>) responseObserver);
+          break;
+        case METHODID_DELETE_CERTIFICATE_TEMPLATE:
+          serviceImpl.deleteCertificateTemplate(
+              (com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest) request,
+              (io.grpc.stub.StreamObserver<com.google.longrunning.Operation>) responseObserver);
+          break;
+        case METHODID_GET_CERTIFICATE_TEMPLATE:
+          serviceImpl.getCertificateTemplate(
+              (com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest) request,
+              (io.grpc.stub.StreamObserver<
+                      com.google.cloud.security.privateca.v1.CertificateTemplate>)
+                  responseObserver);
+          break;
+        case METHODID_LIST_CERTIFICATE_TEMPLATES:
+          serviceImpl.listCertificateTemplates(
+              (com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest) request,
+              (io.grpc.stub.StreamObserver<
+                      com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse>)
+                  responseObserver);
+          break;
+        case METHODID_UPDATE_CERTIFICATE_TEMPLATE:
+          serviceImpl.updateCertificateTemplate(
+              (com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest) request,
+              (io.grpc.stub.StreamObserver<com.google.longrunning.Operation>) responseObserver);
+          break;
+        default:
+          throw new AssertionError();
+      }
+    }
+
+    @java.lang.Override
+    @java.lang.SuppressWarnings("unchecked")
+    public io.grpc.stub.StreamObserver<Req> invoke(
+        io.grpc.stub.StreamObserver<Resp> responseObserver) {
+      switch (methodId) {
+        default:
+          throw new AssertionError();
+      }
+    }
+  }
+
+  private abstract static class CertificateAuthorityServiceBaseDescriptorSupplier
+      implements io.grpc.protobuf.ProtoFileDescriptorSupplier,
+          io.grpc.protobuf.ProtoServiceDescriptorSupplier {
+    CertificateAuthorityServiceBaseDescriptorSupplier() {}
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.FileDescriptor getFileDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto.getDescriptor();
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.ServiceDescriptor getServiceDescriptor() {
+      return getFileDescriptor().findServiceByName("CertificateAuthorityService");
+    }
+  }
+
+  private static final class CertificateAuthorityServiceFileDescriptorSupplier
+      extends CertificateAuthorityServiceBaseDescriptorSupplier {
+    CertificateAuthorityServiceFileDescriptorSupplier() {}
+  }
+
+  private static final class CertificateAuthorityServiceMethodDescriptorSupplier
+      extends CertificateAuthorityServiceBaseDescriptorSupplier
+      implements io.grpc.protobuf.ProtoMethodDescriptorSupplier {
+    private final String methodName;
+
+    CertificateAuthorityServiceMethodDescriptorSupplier(String methodName) {
+      this.methodName = methodName;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.MethodDescriptor getMethodDescriptor() {
+      return getServiceDescriptor().findMethodByName(methodName);
+    }
+  }
+
+  private static volatile io.grpc.ServiceDescriptor serviceDescriptor;
+
+  public static io.grpc.ServiceDescriptor getServiceDescriptor() {
+    io.grpc.ServiceDescriptor result = serviceDescriptor;
+    if (result == null) {
+      synchronized (CertificateAuthorityServiceGrpc.class) {
+        result = serviceDescriptor;
+        if (result == null) {
+          serviceDescriptor =
+              result =
+                  io.grpc.ServiceDescriptor.newBuilder(SERVICE_NAME)
+                      .setSchemaDescriptor(new CertificateAuthorityServiceFileDescriptorSupplier())
+                      .addMethod(getCreateCertificateMethod())
+                      .addMethod(getGetCertificateMethod())
+                      .addMethod(getListCertificatesMethod())
+                      .addMethod(getRevokeCertificateMethod())
+                      .addMethod(getUpdateCertificateMethod())
+                      .addMethod(getActivateCertificateAuthorityMethod())
+                      .addMethod(getCreateCertificateAuthorityMethod())
+                      .addMethod(getDisableCertificateAuthorityMethod())
+                      .addMethod(getEnableCertificateAuthorityMethod())
+                      .addMethod(getFetchCertificateAuthorityCsrMethod())
+                      .addMethod(getGetCertificateAuthorityMethod())
+                      .addMethod(getListCertificateAuthoritiesMethod())
+                      .addMethod(getUndeleteCertificateAuthorityMethod())
+                      .addMethod(getDeleteCertificateAuthorityMethod())
+                      .addMethod(getUpdateCertificateAuthorityMethod())
+                      .addMethod(getCreateCaPoolMethod())
+                      .addMethod(getUpdateCaPoolMethod())
+                      .addMethod(getGetCaPoolMethod())
+                      .addMethod(getListCaPoolsMethod())
+                      .addMethod(getDeleteCaPoolMethod())
+                      .addMethod(getFetchCaCertsMethod())
+                      .addMethod(getGetCertificateRevocationListMethod())
+                      .addMethod(getListCertificateRevocationListsMethod())
+                      .addMethod(getUpdateCertificateRevocationListMethod())
+                      .addMethod(getCreateCertificateTemplateMethod())
+                      .addMethod(getDeleteCertificateTemplateMethod())
+                      .addMethod(getGetCertificateTemplateMethod())
+                      .addMethod(getListCertificateTemplatesMethod())
+                      .addMethod(getUpdateCertificateTemplateMethod())
+                      .build();
+        }
+      }
+    }
+    return result;
+  }
+}
diff --git a/owlbot.py b/owlbot.py
new file mode 100644
index 00000000..dca9d867
--- /dev/null
+++ b/owlbot.py
@@ -0,0 +1,24 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import synthtool as s
+from synthtool.languages import java
+
+
+for library in s.get_staging_dirs():
+    # put any special-case replacements here
+    s.move(library)
+
+s.remove_staging_dirs()
+java.common_templates()
diff --git a/pom.xml b/pom.xml
index 06311d51..55849c73 100644
--- a/pom.xml
+++ b/pom.xml
@@ -72,6 +72,16 @@
         <artifactId>google-cloud-security-private-ca</artifactId>
         <version>0.2.9-SNAPSHOT</version><!-- {x-version-update:google-cloud-security-private-ca:current} -->
       </dependency>
+      <dependency>
+        <groupId>com.google.api.grpc</groupId>
+        <artifactId>proto-google-cloud-security-private-ca-v1</artifactId>
+        <version>0.2.9-SNAPSHOT</version><!-- {x-version-update:proto-google-cloud-security-private-ca-v1:current} -->
+      </dependency>
+      <dependency>
+        <groupId>com.google.api.grpc</groupId>
+        <artifactId>grpc-google-cloud-security-private-ca-v1</artifactId>
+        <version>0.2.9-SNAPSHOT</version><!-- {x-version-update:grpc-google-cloud-security-private-ca-v1:current} -->
+      </dependency>
       <dependency>
         <groupId>com.google.api.grpc</groupId>
         <artifactId>proto-google-cloud-security-private-ca-v1beta1</artifactId>
@@ -112,8 +122,10 @@
 
   <modules>
     <module>google-cloud-security-private-ca</module>
-    <module>proto-google-cloud-security-private-ca-v1beta1</module>
     <module>grpc-google-cloud-security-private-ca-v1beta1</module>
+    <module>grpc-google-cloud-security-private-ca-v1</module>
+    <module>proto-google-cloud-security-private-ca-v1beta1</module>
+    <module>proto-google-cloud-security-private-ca-v1</module>
     <module>google-cloud-security-private-ca-bom</module>
   </modules>
 
@@ -186,4 +198,4 @@
       </plugin>
     </plugins>
   </reporting>
-</project>
\ No newline at end of file
+</project>
diff --git a/proto-google-cloud-security-private-ca-v1/clirr-ignored-differences.xml b/proto-google-cloud-security-private-ca-v1/clirr-ignored-differences.xml
new file mode 100644
index 00000000..8d53cdbe
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/clirr-ignored-differences.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- see http://www.mojohaus.org/clirr-maven-plugin/examples/ignored-differences.html -->
+<differences>
+  <difference>
+    <differenceType>7012</differenceType>
+    <className>com/google/cloud/security/privateca/v1/*OrBuilder</className>
+    <method>* get*(*)</method>
+  </difference>
+  <difference>
+    <differenceType>7012</differenceType>
+    <className>com/google/cloud/security/privateca/v1/*OrBuilder</className>
+    <method>boolean contains*(*)</method>
+  </difference>
+  <difference>
+    <differenceType>7012</differenceType>
+    <className>com/google/cloud/security/privateca/v1/*OrBuilder</className>
+    <method>boolean has*(*)</method>
+  </difference>
+</differences>
diff --git a/proto-google-cloud-security-private-ca-v1/pom.xml b/proto-google-cloud-security-private-ca-v1/pom.xml
new file mode 100644
index 00000000..1cef7f5a
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/pom.xml
@@ -0,0 +1,42 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>com.google.api.grpc</groupId>
+  <artifactId>proto-google-cloud-security-private-ca-v1</artifactId>
+  <version>0.2.9-SNAPSHOT</version><!-- {x-version-update:proto-google-cloud-security-private-ca-v1:current} -->
+  <name>proto-google-cloud-security-private-ca-v1</name>
+  <description>Proto library for google-cloud-security-private-ca</description>
+  <parent>
+    <groupId>com.google.cloud</groupId>
+    <artifactId>google-cloud-security-private-ca-parent</artifactId>
+    <version>0.2.9-SNAPSHOT</version><!-- {x-version-update:google-cloud-security-private-ca:current} -->
+  </parent>
+  <dependencies>
+    <dependency>
+      <groupId>com.google.protobuf</groupId>
+      <artifactId>protobuf-java</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>com.google.api.grpc</groupId>
+      <artifactId>proto-google-common-protos</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>com.google.api</groupId>
+      <artifactId>api-common</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>com.google.guava</groupId>
+      <artifactId>guava</artifactId>
+    </dependency>
+  </dependencies>
+
+  <build>
+    <plugins>
+      <plugin>
+          <groupId>org.codehaus.mojo</groupId>
+          <artifactId>flatten-maven-plugin</artifactId>
+        </plugin>
+    </plugins>
+  </build>
+</project>
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ActivateCertificateAuthorityRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ActivateCertificateAuthorityRequest.java
new file mode 100644
index 00000000..e6908030
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ActivateCertificateAuthorityRequest.java
@@ -0,0 +1,1449 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Request message for
+ * [CertificateAuthorityService.ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest}
+ */
+public final class ActivateCertificateAuthorityRequest
+    extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest)
+    ActivateCertificateAuthorityRequestOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use ActivateCertificateAuthorityRequest.newBuilder() to construct.
+  private ActivateCertificateAuthorityRequest(
+      com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private ActivateCertificateAuthorityRequest() {
+    name_ = "";
+    pemCaCertificate_ = "";
+    requestId_ = "";
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new ActivateCertificateAuthorityRequest();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private ActivateCertificateAuthorityRequest(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              name_ = s;
+              break;
+            }
+          case 18:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              pemCaCertificate_ = s;
+              break;
+            }
+          case 26:
+            {
+              com.google.cloud.security.privateca.v1.SubordinateConfig.Builder subBuilder = null;
+              if (subordinateConfig_ != null) {
+                subBuilder = subordinateConfig_.toBuilder();
+              }
+              subordinateConfig_ =
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.SubordinateConfig.parser(),
+                      extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(subordinateConfig_);
+                subordinateConfig_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 34:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              requestId_ = s;
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_ActivateCertificateAuthorityRequest_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_ActivateCertificateAuthorityRequest_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest.class,
+            com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest.Builder
+                .class);
+  }
+
+  public static final int NAME_FIELD_NUMBER = 1;
+  private volatile java.lang.Object name_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The name.
+   */
+  @java.lang.Override
+  public java.lang.String getName() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      name_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for name.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getNameBytes() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      name_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int PEM_CA_CERTIFICATE_FIELD_NUMBER = 2;
+  private volatile java.lang.Object pemCaCertificate_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. The signed CA certificate issued from
+   * [FetchCertificateAuthorityCsrResponse.pem_csr][google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse.pem_csr].
+   * </pre>
+   *
+   * <code>string pem_ca_certificate = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+   *
+   * @return The pemCaCertificate.
+   */
+  @java.lang.Override
+  public java.lang.String getPemCaCertificate() {
+    java.lang.Object ref = pemCaCertificate_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      pemCaCertificate_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. The signed CA certificate issued from
+   * [FetchCertificateAuthorityCsrResponse.pem_csr][google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse.pem_csr].
+   * </pre>
+   *
+   * <code>string pem_ca_certificate = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+   *
+   * @return The bytes for pemCaCertificate.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getPemCaCertificateBytes() {
+    java.lang.Object ref = pemCaCertificate_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      pemCaCertificate_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int SUBORDINATE_CONFIG_FIELD_NUMBER = 3;
+  private com.google.cloud.security.privateca.v1.SubordinateConfig subordinateConfig_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. Must include information about the issuer of
+   * 'pem_ca_certificate', and any further issuers until the self-signed CA.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.SubordinateConfig subordinate_config = 3 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return Whether the subordinateConfig field is set.
+   */
+  @java.lang.Override
+  public boolean hasSubordinateConfig() {
+    return subordinateConfig_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. Must include information about the issuer of
+   * 'pem_ca_certificate', and any further issuers until the self-signed CA.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.SubordinateConfig subordinate_config = 3 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The subordinateConfig.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.SubordinateConfig getSubordinateConfig() {
+    return subordinateConfig_ == null
+        ? com.google.cloud.security.privateca.v1.SubordinateConfig.getDefaultInstance()
+        : subordinateConfig_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. Must include information about the issuer of
+   * 'pem_ca_certificate', and any further issuers until the self-signed CA.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.SubordinateConfig subordinate_config = 3 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.SubordinateConfigOrBuilder
+      getSubordinateConfigOrBuilder() {
+    return getSubordinateConfig();
+  }
+
+  public static final int REQUEST_ID_FIELD_NUMBER = 4;
+  private volatile java.lang.Object requestId_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The requestId.
+   */
+  @java.lang.Override
+  public java.lang.String getRequestId() {
+    java.lang.Object ref = requestId_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      requestId_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for requestId.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getRequestIdBytes() {
+    java.lang.Object ref = requestId_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      requestId_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!getNameBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, name_);
+    }
+    if (!getPemCaCertificateBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 2, pemCaCertificate_);
+    }
+    if (subordinateConfig_ != null) {
+      output.writeMessage(3, getSubordinateConfig());
+    }
+    if (!getRequestIdBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 4, requestId_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!getNameBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, name_);
+    }
+    if (!getPemCaCertificateBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(2, pemCaCertificate_);
+    }
+    if (subordinateConfig_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(3, getSubordinateConfig());
+    }
+    if (!getRequestIdBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(4, requestId_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj
+        instanceof com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest other =
+        (com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest) obj;
+
+    if (!getName().equals(other.getName())) return false;
+    if (!getPemCaCertificate().equals(other.getPemCaCertificate())) return false;
+    if (hasSubordinateConfig() != other.hasSubordinateConfig()) return false;
+    if (hasSubordinateConfig()) {
+      if (!getSubordinateConfig().equals(other.getSubordinateConfig())) return false;
+    }
+    if (!getRequestId().equals(other.getRequestId())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + NAME_FIELD_NUMBER;
+    hash = (53 * hash) + getName().hashCode();
+    hash = (37 * hash) + PEM_CA_CERTIFICATE_FIELD_NUMBER;
+    hash = (53 * hash) + getPemCaCertificate().hashCode();
+    if (hasSubordinateConfig()) {
+      hash = (37 * hash) + SUBORDINATE_CONFIG_FIELD_NUMBER;
+      hash = (53 * hash) + getSubordinateConfig().hashCode();
+    }
+    hash = (37 * hash) + REQUEST_ID_FIELD_NUMBER;
+    hash = (53 * hash) + getRequestId().hashCode();
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest
+      parseFrom(java.nio.ByteBuffer data)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest
+      parseFrom(
+          java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest
+      parseFrom(com.google.protobuf.ByteString data)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest
+      parseFrom(
+          com.google.protobuf.ByteString data,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest
+      parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest
+      parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest
+      parseFrom(java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest
+      parseFrom(
+          java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest
+      parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest
+      parseDelimitedFrom(
+          java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest
+      parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest
+      parseFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Request message for
+   * [CertificateAuthorityService.ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest)
+      com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequestOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_ActivateCertificateAuthorityRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_ActivateCertificateAuthorityRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest.class,
+              com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest.Builder
+                  .class);
+    }
+
+    // Construct using
+    // com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      name_ = "";
+
+      pemCaCertificate_ = "";
+
+      if (subordinateConfigBuilder_ == null) {
+        subordinateConfig_ = null;
+      } else {
+        subordinateConfig_ = null;
+        subordinateConfigBuilder_ = null;
+      }
+      requestId_ = "";
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_ActivateCertificateAuthorityRequest_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest
+        getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest
+          .getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest build() {
+      com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest result =
+          buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest
+        buildPartial() {
+      com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest result =
+          new com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest(this);
+      result.name_ = name_;
+      result.pemCaCertificate_ = pemCaCertificate_;
+      if (subordinateConfigBuilder_ == null) {
+        result.subordinateConfig_ = subordinateConfig_;
+      } else {
+        result.subordinateConfig_ = subordinateConfigBuilder_.build();
+      }
+      result.requestId_ = requestId_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other
+          instanceof com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest) {
+        return mergeFrom(
+            (com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(
+        com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest other) {
+      if (other
+          == com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest
+              .getDefaultInstance()) return this;
+      if (!other.getName().isEmpty()) {
+        name_ = other.name_;
+        onChanged();
+      }
+      if (!other.getPemCaCertificate().isEmpty()) {
+        pemCaCertificate_ = other.pemCaCertificate_;
+        onChanged();
+      }
+      if (other.hasSubordinateConfig()) {
+        mergeSubordinateConfig(other.getSubordinateConfig());
+      }
+      if (!other.getRequestId().isEmpty()) {
+        requestId_ = other.requestId_;
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest parsedMessage =
+          null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest)
+                e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private java.lang.Object name_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The name.
+     */
+    public java.lang.String getName() {
+      java.lang.Object ref = name_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        name_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for name.
+     */
+    public com.google.protobuf.ByteString getNameBytes() {
+      java.lang.Object ref = name_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        name_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The name to set.
+     * @return This builder for chaining.
+     */
+    public Builder setName(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearName() {
+
+      name_ = getDefaultInstance().getName();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The bytes for name to set.
+     * @return This builder for chaining.
+     */
+    public Builder setNameBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object pemCaCertificate_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Required. The signed CA certificate issued from
+     * [FetchCertificateAuthorityCsrResponse.pem_csr][google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse.pem_csr].
+     * </pre>
+     *
+     * <code>string pem_ca_certificate = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The pemCaCertificate.
+     */
+    public java.lang.String getPemCaCertificate() {
+      java.lang.Object ref = pemCaCertificate_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        pemCaCertificate_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The signed CA certificate issued from
+     * [FetchCertificateAuthorityCsrResponse.pem_csr][google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse.pem_csr].
+     * </pre>
+     *
+     * <code>string pem_ca_certificate = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The bytes for pemCaCertificate.
+     */
+    public com.google.protobuf.ByteString getPemCaCertificateBytes() {
+      java.lang.Object ref = pemCaCertificate_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        pemCaCertificate_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The signed CA certificate issued from
+     * [FetchCertificateAuthorityCsrResponse.pem_csr][google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse.pem_csr].
+     * </pre>
+     *
+     * <code>string pem_ca_certificate = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @param value The pemCaCertificate to set.
+     * @return This builder for chaining.
+     */
+    public Builder setPemCaCertificate(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      pemCaCertificate_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The signed CA certificate issued from
+     * [FetchCertificateAuthorityCsrResponse.pem_csr][google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse.pem_csr].
+     * </pre>
+     *
+     * <code>string pem_ca_certificate = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearPemCaCertificate() {
+
+      pemCaCertificate_ = getDefaultInstance().getPemCaCertificate();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The signed CA certificate issued from
+     * [FetchCertificateAuthorityCsrResponse.pem_csr][google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse.pem_csr].
+     * </pre>
+     *
+     * <code>string pem_ca_certificate = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @param value The bytes for pemCaCertificate to set.
+     * @return This builder for chaining.
+     */
+    public Builder setPemCaCertificateBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      pemCaCertificate_ = value;
+      onChanged();
+      return this;
+    }
+
+    private com.google.cloud.security.privateca.v1.SubordinateConfig subordinateConfig_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.SubordinateConfig,
+            com.google.cloud.security.privateca.v1.SubordinateConfig.Builder,
+            com.google.cloud.security.privateca.v1.SubordinateConfigOrBuilder>
+        subordinateConfigBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. Must include information about the issuer of
+     * 'pem_ca_certificate', and any further issuers until the self-signed CA.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.SubordinateConfig subordinate_config = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return Whether the subordinateConfig field is set.
+     */
+    public boolean hasSubordinateConfig() {
+      return subordinateConfigBuilder_ != null || subordinateConfig_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Must include information about the issuer of
+     * 'pem_ca_certificate', and any further issuers until the self-signed CA.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.SubordinateConfig subordinate_config = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The subordinateConfig.
+     */
+    public com.google.cloud.security.privateca.v1.SubordinateConfig getSubordinateConfig() {
+      if (subordinateConfigBuilder_ == null) {
+        return subordinateConfig_ == null
+            ? com.google.cloud.security.privateca.v1.SubordinateConfig.getDefaultInstance()
+            : subordinateConfig_;
+      } else {
+        return subordinateConfigBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Must include information about the issuer of
+     * 'pem_ca_certificate', and any further issuers until the self-signed CA.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.SubordinateConfig subordinate_config = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setSubordinateConfig(
+        com.google.cloud.security.privateca.v1.SubordinateConfig value) {
+      if (subordinateConfigBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        subordinateConfig_ = value;
+        onChanged();
+      } else {
+        subordinateConfigBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Must include information about the issuer of
+     * 'pem_ca_certificate', and any further issuers until the self-signed CA.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.SubordinateConfig subordinate_config = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setSubordinateConfig(
+        com.google.cloud.security.privateca.v1.SubordinateConfig.Builder builderForValue) {
+      if (subordinateConfigBuilder_ == null) {
+        subordinateConfig_ = builderForValue.build();
+        onChanged();
+      } else {
+        subordinateConfigBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Must include information about the issuer of
+     * 'pem_ca_certificate', and any further issuers until the self-signed CA.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.SubordinateConfig subordinate_config = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder mergeSubordinateConfig(
+        com.google.cloud.security.privateca.v1.SubordinateConfig value) {
+      if (subordinateConfigBuilder_ == null) {
+        if (subordinateConfig_ != null) {
+          subordinateConfig_ =
+              com.google.cloud.security.privateca.v1.SubordinateConfig.newBuilder(
+                      subordinateConfig_)
+                  .mergeFrom(value)
+                  .buildPartial();
+        } else {
+          subordinateConfig_ = value;
+        }
+        onChanged();
+      } else {
+        subordinateConfigBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Must include information about the issuer of
+     * 'pem_ca_certificate', and any further issuers until the self-signed CA.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.SubordinateConfig subordinate_config = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder clearSubordinateConfig() {
+      if (subordinateConfigBuilder_ == null) {
+        subordinateConfig_ = null;
+        onChanged();
+      } else {
+        subordinateConfig_ = null;
+        subordinateConfigBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Must include information about the issuer of
+     * 'pem_ca_certificate', and any further issuers until the self-signed CA.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.SubordinateConfig subordinate_config = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.SubordinateConfig.Builder
+        getSubordinateConfigBuilder() {
+
+      onChanged();
+      return getSubordinateConfigFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Must include information about the issuer of
+     * 'pem_ca_certificate', and any further issuers until the self-signed CA.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.SubordinateConfig subordinate_config = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.SubordinateConfigOrBuilder
+        getSubordinateConfigOrBuilder() {
+      if (subordinateConfigBuilder_ != null) {
+        return subordinateConfigBuilder_.getMessageOrBuilder();
+      } else {
+        return subordinateConfig_ == null
+            ? com.google.cloud.security.privateca.v1.SubordinateConfig.getDefaultInstance()
+            : subordinateConfig_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Must include information about the issuer of
+     * 'pem_ca_certificate', and any further issuers until the self-signed CA.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.SubordinateConfig subordinate_config = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.SubordinateConfig,
+            com.google.cloud.security.privateca.v1.SubordinateConfig.Builder,
+            com.google.cloud.security.privateca.v1.SubordinateConfigOrBuilder>
+        getSubordinateConfigFieldBuilder() {
+      if (subordinateConfigBuilder_ == null) {
+        subordinateConfigBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.SubordinateConfig,
+                com.google.cloud.security.privateca.v1.SubordinateConfig.Builder,
+                com.google.cloud.security.privateca.v1.SubordinateConfigOrBuilder>(
+                getSubordinateConfig(), getParentForChildren(), isClean());
+        subordinateConfig_ = null;
+      }
+      return subordinateConfigBuilder_;
+    }
+
+    private java.lang.Object requestId_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The requestId.
+     */
+    public java.lang.String getRequestId() {
+      java.lang.Object ref = requestId_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        requestId_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for requestId.
+     */
+    public com.google.protobuf.ByteString getRequestIdBytes() {
+      java.lang.Object ref = requestId_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        requestId_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The requestId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setRequestId(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      requestId_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearRequestId() {
+
+      requestId_ = getDefaultInstance().getRequestId();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The bytes for requestId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setRequestIdBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      requestId_ = value;
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest)
+  private static final com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest
+      DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE =
+        new com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest();
+  }
+
+  public static com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest
+      getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<ActivateCertificateAuthorityRequest> PARSER =
+      new com.google.protobuf.AbstractParser<ActivateCertificateAuthorityRequest>() {
+        @java.lang.Override
+        public ActivateCertificateAuthorityRequest parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new ActivateCertificateAuthorityRequest(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<ActivateCertificateAuthorityRequest> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<ActivateCertificateAuthorityRequest> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest
+      getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ActivateCertificateAuthorityRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ActivateCertificateAuthorityRequestOrBuilder.java
new file mode 100644
index 00000000..7747b9dc
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ActivateCertificateAuthorityRequestOrBuilder.java
@@ -0,0 +1,174 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface ActivateCertificateAuthorityRequestOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The name.
+   */
+  java.lang.String getName();
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for name.
+   */
+  com.google.protobuf.ByteString getNameBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. The signed CA certificate issued from
+   * [FetchCertificateAuthorityCsrResponse.pem_csr][google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse.pem_csr].
+   * </pre>
+   *
+   * <code>string pem_ca_certificate = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+   *
+   * @return The pemCaCertificate.
+   */
+  java.lang.String getPemCaCertificate();
+  /**
+   *
+   *
+   * <pre>
+   * Required. The signed CA certificate issued from
+   * [FetchCertificateAuthorityCsrResponse.pem_csr][google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse.pem_csr].
+   * </pre>
+   *
+   * <code>string pem_ca_certificate = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+   *
+   * @return The bytes for pemCaCertificate.
+   */
+  com.google.protobuf.ByteString getPemCaCertificateBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. Must include information about the issuer of
+   * 'pem_ca_certificate', and any further issuers until the self-signed CA.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.SubordinateConfig subordinate_config = 3 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return Whether the subordinateConfig field is set.
+   */
+  boolean hasSubordinateConfig();
+  /**
+   *
+   *
+   * <pre>
+   * Required. Must include information about the issuer of
+   * 'pem_ca_certificate', and any further issuers until the self-signed CA.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.SubordinateConfig subordinate_config = 3 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The subordinateConfig.
+   */
+  com.google.cloud.security.privateca.v1.SubordinateConfig getSubordinateConfig();
+  /**
+   *
+   *
+   * <pre>
+   * Required. Must include information about the issuer of
+   * 'pem_ca_certificate', and any further issuers until the self-signed CA.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.SubordinateConfig subordinate_config = 3 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.SubordinateConfigOrBuilder getSubordinateConfigOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The requestId.
+   */
+  java.lang.String getRequestId();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for requestId.
+   */
+  com.google.protobuf.ByteString getRequestIdBytes();
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CaPool.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CaPool.java
new file mode 100644
index 00000000..cd40aefc
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CaPool.java
@@ -0,0 +1,8871 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/resources.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * A [CaPool][google.cloud.security.privateca.v1.CaPool] represents a group of
+ * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority] that form a trust anchor. A
+ * [CaPool][google.cloud.security.privateca.v1.CaPool] can be used to manage issuance policies for one or more
+ * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resources and to rotate CA certificates in and out
+ * of the trust anchor.
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.CaPool}
+ */
+public final class CaPool extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.CaPool)
+    CaPoolOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use CaPool.newBuilder() to construct.
+  private CaPool(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private CaPool() {
+    name_ = "";
+    tier_ = 0;
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new CaPool();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private CaPool(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    int mutable_bitField0_ = 0;
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              name_ = s;
+              break;
+            }
+          case 16:
+            {
+              int rawValue = input.readEnum();
+
+              tier_ = rawValue;
+              break;
+            }
+          case 26:
+            {
+              com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.Builder subBuilder =
+                  null;
+              if (issuancePolicy_ != null) {
+                subBuilder = issuancePolicy_.toBuilder();
+              }
+              issuancePolicy_ =
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.parser(),
+                      extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(issuancePolicy_);
+                issuancePolicy_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 34:
+            {
+              com.google.cloud.security.privateca.v1.CaPool.PublishingOptions.Builder subBuilder =
+                  null;
+              if (publishingOptions_ != null) {
+                subBuilder = publishingOptions_.toBuilder();
+              }
+              publishingOptions_ =
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.CaPool.PublishingOptions.parser(),
+                      extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(publishingOptions_);
+                publishingOptions_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 42:
+            {
+              if (!((mutable_bitField0_ & 0x00000001) != 0)) {
+                labels_ =
+                    com.google.protobuf.MapField.newMapField(LabelsDefaultEntryHolder.defaultEntry);
+                mutable_bitField0_ |= 0x00000001;
+              }
+              com.google.protobuf.MapEntry<java.lang.String, java.lang.String> labels__ =
+                  input.readMessage(
+                      LabelsDefaultEntryHolder.defaultEntry.getParserForType(), extensionRegistry);
+              labels_.getMutableMap().put(labels__.getKey(), labels__.getValue());
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+        .internal_static_google_cloud_security_privateca_v1_CaPool_descriptor;
+  }
+
+  @SuppressWarnings({"rawtypes"})
+  @java.lang.Override
+  protected com.google.protobuf.MapField internalGetMapField(int number) {
+    switch (number) {
+      case 5:
+        return internalGetLabels();
+      default:
+        throw new RuntimeException("Invalid map field number: " + number);
+    }
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+        .internal_static_google_cloud_security_privateca_v1_CaPool_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.CaPool.class,
+            com.google.cloud.security.privateca.v1.CaPool.Builder.class);
+  }
+
+  /**
+   *
+   *
+   * <pre>
+   * The tier of a [CaPool][google.cloud.security.privateca.v1.CaPool], indicating its supported functionality and/or
+   * billing SKU.
+   * </pre>
+   *
+   * Protobuf enum {@code google.cloud.security.privateca.v1.CaPool.Tier}
+   */
+  public enum Tier implements com.google.protobuf.ProtocolMessageEnum {
+    /**
+     *
+     *
+     * <pre>
+     * Not specified.
+     * </pre>
+     *
+     * <code>TIER_UNSPECIFIED = 0;</code>
+     */
+    TIER_UNSPECIFIED(0),
+    /**
+     *
+     *
+     * <pre>
+     * Enterprise tier.
+     * </pre>
+     *
+     * <code>ENTERPRISE = 1;</code>
+     */
+    ENTERPRISE(1),
+    /**
+     *
+     *
+     * <pre>
+     * DevOps tier.
+     * </pre>
+     *
+     * <code>DEVOPS = 2;</code>
+     */
+    DEVOPS(2),
+    UNRECOGNIZED(-1),
+    ;
+
+    /**
+     *
+     *
+     * <pre>
+     * Not specified.
+     * </pre>
+     *
+     * <code>TIER_UNSPECIFIED = 0;</code>
+     */
+    public static final int TIER_UNSPECIFIED_VALUE = 0;
+    /**
+     *
+     *
+     * <pre>
+     * Enterprise tier.
+     * </pre>
+     *
+     * <code>ENTERPRISE = 1;</code>
+     */
+    public static final int ENTERPRISE_VALUE = 1;
+    /**
+     *
+     *
+     * <pre>
+     * DevOps tier.
+     * </pre>
+     *
+     * <code>DEVOPS = 2;</code>
+     */
+    public static final int DEVOPS_VALUE = 2;
+
+    public final int getNumber() {
+      if (this == UNRECOGNIZED) {
+        throw new java.lang.IllegalArgumentException(
+            "Can't get the number of an unknown enum value.");
+      }
+      return value;
+    }
+
+    /**
+     * @param value The numeric wire value of the corresponding enum entry.
+     * @return The enum associated with the given numeric wire value.
+     * @deprecated Use {@link #forNumber(int)} instead.
+     */
+    @java.lang.Deprecated
+    public static Tier valueOf(int value) {
+      return forNumber(value);
+    }
+
+    /**
+     * @param value The numeric wire value of the corresponding enum entry.
+     * @return The enum associated with the given numeric wire value.
+     */
+    public static Tier forNumber(int value) {
+      switch (value) {
+        case 0:
+          return TIER_UNSPECIFIED;
+        case 1:
+          return ENTERPRISE;
+        case 2:
+          return DEVOPS;
+        default:
+          return null;
+      }
+    }
+
+    public static com.google.protobuf.Internal.EnumLiteMap<Tier> internalGetValueMap() {
+      return internalValueMap;
+    }
+
+    private static final com.google.protobuf.Internal.EnumLiteMap<Tier> internalValueMap =
+        new com.google.protobuf.Internal.EnumLiteMap<Tier>() {
+          public Tier findValueByNumber(int number) {
+            return Tier.forNumber(number);
+          }
+        };
+
+    public final com.google.protobuf.Descriptors.EnumValueDescriptor getValueDescriptor() {
+      if (this == UNRECOGNIZED) {
+        throw new java.lang.IllegalStateException(
+            "Can't get the descriptor of an unrecognized enum value.");
+      }
+      return getDescriptor().getValues().get(ordinal());
+    }
+
+    public final com.google.protobuf.Descriptors.EnumDescriptor getDescriptorForType() {
+      return getDescriptor();
+    }
+
+    public static final com.google.protobuf.Descriptors.EnumDescriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.CaPool.getDescriptor().getEnumTypes().get(0);
+    }
+
+    private static final Tier[] VALUES = values();
+
+    public static Tier valueOf(com.google.protobuf.Descriptors.EnumValueDescriptor desc) {
+      if (desc.getType() != getDescriptor()) {
+        throw new java.lang.IllegalArgumentException("EnumValueDescriptor is not for this type.");
+      }
+      if (desc.getIndex() == -1) {
+        return UNRECOGNIZED;
+      }
+      return VALUES[desc.getIndex()];
+    }
+
+    private final int value;
+
+    private Tier(int value) {
+      this.value = value;
+    }
+
+    // @@protoc_insertion_point(enum_scope:google.cloud.security.privateca.v1.CaPool.Tier)
+  }
+
+  public interface PublishingOptionsOrBuilder
+      extends
+      // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.CaPool.PublishingOptions)
+      com.google.protobuf.MessageOrBuilder {
+
+    /**
+     *
+     *
+     * <pre>
+     * Required. When true, publishes each [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate and
+     * includes its URL in the "Authority Information Access" X.509 extension
+     * in all issued [Certificates][google.cloud.security.privateca.v1.Certificate]. If this is false, the CA
+     * certificate will not be published and the corresponding X.509 extension
+     * will not be written in issued certificates.
+     * </pre>
+     *
+     * <code>bool publish_ca_cert = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The publishCaCert.
+     */
+    boolean getPublishCaCert();
+
+    /**
+     *
+     *
+     * <pre>
+     * Required. When true, publishes each [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CRL and includes its
+     * URL in the "CRL Distribution Points" X.509 extension in all issued
+     * [Certificates][google.cloud.security.privateca.v1.Certificate]. If this is false, CRLs will not be published
+     * and the corresponding X.509 extension will not be written in issued
+     * certificates.
+     * CRLs will expire 7 days from their creation. However, we will rebuild
+     * daily. CRLs are also rebuilt shortly after a certificate is revoked.
+     * </pre>
+     *
+     * <code>bool publish_crl = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The publishCrl.
+     */
+    boolean getPublishCrl();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Options relating to the publication of each [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA
+   * certificate and CRLs and their inclusion as extensions in issued
+   * [Certificates][google.cloud.security.privateca.v1.Certificate]. The options set here apply to certificates
+   * issued by any [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the [CaPool][google.cloud.security.privateca.v1.CaPool].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.CaPool.PublishingOptions}
+   */
+  public static final class PublishingOptions extends com.google.protobuf.GeneratedMessageV3
+      implements
+      // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.CaPool.PublishingOptions)
+      PublishingOptionsOrBuilder {
+    private static final long serialVersionUID = 0L;
+    // Use PublishingOptions.newBuilder() to construct.
+    private PublishingOptions(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+      super(builder);
+    }
+
+    private PublishingOptions() {}
+
+    @java.lang.Override
+    @SuppressWarnings({"unused"})
+    protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+      return new PublishingOptions();
+    }
+
+    @java.lang.Override
+    public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+      return this.unknownFields;
+    }
+
+    private PublishingOptions(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      this();
+      if (extensionRegistry == null) {
+        throw new java.lang.NullPointerException();
+      }
+      com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+          com.google.protobuf.UnknownFieldSet.newBuilder();
+      try {
+        boolean done = false;
+        while (!done) {
+          int tag = input.readTag();
+          switch (tag) {
+            case 0:
+              done = true;
+              break;
+            case 8:
+              {
+                publishCaCert_ = input.readBool();
+                break;
+              }
+            case 16:
+              {
+                publishCrl_ = input.readBool();
+                break;
+              }
+            default:
+              {
+                if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                  done = true;
+                }
+                break;
+              }
+          }
+        }
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        throw e.setUnfinishedMessage(this);
+      } catch (java.io.IOException e) {
+        throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+      } finally {
+        this.unknownFields = unknownFields.build();
+        makeExtensionsImmutable();
+      }
+    }
+
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CaPool_PublishingOptions_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CaPool_PublishingOptions_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.CaPool.PublishingOptions.class,
+              com.google.cloud.security.privateca.v1.CaPool.PublishingOptions.Builder.class);
+    }
+
+    public static final int PUBLISH_CA_CERT_FIELD_NUMBER = 1;
+    private boolean publishCaCert_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. When true, publishes each [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate and
+     * includes its URL in the "Authority Information Access" X.509 extension
+     * in all issued [Certificates][google.cloud.security.privateca.v1.Certificate]. If this is false, the CA
+     * certificate will not be published and the corresponding X.509 extension
+     * will not be written in issued certificates.
+     * </pre>
+     *
+     * <code>bool publish_ca_cert = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The publishCaCert.
+     */
+    @java.lang.Override
+    public boolean getPublishCaCert() {
+      return publishCaCert_;
+    }
+
+    public static final int PUBLISH_CRL_FIELD_NUMBER = 2;
+    private boolean publishCrl_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. When true, publishes each [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CRL and includes its
+     * URL in the "CRL Distribution Points" X.509 extension in all issued
+     * [Certificates][google.cloud.security.privateca.v1.Certificate]. If this is false, CRLs will not be published
+     * and the corresponding X.509 extension will not be written in issued
+     * certificates.
+     * CRLs will expire 7 days from their creation. However, we will rebuild
+     * daily. CRLs are also rebuilt shortly after a certificate is revoked.
+     * </pre>
+     *
+     * <code>bool publish_crl = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The publishCrl.
+     */
+    @java.lang.Override
+    public boolean getPublishCrl() {
+      return publishCrl_;
+    }
+
+    private byte memoizedIsInitialized = -1;
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      byte isInitialized = memoizedIsInitialized;
+      if (isInitialized == 1) return true;
+      if (isInitialized == 0) return false;
+
+      memoizedIsInitialized = 1;
+      return true;
+    }
+
+    @java.lang.Override
+    public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+      if (publishCaCert_ != false) {
+        output.writeBool(1, publishCaCert_);
+      }
+      if (publishCrl_ != false) {
+        output.writeBool(2, publishCrl_);
+      }
+      unknownFields.writeTo(output);
+    }
+
+    @java.lang.Override
+    public int getSerializedSize() {
+      int size = memoizedSize;
+      if (size != -1) return size;
+
+      size = 0;
+      if (publishCaCert_ != false) {
+        size += com.google.protobuf.CodedOutputStream.computeBoolSize(1, publishCaCert_);
+      }
+      if (publishCrl_ != false) {
+        size += com.google.protobuf.CodedOutputStream.computeBoolSize(2, publishCrl_);
+      }
+      size += unknownFields.getSerializedSize();
+      memoizedSize = size;
+      return size;
+    }
+
+    @java.lang.Override
+    public boolean equals(final java.lang.Object obj) {
+      if (obj == this) {
+        return true;
+      }
+      if (!(obj instanceof com.google.cloud.security.privateca.v1.CaPool.PublishingOptions)) {
+        return super.equals(obj);
+      }
+      com.google.cloud.security.privateca.v1.CaPool.PublishingOptions other =
+          (com.google.cloud.security.privateca.v1.CaPool.PublishingOptions) obj;
+
+      if (getPublishCaCert() != other.getPublishCaCert()) return false;
+      if (getPublishCrl() != other.getPublishCrl()) return false;
+      if (!unknownFields.equals(other.unknownFields)) return false;
+      return true;
+    }
+
+    @java.lang.Override
+    public int hashCode() {
+      if (memoizedHashCode != 0) {
+        return memoizedHashCode;
+      }
+      int hash = 41;
+      hash = (19 * hash) + getDescriptor().hashCode();
+      hash = (37 * hash) + PUBLISH_CA_CERT_FIELD_NUMBER;
+      hash = (53 * hash) + com.google.protobuf.Internal.hashBoolean(getPublishCaCert());
+      hash = (37 * hash) + PUBLISH_CRL_FIELD_NUMBER;
+      hash = (53 * hash) + com.google.protobuf.Internal.hashBoolean(getPublishCrl());
+      hash = (29 * hash) + unknownFields.hashCode();
+      memoizedHashCode = hash;
+      return hash;
+    }
+
+    public static com.google.cloud.security.privateca.v1.CaPool.PublishingOptions parseFrom(
+        java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CaPool.PublishingOptions parseFrom(
+        java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CaPool.PublishingOptions parseFrom(
+        com.google.protobuf.ByteString data)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CaPool.PublishingOptions parseFrom(
+        com.google.protobuf.ByteString data,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CaPool.PublishingOptions parseFrom(
+        byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CaPool.PublishingOptions parseFrom(
+        byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CaPool.PublishingOptions parseFrom(
+        java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CaPool.PublishingOptions parseFrom(
+        java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CaPool.PublishingOptions
+        parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CaPool.PublishingOptions
+        parseDelimitedFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CaPool.PublishingOptions parseFrom(
+        com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CaPool.PublishingOptions parseFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    @java.lang.Override
+    public Builder newBuilderForType() {
+      return newBuilder();
+    }
+
+    public static Builder newBuilder() {
+      return DEFAULT_INSTANCE.toBuilder();
+    }
+
+    public static Builder newBuilder(
+        com.google.cloud.security.privateca.v1.CaPool.PublishingOptions prototype) {
+      return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+    }
+
+    @java.lang.Override
+    public Builder toBuilder() {
+      return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+    }
+
+    @java.lang.Override
+    protected Builder newBuilderForType(
+        com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      Builder builder = new Builder(parent);
+      return builder;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Options relating to the publication of each [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA
+     * certificate and CRLs and their inclusion as extensions in issued
+     * [Certificates][google.cloud.security.privateca.v1.Certificate]. The options set here apply to certificates
+     * issued by any [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * Protobuf type {@code google.cloud.security.privateca.v1.CaPool.PublishingOptions}
+     */
+    public static final class Builder
+        extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+        implements
+        // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.CaPool.PublishingOptions)
+        com.google.cloud.security.privateca.v1.CaPool.PublishingOptionsOrBuilder {
+      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_CaPool_PublishingOptions_descriptor;
+      }
+
+      @java.lang.Override
+      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+          internalGetFieldAccessorTable() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_CaPool_PublishingOptions_fieldAccessorTable
+            .ensureFieldAccessorsInitialized(
+                com.google.cloud.security.privateca.v1.CaPool.PublishingOptions.class,
+                com.google.cloud.security.privateca.v1.CaPool.PublishingOptions.Builder.class);
+      }
+
+      // Construct using
+      // com.google.cloud.security.privateca.v1.CaPool.PublishingOptions.newBuilder()
+      private Builder() {
+        maybeForceBuilderInitialization();
+      }
+
+      private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+        super(parent);
+        maybeForceBuilderInitialization();
+      }
+
+      private void maybeForceBuilderInitialization() {
+        if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+      }
+
+      @java.lang.Override
+      public Builder clear() {
+        super.clear();
+        publishCaCert_ = false;
+
+        publishCrl_ = false;
+
+        return this;
+      }
+
+      @java.lang.Override
+      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_CaPool_PublishingOptions_descriptor;
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.CaPool.PublishingOptions
+          getDefaultInstanceForType() {
+        return com.google.cloud.security.privateca.v1.CaPool.PublishingOptions.getDefaultInstance();
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.CaPool.PublishingOptions build() {
+        com.google.cloud.security.privateca.v1.CaPool.PublishingOptions result = buildPartial();
+        if (!result.isInitialized()) {
+          throw newUninitializedMessageException(result);
+        }
+        return result;
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.CaPool.PublishingOptions buildPartial() {
+        com.google.cloud.security.privateca.v1.CaPool.PublishingOptions result =
+            new com.google.cloud.security.privateca.v1.CaPool.PublishingOptions(this);
+        result.publishCaCert_ = publishCaCert_;
+        result.publishCrl_ = publishCrl_;
+        onBuilt();
+        return result;
+      }
+
+      @java.lang.Override
+      public Builder clone() {
+        return super.clone();
+      }
+
+      @java.lang.Override
+      public Builder setField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.setField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+        return super.clearField(field);
+      }
+
+      @java.lang.Override
+      public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+        return super.clearOneof(oneof);
+      }
+
+      @java.lang.Override
+      public Builder setRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field,
+          int index,
+          java.lang.Object value) {
+        return super.setRepeatedField(field, index, value);
+      }
+
+      @java.lang.Override
+      public Builder addRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.addRepeatedField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(com.google.protobuf.Message other) {
+        if (other instanceof com.google.cloud.security.privateca.v1.CaPool.PublishingOptions) {
+          return mergeFrom((com.google.cloud.security.privateca.v1.CaPool.PublishingOptions) other);
+        } else {
+          super.mergeFrom(other);
+          return this;
+        }
+      }
+
+      public Builder mergeFrom(
+          com.google.cloud.security.privateca.v1.CaPool.PublishingOptions other) {
+        if (other
+            == com.google.cloud.security.privateca.v1.CaPool.PublishingOptions.getDefaultInstance())
+          return this;
+        if (other.getPublishCaCert() != false) {
+          setPublishCaCert(other.getPublishCaCert());
+        }
+        if (other.getPublishCrl() != false) {
+          setPublishCrl(other.getPublishCrl());
+        }
+        this.mergeUnknownFields(other.unknownFields);
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final boolean isInitialized() {
+        return true;
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+        com.google.cloud.security.privateca.v1.CaPool.PublishingOptions parsedMessage = null;
+        try {
+          parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+        } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+          parsedMessage =
+              (com.google.cloud.security.privateca.v1.CaPool.PublishingOptions)
+                  e.getUnfinishedMessage();
+          throw e.unwrapIOException();
+        } finally {
+          if (parsedMessage != null) {
+            mergeFrom(parsedMessage);
+          }
+        }
+        return this;
+      }
+
+      private boolean publishCaCert_;
+      /**
+       *
+       *
+       * <pre>
+       * Required. When true, publishes each [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate and
+       * includes its URL in the "Authority Information Access" X.509 extension
+       * in all issued [Certificates][google.cloud.security.privateca.v1.Certificate]. If this is false, the CA
+       * certificate will not be published and the corresponding X.509 extension
+       * will not be written in issued certificates.
+       * </pre>
+       *
+       * <code>bool publish_ca_cert = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+       *
+       * @return The publishCaCert.
+       */
+      @java.lang.Override
+      public boolean getPublishCaCert() {
+        return publishCaCert_;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. When true, publishes each [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate and
+       * includes its URL in the "Authority Information Access" X.509 extension
+       * in all issued [Certificates][google.cloud.security.privateca.v1.Certificate]. If this is false, the CA
+       * certificate will not be published and the corresponding X.509 extension
+       * will not be written in issued certificates.
+       * </pre>
+       *
+       * <code>bool publish_ca_cert = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+       *
+       * @param value The publishCaCert to set.
+       * @return This builder for chaining.
+       */
+      public Builder setPublishCaCert(boolean value) {
+
+        publishCaCert_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. When true, publishes each [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate and
+       * includes its URL in the "Authority Information Access" X.509 extension
+       * in all issued [Certificates][google.cloud.security.privateca.v1.Certificate]. If this is false, the CA
+       * certificate will not be published and the corresponding X.509 extension
+       * will not be written in issued certificates.
+       * </pre>
+       *
+       * <code>bool publish_ca_cert = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearPublishCaCert() {
+
+        publishCaCert_ = false;
+        onChanged();
+        return this;
+      }
+
+      private boolean publishCrl_;
+      /**
+       *
+       *
+       * <pre>
+       * Required. When true, publishes each [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CRL and includes its
+       * URL in the "CRL Distribution Points" X.509 extension in all issued
+       * [Certificates][google.cloud.security.privateca.v1.Certificate]. If this is false, CRLs will not be published
+       * and the corresponding X.509 extension will not be written in issued
+       * certificates.
+       * CRLs will expire 7 days from their creation. However, we will rebuild
+       * daily. CRLs are also rebuilt shortly after a certificate is revoked.
+       * </pre>
+       *
+       * <code>bool publish_crl = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+       *
+       * @return The publishCrl.
+       */
+      @java.lang.Override
+      public boolean getPublishCrl() {
+        return publishCrl_;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. When true, publishes each [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CRL and includes its
+       * URL in the "CRL Distribution Points" X.509 extension in all issued
+       * [Certificates][google.cloud.security.privateca.v1.Certificate]. If this is false, CRLs will not be published
+       * and the corresponding X.509 extension will not be written in issued
+       * certificates.
+       * CRLs will expire 7 days from their creation. However, we will rebuild
+       * daily. CRLs are also rebuilt shortly after a certificate is revoked.
+       * </pre>
+       *
+       * <code>bool publish_crl = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+       *
+       * @param value The publishCrl to set.
+       * @return This builder for chaining.
+       */
+      public Builder setPublishCrl(boolean value) {
+
+        publishCrl_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. When true, publishes each [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CRL and includes its
+       * URL in the "CRL Distribution Points" X.509 extension in all issued
+       * [Certificates][google.cloud.security.privateca.v1.Certificate]. If this is false, CRLs will not be published
+       * and the corresponding X.509 extension will not be written in issued
+       * certificates.
+       * CRLs will expire 7 days from their creation. However, we will rebuild
+       * daily. CRLs are also rebuilt shortly after a certificate is revoked.
+       * </pre>
+       *
+       * <code>bool publish_crl = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearPublishCrl() {
+
+        publishCrl_ = false;
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final Builder setUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.setUnknownFields(unknownFields);
+      }
+
+      @java.lang.Override
+      public final Builder mergeUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.mergeUnknownFields(unknownFields);
+      }
+
+      // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.CaPool.PublishingOptions)
+    }
+
+    // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.CaPool.PublishingOptions)
+    private static final com.google.cloud.security.privateca.v1.CaPool.PublishingOptions
+        DEFAULT_INSTANCE;
+
+    static {
+      DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.CaPool.PublishingOptions();
+    }
+
+    public static com.google.cloud.security.privateca.v1.CaPool.PublishingOptions
+        getDefaultInstance() {
+      return DEFAULT_INSTANCE;
+    }
+
+    private static final com.google.protobuf.Parser<PublishingOptions> PARSER =
+        new com.google.protobuf.AbstractParser<PublishingOptions>() {
+          @java.lang.Override
+          public PublishingOptions parsePartialFrom(
+              com.google.protobuf.CodedInputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+            return new PublishingOptions(input, extensionRegistry);
+          }
+        };
+
+    public static com.google.protobuf.Parser<PublishingOptions> parser() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Parser<PublishingOptions> getParserForType() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CaPool.PublishingOptions
+        getDefaultInstanceForType() {
+      return DEFAULT_INSTANCE;
+    }
+  }
+
+  public interface IssuancePolicyOrBuilder
+      extends
+      // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.CaPool.IssuancePolicy)
+      com.google.protobuf.MessageOrBuilder {
+
+    /**
+     *
+     *
+     * <pre>
+     * Optional. If any [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] is specified, then the certificate request's
+     * public key must match one of the key types listed here. Otherwise,
+     * any key may be used.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType allowed_key_types = 1 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    java.util.List<com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType>
+        getAllowedKeyTypesList();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. If any [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] is specified, then the certificate request's
+     * public key must match one of the key types listed here. Otherwise,
+     * any key may be used.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType allowed_key_types = 1 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType getAllowedKeyTypes(
+        int index);
+    /**
+     *
+     *
+     * <pre>
+     * Optional. If any [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] is specified, then the certificate request's
+     * public key must match one of the key types listed here. Otherwise,
+     * any key may be used.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType allowed_key_types = 1 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    int getAllowedKeyTypesCount();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. If any [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] is specified, then the certificate request's
+     * public key must match one of the key types listed here. Otherwise,
+     * any key may be used.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType allowed_key_types = 1 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    java.util.List<
+            ? extends
+                com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy
+                    .AllowedKeyTypeOrBuilder>
+        getAllowedKeyTypesOrBuilderList();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. If any [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] is specified, then the certificate request's
+     * public key must match one of the key types listed here. Otherwise,
+     * any key may be used.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType allowed_key_types = 1 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyTypeOrBuilder
+        getAllowedKeyTypesOrBuilder(int index);
+
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The maximum lifetime allowed for issued [Certificates][google.cloud.security.privateca.v1.Certificate]. Note
+     * that if the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] expires before a
+     * [Certificate][google.cloud.security.privateca.v1.Certificate]'s requested maximum_lifetime, the effective lifetime will
+     * be explicitly truncated to match it.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Duration maximum_lifetime = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return Whether the maximumLifetime field is set.
+     */
+    boolean hasMaximumLifetime();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The maximum lifetime allowed for issued [Certificates][google.cloud.security.privateca.v1.Certificate]. Note
+     * that if the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] expires before a
+     * [Certificate][google.cloud.security.privateca.v1.Certificate]'s requested maximum_lifetime, the effective lifetime will
+     * be explicitly truncated to match it.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Duration maximum_lifetime = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return The maximumLifetime.
+     */
+    com.google.protobuf.Duration getMaximumLifetime();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The maximum lifetime allowed for issued [Certificates][google.cloud.security.privateca.v1.Certificate]. Note
+     * that if the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] expires before a
+     * [Certificate][google.cloud.security.privateca.v1.Certificate]'s requested maximum_lifetime, the effective lifetime will
+     * be explicitly truncated to match it.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Duration maximum_lifetime = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    com.google.protobuf.DurationOrBuilder getMaximumLifetimeOrBuilder();
+
+    /**
+     *
+     *
+     * <pre>
+     * Optional. If specified, then only methods allowed in the [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes] may be
+     * used to issue [Certificates][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes allowed_issuance_modes = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return Whether the allowedIssuanceModes field is set.
+     */
+    boolean hasAllowedIssuanceModes();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. If specified, then only methods allowed in the [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes] may be
+     * used to issue [Certificates][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes allowed_issuance_modes = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return The allowedIssuanceModes.
+     */
+    com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes
+        getAllowedIssuanceModes();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. If specified, then only methods allowed in the [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes] may be
+     * used to issue [Certificates][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes allowed_issuance_modes = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModesOrBuilder
+        getAllowedIssuanceModesOrBuilder();
+
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of X.509 values that will be applied to all certificates issued
+     * through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request includes conflicting
+     * values for the same properties, they will be overwritten by the values
+     * defined here. If a certificate request uses a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * that defines conflicting
+     * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] for the same
+     * properties, the certificate issuance request will fail.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.X509Parameters baseline_values = 4 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return Whether the baselineValues field is set.
+     */
+    boolean hasBaselineValues();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of X.509 values that will be applied to all certificates issued
+     * through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request includes conflicting
+     * values for the same properties, they will be overwritten by the values
+     * defined here. If a certificate request uses a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * that defines conflicting
+     * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] for the same
+     * properties, the certificate issuance request will fail.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.X509Parameters baseline_values = 4 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return The baselineValues.
+     */
+    com.google.cloud.security.privateca.v1.X509Parameters getBaselineValues();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of X.509 values that will be applied to all certificates issued
+     * through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request includes conflicting
+     * values for the same properties, they will be overwritten by the values
+     * defined here. If a certificate request uses a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * that defines conflicting
+     * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] for the same
+     * properties, the certificate issuance request will fail.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.X509Parameters baseline_values = 4 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    com.google.cloud.security.privateca.v1.X509ParametersOrBuilder getBaselineValuesOrBuilder();
+
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes constraints on identities that may appear in
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * If this is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
+     * certificate's identity.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateIdentityConstraints identity_constraints = 5 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return Whether the identityConstraints field is set.
+     */
+    boolean hasIdentityConstraints();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes constraints on identities that may appear in
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * If this is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
+     * certificate's identity.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateIdentityConstraints identity_constraints = 5 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return The identityConstraints.
+     */
+    com.google.cloud.security.privateca.v1.CertificateIdentityConstraints getIdentityConstraints();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes constraints on identities that may appear in
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * If this is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
+     * certificate's identity.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateIdentityConstraints identity_constraints = 5 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    com.google.cloud.security.privateca.v1.CertificateIdentityConstraintsOrBuilder
+        getIdentityConstraintsOrBuilder();
+
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes the set of X.509 extensions that may appear in a
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request
+     * sets extensions that don't appear in the [passthrough_extensions][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.passthrough_extensions],
+     * those extensions will be dropped. If a certificate request uses a
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with
+     * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] that don't
+     * appear here, the certificate issuance request will fail. If this is
+     * omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
+     * certificate's X.509 extensions. These constraints do not apply to X.509
+     * extensions set in this [CaPool][google.cloud.security.privateca.v1.CaPool]'s [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateExtensionConstraints passthrough_extensions = 6 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return Whether the passthroughExtensions field is set.
+     */
+    boolean hasPassthroughExtensions();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes the set of X.509 extensions that may appear in a
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request
+     * sets extensions that don't appear in the [passthrough_extensions][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.passthrough_extensions],
+     * those extensions will be dropped. If a certificate request uses a
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with
+     * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] that don't
+     * appear here, the certificate issuance request will fail. If this is
+     * omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
+     * certificate's X.509 extensions. These constraints do not apply to X.509
+     * extensions set in this [CaPool][google.cloud.security.privateca.v1.CaPool]'s [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateExtensionConstraints passthrough_extensions = 6 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return The passthroughExtensions.
+     */
+    com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+        getPassthroughExtensions();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes the set of X.509 extensions that may appear in a
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request
+     * sets extensions that don't appear in the [passthrough_extensions][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.passthrough_extensions],
+     * those extensions will be dropped. If a certificate request uses a
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with
+     * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] that don't
+     * appear here, the certificate issuance request will fail. If this is
+     * omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
+     * certificate's X.509 extensions. These constraints do not apply to X.509
+     * extensions set in this [CaPool][google.cloud.security.privateca.v1.CaPool]'s [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateExtensionConstraints passthrough_extensions = 6 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    com.google.cloud.security.privateca.v1.CertificateExtensionConstraintsOrBuilder
+        getPassthroughExtensionsOrBuilder();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Defines controls over all certificate issuance within a [CaPool][google.cloud.security.privateca.v1.CaPool].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.CaPool.IssuancePolicy}
+   */
+  public static final class IssuancePolicy extends com.google.protobuf.GeneratedMessageV3
+      implements
+      // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.CaPool.IssuancePolicy)
+      IssuancePolicyOrBuilder {
+    private static final long serialVersionUID = 0L;
+    // Use IssuancePolicy.newBuilder() to construct.
+    private IssuancePolicy(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+      super(builder);
+    }
+
+    private IssuancePolicy() {
+      allowedKeyTypes_ = java.util.Collections.emptyList();
+    }
+
+    @java.lang.Override
+    @SuppressWarnings({"unused"})
+    protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+      return new IssuancePolicy();
+    }
+
+    @java.lang.Override
+    public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+      return this.unknownFields;
+    }
+
+    private IssuancePolicy(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      this();
+      if (extensionRegistry == null) {
+        throw new java.lang.NullPointerException();
+      }
+      int mutable_bitField0_ = 0;
+      com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+          com.google.protobuf.UnknownFieldSet.newBuilder();
+      try {
+        boolean done = false;
+        while (!done) {
+          int tag = input.readTag();
+          switch (tag) {
+            case 0:
+              done = true;
+              break;
+            case 10:
+              {
+                if (!((mutable_bitField0_ & 0x00000001) != 0)) {
+                  allowedKeyTypes_ =
+                      new java.util.ArrayList<
+                          com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy
+                              .AllowedKeyType>();
+                  mutable_bitField0_ |= 0x00000001;
+                }
+                allowedKeyTypes_.add(
+                    input.readMessage(
+                        com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                            .parser(),
+                        extensionRegistry));
+                break;
+              }
+            case 18:
+              {
+                com.google.protobuf.Duration.Builder subBuilder = null;
+                if (maximumLifetime_ != null) {
+                  subBuilder = maximumLifetime_.toBuilder();
+                }
+                maximumLifetime_ =
+                    input.readMessage(com.google.protobuf.Duration.parser(), extensionRegistry);
+                if (subBuilder != null) {
+                  subBuilder.mergeFrom(maximumLifetime_);
+                  maximumLifetime_ = subBuilder.buildPartial();
+                }
+
+                break;
+              }
+            case 26:
+              {
+                com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes.Builder
+                    subBuilder = null;
+                if (allowedIssuanceModes_ != null) {
+                  subBuilder = allowedIssuanceModes_.toBuilder();
+                }
+                allowedIssuanceModes_ =
+                    input.readMessage(
+                        com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes
+                            .parser(),
+                        extensionRegistry);
+                if (subBuilder != null) {
+                  subBuilder.mergeFrom(allowedIssuanceModes_);
+                  allowedIssuanceModes_ = subBuilder.buildPartial();
+                }
+
+                break;
+              }
+            case 34:
+              {
+                com.google.cloud.security.privateca.v1.X509Parameters.Builder subBuilder = null;
+                if (baselineValues_ != null) {
+                  subBuilder = baselineValues_.toBuilder();
+                }
+                baselineValues_ =
+                    input.readMessage(
+                        com.google.cloud.security.privateca.v1.X509Parameters.parser(),
+                        extensionRegistry);
+                if (subBuilder != null) {
+                  subBuilder.mergeFrom(baselineValues_);
+                  baselineValues_ = subBuilder.buildPartial();
+                }
+
+                break;
+              }
+            case 42:
+              {
+                com.google.cloud.security.privateca.v1.CertificateIdentityConstraints.Builder
+                    subBuilder = null;
+                if (identityConstraints_ != null) {
+                  subBuilder = identityConstraints_.toBuilder();
+                }
+                identityConstraints_ =
+                    input.readMessage(
+                        com.google.cloud.security.privateca.v1.CertificateIdentityConstraints
+                            .parser(),
+                        extensionRegistry);
+                if (subBuilder != null) {
+                  subBuilder.mergeFrom(identityConstraints_);
+                  identityConstraints_ = subBuilder.buildPartial();
+                }
+
+                break;
+              }
+            case 50:
+              {
+                com.google.cloud.security.privateca.v1.CertificateExtensionConstraints.Builder
+                    subBuilder = null;
+                if (passthroughExtensions_ != null) {
+                  subBuilder = passthroughExtensions_.toBuilder();
+                }
+                passthroughExtensions_ =
+                    input.readMessage(
+                        com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+                            .parser(),
+                        extensionRegistry);
+                if (subBuilder != null) {
+                  subBuilder.mergeFrom(passthroughExtensions_);
+                  passthroughExtensions_ = subBuilder.buildPartial();
+                }
+
+                break;
+              }
+            default:
+              {
+                if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                  done = true;
+                }
+                break;
+              }
+          }
+        }
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        throw e.setUnfinishedMessage(this);
+      } catch (java.io.IOException e) {
+        throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+      } finally {
+        if (((mutable_bitField0_ & 0x00000001) != 0)) {
+          allowedKeyTypes_ = java.util.Collections.unmodifiableList(allowedKeyTypes_);
+        }
+        this.unknownFields = unknownFields.build();
+        makeExtensionsImmutable();
+      }
+    }
+
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.class,
+              com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.Builder.class);
+    }
+
+    public interface AllowedKeyTypeOrBuilder
+        extends
+        // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType)
+        com.google.protobuf.MessageOrBuilder {
+
+      /**
+       *
+       *
+       * <pre>
+       * Represents an allowed RSA key type.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType rsa = 1;
+       * </code>
+       *
+       * @return Whether the rsa field is set.
+       */
+      boolean hasRsa();
+      /**
+       *
+       *
+       * <pre>
+       * Represents an allowed RSA key type.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType rsa = 1;
+       * </code>
+       *
+       * @return The rsa.
+       */
+      com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType
+          getRsa();
+      /**
+       *
+       *
+       * <pre>
+       * Represents an allowed RSA key type.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType rsa = 1;
+       * </code>
+       */
+      com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+              .RsaKeyTypeOrBuilder
+          getRsaOrBuilder();
+
+      /**
+       *
+       *
+       * <pre>
+       * Represents an allowed Elliptic Curve key type.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.NamedCurve elliptic_curve = 2;
+       * </code>
+       *
+       * @return Whether the ellipticCurve field is set.
+       */
+      boolean hasEllipticCurve();
+      /**
+       *
+       *
+       * <pre>
+       * Represents an allowed Elliptic Curve key type.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.NamedCurve elliptic_curve = 2;
+       * </code>
+       *
+       * @return The enum numeric value on the wire for ellipticCurve.
+       */
+      int getEllipticCurveValue();
+      /**
+       *
+       *
+       * <pre>
+       * Represents an allowed Elliptic Curve key type.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.NamedCurve elliptic_curve = 2;
+       * </code>
+       *
+       * @return The ellipticCurve.
+       */
+      com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.NamedCurve
+          getEllipticCurve();
+
+      public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.KeyTypeCase
+          getKeyTypeCase();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes a "type" of key that may be used in a [Certificate][google.cloud.security.privateca.v1.Certificate] issued
+     * from a [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * Note that a single [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] may refer to either a
+     * fully-qualified key algorithm, such as RSA 4096, or a family of key
+     * algorithms, such as any RSA key.
+     * </pre>
+     *
+     * Protobuf type {@code google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType}
+     */
+    public static final class AllowedKeyType extends com.google.protobuf.GeneratedMessageV3
+        implements
+        // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType)
+        AllowedKeyTypeOrBuilder {
+      private static final long serialVersionUID = 0L;
+      // Use AllowedKeyType.newBuilder() to construct.
+      private AllowedKeyType(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+        super(builder);
+      }
+
+      private AllowedKeyType() {}
+
+      @java.lang.Override
+      @SuppressWarnings({"unused"})
+      protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+        return new AllowedKeyType();
+      }
+
+      @java.lang.Override
+      public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+        return this.unknownFields;
+      }
+
+      private AllowedKeyType(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+        this();
+        if (extensionRegistry == null) {
+          throw new java.lang.NullPointerException();
+        }
+        com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+            com.google.protobuf.UnknownFieldSet.newBuilder();
+        try {
+          boolean done = false;
+          while (!done) {
+            int tag = input.readTag();
+            switch (tag) {
+              case 0:
+                done = true;
+                break;
+              case 10:
+                {
+                  com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                          .RsaKeyType.Builder
+                      subBuilder = null;
+                  if (keyTypeCase_ == 1) {
+                    subBuilder =
+                        ((com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy
+                                    .AllowedKeyType.RsaKeyType)
+                                keyType_)
+                            .toBuilder();
+                  }
+                  keyType_ =
+                      input.readMessage(
+                          com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy
+                              .AllowedKeyType.RsaKeyType.parser(),
+                          extensionRegistry);
+                  if (subBuilder != null) {
+                    subBuilder.mergeFrom(
+                        (com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                                .RsaKeyType)
+                            keyType_);
+                    keyType_ = subBuilder.buildPartial();
+                  }
+                  keyTypeCase_ = 1;
+                  break;
+                }
+              case 16:
+                {
+                  int rawValue = input.readEnum();
+                  keyTypeCase_ = 2;
+                  keyType_ = rawValue;
+                  break;
+                }
+              default:
+                {
+                  if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                    done = true;
+                  }
+                  break;
+                }
+            }
+          }
+        } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+          throw e.setUnfinishedMessage(this);
+        } catch (java.io.IOException e) {
+          throw new com.google.protobuf.InvalidProtocolBufferException(e)
+              .setUnfinishedMessage(this);
+        } finally {
+          this.unknownFields = unknownFields.build();
+          makeExtensionsImmutable();
+        }
+      }
+
+      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_AllowedKeyType_descriptor;
+      }
+
+      @java.lang.Override
+      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+          internalGetFieldAccessorTable() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_AllowedKeyType_fieldAccessorTable
+            .ensureFieldAccessorsInitialized(
+                com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.class,
+                com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.Builder
+                    .class);
+      }
+
+      /**
+       *
+       *
+       * <pre>
+       * Describes a named Elliptic Curve that may be used in a [Certificate][google.cloud.security.privateca.v1.Certificate]
+       * issued from a [CaPool][google.cloud.security.privateca.v1.CaPool].
+       * </pre>
+       *
+       * Protobuf enum {@code
+       * google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.NamedCurve}
+       */
+      public enum NamedCurve implements com.google.protobuf.ProtocolMessageEnum {
+        /**
+         *
+         *
+         * <pre>
+         * Not specified.
+         * </pre>
+         *
+         * <code>NAMED_CURVE_UNSPECIFIED = 0;</code>
+         */
+        NAMED_CURVE_UNSPECIFIED(0),
+        /**
+         *
+         *
+         * <pre>
+         * Refers to the NIST P-256 curve.
+         * </pre>
+         *
+         * <code>ECDSA_P256 = 2;</code>
+         */
+        ECDSA_P256(2),
+        /**
+         *
+         *
+         * <pre>
+         * Refers to the NIST P-384 curve.
+         * </pre>
+         *
+         * <code>ECDSA_P384 = 3;</code>
+         */
+        ECDSA_P384(3),
+        /**
+         *
+         *
+         * <pre>
+         * Refers to the Ed25519 curve, as described in RFC 8410.
+         * </pre>
+         *
+         * <code>EDDSA_25519 = 4;</code>
+         */
+        EDDSA_25519(4),
+        UNRECOGNIZED(-1),
+        ;
+
+        /**
+         *
+         *
+         * <pre>
+         * Not specified.
+         * </pre>
+         *
+         * <code>NAMED_CURVE_UNSPECIFIED = 0;</code>
+         */
+        public static final int NAMED_CURVE_UNSPECIFIED_VALUE = 0;
+        /**
+         *
+         *
+         * <pre>
+         * Refers to the NIST P-256 curve.
+         * </pre>
+         *
+         * <code>ECDSA_P256 = 2;</code>
+         */
+        public static final int ECDSA_P256_VALUE = 2;
+        /**
+         *
+         *
+         * <pre>
+         * Refers to the NIST P-384 curve.
+         * </pre>
+         *
+         * <code>ECDSA_P384 = 3;</code>
+         */
+        public static final int ECDSA_P384_VALUE = 3;
+        /**
+         *
+         *
+         * <pre>
+         * Refers to the Ed25519 curve, as described in RFC 8410.
+         * </pre>
+         *
+         * <code>EDDSA_25519 = 4;</code>
+         */
+        public static final int EDDSA_25519_VALUE = 4;
+
+        public final int getNumber() {
+          if (this == UNRECOGNIZED) {
+            throw new java.lang.IllegalArgumentException(
+                "Can't get the number of an unknown enum value.");
+          }
+          return value;
+        }
+
+        /**
+         * @param value The numeric wire value of the corresponding enum entry.
+         * @return The enum associated with the given numeric wire value.
+         * @deprecated Use {@link #forNumber(int)} instead.
+         */
+        @java.lang.Deprecated
+        public static NamedCurve valueOf(int value) {
+          return forNumber(value);
+        }
+
+        /**
+         * @param value The numeric wire value of the corresponding enum entry.
+         * @return The enum associated with the given numeric wire value.
+         */
+        public static NamedCurve forNumber(int value) {
+          switch (value) {
+            case 0:
+              return NAMED_CURVE_UNSPECIFIED;
+            case 2:
+              return ECDSA_P256;
+            case 3:
+              return ECDSA_P384;
+            case 4:
+              return EDDSA_25519;
+            default:
+              return null;
+          }
+        }
+
+        public static com.google.protobuf.Internal.EnumLiteMap<NamedCurve> internalGetValueMap() {
+          return internalValueMap;
+        }
+
+        private static final com.google.protobuf.Internal.EnumLiteMap<NamedCurve> internalValueMap =
+            new com.google.protobuf.Internal.EnumLiteMap<NamedCurve>() {
+              public NamedCurve findValueByNumber(int number) {
+                return NamedCurve.forNumber(number);
+              }
+            };
+
+        public final com.google.protobuf.Descriptors.EnumValueDescriptor getValueDescriptor() {
+          if (this == UNRECOGNIZED) {
+            throw new java.lang.IllegalStateException(
+                "Can't get the descriptor of an unrecognized enum value.");
+          }
+          return getDescriptor().getValues().get(ordinal());
+        }
+
+        public final com.google.protobuf.Descriptors.EnumDescriptor getDescriptorForType() {
+          return getDescriptor();
+        }
+
+        public static final com.google.protobuf.Descriptors.EnumDescriptor getDescriptor() {
+          return com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+              .getDescriptor()
+              .getEnumTypes()
+              .get(0);
+        }
+
+        private static final NamedCurve[] VALUES = values();
+
+        public static NamedCurve valueOf(com.google.protobuf.Descriptors.EnumValueDescriptor desc) {
+          if (desc.getType() != getDescriptor()) {
+            throw new java.lang.IllegalArgumentException(
+                "EnumValueDescriptor is not for this type.");
+          }
+          if (desc.getIndex() == -1) {
+            return UNRECOGNIZED;
+          }
+          return VALUES[desc.getIndex()];
+        }
+
+        private final int value;
+
+        private NamedCurve(int value) {
+          this.value = value;
+        }
+
+        // @@protoc_insertion_point(enum_scope:google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.NamedCurve)
+      }
+
+      public interface RsaKeyTypeOrBuilder
+          extends
+          // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType)
+          com.google.protobuf.MessageOrBuilder {
+
+        /**
+         *
+         *
+         * <pre>
+         * Optional. The minimum allowed RSA modulus size, in bits. If this is not set,
+         * or if set to zero, the service-level min RSA modulus size will
+         * continue to apply.
+         * </pre>
+         *
+         * <code>int64 min_modulus_size = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+         *
+         * @return The minModulusSize.
+         */
+        long getMinModulusSize();
+
+        /**
+         *
+         *
+         * <pre>
+         * Optional. The maximum allowed RSA modulus size, in bits. If this is not set,
+         * or if set to zero, the service will not enforce an explicit upper
+         * bound on RSA modulus sizes.
+         * </pre>
+         *
+         * <code>int64 max_modulus_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+         *
+         * @return The maxModulusSize.
+         */
+        long getMaxModulusSize();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Describes an RSA key that may be used in a [Certificate][google.cloud.security.privateca.v1.Certificate] issued from
+       * a [CaPool][google.cloud.security.privateca.v1.CaPool].
+       * </pre>
+       *
+       * Protobuf type {@code
+       * google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType}
+       */
+      public static final class RsaKeyType extends com.google.protobuf.GeneratedMessageV3
+          implements
+          // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType)
+          RsaKeyTypeOrBuilder {
+        private static final long serialVersionUID = 0L;
+        // Use RsaKeyType.newBuilder() to construct.
+        private RsaKeyType(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+          super(builder);
+        }
+
+        private RsaKeyType() {}
+
+        @java.lang.Override
+        @SuppressWarnings({"unused"})
+        protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+          return new RsaKeyType();
+        }
+
+        @java.lang.Override
+        public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+          return this.unknownFields;
+        }
+
+        private RsaKeyType(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          this();
+          if (extensionRegistry == null) {
+            throw new java.lang.NullPointerException();
+          }
+          com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+              com.google.protobuf.UnknownFieldSet.newBuilder();
+          try {
+            boolean done = false;
+            while (!done) {
+              int tag = input.readTag();
+              switch (tag) {
+                case 0:
+                  done = true;
+                  break;
+                case 8:
+                  {
+                    minModulusSize_ = input.readInt64();
+                    break;
+                  }
+                case 16:
+                  {
+                    maxModulusSize_ = input.readInt64();
+                    break;
+                  }
+                default:
+                  {
+                    if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                      done = true;
+                    }
+                    break;
+                  }
+              }
+            }
+          } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+            throw e.setUnfinishedMessage(this);
+          } catch (java.io.IOException e) {
+            throw new com.google.protobuf.InvalidProtocolBufferException(e)
+                .setUnfinishedMessage(this);
+          } finally {
+            this.unknownFields = unknownFields.build();
+            makeExtensionsImmutable();
+          }
+        }
+
+        public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+          return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+              .internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType_descriptor;
+        }
+
+        @java.lang.Override
+        protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+            internalGetFieldAccessorTable() {
+          return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+              .internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType_fieldAccessorTable
+              .ensureFieldAccessorsInitialized(
+                  com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                      .RsaKeyType.class,
+                  com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                      .RsaKeyType.Builder.class);
+        }
+
+        public static final int MIN_MODULUS_SIZE_FIELD_NUMBER = 1;
+        private long minModulusSize_;
+        /**
+         *
+         *
+         * <pre>
+         * Optional. The minimum allowed RSA modulus size, in bits. If this is not set,
+         * or if set to zero, the service-level min RSA modulus size will
+         * continue to apply.
+         * </pre>
+         *
+         * <code>int64 min_modulus_size = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+         *
+         * @return The minModulusSize.
+         */
+        @java.lang.Override
+        public long getMinModulusSize() {
+          return minModulusSize_;
+        }
+
+        public static final int MAX_MODULUS_SIZE_FIELD_NUMBER = 2;
+        private long maxModulusSize_;
+        /**
+         *
+         *
+         * <pre>
+         * Optional. The maximum allowed RSA modulus size, in bits. If this is not set,
+         * or if set to zero, the service will not enforce an explicit upper
+         * bound on RSA modulus sizes.
+         * </pre>
+         *
+         * <code>int64 max_modulus_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+         *
+         * @return The maxModulusSize.
+         */
+        @java.lang.Override
+        public long getMaxModulusSize() {
+          return maxModulusSize_;
+        }
+
+        private byte memoizedIsInitialized = -1;
+
+        @java.lang.Override
+        public final boolean isInitialized() {
+          byte isInitialized = memoizedIsInitialized;
+          if (isInitialized == 1) return true;
+          if (isInitialized == 0) return false;
+
+          memoizedIsInitialized = 1;
+          return true;
+        }
+
+        @java.lang.Override
+        public void writeTo(com.google.protobuf.CodedOutputStream output)
+            throws java.io.IOException {
+          if (minModulusSize_ != 0L) {
+            output.writeInt64(1, minModulusSize_);
+          }
+          if (maxModulusSize_ != 0L) {
+            output.writeInt64(2, maxModulusSize_);
+          }
+          unknownFields.writeTo(output);
+        }
+
+        @java.lang.Override
+        public int getSerializedSize() {
+          int size = memoizedSize;
+          if (size != -1) return size;
+
+          size = 0;
+          if (minModulusSize_ != 0L) {
+            size += com.google.protobuf.CodedOutputStream.computeInt64Size(1, minModulusSize_);
+          }
+          if (maxModulusSize_ != 0L) {
+            size += com.google.protobuf.CodedOutputStream.computeInt64Size(2, maxModulusSize_);
+          }
+          size += unknownFields.getSerializedSize();
+          memoizedSize = size;
+          return size;
+        }
+
+        @java.lang.Override
+        public boolean equals(final java.lang.Object obj) {
+          if (obj == this) {
+            return true;
+          }
+          if (!(obj
+              instanceof
+              com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                  .RsaKeyType)) {
+            return super.equals(obj);
+          }
+          com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType
+              other =
+                  (com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                          .RsaKeyType)
+                      obj;
+
+          if (getMinModulusSize() != other.getMinModulusSize()) return false;
+          if (getMaxModulusSize() != other.getMaxModulusSize()) return false;
+          if (!unknownFields.equals(other.unknownFields)) return false;
+          return true;
+        }
+
+        @java.lang.Override
+        public int hashCode() {
+          if (memoizedHashCode != 0) {
+            return memoizedHashCode;
+          }
+          int hash = 41;
+          hash = (19 * hash) + getDescriptor().hashCode();
+          hash = (37 * hash) + MIN_MODULUS_SIZE_FIELD_NUMBER;
+          hash = (53 * hash) + com.google.protobuf.Internal.hashLong(getMinModulusSize());
+          hash = (37 * hash) + MAX_MODULUS_SIZE_FIELD_NUMBER;
+          hash = (53 * hash) + com.google.protobuf.Internal.hashLong(getMaxModulusSize());
+          hash = (29 * hash) + unknownFields.hashCode();
+          memoizedHashCode = hash;
+          return hash;
+        }
+
+        public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .RsaKeyType
+            parseFrom(java.nio.ByteBuffer data)
+                throws com.google.protobuf.InvalidProtocolBufferException {
+          return PARSER.parseFrom(data);
+        }
+
+        public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .RsaKeyType
+            parseFrom(
+                java.nio.ByteBuffer data,
+                com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+                throws com.google.protobuf.InvalidProtocolBufferException {
+          return PARSER.parseFrom(data, extensionRegistry);
+        }
+
+        public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .RsaKeyType
+            parseFrom(com.google.protobuf.ByteString data)
+                throws com.google.protobuf.InvalidProtocolBufferException {
+          return PARSER.parseFrom(data);
+        }
+
+        public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .RsaKeyType
+            parseFrom(
+                com.google.protobuf.ByteString data,
+                com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+                throws com.google.protobuf.InvalidProtocolBufferException {
+          return PARSER.parseFrom(data, extensionRegistry);
+        }
+
+        public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .RsaKeyType
+            parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+          return PARSER.parseFrom(data);
+        }
+
+        public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .RsaKeyType
+            parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+                throws com.google.protobuf.InvalidProtocolBufferException {
+          return PARSER.parseFrom(data, extensionRegistry);
+        }
+
+        public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .RsaKeyType
+            parseFrom(java.io.InputStream input) throws java.io.IOException {
+          return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+        }
+
+        public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .RsaKeyType
+            parseFrom(
+                java.io.InputStream input,
+                com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+                throws java.io.IOException {
+          return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+              PARSER, input, extensionRegistry);
+        }
+
+        public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .RsaKeyType
+            parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+          return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+              PARSER, input);
+        }
+
+        public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .RsaKeyType
+            parseDelimitedFrom(
+                java.io.InputStream input,
+                com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+                throws java.io.IOException {
+          return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+              PARSER, input, extensionRegistry);
+        }
+
+        public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .RsaKeyType
+            parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+          return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+        }
+
+        public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .RsaKeyType
+            parseFrom(
+                com.google.protobuf.CodedInputStream input,
+                com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+                throws java.io.IOException {
+          return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+              PARSER, input, extensionRegistry);
+        }
+
+        @java.lang.Override
+        public Builder newBuilderForType() {
+          return newBuilder();
+        }
+
+        public static Builder newBuilder() {
+          return DEFAULT_INSTANCE.toBuilder();
+        }
+
+        public static Builder newBuilder(
+            com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType
+                prototype) {
+          return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+        }
+
+        @java.lang.Override
+        public Builder toBuilder() {
+          return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+        }
+
+        @java.lang.Override
+        protected Builder newBuilderForType(
+            com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+          Builder builder = new Builder(parent);
+          return builder;
+        }
+        /**
+         *
+         *
+         * <pre>
+         * Describes an RSA key that may be used in a [Certificate][google.cloud.security.privateca.v1.Certificate] issued from
+         * a [CaPool][google.cloud.security.privateca.v1.CaPool].
+         * </pre>
+         *
+         * Protobuf type {@code
+         * google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType}
+         */
+        public static final class Builder
+            extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+            implements
+            // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType)
+            com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .RsaKeyTypeOrBuilder {
+          public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+            return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+                .internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType_descriptor;
+          }
+
+          @java.lang.Override
+          protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+              internalGetFieldAccessorTable() {
+            return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+                .internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType_fieldAccessorTable
+                .ensureFieldAccessorsInitialized(
+                    com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                        .RsaKeyType.class,
+                    com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                        .RsaKeyType.Builder.class);
+          }
+
+          // Construct using
+          // com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType.newBuilder()
+          private Builder() {
+            maybeForceBuilderInitialization();
+          }
+
+          private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+            super(parent);
+            maybeForceBuilderInitialization();
+          }
+
+          private void maybeForceBuilderInitialization() {
+            if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+          }
+
+          @java.lang.Override
+          public Builder clear() {
+            super.clear();
+            minModulusSize_ = 0L;
+
+            maxModulusSize_ = 0L;
+
+            return this;
+          }
+
+          @java.lang.Override
+          public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+            return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+                .internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType_descriptor;
+          }
+
+          @java.lang.Override
+          public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                  .RsaKeyType
+              getDefaultInstanceForType() {
+            return com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .RsaKeyType.getDefaultInstance();
+          }
+
+          @java.lang.Override
+          public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                  .RsaKeyType
+              build() {
+            com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType
+                result = buildPartial();
+            if (!result.isInitialized()) {
+              throw newUninitializedMessageException(result);
+            }
+            return result;
+          }
+
+          @java.lang.Override
+          public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                  .RsaKeyType
+              buildPartial() {
+            com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType
+                result =
+                    new com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                        .RsaKeyType(this);
+            result.minModulusSize_ = minModulusSize_;
+            result.maxModulusSize_ = maxModulusSize_;
+            onBuilt();
+            return result;
+          }
+
+          @java.lang.Override
+          public Builder clone() {
+            return super.clone();
+          }
+
+          @java.lang.Override
+          public Builder setField(
+              com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+            return super.setField(field, value);
+          }
+
+          @java.lang.Override
+          public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+            return super.clearField(field);
+          }
+
+          @java.lang.Override
+          public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+            return super.clearOneof(oneof);
+          }
+
+          @java.lang.Override
+          public Builder setRepeatedField(
+              com.google.protobuf.Descriptors.FieldDescriptor field,
+              int index,
+              java.lang.Object value) {
+            return super.setRepeatedField(field, index, value);
+          }
+
+          @java.lang.Override
+          public Builder addRepeatedField(
+              com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+            return super.addRepeatedField(field, value);
+          }
+
+          @java.lang.Override
+          public Builder mergeFrom(com.google.protobuf.Message other) {
+            if (other
+                instanceof
+                com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                    .RsaKeyType) {
+              return mergeFrom(
+                  (com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                          .RsaKeyType)
+                      other);
+            } else {
+              super.mergeFrom(other);
+              return this;
+            }
+          }
+
+          public Builder mergeFrom(
+              com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType
+                  other) {
+            if (other
+                == com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                    .RsaKeyType.getDefaultInstance()) return this;
+            if (other.getMinModulusSize() != 0L) {
+              setMinModulusSize(other.getMinModulusSize());
+            }
+            if (other.getMaxModulusSize() != 0L) {
+              setMaxModulusSize(other.getMaxModulusSize());
+            }
+            this.mergeUnknownFields(other.unknownFields);
+            onChanged();
+            return this;
+          }
+
+          @java.lang.Override
+          public final boolean isInitialized() {
+            return true;
+          }
+
+          @java.lang.Override
+          public Builder mergeFrom(
+              com.google.protobuf.CodedInputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws java.io.IOException {
+            com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType
+                parsedMessage = null;
+            try {
+              parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+            } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+              parsedMessage =
+                  (com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                          .RsaKeyType)
+                      e.getUnfinishedMessage();
+              throw e.unwrapIOException();
+            } finally {
+              if (parsedMessage != null) {
+                mergeFrom(parsedMessage);
+              }
+            }
+            return this;
+          }
+
+          private long minModulusSize_;
+          /**
+           *
+           *
+           * <pre>
+           * Optional. The minimum allowed RSA modulus size, in bits. If this is not set,
+           * or if set to zero, the service-level min RSA modulus size will
+           * continue to apply.
+           * </pre>
+           *
+           * <code>int64 min_modulus_size = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+           *
+           * @return The minModulusSize.
+           */
+          @java.lang.Override
+          public long getMinModulusSize() {
+            return minModulusSize_;
+          }
+          /**
+           *
+           *
+           * <pre>
+           * Optional. The minimum allowed RSA modulus size, in bits. If this is not set,
+           * or if set to zero, the service-level min RSA modulus size will
+           * continue to apply.
+           * </pre>
+           *
+           * <code>int64 min_modulus_size = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+           *
+           * @param value The minModulusSize to set.
+           * @return This builder for chaining.
+           */
+          public Builder setMinModulusSize(long value) {
+
+            minModulusSize_ = value;
+            onChanged();
+            return this;
+          }
+          /**
+           *
+           *
+           * <pre>
+           * Optional. The minimum allowed RSA modulus size, in bits. If this is not set,
+           * or if set to zero, the service-level min RSA modulus size will
+           * continue to apply.
+           * </pre>
+           *
+           * <code>int64 min_modulus_size = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+           *
+           * @return This builder for chaining.
+           */
+          public Builder clearMinModulusSize() {
+
+            minModulusSize_ = 0L;
+            onChanged();
+            return this;
+          }
+
+          private long maxModulusSize_;
+          /**
+           *
+           *
+           * <pre>
+           * Optional. The maximum allowed RSA modulus size, in bits. If this is not set,
+           * or if set to zero, the service will not enforce an explicit upper
+           * bound on RSA modulus sizes.
+           * </pre>
+           *
+           * <code>int64 max_modulus_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+           *
+           * @return The maxModulusSize.
+           */
+          @java.lang.Override
+          public long getMaxModulusSize() {
+            return maxModulusSize_;
+          }
+          /**
+           *
+           *
+           * <pre>
+           * Optional. The maximum allowed RSA modulus size, in bits. If this is not set,
+           * or if set to zero, the service will not enforce an explicit upper
+           * bound on RSA modulus sizes.
+           * </pre>
+           *
+           * <code>int64 max_modulus_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+           *
+           * @param value The maxModulusSize to set.
+           * @return This builder for chaining.
+           */
+          public Builder setMaxModulusSize(long value) {
+
+            maxModulusSize_ = value;
+            onChanged();
+            return this;
+          }
+          /**
+           *
+           *
+           * <pre>
+           * Optional. The maximum allowed RSA modulus size, in bits. If this is not set,
+           * or if set to zero, the service will not enforce an explicit upper
+           * bound on RSA modulus sizes.
+           * </pre>
+           *
+           * <code>int64 max_modulus_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+           *
+           * @return This builder for chaining.
+           */
+          public Builder clearMaxModulusSize() {
+
+            maxModulusSize_ = 0L;
+            onChanged();
+            return this;
+          }
+
+          @java.lang.Override
+          public final Builder setUnknownFields(
+              final com.google.protobuf.UnknownFieldSet unknownFields) {
+            return super.setUnknownFields(unknownFields);
+          }
+
+          @java.lang.Override
+          public final Builder mergeUnknownFields(
+              final com.google.protobuf.UnknownFieldSet unknownFields) {
+            return super.mergeUnknownFields(unknownFields);
+          }
+
+          // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType)
+        }
+
+        // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType)
+        private static final com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy
+                .AllowedKeyType.RsaKeyType
+            DEFAULT_INSTANCE;
+
+        static {
+          DEFAULT_INSTANCE =
+              new com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                  .RsaKeyType();
+        }
+
+        public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .RsaKeyType
+            getDefaultInstance() {
+          return DEFAULT_INSTANCE;
+        }
+
+        private static final com.google.protobuf.Parser<RsaKeyType> PARSER =
+            new com.google.protobuf.AbstractParser<RsaKeyType>() {
+              @java.lang.Override
+              public RsaKeyType parsePartialFrom(
+                  com.google.protobuf.CodedInputStream input,
+                  com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+                  throws com.google.protobuf.InvalidProtocolBufferException {
+                return new RsaKeyType(input, extensionRegistry);
+              }
+            };
+
+        public static com.google.protobuf.Parser<RsaKeyType> parser() {
+          return PARSER;
+        }
+
+        @java.lang.Override
+        public com.google.protobuf.Parser<RsaKeyType> getParserForType() {
+          return PARSER;
+        }
+
+        @java.lang.Override
+        public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .RsaKeyType
+            getDefaultInstanceForType() {
+          return DEFAULT_INSTANCE;
+        }
+      }
+
+      private int keyTypeCase_ = 0;
+      private java.lang.Object keyType_;
+
+      public enum KeyTypeCase
+          implements
+              com.google.protobuf.Internal.EnumLite,
+              com.google.protobuf.AbstractMessage.InternalOneOfEnum {
+        RSA(1),
+        ELLIPTIC_CURVE(2),
+        KEYTYPE_NOT_SET(0);
+        private final int value;
+
+        private KeyTypeCase(int value) {
+          this.value = value;
+        }
+        /**
+         * @param value The number of the enum to look for.
+         * @return The enum associated with the given number.
+         * @deprecated Use {@link #forNumber(int)} instead.
+         */
+        @java.lang.Deprecated
+        public static KeyTypeCase valueOf(int value) {
+          return forNumber(value);
+        }
+
+        public static KeyTypeCase forNumber(int value) {
+          switch (value) {
+            case 1:
+              return RSA;
+            case 2:
+              return ELLIPTIC_CURVE;
+            case 0:
+              return KEYTYPE_NOT_SET;
+            default:
+              return null;
+          }
+        }
+
+        public int getNumber() {
+          return this.value;
+        }
+      };
+
+      public KeyTypeCase getKeyTypeCase() {
+        return KeyTypeCase.forNumber(keyTypeCase_);
+      }
+
+      public static final int RSA_FIELD_NUMBER = 1;
+      /**
+       *
+       *
+       * <pre>
+       * Represents an allowed RSA key type.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType rsa = 1;
+       * </code>
+       *
+       * @return Whether the rsa field is set.
+       */
+      @java.lang.Override
+      public boolean hasRsa() {
+        return keyTypeCase_ == 1;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Represents an allowed RSA key type.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType rsa = 1;
+       * </code>
+       *
+       * @return The rsa.
+       */
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType
+          getRsa() {
+        if (keyTypeCase_ == 1) {
+          return (com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                  .RsaKeyType)
+              keyType_;
+        }
+        return com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+            .RsaKeyType.getDefaultInstance();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Represents an allowed RSA key type.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType rsa = 1;
+       * </code>
+       */
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+              .RsaKeyTypeOrBuilder
+          getRsaOrBuilder() {
+        if (keyTypeCase_ == 1) {
+          return (com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                  .RsaKeyType)
+              keyType_;
+        }
+        return com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+            .RsaKeyType.getDefaultInstance();
+      }
+
+      public static final int ELLIPTIC_CURVE_FIELD_NUMBER = 2;
+      /**
+       *
+       *
+       * <pre>
+       * Represents an allowed Elliptic Curve key type.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.NamedCurve elliptic_curve = 2;
+       * </code>
+       *
+       * @return Whether the ellipticCurve field is set.
+       */
+      public boolean hasEllipticCurve() {
+        return keyTypeCase_ == 2;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Represents an allowed Elliptic Curve key type.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.NamedCurve elliptic_curve = 2;
+       * </code>
+       *
+       * @return The enum numeric value on the wire for ellipticCurve.
+       */
+      public int getEllipticCurveValue() {
+        if (keyTypeCase_ == 2) {
+          return (java.lang.Integer) keyType_;
+        }
+        return 0;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Represents an allowed Elliptic Curve key type.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.NamedCurve elliptic_curve = 2;
+       * </code>
+       *
+       * @return The ellipticCurve.
+       */
+      public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.NamedCurve
+          getEllipticCurve() {
+        if (keyTypeCase_ == 2) {
+          @SuppressWarnings("deprecation")
+          com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.NamedCurve
+              result =
+                  com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                      .NamedCurve.valueOf((java.lang.Integer) keyType_);
+          return result == null
+              ? com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                  .NamedCurve.UNRECOGNIZED
+              : result;
+        }
+        return com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+            .NamedCurve.NAMED_CURVE_UNSPECIFIED;
+      }
+
+      private byte memoizedIsInitialized = -1;
+
+      @java.lang.Override
+      public final boolean isInitialized() {
+        byte isInitialized = memoizedIsInitialized;
+        if (isInitialized == 1) return true;
+        if (isInitialized == 0) return false;
+
+        memoizedIsInitialized = 1;
+        return true;
+      }
+
+      @java.lang.Override
+      public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+        if (keyTypeCase_ == 1) {
+          output.writeMessage(
+              1,
+              (com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                      .RsaKeyType)
+                  keyType_);
+        }
+        if (keyTypeCase_ == 2) {
+          output.writeEnum(2, ((java.lang.Integer) keyType_));
+        }
+        unknownFields.writeTo(output);
+      }
+
+      @java.lang.Override
+      public int getSerializedSize() {
+        int size = memoizedSize;
+        if (size != -1) return size;
+
+        size = 0;
+        if (keyTypeCase_ == 1) {
+          size +=
+              com.google.protobuf.CodedOutputStream.computeMessageSize(
+                  1,
+                  (com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                          .RsaKeyType)
+                      keyType_);
+        }
+        if (keyTypeCase_ == 2) {
+          size +=
+              com.google.protobuf.CodedOutputStream.computeEnumSize(
+                  2, ((java.lang.Integer) keyType_));
+        }
+        size += unknownFields.getSerializedSize();
+        memoizedSize = size;
+        return size;
+      }
+
+      @java.lang.Override
+      public boolean equals(final java.lang.Object obj) {
+        if (obj == this) {
+          return true;
+        }
+        if (!(obj
+            instanceof
+            com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType)) {
+          return super.equals(obj);
+        }
+        com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType other =
+            (com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType) obj;
+
+        if (!getKeyTypeCase().equals(other.getKeyTypeCase())) return false;
+        switch (keyTypeCase_) {
+          case 1:
+            if (!getRsa().equals(other.getRsa())) return false;
+            break;
+          case 2:
+            if (getEllipticCurveValue() != other.getEllipticCurveValue()) return false;
+            break;
+          case 0:
+          default:
+        }
+        if (!unknownFields.equals(other.unknownFields)) return false;
+        return true;
+      }
+
+      @java.lang.Override
+      public int hashCode() {
+        if (memoizedHashCode != 0) {
+          return memoizedHashCode;
+        }
+        int hash = 41;
+        hash = (19 * hash) + getDescriptor().hashCode();
+        switch (keyTypeCase_) {
+          case 1:
+            hash = (37 * hash) + RSA_FIELD_NUMBER;
+            hash = (53 * hash) + getRsa().hashCode();
+            break;
+          case 2:
+            hash = (37 * hash) + ELLIPTIC_CURVE_FIELD_NUMBER;
+            hash = (53 * hash) + getEllipticCurveValue();
+            break;
+          case 0:
+          default:
+        }
+        hash = (29 * hash) + unknownFields.hashCode();
+        memoizedHashCode = hash;
+        return hash;
+      }
+
+      public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+          parseFrom(java.nio.ByteBuffer data)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+        return PARSER.parseFrom(data);
+      }
+
+      public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+          parseFrom(
+              java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+        return PARSER.parseFrom(data, extensionRegistry);
+      }
+
+      public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+          parseFrom(com.google.protobuf.ByteString data)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+        return PARSER.parseFrom(data);
+      }
+
+      public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+          parseFrom(
+              com.google.protobuf.ByteString data,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+        return PARSER.parseFrom(data, extensionRegistry);
+      }
+
+      public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+          parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+        return PARSER.parseFrom(data);
+      }
+
+      public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+          parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+        return PARSER.parseFrom(data, extensionRegistry);
+      }
+
+      public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+          parseFrom(java.io.InputStream input) throws java.io.IOException {
+        return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+      }
+
+      public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+          parseFrom(
+              java.io.InputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws java.io.IOException {
+        return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+            PARSER, input, extensionRegistry);
+      }
+
+      public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+          parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+        return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+      }
+
+      public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+          parseDelimitedFrom(
+              java.io.InputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws java.io.IOException {
+        return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+            PARSER, input, extensionRegistry);
+      }
+
+      public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+          parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+        return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+      }
+
+      public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+          parseFrom(
+              com.google.protobuf.CodedInputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws java.io.IOException {
+        return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+            PARSER, input, extensionRegistry);
+      }
+
+      @java.lang.Override
+      public Builder newBuilderForType() {
+        return newBuilder();
+      }
+
+      public static Builder newBuilder() {
+        return DEFAULT_INSTANCE.toBuilder();
+      }
+
+      public static Builder newBuilder(
+          com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType prototype) {
+        return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+      }
+
+      @java.lang.Override
+      public Builder toBuilder() {
+        return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+      }
+
+      @java.lang.Override
+      protected Builder newBuilderForType(
+          com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+        Builder builder = new Builder(parent);
+        return builder;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Describes a "type" of key that may be used in a [Certificate][google.cloud.security.privateca.v1.Certificate] issued
+       * from a [CaPool][google.cloud.security.privateca.v1.CaPool].
+       * Note that a single [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] may refer to either a
+       * fully-qualified key algorithm, such as RSA 4096, or a family of key
+       * algorithms, such as any RSA key.
+       * </pre>
+       *
+       * Protobuf type {@code
+       * google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType}
+       */
+      public static final class Builder
+          extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+          implements
+          // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType)
+          com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyTypeOrBuilder {
+        public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+          return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+              .internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_AllowedKeyType_descriptor;
+        }
+
+        @java.lang.Override
+        protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+            internalGetFieldAccessorTable() {
+          return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+              .internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_AllowedKeyType_fieldAccessorTable
+              .ensureFieldAccessorsInitialized(
+                  com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.class,
+                  com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                      .Builder.class);
+        }
+
+        // Construct using
+        // com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.newBuilder()
+        private Builder() {
+          maybeForceBuilderInitialization();
+        }
+
+        private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+          super(parent);
+          maybeForceBuilderInitialization();
+        }
+
+        private void maybeForceBuilderInitialization() {
+          if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+        }
+
+        @java.lang.Override
+        public Builder clear() {
+          super.clear();
+          keyTypeCase_ = 0;
+          keyType_ = null;
+          return this;
+        }
+
+        @java.lang.Override
+        public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+          return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+              .internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_AllowedKeyType_descriptor;
+        }
+
+        @java.lang.Override
+        public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+            getDefaultInstanceForType() {
+          return com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+              .getDefaultInstance();
+        }
+
+        @java.lang.Override
+        public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType build() {
+          com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType result =
+              buildPartial();
+          if (!result.isInitialized()) {
+            throw newUninitializedMessageException(result);
+          }
+          return result;
+        }
+
+        @java.lang.Override
+        public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+            buildPartial() {
+          com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType result =
+              new com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType(this);
+          if (keyTypeCase_ == 1) {
+            if (rsaBuilder_ == null) {
+              result.keyType_ = keyType_;
+            } else {
+              result.keyType_ = rsaBuilder_.build();
+            }
+          }
+          if (keyTypeCase_ == 2) {
+            result.keyType_ = keyType_;
+          }
+          result.keyTypeCase_ = keyTypeCase_;
+          onBuilt();
+          return result;
+        }
+
+        @java.lang.Override
+        public Builder clone() {
+          return super.clone();
+        }
+
+        @java.lang.Override
+        public Builder setField(
+            com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+          return super.setField(field, value);
+        }
+
+        @java.lang.Override
+        public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+          return super.clearField(field);
+        }
+
+        @java.lang.Override
+        public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+          return super.clearOneof(oneof);
+        }
+
+        @java.lang.Override
+        public Builder setRepeatedField(
+            com.google.protobuf.Descriptors.FieldDescriptor field,
+            int index,
+            java.lang.Object value) {
+          return super.setRepeatedField(field, index, value);
+        }
+
+        @java.lang.Override
+        public Builder addRepeatedField(
+            com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+          return super.addRepeatedField(field, value);
+        }
+
+        @java.lang.Override
+        public Builder mergeFrom(com.google.protobuf.Message other) {
+          if (other
+              instanceof
+              com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType) {
+            return mergeFrom(
+                (com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType)
+                    other);
+          } else {
+            super.mergeFrom(other);
+            return this;
+          }
+        }
+
+        public Builder mergeFrom(
+            com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType other) {
+          if (other
+              == com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                  .getDefaultInstance()) return this;
+          switch (other.getKeyTypeCase()) {
+            case RSA:
+              {
+                mergeRsa(other.getRsa());
+                break;
+              }
+            case ELLIPTIC_CURVE:
+              {
+                setEllipticCurveValue(other.getEllipticCurveValue());
+                break;
+              }
+            case KEYTYPE_NOT_SET:
+              {
+                break;
+              }
+          }
+          this.mergeUnknownFields(other.unknownFields);
+          onChanged();
+          return this;
+        }
+
+        @java.lang.Override
+        public final boolean isInitialized() {
+          return true;
+        }
+
+        @java.lang.Override
+        public Builder mergeFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+          com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+              parsedMessage = null;
+          try {
+            parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+          } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+            parsedMessage =
+                (com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType)
+                    e.getUnfinishedMessage();
+            throw e.unwrapIOException();
+          } finally {
+            if (parsedMessage != null) {
+              mergeFrom(parsedMessage);
+            }
+          }
+          return this;
+        }
+
+        private int keyTypeCase_ = 0;
+        private java.lang.Object keyType_;
+
+        public KeyTypeCase getKeyTypeCase() {
+          return KeyTypeCase.forNumber(keyTypeCase_);
+        }
+
+        public Builder clearKeyType() {
+          keyTypeCase_ = 0;
+          keyType_ = null;
+          onChanged();
+          return this;
+        }
+
+        private com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                    .RsaKeyType,
+                com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                    .RsaKeyType.Builder,
+                com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                    .RsaKeyTypeOrBuilder>
+            rsaBuilder_;
+        /**
+         *
+         *
+         * <pre>
+         * Represents an allowed RSA key type.
+         * </pre>
+         *
+         * <code>
+         * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType rsa = 1;
+         * </code>
+         *
+         * @return Whether the rsa field is set.
+         */
+        @java.lang.Override
+        public boolean hasRsa() {
+          return keyTypeCase_ == 1;
+        }
+        /**
+         *
+         *
+         * <pre>
+         * Represents an allowed RSA key type.
+         * </pre>
+         *
+         * <code>
+         * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType rsa = 1;
+         * </code>
+         *
+         * @return The rsa.
+         */
+        @java.lang.Override
+        public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .RsaKeyType
+            getRsa() {
+          if (rsaBuilder_ == null) {
+            if (keyTypeCase_ == 1) {
+              return (com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                      .RsaKeyType)
+                  keyType_;
+            }
+            return com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .RsaKeyType.getDefaultInstance();
+          } else {
+            if (keyTypeCase_ == 1) {
+              return rsaBuilder_.getMessage();
+            }
+            return com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .RsaKeyType.getDefaultInstance();
+          }
+        }
+        /**
+         *
+         *
+         * <pre>
+         * Represents an allowed RSA key type.
+         * </pre>
+         *
+         * <code>
+         * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType rsa = 1;
+         * </code>
+         */
+        public Builder setRsa(
+            com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType
+                value) {
+          if (rsaBuilder_ == null) {
+            if (value == null) {
+              throw new NullPointerException();
+            }
+            keyType_ = value;
+            onChanged();
+          } else {
+            rsaBuilder_.setMessage(value);
+          }
+          keyTypeCase_ = 1;
+          return this;
+        }
+        /**
+         *
+         *
+         * <pre>
+         * Represents an allowed RSA key type.
+         * </pre>
+         *
+         * <code>
+         * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType rsa = 1;
+         * </code>
+         */
+        public Builder setRsa(
+            com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType
+                    .Builder
+                builderForValue) {
+          if (rsaBuilder_ == null) {
+            keyType_ = builderForValue.build();
+            onChanged();
+          } else {
+            rsaBuilder_.setMessage(builderForValue.build());
+          }
+          keyTypeCase_ = 1;
+          return this;
+        }
+        /**
+         *
+         *
+         * <pre>
+         * Represents an allowed RSA key type.
+         * </pre>
+         *
+         * <code>
+         * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType rsa = 1;
+         * </code>
+         */
+        public Builder mergeRsa(
+            com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType
+                value) {
+          if (rsaBuilder_ == null) {
+            if (keyTypeCase_ == 1
+                && keyType_
+                    != com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                        .RsaKeyType.getDefaultInstance()) {
+              keyType_ =
+                  com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                      .RsaKeyType.newBuilder(
+                          (com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy
+                                  .AllowedKeyType.RsaKeyType)
+                              keyType_)
+                      .mergeFrom(value)
+                      .buildPartial();
+            } else {
+              keyType_ = value;
+            }
+            onChanged();
+          } else {
+            if (keyTypeCase_ == 1) {
+              rsaBuilder_.mergeFrom(value);
+            }
+            rsaBuilder_.setMessage(value);
+          }
+          keyTypeCase_ = 1;
+          return this;
+        }
+        /**
+         *
+         *
+         * <pre>
+         * Represents an allowed RSA key type.
+         * </pre>
+         *
+         * <code>
+         * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType rsa = 1;
+         * </code>
+         */
+        public Builder clearRsa() {
+          if (rsaBuilder_ == null) {
+            if (keyTypeCase_ == 1) {
+              keyTypeCase_ = 0;
+              keyType_ = null;
+              onChanged();
+            }
+          } else {
+            if (keyTypeCase_ == 1) {
+              keyTypeCase_ = 0;
+              keyType_ = null;
+            }
+            rsaBuilder_.clear();
+          }
+          return this;
+        }
+        /**
+         *
+         *
+         * <pre>
+         * Represents an allowed RSA key type.
+         * </pre>
+         *
+         * <code>
+         * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType rsa = 1;
+         * </code>
+         */
+        public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .RsaKeyType.Builder
+            getRsaBuilder() {
+          return getRsaFieldBuilder().getBuilder();
+        }
+        /**
+         *
+         *
+         * <pre>
+         * Represents an allowed RSA key type.
+         * </pre>
+         *
+         * <code>
+         * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType rsa = 1;
+         * </code>
+         */
+        @java.lang.Override
+        public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .RsaKeyTypeOrBuilder
+            getRsaOrBuilder() {
+          if ((keyTypeCase_ == 1) && (rsaBuilder_ != null)) {
+            return rsaBuilder_.getMessageOrBuilder();
+          } else {
+            if (keyTypeCase_ == 1) {
+              return (com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                      .RsaKeyType)
+                  keyType_;
+            }
+            return com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .RsaKeyType.getDefaultInstance();
+          }
+        }
+        /**
+         *
+         *
+         * <pre>
+         * Represents an allowed RSA key type.
+         * </pre>
+         *
+         * <code>
+         * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.RsaKeyType rsa = 1;
+         * </code>
+         */
+        private com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                    .RsaKeyType,
+                com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                    .RsaKeyType.Builder,
+                com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                    .RsaKeyTypeOrBuilder>
+            getRsaFieldBuilder() {
+          if (rsaBuilder_ == null) {
+            if (!(keyTypeCase_ == 1)) {
+              keyType_ =
+                  com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                      .RsaKeyType.getDefaultInstance();
+            }
+            rsaBuilder_ =
+                new com.google.protobuf.SingleFieldBuilderV3<
+                    com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                        .RsaKeyType,
+                    com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                        .RsaKeyType.Builder,
+                    com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                        .RsaKeyTypeOrBuilder>(
+                    (com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                            .RsaKeyType)
+                        keyType_,
+                    getParentForChildren(),
+                    isClean());
+            keyType_ = null;
+          }
+          keyTypeCase_ = 1;
+          onChanged();
+          ;
+          return rsaBuilder_;
+        }
+
+        /**
+         *
+         *
+         * <pre>
+         * Represents an allowed Elliptic Curve key type.
+         * </pre>
+         *
+         * <code>
+         * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.NamedCurve elliptic_curve = 2;
+         * </code>
+         *
+         * @return Whether the ellipticCurve field is set.
+         */
+        @java.lang.Override
+        public boolean hasEllipticCurve() {
+          return keyTypeCase_ == 2;
+        }
+        /**
+         *
+         *
+         * <pre>
+         * Represents an allowed Elliptic Curve key type.
+         * </pre>
+         *
+         * <code>
+         * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.NamedCurve elliptic_curve = 2;
+         * </code>
+         *
+         * @return The enum numeric value on the wire for ellipticCurve.
+         */
+        @java.lang.Override
+        public int getEllipticCurveValue() {
+          if (keyTypeCase_ == 2) {
+            return ((java.lang.Integer) keyType_).intValue();
+          }
+          return 0;
+        }
+        /**
+         *
+         *
+         * <pre>
+         * Represents an allowed Elliptic Curve key type.
+         * </pre>
+         *
+         * <code>
+         * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.NamedCurve elliptic_curve = 2;
+         * </code>
+         *
+         * @param value The enum numeric value on the wire for ellipticCurve to set.
+         * @return This builder for chaining.
+         */
+        public Builder setEllipticCurveValue(int value) {
+          keyTypeCase_ = 2;
+          keyType_ = value;
+          onChanged();
+          return this;
+        }
+        /**
+         *
+         *
+         * <pre>
+         * Represents an allowed Elliptic Curve key type.
+         * </pre>
+         *
+         * <code>
+         * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.NamedCurve elliptic_curve = 2;
+         * </code>
+         *
+         * @return The ellipticCurve.
+         */
+        @java.lang.Override
+        public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                .NamedCurve
+            getEllipticCurve() {
+          if (keyTypeCase_ == 2) {
+            @SuppressWarnings("deprecation")
+            com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.NamedCurve
+                result =
+                    com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                        .NamedCurve.valueOf((java.lang.Integer) keyType_);
+            return result == null
+                ? com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                    .NamedCurve.UNRECOGNIZED
+                : result;
+          }
+          return com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+              .NamedCurve.NAMED_CURVE_UNSPECIFIED;
+        }
+        /**
+         *
+         *
+         * <pre>
+         * Represents an allowed Elliptic Curve key type.
+         * </pre>
+         *
+         * <code>
+         * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.NamedCurve elliptic_curve = 2;
+         * </code>
+         *
+         * @param value The ellipticCurve to set.
+         * @return This builder for chaining.
+         */
+        public Builder setEllipticCurve(
+            com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.NamedCurve
+                value) {
+          if (value == null) {
+            throw new NullPointerException();
+          }
+          keyTypeCase_ = 2;
+          keyType_ = value.getNumber();
+          onChanged();
+          return this;
+        }
+        /**
+         *
+         *
+         * <pre>
+         * Represents an allowed Elliptic Curve key type.
+         * </pre>
+         *
+         * <code>
+         * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.NamedCurve elliptic_curve = 2;
+         * </code>
+         *
+         * @return This builder for chaining.
+         */
+        public Builder clearEllipticCurve() {
+          if (keyTypeCase_ == 2) {
+            keyTypeCase_ = 0;
+            keyType_ = null;
+            onChanged();
+          }
+          return this;
+        }
+
+        @java.lang.Override
+        public final Builder setUnknownFields(
+            final com.google.protobuf.UnknownFieldSet unknownFields) {
+          return super.setUnknownFields(unknownFields);
+        }
+
+        @java.lang.Override
+        public final Builder mergeUnknownFields(
+            final com.google.protobuf.UnknownFieldSet unknownFields) {
+          return super.mergeUnknownFields(unknownFields);
+        }
+
+        // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType)
+      }
+
+      // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType)
+      private static final com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy
+              .AllowedKeyType
+          DEFAULT_INSTANCE;
+
+      static {
+        DEFAULT_INSTANCE =
+            new com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType();
+      }
+
+      public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+          getDefaultInstance() {
+        return DEFAULT_INSTANCE;
+      }
+
+      private static final com.google.protobuf.Parser<AllowedKeyType> PARSER =
+          new com.google.protobuf.AbstractParser<AllowedKeyType>() {
+            @java.lang.Override
+            public AllowedKeyType parsePartialFrom(
+                com.google.protobuf.CodedInputStream input,
+                com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+                throws com.google.protobuf.InvalidProtocolBufferException {
+              return new AllowedKeyType(input, extensionRegistry);
+            }
+          };
+
+      public static com.google.protobuf.Parser<AllowedKeyType> parser() {
+        return PARSER;
+      }
+
+      @java.lang.Override
+      public com.google.protobuf.Parser<AllowedKeyType> getParserForType() {
+        return PARSER;
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+          getDefaultInstanceForType() {
+        return DEFAULT_INSTANCE;
+      }
+    }
+
+    public interface IssuanceModesOrBuilder
+        extends
+        // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes)
+        com.google.protobuf.MessageOrBuilder {
+
+      /**
+       *
+       *
+       * <pre>
+       * Required. When true, allows callers to create [Certificates][google.cloud.security.privateca.v1.Certificate] by
+       * specifying a CSR.
+       * </pre>
+       *
+       * <code>bool allow_csr_based_issuance = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+       *
+       * @return The allowCsrBasedIssuance.
+       */
+      boolean getAllowCsrBasedIssuance();
+
+      /**
+       *
+       *
+       * <pre>
+       * Required. When true, allows callers to create [Certificates][google.cloud.security.privateca.v1.Certificate] by
+       * specifying a [CertificateConfig][google.cloud.security.privateca.v1.CertificateConfig].
+       * </pre>
+       *
+       * <code>bool allow_config_based_issuance = 2 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       *
+       * @return The allowConfigBasedIssuance.
+       */
+      boolean getAllowConfigBasedIssuance();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes] specifies the allowed ways in which
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] may be requested from this
+     * [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * Protobuf type {@code google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes}
+     */
+    public static final class IssuanceModes extends com.google.protobuf.GeneratedMessageV3
+        implements
+        // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes)
+        IssuanceModesOrBuilder {
+      private static final long serialVersionUID = 0L;
+      // Use IssuanceModes.newBuilder() to construct.
+      private IssuanceModes(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+        super(builder);
+      }
+
+      private IssuanceModes() {}
+
+      @java.lang.Override
+      @SuppressWarnings({"unused"})
+      protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+        return new IssuanceModes();
+      }
+
+      @java.lang.Override
+      public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+        return this.unknownFields;
+      }
+
+      private IssuanceModes(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+        this();
+        if (extensionRegistry == null) {
+          throw new java.lang.NullPointerException();
+        }
+        com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+            com.google.protobuf.UnknownFieldSet.newBuilder();
+        try {
+          boolean done = false;
+          while (!done) {
+            int tag = input.readTag();
+            switch (tag) {
+              case 0:
+                done = true;
+                break;
+              case 8:
+                {
+                  allowCsrBasedIssuance_ = input.readBool();
+                  break;
+                }
+              case 16:
+                {
+                  allowConfigBasedIssuance_ = input.readBool();
+                  break;
+                }
+              default:
+                {
+                  if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                    done = true;
+                  }
+                  break;
+                }
+            }
+          }
+        } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+          throw e.setUnfinishedMessage(this);
+        } catch (java.io.IOException e) {
+          throw new com.google.protobuf.InvalidProtocolBufferException(e)
+              .setUnfinishedMessage(this);
+        } finally {
+          this.unknownFields = unknownFields.build();
+          makeExtensionsImmutable();
+        }
+      }
+
+      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_IssuanceModes_descriptor;
+      }
+
+      @java.lang.Override
+      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+          internalGetFieldAccessorTable() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_IssuanceModes_fieldAccessorTable
+            .ensureFieldAccessorsInitialized(
+                com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes.class,
+                com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes.Builder
+                    .class);
+      }
+
+      public static final int ALLOW_CSR_BASED_ISSUANCE_FIELD_NUMBER = 1;
+      private boolean allowCsrBasedIssuance_;
+      /**
+       *
+       *
+       * <pre>
+       * Required. When true, allows callers to create [Certificates][google.cloud.security.privateca.v1.Certificate] by
+       * specifying a CSR.
+       * </pre>
+       *
+       * <code>bool allow_csr_based_issuance = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+       *
+       * @return The allowCsrBasedIssuance.
+       */
+      @java.lang.Override
+      public boolean getAllowCsrBasedIssuance() {
+        return allowCsrBasedIssuance_;
+      }
+
+      public static final int ALLOW_CONFIG_BASED_ISSUANCE_FIELD_NUMBER = 2;
+      private boolean allowConfigBasedIssuance_;
+      /**
+       *
+       *
+       * <pre>
+       * Required. When true, allows callers to create [Certificates][google.cloud.security.privateca.v1.Certificate] by
+       * specifying a [CertificateConfig][google.cloud.security.privateca.v1.CertificateConfig].
+       * </pre>
+       *
+       * <code>bool allow_config_based_issuance = 2 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       *
+       * @return The allowConfigBasedIssuance.
+       */
+      @java.lang.Override
+      public boolean getAllowConfigBasedIssuance() {
+        return allowConfigBasedIssuance_;
+      }
+
+      private byte memoizedIsInitialized = -1;
+
+      @java.lang.Override
+      public final boolean isInitialized() {
+        byte isInitialized = memoizedIsInitialized;
+        if (isInitialized == 1) return true;
+        if (isInitialized == 0) return false;
+
+        memoizedIsInitialized = 1;
+        return true;
+      }
+
+      @java.lang.Override
+      public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+        if (allowCsrBasedIssuance_ != false) {
+          output.writeBool(1, allowCsrBasedIssuance_);
+        }
+        if (allowConfigBasedIssuance_ != false) {
+          output.writeBool(2, allowConfigBasedIssuance_);
+        }
+        unknownFields.writeTo(output);
+      }
+
+      @java.lang.Override
+      public int getSerializedSize() {
+        int size = memoizedSize;
+        if (size != -1) return size;
+
+        size = 0;
+        if (allowCsrBasedIssuance_ != false) {
+          size += com.google.protobuf.CodedOutputStream.computeBoolSize(1, allowCsrBasedIssuance_);
+        }
+        if (allowConfigBasedIssuance_ != false) {
+          size +=
+              com.google.protobuf.CodedOutputStream.computeBoolSize(2, allowConfigBasedIssuance_);
+        }
+        size += unknownFields.getSerializedSize();
+        memoizedSize = size;
+        return size;
+      }
+
+      @java.lang.Override
+      public boolean equals(final java.lang.Object obj) {
+        if (obj == this) {
+          return true;
+        }
+        if (!(obj
+            instanceof
+            com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes)) {
+          return super.equals(obj);
+        }
+        com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes other =
+            (com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes) obj;
+
+        if (getAllowCsrBasedIssuance() != other.getAllowCsrBasedIssuance()) return false;
+        if (getAllowConfigBasedIssuance() != other.getAllowConfigBasedIssuance()) return false;
+        if (!unknownFields.equals(other.unknownFields)) return false;
+        return true;
+      }
+
+      @java.lang.Override
+      public int hashCode() {
+        if (memoizedHashCode != 0) {
+          return memoizedHashCode;
+        }
+        int hash = 41;
+        hash = (19 * hash) + getDescriptor().hashCode();
+        hash = (37 * hash) + ALLOW_CSR_BASED_ISSUANCE_FIELD_NUMBER;
+        hash = (53 * hash) + com.google.protobuf.Internal.hashBoolean(getAllowCsrBasedIssuance());
+        hash = (37 * hash) + ALLOW_CONFIG_BASED_ISSUANCE_FIELD_NUMBER;
+        hash =
+            (53 * hash) + com.google.protobuf.Internal.hashBoolean(getAllowConfigBasedIssuance());
+        hash = (29 * hash) + unknownFields.hashCode();
+        memoizedHashCode = hash;
+        return hash;
+      }
+
+      public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes
+          parseFrom(java.nio.ByteBuffer data)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+        return PARSER.parseFrom(data);
+      }
+
+      public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes
+          parseFrom(
+              java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+        return PARSER.parseFrom(data, extensionRegistry);
+      }
+
+      public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes
+          parseFrom(com.google.protobuf.ByteString data)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+        return PARSER.parseFrom(data);
+      }
+
+      public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes
+          parseFrom(
+              com.google.protobuf.ByteString data,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+        return PARSER.parseFrom(data, extensionRegistry);
+      }
+
+      public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes
+          parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+        return PARSER.parseFrom(data);
+      }
+
+      public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes
+          parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+        return PARSER.parseFrom(data, extensionRegistry);
+      }
+
+      public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes
+          parseFrom(java.io.InputStream input) throws java.io.IOException {
+        return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+      }
+
+      public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes
+          parseFrom(
+              java.io.InputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws java.io.IOException {
+        return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+            PARSER, input, extensionRegistry);
+      }
+
+      public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes
+          parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+        return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+      }
+
+      public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes
+          parseDelimitedFrom(
+              java.io.InputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws java.io.IOException {
+        return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+            PARSER, input, extensionRegistry);
+      }
+
+      public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes
+          parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+        return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+      }
+
+      public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes
+          parseFrom(
+              com.google.protobuf.CodedInputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws java.io.IOException {
+        return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+            PARSER, input, extensionRegistry);
+      }
+
+      @java.lang.Override
+      public Builder newBuilderForType() {
+        return newBuilder();
+      }
+
+      public static Builder newBuilder() {
+        return DEFAULT_INSTANCE.toBuilder();
+      }
+
+      public static Builder newBuilder(
+          com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes prototype) {
+        return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+      }
+
+      @java.lang.Override
+      public Builder toBuilder() {
+        return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+      }
+
+      @java.lang.Override
+      protected Builder newBuilderForType(
+          com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+        Builder builder = new Builder(parent);
+        return builder;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes] specifies the allowed ways in which
+       * [Certificates][google.cloud.security.privateca.v1.Certificate] may be requested from this
+       * [CaPool][google.cloud.security.privateca.v1.CaPool].
+       * </pre>
+       *
+       * Protobuf type {@code
+       * google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes}
+       */
+      public static final class Builder
+          extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+          implements
+          // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes)
+          com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModesOrBuilder {
+        public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+          return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+              .internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_IssuanceModes_descriptor;
+        }
+
+        @java.lang.Override
+        protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+            internalGetFieldAccessorTable() {
+          return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+              .internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_IssuanceModes_fieldAccessorTable
+              .ensureFieldAccessorsInitialized(
+                  com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes.class,
+                  com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes.Builder
+                      .class);
+        }
+
+        // Construct using
+        // com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes.newBuilder()
+        private Builder() {
+          maybeForceBuilderInitialization();
+        }
+
+        private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+          super(parent);
+          maybeForceBuilderInitialization();
+        }
+
+        private void maybeForceBuilderInitialization() {
+          if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+        }
+
+        @java.lang.Override
+        public Builder clear() {
+          super.clear();
+          allowCsrBasedIssuance_ = false;
+
+          allowConfigBasedIssuance_ = false;
+
+          return this;
+        }
+
+        @java.lang.Override
+        public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+          return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+              .internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_IssuanceModes_descriptor;
+        }
+
+        @java.lang.Override
+        public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes
+            getDefaultInstanceForType() {
+          return com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes
+              .getDefaultInstance();
+        }
+
+        @java.lang.Override
+        public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes build() {
+          com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes result =
+              buildPartial();
+          if (!result.isInitialized()) {
+            throw newUninitializedMessageException(result);
+          }
+          return result;
+        }
+
+        @java.lang.Override
+        public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes
+            buildPartial() {
+          com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes result =
+              new com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes(this);
+          result.allowCsrBasedIssuance_ = allowCsrBasedIssuance_;
+          result.allowConfigBasedIssuance_ = allowConfigBasedIssuance_;
+          onBuilt();
+          return result;
+        }
+
+        @java.lang.Override
+        public Builder clone() {
+          return super.clone();
+        }
+
+        @java.lang.Override
+        public Builder setField(
+            com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+          return super.setField(field, value);
+        }
+
+        @java.lang.Override
+        public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+          return super.clearField(field);
+        }
+
+        @java.lang.Override
+        public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+          return super.clearOneof(oneof);
+        }
+
+        @java.lang.Override
+        public Builder setRepeatedField(
+            com.google.protobuf.Descriptors.FieldDescriptor field,
+            int index,
+            java.lang.Object value) {
+          return super.setRepeatedField(field, index, value);
+        }
+
+        @java.lang.Override
+        public Builder addRepeatedField(
+            com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+          return super.addRepeatedField(field, value);
+        }
+
+        @java.lang.Override
+        public Builder mergeFrom(com.google.protobuf.Message other) {
+          if (other
+              instanceof
+              com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes) {
+            return mergeFrom(
+                (com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes) other);
+          } else {
+            super.mergeFrom(other);
+            return this;
+          }
+        }
+
+        public Builder mergeFrom(
+            com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes other) {
+          if (other
+              == com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes
+                  .getDefaultInstance()) return this;
+          if (other.getAllowCsrBasedIssuance() != false) {
+            setAllowCsrBasedIssuance(other.getAllowCsrBasedIssuance());
+          }
+          if (other.getAllowConfigBasedIssuance() != false) {
+            setAllowConfigBasedIssuance(other.getAllowConfigBasedIssuance());
+          }
+          this.mergeUnknownFields(other.unknownFields);
+          onChanged();
+          return this;
+        }
+
+        @java.lang.Override
+        public final boolean isInitialized() {
+          return true;
+        }
+
+        @java.lang.Override
+        public Builder mergeFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+          com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes parsedMessage =
+              null;
+          try {
+            parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+          } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+            parsedMessage =
+                (com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes)
+                    e.getUnfinishedMessage();
+            throw e.unwrapIOException();
+          } finally {
+            if (parsedMessage != null) {
+              mergeFrom(parsedMessage);
+            }
+          }
+          return this;
+        }
+
+        private boolean allowCsrBasedIssuance_;
+        /**
+         *
+         *
+         * <pre>
+         * Required. When true, allows callers to create [Certificates][google.cloud.security.privateca.v1.Certificate] by
+         * specifying a CSR.
+         * </pre>
+         *
+         * <code>bool allow_csr_based_issuance = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+         *
+         * @return The allowCsrBasedIssuance.
+         */
+        @java.lang.Override
+        public boolean getAllowCsrBasedIssuance() {
+          return allowCsrBasedIssuance_;
+        }
+        /**
+         *
+         *
+         * <pre>
+         * Required. When true, allows callers to create [Certificates][google.cloud.security.privateca.v1.Certificate] by
+         * specifying a CSR.
+         * </pre>
+         *
+         * <code>bool allow_csr_based_issuance = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+         *
+         * @param value The allowCsrBasedIssuance to set.
+         * @return This builder for chaining.
+         */
+        public Builder setAllowCsrBasedIssuance(boolean value) {
+
+          allowCsrBasedIssuance_ = value;
+          onChanged();
+          return this;
+        }
+        /**
+         *
+         *
+         * <pre>
+         * Required. When true, allows callers to create [Certificates][google.cloud.security.privateca.v1.Certificate] by
+         * specifying a CSR.
+         * </pre>
+         *
+         * <code>bool allow_csr_based_issuance = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+         *
+         * @return This builder for chaining.
+         */
+        public Builder clearAllowCsrBasedIssuance() {
+
+          allowCsrBasedIssuance_ = false;
+          onChanged();
+          return this;
+        }
+
+        private boolean allowConfigBasedIssuance_;
+        /**
+         *
+         *
+         * <pre>
+         * Required. When true, allows callers to create [Certificates][google.cloud.security.privateca.v1.Certificate] by
+         * specifying a [CertificateConfig][google.cloud.security.privateca.v1.CertificateConfig].
+         * </pre>
+         *
+         * <code>bool allow_config_based_issuance = 2 [(.google.api.field_behavior) = REQUIRED];
+         * </code>
+         *
+         * @return The allowConfigBasedIssuance.
+         */
+        @java.lang.Override
+        public boolean getAllowConfigBasedIssuance() {
+          return allowConfigBasedIssuance_;
+        }
+        /**
+         *
+         *
+         * <pre>
+         * Required. When true, allows callers to create [Certificates][google.cloud.security.privateca.v1.Certificate] by
+         * specifying a [CertificateConfig][google.cloud.security.privateca.v1.CertificateConfig].
+         * </pre>
+         *
+         * <code>bool allow_config_based_issuance = 2 [(.google.api.field_behavior) = REQUIRED];
+         * </code>
+         *
+         * @param value The allowConfigBasedIssuance to set.
+         * @return This builder for chaining.
+         */
+        public Builder setAllowConfigBasedIssuance(boolean value) {
+
+          allowConfigBasedIssuance_ = value;
+          onChanged();
+          return this;
+        }
+        /**
+         *
+         *
+         * <pre>
+         * Required. When true, allows callers to create [Certificates][google.cloud.security.privateca.v1.Certificate] by
+         * specifying a [CertificateConfig][google.cloud.security.privateca.v1.CertificateConfig].
+         * </pre>
+         *
+         * <code>bool allow_config_based_issuance = 2 [(.google.api.field_behavior) = REQUIRED];
+         * </code>
+         *
+         * @return This builder for chaining.
+         */
+        public Builder clearAllowConfigBasedIssuance() {
+
+          allowConfigBasedIssuance_ = false;
+          onChanged();
+          return this;
+        }
+
+        @java.lang.Override
+        public final Builder setUnknownFields(
+            final com.google.protobuf.UnknownFieldSet unknownFields) {
+          return super.setUnknownFields(unknownFields);
+        }
+
+        @java.lang.Override
+        public final Builder mergeUnknownFields(
+            final com.google.protobuf.UnknownFieldSet unknownFields) {
+          return super.mergeUnknownFields(unknownFields);
+        }
+
+        // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes)
+      }
+
+      // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes)
+      private static final com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy
+              .IssuanceModes
+          DEFAULT_INSTANCE;
+
+      static {
+        DEFAULT_INSTANCE =
+            new com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes();
+      }
+
+      public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes
+          getDefaultInstance() {
+        return DEFAULT_INSTANCE;
+      }
+
+      private static final com.google.protobuf.Parser<IssuanceModes> PARSER =
+          new com.google.protobuf.AbstractParser<IssuanceModes>() {
+            @java.lang.Override
+            public IssuanceModes parsePartialFrom(
+                com.google.protobuf.CodedInputStream input,
+                com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+                throws com.google.protobuf.InvalidProtocolBufferException {
+              return new IssuanceModes(input, extensionRegistry);
+            }
+          };
+
+      public static com.google.protobuf.Parser<IssuanceModes> parser() {
+        return PARSER;
+      }
+
+      @java.lang.Override
+      public com.google.protobuf.Parser<IssuanceModes> getParserForType() {
+        return PARSER;
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes
+          getDefaultInstanceForType() {
+        return DEFAULT_INSTANCE;
+      }
+    }
+
+    public static final int ALLOWED_KEY_TYPES_FIELD_NUMBER = 1;
+    private java.util.List<
+            com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType>
+        allowedKeyTypes_;
+    /**
+     *
+     *
+     * <pre>
+     * Optional. If any [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] is specified, then the certificate request's
+     * public key must match one of the key types listed here. Otherwise,
+     * any key may be used.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType allowed_key_types = 1 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    @java.lang.Override
+    public java.util.List<
+            com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType>
+        getAllowedKeyTypesList() {
+      return allowedKeyTypes_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. If any [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] is specified, then the certificate request's
+     * public key must match one of the key types listed here. Otherwise,
+     * any key may be used.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType allowed_key_types = 1 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    @java.lang.Override
+    public java.util.List<
+            ? extends
+                com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy
+                    .AllowedKeyTypeOrBuilder>
+        getAllowedKeyTypesOrBuilderList() {
+      return allowedKeyTypes_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. If any [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] is specified, then the certificate request's
+     * public key must match one of the key types listed here. Otherwise,
+     * any key may be used.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType allowed_key_types = 1 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    @java.lang.Override
+    public int getAllowedKeyTypesCount() {
+      return allowedKeyTypes_.size();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. If any [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] is specified, then the certificate request's
+     * public key must match one of the key types listed here. Otherwise,
+     * any key may be used.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType allowed_key_types = 1 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+        getAllowedKeyTypes(int index) {
+      return allowedKeyTypes_.get(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. If any [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] is specified, then the certificate request's
+     * public key must match one of the key types listed here. Otherwise,
+     * any key may be used.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType allowed_key_types = 1 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyTypeOrBuilder
+        getAllowedKeyTypesOrBuilder(int index) {
+      return allowedKeyTypes_.get(index);
+    }
+
+    public static final int MAXIMUM_LIFETIME_FIELD_NUMBER = 2;
+    private com.google.protobuf.Duration maximumLifetime_;
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The maximum lifetime allowed for issued [Certificates][google.cloud.security.privateca.v1.Certificate]. Note
+     * that if the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] expires before a
+     * [Certificate][google.cloud.security.privateca.v1.Certificate]'s requested maximum_lifetime, the effective lifetime will
+     * be explicitly truncated to match it.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Duration maximum_lifetime = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return Whether the maximumLifetime field is set.
+     */
+    @java.lang.Override
+    public boolean hasMaximumLifetime() {
+      return maximumLifetime_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The maximum lifetime allowed for issued [Certificates][google.cloud.security.privateca.v1.Certificate]. Note
+     * that if the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] expires before a
+     * [Certificate][google.cloud.security.privateca.v1.Certificate]'s requested maximum_lifetime, the effective lifetime will
+     * be explicitly truncated to match it.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Duration maximum_lifetime = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return The maximumLifetime.
+     */
+    @java.lang.Override
+    public com.google.protobuf.Duration getMaximumLifetime() {
+      return maximumLifetime_ == null
+          ? com.google.protobuf.Duration.getDefaultInstance()
+          : maximumLifetime_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The maximum lifetime allowed for issued [Certificates][google.cloud.security.privateca.v1.Certificate]. Note
+     * that if the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] expires before a
+     * [Certificate][google.cloud.security.privateca.v1.Certificate]'s requested maximum_lifetime, the effective lifetime will
+     * be explicitly truncated to match it.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Duration maximum_lifetime = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    @java.lang.Override
+    public com.google.protobuf.DurationOrBuilder getMaximumLifetimeOrBuilder() {
+      return getMaximumLifetime();
+    }
+
+    public static final int ALLOWED_ISSUANCE_MODES_FIELD_NUMBER = 3;
+    private com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes
+        allowedIssuanceModes_;
+    /**
+     *
+     *
+     * <pre>
+     * Optional. If specified, then only methods allowed in the [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes] may be
+     * used to issue [Certificates][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes allowed_issuance_modes = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return Whether the allowedIssuanceModes field is set.
+     */
+    @java.lang.Override
+    public boolean hasAllowedIssuanceModes() {
+      return allowedIssuanceModes_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. If specified, then only methods allowed in the [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes] may be
+     * used to issue [Certificates][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes allowed_issuance_modes = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return The allowedIssuanceModes.
+     */
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes
+        getAllowedIssuanceModes() {
+      return allowedIssuanceModes_ == null
+          ? com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes
+              .getDefaultInstance()
+          : allowedIssuanceModes_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. If specified, then only methods allowed in the [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes] may be
+     * used to issue [Certificates][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes allowed_issuance_modes = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModesOrBuilder
+        getAllowedIssuanceModesOrBuilder() {
+      return getAllowedIssuanceModes();
+    }
+
+    public static final int BASELINE_VALUES_FIELD_NUMBER = 4;
+    private com.google.cloud.security.privateca.v1.X509Parameters baselineValues_;
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of X.509 values that will be applied to all certificates issued
+     * through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request includes conflicting
+     * values for the same properties, they will be overwritten by the values
+     * defined here. If a certificate request uses a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * that defines conflicting
+     * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] for the same
+     * properties, the certificate issuance request will fail.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.X509Parameters baseline_values = 4 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return Whether the baselineValues field is set.
+     */
+    @java.lang.Override
+    public boolean hasBaselineValues() {
+      return baselineValues_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of X.509 values that will be applied to all certificates issued
+     * through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request includes conflicting
+     * values for the same properties, they will be overwritten by the values
+     * defined here. If a certificate request uses a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * that defines conflicting
+     * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] for the same
+     * properties, the certificate issuance request will fail.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.X509Parameters baseline_values = 4 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return The baselineValues.
+     */
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.X509Parameters getBaselineValues() {
+      return baselineValues_ == null
+          ? com.google.cloud.security.privateca.v1.X509Parameters.getDefaultInstance()
+          : baselineValues_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of X.509 values that will be applied to all certificates issued
+     * through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request includes conflicting
+     * values for the same properties, they will be overwritten by the values
+     * defined here. If a certificate request uses a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * that defines conflicting
+     * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] for the same
+     * properties, the certificate issuance request will fail.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.X509Parameters baseline_values = 4 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.X509ParametersOrBuilder
+        getBaselineValuesOrBuilder() {
+      return getBaselineValues();
+    }
+
+    public static final int IDENTITY_CONSTRAINTS_FIELD_NUMBER = 5;
+    private com.google.cloud.security.privateca.v1.CertificateIdentityConstraints
+        identityConstraints_;
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes constraints on identities that may appear in
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * If this is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
+     * certificate's identity.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateIdentityConstraints identity_constraints = 5 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return Whether the identityConstraints field is set.
+     */
+    @java.lang.Override
+    public boolean hasIdentityConstraints() {
+      return identityConstraints_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes constraints on identities that may appear in
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * If this is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
+     * certificate's identity.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateIdentityConstraints identity_constraints = 5 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return The identityConstraints.
+     */
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CertificateIdentityConstraints
+        getIdentityConstraints() {
+      return identityConstraints_ == null
+          ? com.google.cloud.security.privateca.v1.CertificateIdentityConstraints
+              .getDefaultInstance()
+          : identityConstraints_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes constraints on identities that may appear in
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * If this is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
+     * certificate's identity.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateIdentityConstraints identity_constraints = 5 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CertificateIdentityConstraintsOrBuilder
+        getIdentityConstraintsOrBuilder() {
+      return getIdentityConstraints();
+    }
+
+    public static final int PASSTHROUGH_EXTENSIONS_FIELD_NUMBER = 6;
+    private com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+        passthroughExtensions_;
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes the set of X.509 extensions that may appear in a
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request
+     * sets extensions that don't appear in the [passthrough_extensions][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.passthrough_extensions],
+     * those extensions will be dropped. If a certificate request uses a
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with
+     * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] that don't
+     * appear here, the certificate issuance request will fail. If this is
+     * omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
+     * certificate's X.509 extensions. These constraints do not apply to X.509
+     * extensions set in this [CaPool][google.cloud.security.privateca.v1.CaPool]'s [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateExtensionConstraints passthrough_extensions = 6 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return Whether the passthroughExtensions field is set.
+     */
+    @java.lang.Override
+    public boolean hasPassthroughExtensions() {
+      return passthroughExtensions_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes the set of X.509 extensions that may appear in a
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request
+     * sets extensions that don't appear in the [passthrough_extensions][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.passthrough_extensions],
+     * those extensions will be dropped. If a certificate request uses a
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with
+     * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] that don't
+     * appear here, the certificate issuance request will fail. If this is
+     * omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
+     * certificate's X.509 extensions. These constraints do not apply to X.509
+     * extensions set in this [CaPool][google.cloud.security.privateca.v1.CaPool]'s [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateExtensionConstraints passthrough_extensions = 6 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return The passthroughExtensions.
+     */
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+        getPassthroughExtensions() {
+      return passthroughExtensions_ == null
+          ? com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+              .getDefaultInstance()
+          : passthroughExtensions_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes the set of X.509 extensions that may appear in a
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request
+     * sets extensions that don't appear in the [passthrough_extensions][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.passthrough_extensions],
+     * those extensions will be dropped. If a certificate request uses a
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with
+     * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] that don't
+     * appear here, the certificate issuance request will fail. If this is
+     * omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
+     * certificate's X.509 extensions. These constraints do not apply to X.509
+     * extensions set in this [CaPool][google.cloud.security.privateca.v1.CaPool]'s [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateExtensionConstraints passthrough_extensions = 6 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CertificateExtensionConstraintsOrBuilder
+        getPassthroughExtensionsOrBuilder() {
+      return getPassthroughExtensions();
+    }
+
+    private byte memoizedIsInitialized = -1;
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      byte isInitialized = memoizedIsInitialized;
+      if (isInitialized == 1) return true;
+      if (isInitialized == 0) return false;
+
+      memoizedIsInitialized = 1;
+      return true;
+    }
+
+    @java.lang.Override
+    public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+      for (int i = 0; i < allowedKeyTypes_.size(); i++) {
+        output.writeMessage(1, allowedKeyTypes_.get(i));
+      }
+      if (maximumLifetime_ != null) {
+        output.writeMessage(2, getMaximumLifetime());
+      }
+      if (allowedIssuanceModes_ != null) {
+        output.writeMessage(3, getAllowedIssuanceModes());
+      }
+      if (baselineValues_ != null) {
+        output.writeMessage(4, getBaselineValues());
+      }
+      if (identityConstraints_ != null) {
+        output.writeMessage(5, getIdentityConstraints());
+      }
+      if (passthroughExtensions_ != null) {
+        output.writeMessage(6, getPassthroughExtensions());
+      }
+      unknownFields.writeTo(output);
+    }
+
+    @java.lang.Override
+    public int getSerializedSize() {
+      int size = memoizedSize;
+      if (size != -1) return size;
+
+      size = 0;
+      for (int i = 0; i < allowedKeyTypes_.size(); i++) {
+        size +=
+            com.google.protobuf.CodedOutputStream.computeMessageSize(1, allowedKeyTypes_.get(i));
+      }
+      if (maximumLifetime_ != null) {
+        size += com.google.protobuf.CodedOutputStream.computeMessageSize(2, getMaximumLifetime());
+      }
+      if (allowedIssuanceModes_ != null) {
+        size +=
+            com.google.protobuf.CodedOutputStream.computeMessageSize(3, getAllowedIssuanceModes());
+      }
+      if (baselineValues_ != null) {
+        size += com.google.protobuf.CodedOutputStream.computeMessageSize(4, getBaselineValues());
+      }
+      if (identityConstraints_ != null) {
+        size +=
+            com.google.protobuf.CodedOutputStream.computeMessageSize(5, getIdentityConstraints());
+      }
+      if (passthroughExtensions_ != null) {
+        size +=
+            com.google.protobuf.CodedOutputStream.computeMessageSize(6, getPassthroughExtensions());
+      }
+      size += unknownFields.getSerializedSize();
+      memoizedSize = size;
+      return size;
+    }
+
+    @java.lang.Override
+    public boolean equals(final java.lang.Object obj) {
+      if (obj == this) {
+        return true;
+      }
+      if (!(obj instanceof com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy)) {
+        return super.equals(obj);
+      }
+      com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy other =
+          (com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy) obj;
+
+      if (!getAllowedKeyTypesList().equals(other.getAllowedKeyTypesList())) return false;
+      if (hasMaximumLifetime() != other.hasMaximumLifetime()) return false;
+      if (hasMaximumLifetime()) {
+        if (!getMaximumLifetime().equals(other.getMaximumLifetime())) return false;
+      }
+      if (hasAllowedIssuanceModes() != other.hasAllowedIssuanceModes()) return false;
+      if (hasAllowedIssuanceModes()) {
+        if (!getAllowedIssuanceModes().equals(other.getAllowedIssuanceModes())) return false;
+      }
+      if (hasBaselineValues() != other.hasBaselineValues()) return false;
+      if (hasBaselineValues()) {
+        if (!getBaselineValues().equals(other.getBaselineValues())) return false;
+      }
+      if (hasIdentityConstraints() != other.hasIdentityConstraints()) return false;
+      if (hasIdentityConstraints()) {
+        if (!getIdentityConstraints().equals(other.getIdentityConstraints())) return false;
+      }
+      if (hasPassthroughExtensions() != other.hasPassthroughExtensions()) return false;
+      if (hasPassthroughExtensions()) {
+        if (!getPassthroughExtensions().equals(other.getPassthroughExtensions())) return false;
+      }
+      if (!unknownFields.equals(other.unknownFields)) return false;
+      return true;
+    }
+
+    @java.lang.Override
+    public int hashCode() {
+      if (memoizedHashCode != 0) {
+        return memoizedHashCode;
+      }
+      int hash = 41;
+      hash = (19 * hash) + getDescriptor().hashCode();
+      if (getAllowedKeyTypesCount() > 0) {
+        hash = (37 * hash) + ALLOWED_KEY_TYPES_FIELD_NUMBER;
+        hash = (53 * hash) + getAllowedKeyTypesList().hashCode();
+      }
+      if (hasMaximumLifetime()) {
+        hash = (37 * hash) + MAXIMUM_LIFETIME_FIELD_NUMBER;
+        hash = (53 * hash) + getMaximumLifetime().hashCode();
+      }
+      if (hasAllowedIssuanceModes()) {
+        hash = (37 * hash) + ALLOWED_ISSUANCE_MODES_FIELD_NUMBER;
+        hash = (53 * hash) + getAllowedIssuanceModes().hashCode();
+      }
+      if (hasBaselineValues()) {
+        hash = (37 * hash) + BASELINE_VALUES_FIELD_NUMBER;
+        hash = (53 * hash) + getBaselineValues().hashCode();
+      }
+      if (hasIdentityConstraints()) {
+        hash = (37 * hash) + IDENTITY_CONSTRAINTS_FIELD_NUMBER;
+        hash = (53 * hash) + getIdentityConstraints().hashCode();
+      }
+      if (hasPassthroughExtensions()) {
+        hash = (37 * hash) + PASSTHROUGH_EXTENSIONS_FIELD_NUMBER;
+        hash = (53 * hash) + getPassthroughExtensions().hashCode();
+      }
+      hash = (29 * hash) + unknownFields.hashCode();
+      memoizedHashCode = hash;
+      return hash;
+    }
+
+    public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy parseFrom(
+        java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy parseFrom(
+        java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy parseFrom(
+        com.google.protobuf.ByteString data)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy parseFrom(
+        com.google.protobuf.ByteString data,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy parseFrom(
+        byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy parseFrom(
+        byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy parseFrom(
+        java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy parseFrom(
+        java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy parseDelimitedFrom(
+        java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy parseDelimitedFrom(
+        java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy parseFrom(
+        com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy parseFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    @java.lang.Override
+    public Builder newBuilderForType() {
+      return newBuilder();
+    }
+
+    public static Builder newBuilder() {
+      return DEFAULT_INSTANCE.toBuilder();
+    }
+
+    public static Builder newBuilder(
+        com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy prototype) {
+      return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+    }
+
+    @java.lang.Override
+    public Builder toBuilder() {
+      return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+    }
+
+    @java.lang.Override
+    protected Builder newBuilderForType(
+        com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      Builder builder = new Builder(parent);
+      return builder;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Defines controls over all certificate issuance within a [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * Protobuf type {@code google.cloud.security.privateca.v1.CaPool.IssuancePolicy}
+     */
+    public static final class Builder
+        extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+        implements
+        // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.CaPool.IssuancePolicy)
+        com.google.cloud.security.privateca.v1.CaPool.IssuancePolicyOrBuilder {
+      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_descriptor;
+      }
+
+      @java.lang.Override
+      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+          internalGetFieldAccessorTable() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_fieldAccessorTable
+            .ensureFieldAccessorsInitialized(
+                com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.class,
+                com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.Builder.class);
+      }
+
+      // Construct using com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.newBuilder()
+      private Builder() {
+        maybeForceBuilderInitialization();
+      }
+
+      private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+        super(parent);
+        maybeForceBuilderInitialization();
+      }
+
+      private void maybeForceBuilderInitialization() {
+        if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {
+          getAllowedKeyTypesFieldBuilder();
+        }
+      }
+
+      @java.lang.Override
+      public Builder clear() {
+        super.clear();
+        if (allowedKeyTypesBuilder_ == null) {
+          allowedKeyTypes_ = java.util.Collections.emptyList();
+          bitField0_ = (bitField0_ & ~0x00000001);
+        } else {
+          allowedKeyTypesBuilder_.clear();
+        }
+        if (maximumLifetimeBuilder_ == null) {
+          maximumLifetime_ = null;
+        } else {
+          maximumLifetime_ = null;
+          maximumLifetimeBuilder_ = null;
+        }
+        if (allowedIssuanceModesBuilder_ == null) {
+          allowedIssuanceModes_ = null;
+        } else {
+          allowedIssuanceModes_ = null;
+          allowedIssuanceModesBuilder_ = null;
+        }
+        if (baselineValuesBuilder_ == null) {
+          baselineValues_ = null;
+        } else {
+          baselineValues_ = null;
+          baselineValuesBuilder_ = null;
+        }
+        if (identityConstraintsBuilder_ == null) {
+          identityConstraints_ = null;
+        } else {
+          identityConstraints_ = null;
+          identityConstraintsBuilder_ = null;
+        }
+        if (passthroughExtensionsBuilder_ == null) {
+          passthroughExtensions_ = null;
+        } else {
+          passthroughExtensions_ = null;
+          passthroughExtensionsBuilder_ = null;
+        }
+        return this;
+      }
+
+      @java.lang.Override
+      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_descriptor;
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy
+          getDefaultInstanceForType() {
+        return com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.getDefaultInstance();
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy build() {
+        com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy result = buildPartial();
+        if (!result.isInitialized()) {
+          throw newUninitializedMessageException(result);
+        }
+        return result;
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy buildPartial() {
+        com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy result =
+            new com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy(this);
+        int from_bitField0_ = bitField0_;
+        if (allowedKeyTypesBuilder_ == null) {
+          if (((bitField0_ & 0x00000001) != 0)) {
+            allowedKeyTypes_ = java.util.Collections.unmodifiableList(allowedKeyTypes_);
+            bitField0_ = (bitField0_ & ~0x00000001);
+          }
+          result.allowedKeyTypes_ = allowedKeyTypes_;
+        } else {
+          result.allowedKeyTypes_ = allowedKeyTypesBuilder_.build();
+        }
+        if (maximumLifetimeBuilder_ == null) {
+          result.maximumLifetime_ = maximumLifetime_;
+        } else {
+          result.maximumLifetime_ = maximumLifetimeBuilder_.build();
+        }
+        if (allowedIssuanceModesBuilder_ == null) {
+          result.allowedIssuanceModes_ = allowedIssuanceModes_;
+        } else {
+          result.allowedIssuanceModes_ = allowedIssuanceModesBuilder_.build();
+        }
+        if (baselineValuesBuilder_ == null) {
+          result.baselineValues_ = baselineValues_;
+        } else {
+          result.baselineValues_ = baselineValuesBuilder_.build();
+        }
+        if (identityConstraintsBuilder_ == null) {
+          result.identityConstraints_ = identityConstraints_;
+        } else {
+          result.identityConstraints_ = identityConstraintsBuilder_.build();
+        }
+        if (passthroughExtensionsBuilder_ == null) {
+          result.passthroughExtensions_ = passthroughExtensions_;
+        } else {
+          result.passthroughExtensions_ = passthroughExtensionsBuilder_.build();
+        }
+        onBuilt();
+        return result;
+      }
+
+      @java.lang.Override
+      public Builder clone() {
+        return super.clone();
+      }
+
+      @java.lang.Override
+      public Builder setField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.setField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+        return super.clearField(field);
+      }
+
+      @java.lang.Override
+      public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+        return super.clearOneof(oneof);
+      }
+
+      @java.lang.Override
+      public Builder setRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field,
+          int index,
+          java.lang.Object value) {
+        return super.setRepeatedField(field, index, value);
+      }
+
+      @java.lang.Override
+      public Builder addRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.addRepeatedField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(com.google.protobuf.Message other) {
+        if (other instanceof com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy) {
+          return mergeFrom((com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy) other);
+        } else {
+          super.mergeFrom(other);
+          return this;
+        }
+      }
+
+      public Builder mergeFrom(com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy other) {
+        if (other
+            == com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.getDefaultInstance())
+          return this;
+        if (allowedKeyTypesBuilder_ == null) {
+          if (!other.allowedKeyTypes_.isEmpty()) {
+            if (allowedKeyTypes_.isEmpty()) {
+              allowedKeyTypes_ = other.allowedKeyTypes_;
+              bitField0_ = (bitField0_ & ~0x00000001);
+            } else {
+              ensureAllowedKeyTypesIsMutable();
+              allowedKeyTypes_.addAll(other.allowedKeyTypes_);
+            }
+            onChanged();
+          }
+        } else {
+          if (!other.allowedKeyTypes_.isEmpty()) {
+            if (allowedKeyTypesBuilder_.isEmpty()) {
+              allowedKeyTypesBuilder_.dispose();
+              allowedKeyTypesBuilder_ = null;
+              allowedKeyTypes_ = other.allowedKeyTypes_;
+              bitField0_ = (bitField0_ & ~0x00000001);
+              allowedKeyTypesBuilder_ =
+                  com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders
+                      ? getAllowedKeyTypesFieldBuilder()
+                      : null;
+            } else {
+              allowedKeyTypesBuilder_.addAllMessages(other.allowedKeyTypes_);
+            }
+          }
+        }
+        if (other.hasMaximumLifetime()) {
+          mergeMaximumLifetime(other.getMaximumLifetime());
+        }
+        if (other.hasAllowedIssuanceModes()) {
+          mergeAllowedIssuanceModes(other.getAllowedIssuanceModes());
+        }
+        if (other.hasBaselineValues()) {
+          mergeBaselineValues(other.getBaselineValues());
+        }
+        if (other.hasIdentityConstraints()) {
+          mergeIdentityConstraints(other.getIdentityConstraints());
+        }
+        if (other.hasPassthroughExtensions()) {
+          mergePassthroughExtensions(other.getPassthroughExtensions());
+        }
+        this.mergeUnknownFields(other.unknownFields);
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final boolean isInitialized() {
+        return true;
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+        com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy parsedMessage = null;
+        try {
+          parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+        } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+          parsedMessage =
+              (com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy)
+                  e.getUnfinishedMessage();
+          throw e.unwrapIOException();
+        } finally {
+          if (parsedMessage != null) {
+            mergeFrom(parsedMessage);
+          }
+        }
+        return this;
+      }
+
+      private int bitField0_;
+
+      private java.util.List<
+              com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType>
+          allowedKeyTypes_ = java.util.Collections.emptyList();
+
+      private void ensureAllowedKeyTypesIsMutable() {
+        if (!((bitField0_ & 0x00000001) != 0)) {
+          allowedKeyTypes_ =
+              new java.util.ArrayList<
+                  com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType>(
+                  allowedKeyTypes_);
+          bitField0_ |= 0x00000001;
+        }
+      }
+
+      private com.google.protobuf.RepeatedFieldBuilderV3<
+              com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType,
+              com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.Builder,
+              com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyTypeOrBuilder>
+          allowedKeyTypesBuilder_;
+
+      /**
+       *
+       *
+       * <pre>
+       * Optional. If any [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] is specified, then the certificate request's
+       * public key must match one of the key types listed here. Otherwise,
+       * any key may be used.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType allowed_key_types = 1 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public java.util.List<
+              com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType>
+          getAllowedKeyTypesList() {
+        if (allowedKeyTypesBuilder_ == null) {
+          return java.util.Collections.unmodifiableList(allowedKeyTypes_);
+        } else {
+          return allowedKeyTypesBuilder_.getMessageList();
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. If any [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] is specified, then the certificate request's
+       * public key must match one of the key types listed here. Otherwise,
+       * any key may be used.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType allowed_key_types = 1 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public int getAllowedKeyTypesCount() {
+        if (allowedKeyTypesBuilder_ == null) {
+          return allowedKeyTypes_.size();
+        } else {
+          return allowedKeyTypesBuilder_.getCount();
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. If any [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] is specified, then the certificate request's
+       * public key must match one of the key types listed here. Otherwise,
+       * any key may be used.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType allowed_key_types = 1 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+          getAllowedKeyTypes(int index) {
+        if (allowedKeyTypesBuilder_ == null) {
+          return allowedKeyTypes_.get(index);
+        } else {
+          return allowedKeyTypesBuilder_.getMessage(index);
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. If any [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] is specified, then the certificate request's
+       * public key must match one of the key types listed here. Otherwise,
+       * any key may be used.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType allowed_key_types = 1 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder setAllowedKeyTypes(
+          int index,
+          com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType value) {
+        if (allowedKeyTypesBuilder_ == null) {
+          if (value == null) {
+            throw new NullPointerException();
+          }
+          ensureAllowedKeyTypesIsMutable();
+          allowedKeyTypes_.set(index, value);
+          onChanged();
+        } else {
+          allowedKeyTypesBuilder_.setMessage(index, value);
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. If any [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] is specified, then the certificate request's
+       * public key must match one of the key types listed here. Otherwise,
+       * any key may be used.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType allowed_key_types = 1 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder setAllowedKeyTypes(
+          int index,
+          com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.Builder
+              builderForValue) {
+        if (allowedKeyTypesBuilder_ == null) {
+          ensureAllowedKeyTypesIsMutable();
+          allowedKeyTypes_.set(index, builderForValue.build());
+          onChanged();
+        } else {
+          allowedKeyTypesBuilder_.setMessage(index, builderForValue.build());
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. If any [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] is specified, then the certificate request's
+       * public key must match one of the key types listed here. Otherwise,
+       * any key may be used.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType allowed_key_types = 1 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder addAllowedKeyTypes(
+          com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType value) {
+        if (allowedKeyTypesBuilder_ == null) {
+          if (value == null) {
+            throw new NullPointerException();
+          }
+          ensureAllowedKeyTypesIsMutable();
+          allowedKeyTypes_.add(value);
+          onChanged();
+        } else {
+          allowedKeyTypesBuilder_.addMessage(value);
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. If any [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] is specified, then the certificate request's
+       * public key must match one of the key types listed here. Otherwise,
+       * any key may be used.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType allowed_key_types = 1 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder addAllowedKeyTypes(
+          int index,
+          com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType value) {
+        if (allowedKeyTypesBuilder_ == null) {
+          if (value == null) {
+            throw new NullPointerException();
+          }
+          ensureAllowedKeyTypesIsMutable();
+          allowedKeyTypes_.add(index, value);
+          onChanged();
+        } else {
+          allowedKeyTypesBuilder_.addMessage(index, value);
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. If any [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] is specified, then the certificate request's
+       * public key must match one of the key types listed here. Otherwise,
+       * any key may be used.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType allowed_key_types = 1 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder addAllowedKeyTypes(
+          com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.Builder
+              builderForValue) {
+        if (allowedKeyTypesBuilder_ == null) {
+          ensureAllowedKeyTypesIsMutable();
+          allowedKeyTypes_.add(builderForValue.build());
+          onChanged();
+        } else {
+          allowedKeyTypesBuilder_.addMessage(builderForValue.build());
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. If any [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] is specified, then the certificate request's
+       * public key must match one of the key types listed here. Otherwise,
+       * any key may be used.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType allowed_key_types = 1 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder addAllowedKeyTypes(
+          int index,
+          com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.Builder
+              builderForValue) {
+        if (allowedKeyTypesBuilder_ == null) {
+          ensureAllowedKeyTypesIsMutable();
+          allowedKeyTypes_.add(index, builderForValue.build());
+          onChanged();
+        } else {
+          allowedKeyTypesBuilder_.addMessage(index, builderForValue.build());
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. If any [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] is specified, then the certificate request's
+       * public key must match one of the key types listed here. Otherwise,
+       * any key may be used.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType allowed_key_types = 1 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder addAllAllowedKeyTypes(
+          java.lang.Iterable<
+                  ? extends
+                      com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType>
+              values) {
+        if (allowedKeyTypesBuilder_ == null) {
+          ensureAllowedKeyTypesIsMutable();
+          com.google.protobuf.AbstractMessageLite.Builder.addAll(values, allowedKeyTypes_);
+          onChanged();
+        } else {
+          allowedKeyTypesBuilder_.addAllMessages(values);
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. If any [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] is specified, then the certificate request's
+       * public key must match one of the key types listed here. Otherwise,
+       * any key may be used.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType allowed_key_types = 1 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder clearAllowedKeyTypes() {
+        if (allowedKeyTypesBuilder_ == null) {
+          allowedKeyTypes_ = java.util.Collections.emptyList();
+          bitField0_ = (bitField0_ & ~0x00000001);
+          onChanged();
+        } else {
+          allowedKeyTypesBuilder_.clear();
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. If any [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] is specified, then the certificate request's
+       * public key must match one of the key types listed here. Otherwise,
+       * any key may be used.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType allowed_key_types = 1 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder removeAllowedKeyTypes(int index) {
+        if (allowedKeyTypesBuilder_ == null) {
+          ensureAllowedKeyTypesIsMutable();
+          allowedKeyTypes_.remove(index);
+          onChanged();
+        } else {
+          allowedKeyTypesBuilder_.remove(index);
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. If any [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] is specified, then the certificate request's
+       * public key must match one of the key types listed here. Otherwise,
+       * any key may be used.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType allowed_key_types = 1 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.Builder
+          getAllowedKeyTypesBuilder(int index) {
+        return getAllowedKeyTypesFieldBuilder().getBuilder(index);
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. If any [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] is specified, then the certificate request's
+       * public key must match one of the key types listed here. Otherwise,
+       * any key may be used.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType allowed_key_types = 1 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyTypeOrBuilder
+          getAllowedKeyTypesOrBuilder(int index) {
+        if (allowedKeyTypesBuilder_ == null) {
+          return allowedKeyTypes_.get(index);
+        } else {
+          return allowedKeyTypesBuilder_.getMessageOrBuilder(index);
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. If any [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] is specified, then the certificate request's
+       * public key must match one of the key types listed here. Otherwise,
+       * any key may be used.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType allowed_key_types = 1 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public java.util.List<
+              ? extends
+                  com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy
+                      .AllowedKeyTypeOrBuilder>
+          getAllowedKeyTypesOrBuilderList() {
+        if (allowedKeyTypesBuilder_ != null) {
+          return allowedKeyTypesBuilder_.getMessageOrBuilderList();
+        } else {
+          return java.util.Collections.unmodifiableList(allowedKeyTypes_);
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. If any [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] is specified, then the certificate request's
+       * public key must match one of the key types listed here. Otherwise,
+       * any key may be used.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType allowed_key_types = 1 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.Builder
+          addAllowedKeyTypesBuilder() {
+        return getAllowedKeyTypesFieldBuilder()
+            .addBuilder(
+                com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                    .getDefaultInstance());
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. If any [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] is specified, then the certificate request's
+       * public key must match one of the key types listed here. Otherwise,
+       * any key may be used.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType allowed_key_types = 1 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.Builder
+          addAllowedKeyTypesBuilder(int index) {
+        return getAllowedKeyTypesFieldBuilder()
+            .addBuilder(
+                index,
+                com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                    .getDefaultInstance());
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. If any [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] is specified, then the certificate request's
+       * public key must match one of the key types listed here. Otherwise,
+       * any key may be used.
+       * </pre>
+       *
+       * <code>
+       * repeated .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType allowed_key_types = 1 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public java.util.List<
+              com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.Builder>
+          getAllowedKeyTypesBuilderList() {
+        return getAllowedKeyTypesFieldBuilder().getBuilderList();
+      }
+
+      private com.google.protobuf.RepeatedFieldBuilderV3<
+              com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType,
+              com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType.Builder,
+              com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyTypeOrBuilder>
+          getAllowedKeyTypesFieldBuilder() {
+        if (allowedKeyTypesBuilder_ == null) {
+          allowedKeyTypesBuilder_ =
+              new com.google.protobuf.RepeatedFieldBuilderV3<
+                  com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType,
+                  com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType
+                      .Builder,
+                  com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy
+                      .AllowedKeyTypeOrBuilder>(
+                  allowedKeyTypes_,
+                  ((bitField0_ & 0x00000001) != 0),
+                  getParentForChildren(),
+                  isClean());
+          allowedKeyTypes_ = null;
+        }
+        return allowedKeyTypesBuilder_;
+      }
+
+      private com.google.protobuf.Duration maximumLifetime_;
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.protobuf.Duration,
+              com.google.protobuf.Duration.Builder,
+              com.google.protobuf.DurationOrBuilder>
+          maximumLifetimeBuilder_;
+      /**
+       *
+       *
+       * <pre>
+       * Optional. The maximum lifetime allowed for issued [Certificates][google.cloud.security.privateca.v1.Certificate]. Note
+       * that if the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] expires before a
+       * [Certificate][google.cloud.security.privateca.v1.Certificate]'s requested maximum_lifetime, the effective lifetime will
+       * be explicitly truncated to match it.
+       * </pre>
+       *
+       * <code>
+       * .google.protobuf.Duration maximum_lifetime = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       *
+       * @return Whether the maximumLifetime field is set.
+       */
+      public boolean hasMaximumLifetime() {
+        return maximumLifetimeBuilder_ != null || maximumLifetime_ != null;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. The maximum lifetime allowed for issued [Certificates][google.cloud.security.privateca.v1.Certificate]. Note
+       * that if the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] expires before a
+       * [Certificate][google.cloud.security.privateca.v1.Certificate]'s requested maximum_lifetime, the effective lifetime will
+       * be explicitly truncated to match it.
+       * </pre>
+       *
+       * <code>
+       * .google.protobuf.Duration maximum_lifetime = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       *
+       * @return The maximumLifetime.
+       */
+      public com.google.protobuf.Duration getMaximumLifetime() {
+        if (maximumLifetimeBuilder_ == null) {
+          return maximumLifetime_ == null
+              ? com.google.protobuf.Duration.getDefaultInstance()
+              : maximumLifetime_;
+        } else {
+          return maximumLifetimeBuilder_.getMessage();
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. The maximum lifetime allowed for issued [Certificates][google.cloud.security.privateca.v1.Certificate]. Note
+       * that if the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] expires before a
+       * [Certificate][google.cloud.security.privateca.v1.Certificate]'s requested maximum_lifetime, the effective lifetime will
+       * be explicitly truncated to match it.
+       * </pre>
+       *
+       * <code>
+       * .google.protobuf.Duration maximum_lifetime = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder setMaximumLifetime(com.google.protobuf.Duration value) {
+        if (maximumLifetimeBuilder_ == null) {
+          if (value == null) {
+            throw new NullPointerException();
+          }
+          maximumLifetime_ = value;
+          onChanged();
+        } else {
+          maximumLifetimeBuilder_.setMessage(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. The maximum lifetime allowed for issued [Certificates][google.cloud.security.privateca.v1.Certificate]. Note
+       * that if the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] expires before a
+       * [Certificate][google.cloud.security.privateca.v1.Certificate]'s requested maximum_lifetime, the effective lifetime will
+       * be explicitly truncated to match it.
+       * </pre>
+       *
+       * <code>
+       * .google.protobuf.Duration maximum_lifetime = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder setMaximumLifetime(com.google.protobuf.Duration.Builder builderForValue) {
+        if (maximumLifetimeBuilder_ == null) {
+          maximumLifetime_ = builderForValue.build();
+          onChanged();
+        } else {
+          maximumLifetimeBuilder_.setMessage(builderForValue.build());
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. The maximum lifetime allowed for issued [Certificates][google.cloud.security.privateca.v1.Certificate]. Note
+       * that if the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] expires before a
+       * [Certificate][google.cloud.security.privateca.v1.Certificate]'s requested maximum_lifetime, the effective lifetime will
+       * be explicitly truncated to match it.
+       * </pre>
+       *
+       * <code>
+       * .google.protobuf.Duration maximum_lifetime = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder mergeMaximumLifetime(com.google.protobuf.Duration value) {
+        if (maximumLifetimeBuilder_ == null) {
+          if (maximumLifetime_ != null) {
+            maximumLifetime_ =
+                com.google.protobuf.Duration.newBuilder(maximumLifetime_)
+                    .mergeFrom(value)
+                    .buildPartial();
+          } else {
+            maximumLifetime_ = value;
+          }
+          onChanged();
+        } else {
+          maximumLifetimeBuilder_.mergeFrom(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. The maximum lifetime allowed for issued [Certificates][google.cloud.security.privateca.v1.Certificate]. Note
+       * that if the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] expires before a
+       * [Certificate][google.cloud.security.privateca.v1.Certificate]'s requested maximum_lifetime, the effective lifetime will
+       * be explicitly truncated to match it.
+       * </pre>
+       *
+       * <code>
+       * .google.protobuf.Duration maximum_lifetime = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder clearMaximumLifetime() {
+        if (maximumLifetimeBuilder_ == null) {
+          maximumLifetime_ = null;
+          onChanged();
+        } else {
+          maximumLifetime_ = null;
+          maximumLifetimeBuilder_ = null;
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. The maximum lifetime allowed for issued [Certificates][google.cloud.security.privateca.v1.Certificate]. Note
+       * that if the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] expires before a
+       * [Certificate][google.cloud.security.privateca.v1.Certificate]'s requested maximum_lifetime, the effective lifetime will
+       * be explicitly truncated to match it.
+       * </pre>
+       *
+       * <code>
+       * .google.protobuf.Duration maximum_lifetime = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public com.google.protobuf.Duration.Builder getMaximumLifetimeBuilder() {
+
+        onChanged();
+        return getMaximumLifetimeFieldBuilder().getBuilder();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. The maximum lifetime allowed for issued [Certificates][google.cloud.security.privateca.v1.Certificate]. Note
+       * that if the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] expires before a
+       * [Certificate][google.cloud.security.privateca.v1.Certificate]'s requested maximum_lifetime, the effective lifetime will
+       * be explicitly truncated to match it.
+       * </pre>
+       *
+       * <code>
+       * .google.protobuf.Duration maximum_lifetime = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public com.google.protobuf.DurationOrBuilder getMaximumLifetimeOrBuilder() {
+        if (maximumLifetimeBuilder_ != null) {
+          return maximumLifetimeBuilder_.getMessageOrBuilder();
+        } else {
+          return maximumLifetime_ == null
+              ? com.google.protobuf.Duration.getDefaultInstance()
+              : maximumLifetime_;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. The maximum lifetime allowed for issued [Certificates][google.cloud.security.privateca.v1.Certificate]. Note
+       * that if the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] expires before a
+       * [Certificate][google.cloud.security.privateca.v1.Certificate]'s requested maximum_lifetime, the effective lifetime will
+       * be explicitly truncated to match it.
+       * </pre>
+       *
+       * <code>
+       * .google.protobuf.Duration maximum_lifetime = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.protobuf.Duration,
+              com.google.protobuf.Duration.Builder,
+              com.google.protobuf.DurationOrBuilder>
+          getMaximumLifetimeFieldBuilder() {
+        if (maximumLifetimeBuilder_ == null) {
+          maximumLifetimeBuilder_ =
+              new com.google.protobuf.SingleFieldBuilderV3<
+                  com.google.protobuf.Duration,
+                  com.google.protobuf.Duration.Builder,
+                  com.google.protobuf.DurationOrBuilder>(
+                  getMaximumLifetime(), getParentForChildren(), isClean());
+          maximumLifetime_ = null;
+        }
+        return maximumLifetimeBuilder_;
+      }
+
+      private com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes
+          allowedIssuanceModes_;
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes,
+              com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes.Builder,
+              com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModesOrBuilder>
+          allowedIssuanceModesBuilder_;
+      /**
+       *
+       *
+       * <pre>
+       * Optional. If specified, then only methods allowed in the [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes] may be
+       * used to issue [Certificates][google.cloud.security.privateca.v1.Certificate].
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes allowed_issuance_modes = 3 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       *
+       * @return Whether the allowedIssuanceModes field is set.
+       */
+      public boolean hasAllowedIssuanceModes() {
+        return allowedIssuanceModesBuilder_ != null || allowedIssuanceModes_ != null;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. If specified, then only methods allowed in the [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes] may be
+       * used to issue [Certificates][google.cloud.security.privateca.v1.Certificate].
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes allowed_issuance_modes = 3 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       *
+       * @return The allowedIssuanceModes.
+       */
+      public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes
+          getAllowedIssuanceModes() {
+        if (allowedIssuanceModesBuilder_ == null) {
+          return allowedIssuanceModes_ == null
+              ? com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes
+                  .getDefaultInstance()
+              : allowedIssuanceModes_;
+        } else {
+          return allowedIssuanceModesBuilder_.getMessage();
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. If specified, then only methods allowed in the [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes] may be
+       * used to issue [Certificates][google.cloud.security.privateca.v1.Certificate].
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes allowed_issuance_modes = 3 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder setAllowedIssuanceModes(
+          com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes value) {
+        if (allowedIssuanceModesBuilder_ == null) {
+          if (value == null) {
+            throw new NullPointerException();
+          }
+          allowedIssuanceModes_ = value;
+          onChanged();
+        } else {
+          allowedIssuanceModesBuilder_.setMessage(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. If specified, then only methods allowed in the [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes] may be
+       * used to issue [Certificates][google.cloud.security.privateca.v1.Certificate].
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes allowed_issuance_modes = 3 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder setAllowedIssuanceModes(
+          com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes.Builder
+              builderForValue) {
+        if (allowedIssuanceModesBuilder_ == null) {
+          allowedIssuanceModes_ = builderForValue.build();
+          onChanged();
+        } else {
+          allowedIssuanceModesBuilder_.setMessage(builderForValue.build());
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. If specified, then only methods allowed in the [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes] may be
+       * used to issue [Certificates][google.cloud.security.privateca.v1.Certificate].
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes allowed_issuance_modes = 3 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder mergeAllowedIssuanceModes(
+          com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes value) {
+        if (allowedIssuanceModesBuilder_ == null) {
+          if (allowedIssuanceModes_ != null) {
+            allowedIssuanceModes_ =
+                com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes
+                    .newBuilder(allowedIssuanceModes_)
+                    .mergeFrom(value)
+                    .buildPartial();
+          } else {
+            allowedIssuanceModes_ = value;
+          }
+          onChanged();
+        } else {
+          allowedIssuanceModesBuilder_.mergeFrom(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. If specified, then only methods allowed in the [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes] may be
+       * used to issue [Certificates][google.cloud.security.privateca.v1.Certificate].
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes allowed_issuance_modes = 3 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder clearAllowedIssuanceModes() {
+        if (allowedIssuanceModesBuilder_ == null) {
+          allowedIssuanceModes_ = null;
+          onChanged();
+        } else {
+          allowedIssuanceModes_ = null;
+          allowedIssuanceModesBuilder_ = null;
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. If specified, then only methods allowed in the [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes] may be
+       * used to issue [Certificates][google.cloud.security.privateca.v1.Certificate].
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes allowed_issuance_modes = 3 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes.Builder
+          getAllowedIssuanceModesBuilder() {
+
+        onChanged();
+        return getAllowedIssuanceModesFieldBuilder().getBuilder();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. If specified, then only methods allowed in the [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes] may be
+       * used to issue [Certificates][google.cloud.security.privateca.v1.Certificate].
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes allowed_issuance_modes = 3 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModesOrBuilder
+          getAllowedIssuanceModesOrBuilder() {
+        if (allowedIssuanceModesBuilder_ != null) {
+          return allowedIssuanceModesBuilder_.getMessageOrBuilder();
+        } else {
+          return allowedIssuanceModes_ == null
+              ? com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes
+                  .getDefaultInstance()
+              : allowedIssuanceModes_;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. If specified, then only methods allowed in the [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes] may be
+       * used to issue [Certificates][google.cloud.security.privateca.v1.Certificate].
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes allowed_issuance_modes = 3 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes,
+              com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes.Builder,
+              com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModesOrBuilder>
+          getAllowedIssuanceModesFieldBuilder() {
+        if (allowedIssuanceModesBuilder_ == null) {
+          allowedIssuanceModesBuilder_ =
+              new com.google.protobuf.SingleFieldBuilderV3<
+                  com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes,
+                  com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes
+                      .Builder,
+                  com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy
+                      .IssuanceModesOrBuilder>(
+                  getAllowedIssuanceModes(), getParentForChildren(), isClean());
+          allowedIssuanceModes_ = null;
+        }
+        return allowedIssuanceModesBuilder_;
+      }
+
+      private com.google.cloud.security.privateca.v1.X509Parameters baselineValues_;
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.cloud.security.privateca.v1.X509Parameters,
+              com.google.cloud.security.privateca.v1.X509Parameters.Builder,
+              com.google.cloud.security.privateca.v1.X509ParametersOrBuilder>
+          baselineValuesBuilder_;
+      /**
+       *
+       *
+       * <pre>
+       * Optional. A set of X.509 values that will be applied to all certificates issued
+       * through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request includes conflicting
+       * values for the same properties, they will be overwritten by the values
+       * defined here. If a certificate request uses a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+       * that defines conflicting
+       * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] for the same
+       * properties, the certificate issuance request will fail.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.X509Parameters baseline_values = 4 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       *
+       * @return Whether the baselineValues field is set.
+       */
+      public boolean hasBaselineValues() {
+        return baselineValuesBuilder_ != null || baselineValues_ != null;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. A set of X.509 values that will be applied to all certificates issued
+       * through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request includes conflicting
+       * values for the same properties, they will be overwritten by the values
+       * defined here. If a certificate request uses a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+       * that defines conflicting
+       * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] for the same
+       * properties, the certificate issuance request will fail.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.X509Parameters baseline_values = 4 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       *
+       * @return The baselineValues.
+       */
+      public com.google.cloud.security.privateca.v1.X509Parameters getBaselineValues() {
+        if (baselineValuesBuilder_ == null) {
+          return baselineValues_ == null
+              ? com.google.cloud.security.privateca.v1.X509Parameters.getDefaultInstance()
+              : baselineValues_;
+        } else {
+          return baselineValuesBuilder_.getMessage();
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. A set of X.509 values that will be applied to all certificates issued
+       * through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request includes conflicting
+       * values for the same properties, they will be overwritten by the values
+       * defined here. If a certificate request uses a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+       * that defines conflicting
+       * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] for the same
+       * properties, the certificate issuance request will fail.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.X509Parameters baseline_values = 4 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder setBaselineValues(
+          com.google.cloud.security.privateca.v1.X509Parameters value) {
+        if (baselineValuesBuilder_ == null) {
+          if (value == null) {
+            throw new NullPointerException();
+          }
+          baselineValues_ = value;
+          onChanged();
+        } else {
+          baselineValuesBuilder_.setMessage(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. A set of X.509 values that will be applied to all certificates issued
+       * through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request includes conflicting
+       * values for the same properties, they will be overwritten by the values
+       * defined here. If a certificate request uses a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+       * that defines conflicting
+       * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] for the same
+       * properties, the certificate issuance request will fail.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.X509Parameters baseline_values = 4 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder setBaselineValues(
+          com.google.cloud.security.privateca.v1.X509Parameters.Builder builderForValue) {
+        if (baselineValuesBuilder_ == null) {
+          baselineValues_ = builderForValue.build();
+          onChanged();
+        } else {
+          baselineValuesBuilder_.setMessage(builderForValue.build());
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. A set of X.509 values that will be applied to all certificates issued
+       * through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request includes conflicting
+       * values for the same properties, they will be overwritten by the values
+       * defined here. If a certificate request uses a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+       * that defines conflicting
+       * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] for the same
+       * properties, the certificate issuance request will fail.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.X509Parameters baseline_values = 4 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder mergeBaselineValues(
+          com.google.cloud.security.privateca.v1.X509Parameters value) {
+        if (baselineValuesBuilder_ == null) {
+          if (baselineValues_ != null) {
+            baselineValues_ =
+                com.google.cloud.security.privateca.v1.X509Parameters.newBuilder(baselineValues_)
+                    .mergeFrom(value)
+                    .buildPartial();
+          } else {
+            baselineValues_ = value;
+          }
+          onChanged();
+        } else {
+          baselineValuesBuilder_.mergeFrom(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. A set of X.509 values that will be applied to all certificates issued
+       * through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request includes conflicting
+       * values for the same properties, they will be overwritten by the values
+       * defined here. If a certificate request uses a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+       * that defines conflicting
+       * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] for the same
+       * properties, the certificate issuance request will fail.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.X509Parameters baseline_values = 4 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder clearBaselineValues() {
+        if (baselineValuesBuilder_ == null) {
+          baselineValues_ = null;
+          onChanged();
+        } else {
+          baselineValues_ = null;
+          baselineValuesBuilder_ = null;
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. A set of X.509 values that will be applied to all certificates issued
+       * through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request includes conflicting
+       * values for the same properties, they will be overwritten by the values
+       * defined here. If a certificate request uses a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+       * that defines conflicting
+       * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] for the same
+       * properties, the certificate issuance request will fail.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.X509Parameters baseline_values = 4 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public com.google.cloud.security.privateca.v1.X509Parameters.Builder
+          getBaselineValuesBuilder() {
+
+        onChanged();
+        return getBaselineValuesFieldBuilder().getBuilder();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. A set of X.509 values that will be applied to all certificates issued
+       * through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request includes conflicting
+       * values for the same properties, they will be overwritten by the values
+       * defined here. If a certificate request uses a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+       * that defines conflicting
+       * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] for the same
+       * properties, the certificate issuance request will fail.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.X509Parameters baseline_values = 4 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public com.google.cloud.security.privateca.v1.X509ParametersOrBuilder
+          getBaselineValuesOrBuilder() {
+        if (baselineValuesBuilder_ != null) {
+          return baselineValuesBuilder_.getMessageOrBuilder();
+        } else {
+          return baselineValues_ == null
+              ? com.google.cloud.security.privateca.v1.X509Parameters.getDefaultInstance()
+              : baselineValues_;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. A set of X.509 values that will be applied to all certificates issued
+       * through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request includes conflicting
+       * values for the same properties, they will be overwritten by the values
+       * defined here. If a certificate request uses a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+       * that defines conflicting
+       * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] for the same
+       * properties, the certificate issuance request will fail.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.X509Parameters baseline_values = 4 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.cloud.security.privateca.v1.X509Parameters,
+              com.google.cloud.security.privateca.v1.X509Parameters.Builder,
+              com.google.cloud.security.privateca.v1.X509ParametersOrBuilder>
+          getBaselineValuesFieldBuilder() {
+        if (baselineValuesBuilder_ == null) {
+          baselineValuesBuilder_ =
+              new com.google.protobuf.SingleFieldBuilderV3<
+                  com.google.cloud.security.privateca.v1.X509Parameters,
+                  com.google.cloud.security.privateca.v1.X509Parameters.Builder,
+                  com.google.cloud.security.privateca.v1.X509ParametersOrBuilder>(
+                  getBaselineValues(), getParentForChildren(), isClean());
+          baselineValues_ = null;
+        }
+        return baselineValuesBuilder_;
+      }
+
+      private com.google.cloud.security.privateca.v1.CertificateIdentityConstraints
+          identityConstraints_;
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.cloud.security.privateca.v1.CertificateIdentityConstraints,
+              com.google.cloud.security.privateca.v1.CertificateIdentityConstraints.Builder,
+              com.google.cloud.security.privateca.v1.CertificateIdentityConstraintsOrBuilder>
+          identityConstraintsBuilder_;
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Describes constraints on identities that may appear in
+       * [Certificates][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool].
+       * If this is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
+       * certificate's identity.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CertificateIdentityConstraints identity_constraints = 5 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       *
+       * @return Whether the identityConstraints field is set.
+       */
+      public boolean hasIdentityConstraints() {
+        return identityConstraintsBuilder_ != null || identityConstraints_ != null;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Describes constraints on identities that may appear in
+       * [Certificates][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool].
+       * If this is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
+       * certificate's identity.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CertificateIdentityConstraints identity_constraints = 5 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       *
+       * @return The identityConstraints.
+       */
+      public com.google.cloud.security.privateca.v1.CertificateIdentityConstraints
+          getIdentityConstraints() {
+        if (identityConstraintsBuilder_ == null) {
+          return identityConstraints_ == null
+              ? com.google.cloud.security.privateca.v1.CertificateIdentityConstraints
+                  .getDefaultInstance()
+              : identityConstraints_;
+        } else {
+          return identityConstraintsBuilder_.getMessage();
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Describes constraints on identities that may appear in
+       * [Certificates][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool].
+       * If this is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
+       * certificate's identity.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CertificateIdentityConstraints identity_constraints = 5 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder setIdentityConstraints(
+          com.google.cloud.security.privateca.v1.CertificateIdentityConstraints value) {
+        if (identityConstraintsBuilder_ == null) {
+          if (value == null) {
+            throw new NullPointerException();
+          }
+          identityConstraints_ = value;
+          onChanged();
+        } else {
+          identityConstraintsBuilder_.setMessage(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Describes constraints on identities that may appear in
+       * [Certificates][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool].
+       * If this is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
+       * certificate's identity.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CertificateIdentityConstraints identity_constraints = 5 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder setIdentityConstraints(
+          com.google.cloud.security.privateca.v1.CertificateIdentityConstraints.Builder
+              builderForValue) {
+        if (identityConstraintsBuilder_ == null) {
+          identityConstraints_ = builderForValue.build();
+          onChanged();
+        } else {
+          identityConstraintsBuilder_.setMessage(builderForValue.build());
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Describes constraints on identities that may appear in
+       * [Certificates][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool].
+       * If this is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
+       * certificate's identity.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CertificateIdentityConstraints identity_constraints = 5 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder mergeIdentityConstraints(
+          com.google.cloud.security.privateca.v1.CertificateIdentityConstraints value) {
+        if (identityConstraintsBuilder_ == null) {
+          if (identityConstraints_ != null) {
+            identityConstraints_ =
+                com.google.cloud.security.privateca.v1.CertificateIdentityConstraints.newBuilder(
+                        identityConstraints_)
+                    .mergeFrom(value)
+                    .buildPartial();
+          } else {
+            identityConstraints_ = value;
+          }
+          onChanged();
+        } else {
+          identityConstraintsBuilder_.mergeFrom(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Describes constraints on identities that may appear in
+       * [Certificates][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool].
+       * If this is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
+       * certificate's identity.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CertificateIdentityConstraints identity_constraints = 5 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder clearIdentityConstraints() {
+        if (identityConstraintsBuilder_ == null) {
+          identityConstraints_ = null;
+          onChanged();
+        } else {
+          identityConstraints_ = null;
+          identityConstraintsBuilder_ = null;
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Describes constraints on identities that may appear in
+       * [Certificates][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool].
+       * If this is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
+       * certificate's identity.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CertificateIdentityConstraints identity_constraints = 5 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public com.google.cloud.security.privateca.v1.CertificateIdentityConstraints.Builder
+          getIdentityConstraintsBuilder() {
+
+        onChanged();
+        return getIdentityConstraintsFieldBuilder().getBuilder();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Describes constraints on identities that may appear in
+       * [Certificates][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool].
+       * If this is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
+       * certificate's identity.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CertificateIdentityConstraints identity_constraints = 5 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public com.google.cloud.security.privateca.v1.CertificateIdentityConstraintsOrBuilder
+          getIdentityConstraintsOrBuilder() {
+        if (identityConstraintsBuilder_ != null) {
+          return identityConstraintsBuilder_.getMessageOrBuilder();
+        } else {
+          return identityConstraints_ == null
+              ? com.google.cloud.security.privateca.v1.CertificateIdentityConstraints
+                  .getDefaultInstance()
+              : identityConstraints_;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Describes constraints on identities that may appear in
+       * [Certificates][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool].
+       * If this is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
+       * certificate's identity.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CertificateIdentityConstraints identity_constraints = 5 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.cloud.security.privateca.v1.CertificateIdentityConstraints,
+              com.google.cloud.security.privateca.v1.CertificateIdentityConstraints.Builder,
+              com.google.cloud.security.privateca.v1.CertificateIdentityConstraintsOrBuilder>
+          getIdentityConstraintsFieldBuilder() {
+        if (identityConstraintsBuilder_ == null) {
+          identityConstraintsBuilder_ =
+              new com.google.protobuf.SingleFieldBuilderV3<
+                  com.google.cloud.security.privateca.v1.CertificateIdentityConstraints,
+                  com.google.cloud.security.privateca.v1.CertificateIdentityConstraints.Builder,
+                  com.google.cloud.security.privateca.v1.CertificateIdentityConstraintsOrBuilder>(
+                  getIdentityConstraints(), getParentForChildren(), isClean());
+          identityConstraints_ = null;
+        }
+        return identityConstraintsBuilder_;
+      }
+
+      private com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+          passthroughExtensions_;
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.cloud.security.privateca.v1.CertificateExtensionConstraints,
+              com.google.cloud.security.privateca.v1.CertificateExtensionConstraints.Builder,
+              com.google.cloud.security.privateca.v1.CertificateExtensionConstraintsOrBuilder>
+          passthroughExtensionsBuilder_;
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Describes the set of X.509 extensions that may appear in a
+       * [Certificate][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request
+       * sets extensions that don't appear in the [passthrough_extensions][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.passthrough_extensions],
+       * those extensions will be dropped. If a certificate request uses a
+       * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with
+       * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] that don't
+       * appear here, the certificate issuance request will fail. If this is
+       * omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
+       * certificate's X.509 extensions. These constraints do not apply to X.509
+       * extensions set in this [CaPool][google.cloud.security.privateca.v1.CaPool]'s [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values].
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CertificateExtensionConstraints passthrough_extensions = 6 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       *
+       * @return Whether the passthroughExtensions field is set.
+       */
+      public boolean hasPassthroughExtensions() {
+        return passthroughExtensionsBuilder_ != null || passthroughExtensions_ != null;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Describes the set of X.509 extensions that may appear in a
+       * [Certificate][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request
+       * sets extensions that don't appear in the [passthrough_extensions][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.passthrough_extensions],
+       * those extensions will be dropped. If a certificate request uses a
+       * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with
+       * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] that don't
+       * appear here, the certificate issuance request will fail. If this is
+       * omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
+       * certificate's X.509 extensions. These constraints do not apply to X.509
+       * extensions set in this [CaPool][google.cloud.security.privateca.v1.CaPool]'s [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values].
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CertificateExtensionConstraints passthrough_extensions = 6 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       *
+       * @return The passthroughExtensions.
+       */
+      public com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+          getPassthroughExtensions() {
+        if (passthroughExtensionsBuilder_ == null) {
+          return passthroughExtensions_ == null
+              ? com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+                  .getDefaultInstance()
+              : passthroughExtensions_;
+        } else {
+          return passthroughExtensionsBuilder_.getMessage();
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Describes the set of X.509 extensions that may appear in a
+       * [Certificate][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request
+       * sets extensions that don't appear in the [passthrough_extensions][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.passthrough_extensions],
+       * those extensions will be dropped. If a certificate request uses a
+       * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with
+       * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] that don't
+       * appear here, the certificate issuance request will fail. If this is
+       * omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
+       * certificate's X.509 extensions. These constraints do not apply to X.509
+       * extensions set in this [CaPool][google.cloud.security.privateca.v1.CaPool]'s [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values].
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CertificateExtensionConstraints passthrough_extensions = 6 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder setPassthroughExtensions(
+          com.google.cloud.security.privateca.v1.CertificateExtensionConstraints value) {
+        if (passthroughExtensionsBuilder_ == null) {
+          if (value == null) {
+            throw new NullPointerException();
+          }
+          passthroughExtensions_ = value;
+          onChanged();
+        } else {
+          passthroughExtensionsBuilder_.setMessage(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Describes the set of X.509 extensions that may appear in a
+       * [Certificate][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request
+       * sets extensions that don't appear in the [passthrough_extensions][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.passthrough_extensions],
+       * those extensions will be dropped. If a certificate request uses a
+       * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with
+       * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] that don't
+       * appear here, the certificate issuance request will fail. If this is
+       * omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
+       * certificate's X.509 extensions. These constraints do not apply to X.509
+       * extensions set in this [CaPool][google.cloud.security.privateca.v1.CaPool]'s [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values].
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CertificateExtensionConstraints passthrough_extensions = 6 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder setPassthroughExtensions(
+          com.google.cloud.security.privateca.v1.CertificateExtensionConstraints.Builder
+              builderForValue) {
+        if (passthroughExtensionsBuilder_ == null) {
+          passthroughExtensions_ = builderForValue.build();
+          onChanged();
+        } else {
+          passthroughExtensionsBuilder_.setMessage(builderForValue.build());
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Describes the set of X.509 extensions that may appear in a
+       * [Certificate][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request
+       * sets extensions that don't appear in the [passthrough_extensions][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.passthrough_extensions],
+       * those extensions will be dropped. If a certificate request uses a
+       * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with
+       * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] that don't
+       * appear here, the certificate issuance request will fail. If this is
+       * omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
+       * certificate's X.509 extensions. These constraints do not apply to X.509
+       * extensions set in this [CaPool][google.cloud.security.privateca.v1.CaPool]'s [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values].
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CertificateExtensionConstraints passthrough_extensions = 6 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder mergePassthroughExtensions(
+          com.google.cloud.security.privateca.v1.CertificateExtensionConstraints value) {
+        if (passthroughExtensionsBuilder_ == null) {
+          if (passthroughExtensions_ != null) {
+            passthroughExtensions_ =
+                com.google.cloud.security.privateca.v1.CertificateExtensionConstraints.newBuilder(
+                        passthroughExtensions_)
+                    .mergeFrom(value)
+                    .buildPartial();
+          } else {
+            passthroughExtensions_ = value;
+          }
+          onChanged();
+        } else {
+          passthroughExtensionsBuilder_.mergeFrom(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Describes the set of X.509 extensions that may appear in a
+       * [Certificate][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request
+       * sets extensions that don't appear in the [passthrough_extensions][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.passthrough_extensions],
+       * those extensions will be dropped. If a certificate request uses a
+       * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with
+       * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] that don't
+       * appear here, the certificate issuance request will fail. If this is
+       * omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
+       * certificate's X.509 extensions. These constraints do not apply to X.509
+       * extensions set in this [CaPool][google.cloud.security.privateca.v1.CaPool]'s [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values].
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CertificateExtensionConstraints passthrough_extensions = 6 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder clearPassthroughExtensions() {
+        if (passthroughExtensionsBuilder_ == null) {
+          passthroughExtensions_ = null;
+          onChanged();
+        } else {
+          passthroughExtensions_ = null;
+          passthroughExtensionsBuilder_ = null;
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Describes the set of X.509 extensions that may appear in a
+       * [Certificate][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request
+       * sets extensions that don't appear in the [passthrough_extensions][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.passthrough_extensions],
+       * those extensions will be dropped. If a certificate request uses a
+       * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with
+       * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] that don't
+       * appear here, the certificate issuance request will fail. If this is
+       * omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
+       * certificate's X.509 extensions. These constraints do not apply to X.509
+       * extensions set in this [CaPool][google.cloud.security.privateca.v1.CaPool]'s [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values].
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CertificateExtensionConstraints passthrough_extensions = 6 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public com.google.cloud.security.privateca.v1.CertificateExtensionConstraints.Builder
+          getPassthroughExtensionsBuilder() {
+
+        onChanged();
+        return getPassthroughExtensionsFieldBuilder().getBuilder();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Describes the set of X.509 extensions that may appear in a
+       * [Certificate][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request
+       * sets extensions that don't appear in the [passthrough_extensions][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.passthrough_extensions],
+       * those extensions will be dropped. If a certificate request uses a
+       * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with
+       * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] that don't
+       * appear here, the certificate issuance request will fail. If this is
+       * omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
+       * certificate's X.509 extensions. These constraints do not apply to X.509
+       * extensions set in this [CaPool][google.cloud.security.privateca.v1.CaPool]'s [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values].
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CertificateExtensionConstraints passthrough_extensions = 6 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public com.google.cloud.security.privateca.v1.CertificateExtensionConstraintsOrBuilder
+          getPassthroughExtensionsOrBuilder() {
+        if (passthroughExtensionsBuilder_ != null) {
+          return passthroughExtensionsBuilder_.getMessageOrBuilder();
+        } else {
+          return passthroughExtensions_ == null
+              ? com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+                  .getDefaultInstance()
+              : passthroughExtensions_;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Describes the set of X.509 extensions that may appear in a
+       * [Certificate][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request
+       * sets extensions that don't appear in the [passthrough_extensions][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.passthrough_extensions],
+       * those extensions will be dropped. If a certificate request uses a
+       * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with
+       * [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] that don't
+       * appear here, the certificate issuance request will fail. If this is
+       * omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
+       * certificate's X.509 extensions. These constraints do not apply to X.509
+       * extensions set in this [CaPool][google.cloud.security.privateca.v1.CaPool]'s [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values].
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CertificateExtensionConstraints passthrough_extensions = 6 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.cloud.security.privateca.v1.CertificateExtensionConstraints,
+              com.google.cloud.security.privateca.v1.CertificateExtensionConstraints.Builder,
+              com.google.cloud.security.privateca.v1.CertificateExtensionConstraintsOrBuilder>
+          getPassthroughExtensionsFieldBuilder() {
+        if (passthroughExtensionsBuilder_ == null) {
+          passthroughExtensionsBuilder_ =
+              new com.google.protobuf.SingleFieldBuilderV3<
+                  com.google.cloud.security.privateca.v1.CertificateExtensionConstraints,
+                  com.google.cloud.security.privateca.v1.CertificateExtensionConstraints.Builder,
+                  com.google.cloud.security.privateca.v1.CertificateExtensionConstraintsOrBuilder>(
+                  getPassthroughExtensions(), getParentForChildren(), isClean());
+          passthroughExtensions_ = null;
+        }
+        return passthroughExtensionsBuilder_;
+      }
+
+      @java.lang.Override
+      public final Builder setUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.setUnknownFields(unknownFields);
+      }
+
+      @java.lang.Override
+      public final Builder mergeUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.mergeUnknownFields(unknownFields);
+      }
+
+      // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.CaPool.IssuancePolicy)
+    }
+
+    // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.CaPool.IssuancePolicy)
+    private static final com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy
+        DEFAULT_INSTANCE;
+
+    static {
+      DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy();
+    }
+
+    public static com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy
+        getDefaultInstance() {
+      return DEFAULT_INSTANCE;
+    }
+
+    private static final com.google.protobuf.Parser<IssuancePolicy> PARSER =
+        new com.google.protobuf.AbstractParser<IssuancePolicy>() {
+          @java.lang.Override
+          public IssuancePolicy parsePartialFrom(
+              com.google.protobuf.CodedInputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+            return new IssuancePolicy(input, extensionRegistry);
+          }
+        };
+
+    public static com.google.protobuf.Parser<IssuancePolicy> parser() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Parser<IssuancePolicy> getParserForType() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy
+        getDefaultInstanceForType() {
+      return DEFAULT_INSTANCE;
+    }
+  }
+
+  public static final int NAME_FIELD_NUMBER = 1;
+  private volatile java.lang.Object name_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
+   * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+   * </pre>
+   *
+   * <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The name.
+   */
+  @java.lang.Override
+  public java.lang.String getName() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      name_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
+   * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+   * </pre>
+   *
+   * <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The bytes for name.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getNameBytes() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      name_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int TIER_FIELD_NUMBER = 2;
+  private int tier_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. Immutable. The [Tier][google.cloud.security.privateca.v1.CaPool.Tier] of this [CaPool][google.cloud.security.privateca.v1.CaPool].
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CaPool.Tier tier = 2 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+   * </code>
+   *
+   * @return The enum numeric value on the wire for tier.
+   */
+  @java.lang.Override
+  public int getTierValue() {
+    return tier_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. Immutable. The [Tier][google.cloud.security.privateca.v1.CaPool.Tier] of this [CaPool][google.cloud.security.privateca.v1.CaPool].
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CaPool.Tier tier = 2 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+   * </code>
+   *
+   * @return The tier.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CaPool.Tier getTier() {
+    @SuppressWarnings("deprecation")
+    com.google.cloud.security.privateca.v1.CaPool.Tier result =
+        com.google.cloud.security.privateca.v1.CaPool.Tier.valueOf(tier_);
+    return result == null
+        ? com.google.cloud.security.privateca.v1.CaPool.Tier.UNRECOGNIZED
+        : result;
+  }
+
+  public static final int ISSUANCE_POLICY_FIELD_NUMBER = 3;
+  private com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy issuancePolicy_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. The [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] to control how [Certificates][google.cloud.security.privateca.v1.Certificate]
+   * will be issued from this [CaPool][google.cloud.security.privateca.v1.CaPool].
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy issuance_policy = 3 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return Whether the issuancePolicy field is set.
+   */
+  @java.lang.Override
+  public boolean hasIssuancePolicy() {
+    return issuancePolicy_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. The [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] to control how [Certificates][google.cloud.security.privateca.v1.Certificate]
+   * will be issued from this [CaPool][google.cloud.security.privateca.v1.CaPool].
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy issuance_policy = 3 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return The issuancePolicy.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy getIssuancePolicy() {
+    return issuancePolicy_ == null
+        ? com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.getDefaultInstance()
+        : issuancePolicy_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. The [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] to control how [Certificates][google.cloud.security.privateca.v1.Certificate]
+   * will be issued from this [CaPool][google.cloud.security.privateca.v1.CaPool].
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy issuance_policy = 3 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicyOrBuilder
+      getIssuancePolicyOrBuilder() {
+    return getIssuancePolicy();
+  }
+
+  public static final int PUBLISHING_OPTIONS_FIELD_NUMBER = 4;
+  private com.google.cloud.security.privateca.v1.CaPool.PublishingOptions publishingOptions_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. The [PublishingOptions][google.cloud.security.privateca.v1.CaPool.PublishingOptions] to follow when issuing
+   * [Certificates][google.cloud.security.privateca.v1.Certificate] from any [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in this
+   * [CaPool][google.cloud.security.privateca.v1.CaPool].
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CaPool.PublishingOptions publishing_options = 4 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return Whether the publishingOptions field is set.
+   */
+  @java.lang.Override
+  public boolean hasPublishingOptions() {
+    return publishingOptions_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. The [PublishingOptions][google.cloud.security.privateca.v1.CaPool.PublishingOptions] to follow when issuing
+   * [Certificates][google.cloud.security.privateca.v1.Certificate] from any [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in this
+   * [CaPool][google.cloud.security.privateca.v1.CaPool].
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CaPool.PublishingOptions publishing_options = 4 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return The publishingOptions.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CaPool.PublishingOptions getPublishingOptions() {
+    return publishingOptions_ == null
+        ? com.google.cloud.security.privateca.v1.CaPool.PublishingOptions.getDefaultInstance()
+        : publishingOptions_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. The [PublishingOptions][google.cloud.security.privateca.v1.CaPool.PublishingOptions] to follow when issuing
+   * [Certificates][google.cloud.security.privateca.v1.Certificate] from any [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in this
+   * [CaPool][google.cloud.security.privateca.v1.CaPool].
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CaPool.PublishingOptions publishing_options = 4 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CaPool.PublishingOptionsOrBuilder
+      getPublishingOptionsOrBuilder() {
+    return getPublishingOptions();
+  }
+
+  public static final int LABELS_FIELD_NUMBER = 5;
+
+  private static final class LabelsDefaultEntryHolder {
+    static final com.google.protobuf.MapEntry<java.lang.String, java.lang.String> defaultEntry =
+        com.google.protobuf.MapEntry.<java.lang.String, java.lang.String>newDefaultInstance(
+            com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+                .internal_static_google_cloud_security_privateca_v1_CaPool_LabelsEntry_descriptor,
+            com.google.protobuf.WireFormat.FieldType.STRING,
+            "",
+            com.google.protobuf.WireFormat.FieldType.STRING,
+            "");
+  }
+
+  private com.google.protobuf.MapField<java.lang.String, java.lang.String> labels_;
+
+  private com.google.protobuf.MapField<java.lang.String, java.lang.String> internalGetLabels() {
+    if (labels_ == null) {
+      return com.google.protobuf.MapField.emptyMapField(LabelsDefaultEntryHolder.defaultEntry);
+    }
+    return labels_;
+  }
+
+  public int getLabelsCount() {
+    return internalGetLabels().getMap().size();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  @java.lang.Override
+  public boolean containsLabels(java.lang.String key) {
+    if (key == null) {
+      throw new java.lang.NullPointerException();
+    }
+    return internalGetLabels().getMap().containsKey(key);
+  }
+  /** Use {@link #getLabelsMap()} instead. */
+  @java.lang.Override
+  @java.lang.Deprecated
+  public java.util.Map<java.lang.String, java.lang.String> getLabels() {
+    return getLabelsMap();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  @java.lang.Override
+  public java.util.Map<java.lang.String, java.lang.String> getLabelsMap() {
+    return internalGetLabels().getMap();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  @java.lang.Override
+  public java.lang.String getLabelsOrDefault(java.lang.String key, java.lang.String defaultValue) {
+    if (key == null) {
+      throw new java.lang.NullPointerException();
+    }
+    java.util.Map<java.lang.String, java.lang.String> map = internalGetLabels().getMap();
+    return map.containsKey(key) ? map.get(key) : defaultValue;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  @java.lang.Override
+  public java.lang.String getLabelsOrThrow(java.lang.String key) {
+    if (key == null) {
+      throw new java.lang.NullPointerException();
+    }
+    java.util.Map<java.lang.String, java.lang.String> map = internalGetLabels().getMap();
+    if (!map.containsKey(key)) {
+      throw new java.lang.IllegalArgumentException();
+    }
+    return map.get(key);
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!getNameBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, name_);
+    }
+    if (tier_ != com.google.cloud.security.privateca.v1.CaPool.Tier.TIER_UNSPECIFIED.getNumber()) {
+      output.writeEnum(2, tier_);
+    }
+    if (issuancePolicy_ != null) {
+      output.writeMessage(3, getIssuancePolicy());
+    }
+    if (publishingOptions_ != null) {
+      output.writeMessage(4, getPublishingOptions());
+    }
+    com.google.protobuf.GeneratedMessageV3.serializeStringMapTo(
+        output, internalGetLabels(), LabelsDefaultEntryHolder.defaultEntry, 5);
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!getNameBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, name_);
+    }
+    if (tier_ != com.google.cloud.security.privateca.v1.CaPool.Tier.TIER_UNSPECIFIED.getNumber()) {
+      size += com.google.protobuf.CodedOutputStream.computeEnumSize(2, tier_);
+    }
+    if (issuancePolicy_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(3, getIssuancePolicy());
+    }
+    if (publishingOptions_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(4, getPublishingOptions());
+    }
+    for (java.util.Map.Entry<java.lang.String, java.lang.String> entry :
+        internalGetLabels().getMap().entrySet()) {
+      com.google.protobuf.MapEntry<java.lang.String, java.lang.String> labels__ =
+          LabelsDefaultEntryHolder.defaultEntry
+              .newBuilderForType()
+              .setKey(entry.getKey())
+              .setValue(entry.getValue())
+              .build();
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(5, labels__);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.security.privateca.v1.CaPool)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.CaPool other =
+        (com.google.cloud.security.privateca.v1.CaPool) obj;
+
+    if (!getName().equals(other.getName())) return false;
+    if (tier_ != other.tier_) return false;
+    if (hasIssuancePolicy() != other.hasIssuancePolicy()) return false;
+    if (hasIssuancePolicy()) {
+      if (!getIssuancePolicy().equals(other.getIssuancePolicy())) return false;
+    }
+    if (hasPublishingOptions() != other.hasPublishingOptions()) return false;
+    if (hasPublishingOptions()) {
+      if (!getPublishingOptions().equals(other.getPublishingOptions())) return false;
+    }
+    if (!internalGetLabels().equals(other.internalGetLabels())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + NAME_FIELD_NUMBER;
+    hash = (53 * hash) + getName().hashCode();
+    hash = (37 * hash) + TIER_FIELD_NUMBER;
+    hash = (53 * hash) + tier_;
+    if (hasIssuancePolicy()) {
+      hash = (37 * hash) + ISSUANCE_POLICY_FIELD_NUMBER;
+      hash = (53 * hash) + getIssuancePolicy().hashCode();
+    }
+    if (hasPublishingOptions()) {
+      hash = (37 * hash) + PUBLISHING_OPTIONS_FIELD_NUMBER;
+      hash = (53 * hash) + getPublishingOptions().hashCode();
+    }
+    if (!internalGetLabels().getMap().isEmpty()) {
+      hash = (37 * hash) + LABELS_FIELD_NUMBER;
+      hash = (53 * hash) + internalGetLabels().hashCode();
+    }
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.CaPool parseFrom(java.nio.ByteBuffer data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CaPool parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CaPool parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CaPool parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CaPool parseFrom(byte[] data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CaPool parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CaPool parseFrom(java.io.InputStream input)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CaPool parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CaPool parseDelimitedFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CaPool parseDelimitedFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CaPool parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CaPool parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(com.google.cloud.security.privateca.v1.CaPool prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * A [CaPool][google.cloud.security.privateca.v1.CaPool] represents a group of
+   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority] that form a trust anchor. A
+   * [CaPool][google.cloud.security.privateca.v1.CaPool] can be used to manage issuance policies for one or more
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resources and to rotate CA certificates in and out
+   * of the trust anchor.
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.CaPool}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.CaPool)
+      com.google.cloud.security.privateca.v1.CaPoolOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CaPool_descriptor;
+    }
+
+    @SuppressWarnings({"rawtypes"})
+    protected com.google.protobuf.MapField internalGetMapField(int number) {
+      switch (number) {
+        case 5:
+          return internalGetLabels();
+        default:
+          throw new RuntimeException("Invalid map field number: " + number);
+      }
+    }
+
+    @SuppressWarnings({"rawtypes"})
+    protected com.google.protobuf.MapField internalGetMutableMapField(int number) {
+      switch (number) {
+        case 5:
+          return internalGetMutableLabels();
+        default:
+          throw new RuntimeException("Invalid map field number: " + number);
+      }
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CaPool_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.CaPool.class,
+              com.google.cloud.security.privateca.v1.CaPool.Builder.class);
+    }
+
+    // Construct using com.google.cloud.security.privateca.v1.CaPool.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      name_ = "";
+
+      tier_ = 0;
+
+      if (issuancePolicyBuilder_ == null) {
+        issuancePolicy_ = null;
+      } else {
+        issuancePolicy_ = null;
+        issuancePolicyBuilder_ = null;
+      }
+      if (publishingOptionsBuilder_ == null) {
+        publishingOptions_ = null;
+      } else {
+        publishingOptions_ = null;
+        publishingOptionsBuilder_ = null;
+      }
+      internalGetMutableLabels().clear();
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CaPool_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CaPool getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.CaPool.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CaPool build() {
+      com.google.cloud.security.privateca.v1.CaPool result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CaPool buildPartial() {
+      com.google.cloud.security.privateca.v1.CaPool result =
+          new com.google.cloud.security.privateca.v1.CaPool(this);
+      int from_bitField0_ = bitField0_;
+      result.name_ = name_;
+      result.tier_ = tier_;
+      if (issuancePolicyBuilder_ == null) {
+        result.issuancePolicy_ = issuancePolicy_;
+      } else {
+        result.issuancePolicy_ = issuancePolicyBuilder_.build();
+      }
+      if (publishingOptionsBuilder_ == null) {
+        result.publishingOptions_ = publishingOptions_;
+      } else {
+        result.publishingOptions_ = publishingOptionsBuilder_.build();
+      }
+      result.labels_ = internalGetLabels();
+      result.labels_.makeImmutable();
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.security.privateca.v1.CaPool) {
+        return mergeFrom((com.google.cloud.security.privateca.v1.CaPool) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(com.google.cloud.security.privateca.v1.CaPool other) {
+      if (other == com.google.cloud.security.privateca.v1.CaPool.getDefaultInstance()) return this;
+      if (!other.getName().isEmpty()) {
+        name_ = other.name_;
+        onChanged();
+      }
+      if (other.tier_ != 0) {
+        setTierValue(other.getTierValue());
+      }
+      if (other.hasIssuancePolicy()) {
+        mergeIssuancePolicy(other.getIssuancePolicy());
+      }
+      if (other.hasPublishingOptions()) {
+        mergePublishingOptions(other.getPublishingOptions());
+      }
+      internalGetMutableLabels().mergeFrom(other.internalGetLabels());
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.CaPool parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage = (com.google.cloud.security.privateca.v1.CaPool) e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private int bitField0_;
+
+    private java.lang.Object name_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
+     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * </pre>
+     *
+     * <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return The name.
+     */
+    public java.lang.String getName() {
+      java.lang.Object ref = name_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        name_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
+     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * </pre>
+     *
+     * <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return The bytes for name.
+     */
+    public com.google.protobuf.ByteString getNameBytes() {
+      java.lang.Object ref = name_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        name_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
+     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * </pre>
+     *
+     * <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @param value The name to set.
+     * @return This builder for chaining.
+     */
+    public Builder setName(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
+     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * </pre>
+     *
+     * <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearName() {
+
+      name_ = getDefaultInstance().getName();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
+     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * </pre>
+     *
+     * <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @param value The bytes for name to set.
+     * @return This builder for chaining.
+     */
+    public Builder setNameBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+
+    private int tier_ = 0;
+    /**
+     *
+     *
+     * <pre>
+     * Required. Immutable. The [Tier][google.cloud.security.privateca.v1.CaPool.Tier] of this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool.Tier tier = 2 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     *
+     * @return The enum numeric value on the wire for tier.
+     */
+    @java.lang.Override
+    public int getTierValue() {
+      return tier_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Immutable. The [Tier][google.cloud.security.privateca.v1.CaPool.Tier] of this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool.Tier tier = 2 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     *
+     * @param value The enum numeric value on the wire for tier to set.
+     * @return This builder for chaining.
+     */
+    public Builder setTierValue(int value) {
+
+      tier_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Immutable. The [Tier][google.cloud.security.privateca.v1.CaPool.Tier] of this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool.Tier tier = 2 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     *
+     * @return The tier.
+     */
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CaPool.Tier getTier() {
+      @SuppressWarnings("deprecation")
+      com.google.cloud.security.privateca.v1.CaPool.Tier result =
+          com.google.cloud.security.privateca.v1.CaPool.Tier.valueOf(tier_);
+      return result == null
+          ? com.google.cloud.security.privateca.v1.CaPool.Tier.UNRECOGNIZED
+          : result;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Immutable. The [Tier][google.cloud.security.privateca.v1.CaPool.Tier] of this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool.Tier tier = 2 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     *
+     * @param value The tier to set.
+     * @return This builder for chaining.
+     */
+    public Builder setTier(com.google.cloud.security.privateca.v1.CaPool.Tier value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      tier_ = value.getNumber();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Immutable. The [Tier][google.cloud.security.privateca.v1.CaPool.Tier] of this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool.Tier tier = 2 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearTier() {
+
+      tier_ = 0;
+      onChanged();
+      return this;
+    }
+
+    private com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy issuancePolicy_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy,
+            com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.Builder,
+            com.google.cloud.security.privateca.v1.CaPool.IssuancePolicyOrBuilder>
+        issuancePolicyBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] to control how [Certificates][google.cloud.security.privateca.v1.Certificate]
+     * will be issued from this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy issuance_policy = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return Whether the issuancePolicy field is set.
+     */
+    public boolean hasIssuancePolicy() {
+      return issuancePolicyBuilder_ != null || issuancePolicy_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] to control how [Certificates][google.cloud.security.privateca.v1.Certificate]
+     * will be issued from this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy issuance_policy = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return The issuancePolicy.
+     */
+    public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy getIssuancePolicy() {
+      if (issuancePolicyBuilder_ == null) {
+        return issuancePolicy_ == null
+            ? com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.getDefaultInstance()
+            : issuancePolicy_;
+      } else {
+        return issuancePolicyBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] to control how [Certificates][google.cloud.security.privateca.v1.Certificate]
+     * will be issued from this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy issuance_policy = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder setIssuancePolicy(
+        com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy value) {
+      if (issuancePolicyBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        issuancePolicy_ = value;
+        onChanged();
+      } else {
+        issuancePolicyBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] to control how [Certificates][google.cloud.security.privateca.v1.Certificate]
+     * will be issued from this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy issuance_policy = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder setIssuancePolicy(
+        com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.Builder builderForValue) {
+      if (issuancePolicyBuilder_ == null) {
+        issuancePolicy_ = builderForValue.build();
+        onChanged();
+      } else {
+        issuancePolicyBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] to control how [Certificates][google.cloud.security.privateca.v1.Certificate]
+     * will be issued from this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy issuance_policy = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder mergeIssuancePolicy(
+        com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy value) {
+      if (issuancePolicyBuilder_ == null) {
+        if (issuancePolicy_ != null) {
+          issuancePolicy_ =
+              com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.newBuilder(
+                      issuancePolicy_)
+                  .mergeFrom(value)
+                  .buildPartial();
+        } else {
+          issuancePolicy_ = value;
+        }
+        onChanged();
+      } else {
+        issuancePolicyBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] to control how [Certificates][google.cloud.security.privateca.v1.Certificate]
+     * will be issued from this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy issuance_policy = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder clearIssuancePolicy() {
+      if (issuancePolicyBuilder_ == null) {
+        issuancePolicy_ = null;
+        onChanged();
+      } else {
+        issuancePolicy_ = null;
+        issuancePolicyBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] to control how [Certificates][google.cloud.security.privateca.v1.Certificate]
+     * will be issued from this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy issuance_policy = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.Builder
+        getIssuancePolicyBuilder() {
+
+      onChanged();
+      return getIssuancePolicyFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] to control how [Certificates][google.cloud.security.privateca.v1.Certificate]
+     * will be issued from this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy issuance_policy = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CaPool.IssuancePolicyOrBuilder
+        getIssuancePolicyOrBuilder() {
+      if (issuancePolicyBuilder_ != null) {
+        return issuancePolicyBuilder_.getMessageOrBuilder();
+      } else {
+        return issuancePolicy_ == null
+            ? com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.getDefaultInstance()
+            : issuancePolicy_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] to control how [Certificates][google.cloud.security.privateca.v1.Certificate]
+     * will be issued from this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy issuance_policy = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy,
+            com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.Builder,
+            com.google.cloud.security.privateca.v1.CaPool.IssuancePolicyOrBuilder>
+        getIssuancePolicyFieldBuilder() {
+      if (issuancePolicyBuilder_ == null) {
+        issuancePolicyBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy,
+                com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy.Builder,
+                com.google.cloud.security.privateca.v1.CaPool.IssuancePolicyOrBuilder>(
+                getIssuancePolicy(), getParentForChildren(), isClean());
+        issuancePolicy_ = null;
+      }
+      return issuancePolicyBuilder_;
+    }
+
+    private com.google.cloud.security.privateca.v1.CaPool.PublishingOptions publishingOptions_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CaPool.PublishingOptions,
+            com.google.cloud.security.privateca.v1.CaPool.PublishingOptions.Builder,
+            com.google.cloud.security.privateca.v1.CaPool.PublishingOptionsOrBuilder>
+        publishingOptionsBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The [PublishingOptions][google.cloud.security.privateca.v1.CaPool.PublishingOptions] to follow when issuing
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] from any [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in this
+     * [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool.PublishingOptions publishing_options = 4 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return Whether the publishingOptions field is set.
+     */
+    public boolean hasPublishingOptions() {
+      return publishingOptionsBuilder_ != null || publishingOptions_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The [PublishingOptions][google.cloud.security.privateca.v1.CaPool.PublishingOptions] to follow when issuing
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] from any [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in this
+     * [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool.PublishingOptions publishing_options = 4 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return The publishingOptions.
+     */
+    public com.google.cloud.security.privateca.v1.CaPool.PublishingOptions getPublishingOptions() {
+      if (publishingOptionsBuilder_ == null) {
+        return publishingOptions_ == null
+            ? com.google.cloud.security.privateca.v1.CaPool.PublishingOptions.getDefaultInstance()
+            : publishingOptions_;
+      } else {
+        return publishingOptionsBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The [PublishingOptions][google.cloud.security.privateca.v1.CaPool.PublishingOptions] to follow when issuing
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] from any [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in this
+     * [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool.PublishingOptions publishing_options = 4 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder setPublishingOptions(
+        com.google.cloud.security.privateca.v1.CaPool.PublishingOptions value) {
+      if (publishingOptionsBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        publishingOptions_ = value;
+        onChanged();
+      } else {
+        publishingOptionsBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The [PublishingOptions][google.cloud.security.privateca.v1.CaPool.PublishingOptions] to follow when issuing
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] from any [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in this
+     * [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool.PublishingOptions publishing_options = 4 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder setPublishingOptions(
+        com.google.cloud.security.privateca.v1.CaPool.PublishingOptions.Builder builderForValue) {
+      if (publishingOptionsBuilder_ == null) {
+        publishingOptions_ = builderForValue.build();
+        onChanged();
+      } else {
+        publishingOptionsBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The [PublishingOptions][google.cloud.security.privateca.v1.CaPool.PublishingOptions] to follow when issuing
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] from any [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in this
+     * [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool.PublishingOptions publishing_options = 4 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder mergePublishingOptions(
+        com.google.cloud.security.privateca.v1.CaPool.PublishingOptions value) {
+      if (publishingOptionsBuilder_ == null) {
+        if (publishingOptions_ != null) {
+          publishingOptions_ =
+              com.google.cloud.security.privateca.v1.CaPool.PublishingOptions.newBuilder(
+                      publishingOptions_)
+                  .mergeFrom(value)
+                  .buildPartial();
+        } else {
+          publishingOptions_ = value;
+        }
+        onChanged();
+      } else {
+        publishingOptionsBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The [PublishingOptions][google.cloud.security.privateca.v1.CaPool.PublishingOptions] to follow when issuing
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] from any [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in this
+     * [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool.PublishingOptions publishing_options = 4 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder clearPublishingOptions() {
+      if (publishingOptionsBuilder_ == null) {
+        publishingOptions_ = null;
+        onChanged();
+      } else {
+        publishingOptions_ = null;
+        publishingOptionsBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The [PublishingOptions][google.cloud.security.privateca.v1.CaPool.PublishingOptions] to follow when issuing
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] from any [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in this
+     * [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool.PublishingOptions publishing_options = 4 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CaPool.PublishingOptions.Builder
+        getPublishingOptionsBuilder() {
+
+      onChanged();
+      return getPublishingOptionsFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The [PublishingOptions][google.cloud.security.privateca.v1.CaPool.PublishingOptions] to follow when issuing
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] from any [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in this
+     * [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool.PublishingOptions publishing_options = 4 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CaPool.PublishingOptionsOrBuilder
+        getPublishingOptionsOrBuilder() {
+      if (publishingOptionsBuilder_ != null) {
+        return publishingOptionsBuilder_.getMessageOrBuilder();
+      } else {
+        return publishingOptions_ == null
+            ? com.google.cloud.security.privateca.v1.CaPool.PublishingOptions.getDefaultInstance()
+            : publishingOptions_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The [PublishingOptions][google.cloud.security.privateca.v1.CaPool.PublishingOptions] to follow when issuing
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] from any [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in this
+     * [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool.PublishingOptions publishing_options = 4 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CaPool.PublishingOptions,
+            com.google.cloud.security.privateca.v1.CaPool.PublishingOptions.Builder,
+            com.google.cloud.security.privateca.v1.CaPool.PublishingOptionsOrBuilder>
+        getPublishingOptionsFieldBuilder() {
+      if (publishingOptionsBuilder_ == null) {
+        publishingOptionsBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.CaPool.PublishingOptions,
+                com.google.cloud.security.privateca.v1.CaPool.PublishingOptions.Builder,
+                com.google.cloud.security.privateca.v1.CaPool.PublishingOptionsOrBuilder>(
+                getPublishingOptions(), getParentForChildren(), isClean());
+        publishingOptions_ = null;
+      }
+      return publishingOptionsBuilder_;
+    }
+
+    private com.google.protobuf.MapField<java.lang.String, java.lang.String> labels_;
+
+    private com.google.protobuf.MapField<java.lang.String, java.lang.String> internalGetLabels() {
+      if (labels_ == null) {
+        return com.google.protobuf.MapField.emptyMapField(LabelsDefaultEntryHolder.defaultEntry);
+      }
+      return labels_;
+    }
+
+    private com.google.protobuf.MapField<java.lang.String, java.lang.String>
+        internalGetMutableLabels() {
+      onChanged();
+      ;
+      if (labels_ == null) {
+        labels_ = com.google.protobuf.MapField.newMapField(LabelsDefaultEntryHolder.defaultEntry);
+      }
+      if (!labels_.isMutable()) {
+        labels_ = labels_.copy();
+      }
+      return labels_;
+    }
+
+    public int getLabelsCount() {
+      return internalGetLabels().getMap().size();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Labels with user-defined metadata.
+     * </pre>
+     *
+     * <code>map&lt;string, string&gt; labels = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    @java.lang.Override
+    public boolean containsLabels(java.lang.String key) {
+      if (key == null) {
+        throw new java.lang.NullPointerException();
+      }
+      return internalGetLabels().getMap().containsKey(key);
+    }
+    /** Use {@link #getLabelsMap()} instead. */
+    @java.lang.Override
+    @java.lang.Deprecated
+    public java.util.Map<java.lang.String, java.lang.String> getLabels() {
+      return getLabelsMap();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Labels with user-defined metadata.
+     * </pre>
+     *
+     * <code>map&lt;string, string&gt; labels = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    @java.lang.Override
+    public java.util.Map<java.lang.String, java.lang.String> getLabelsMap() {
+      return internalGetLabels().getMap();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Labels with user-defined metadata.
+     * </pre>
+     *
+     * <code>map&lt;string, string&gt; labels = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    @java.lang.Override
+    public java.lang.String getLabelsOrDefault(
+        java.lang.String key, java.lang.String defaultValue) {
+      if (key == null) {
+        throw new java.lang.NullPointerException();
+      }
+      java.util.Map<java.lang.String, java.lang.String> map = internalGetLabels().getMap();
+      return map.containsKey(key) ? map.get(key) : defaultValue;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Labels with user-defined metadata.
+     * </pre>
+     *
+     * <code>map&lt;string, string&gt; labels = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    @java.lang.Override
+    public java.lang.String getLabelsOrThrow(java.lang.String key) {
+      if (key == null) {
+        throw new java.lang.NullPointerException();
+      }
+      java.util.Map<java.lang.String, java.lang.String> map = internalGetLabels().getMap();
+      if (!map.containsKey(key)) {
+        throw new java.lang.IllegalArgumentException();
+      }
+      return map.get(key);
+    }
+
+    public Builder clearLabels() {
+      internalGetMutableLabels().getMutableMap().clear();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Labels with user-defined metadata.
+     * </pre>
+     *
+     * <code>map&lt;string, string&gt; labels = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    public Builder removeLabels(java.lang.String key) {
+      if (key == null) {
+        throw new java.lang.NullPointerException();
+      }
+      internalGetMutableLabels().getMutableMap().remove(key);
+      return this;
+    }
+    /** Use alternate mutation accessors instead. */
+    @java.lang.Deprecated
+    public java.util.Map<java.lang.String, java.lang.String> getMutableLabels() {
+      return internalGetMutableLabels().getMutableMap();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Labels with user-defined metadata.
+     * </pre>
+     *
+     * <code>map&lt;string, string&gt; labels = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    public Builder putLabels(java.lang.String key, java.lang.String value) {
+      if (key == null) {
+        throw new java.lang.NullPointerException();
+      }
+      if (value == null) {
+        throw new java.lang.NullPointerException();
+      }
+      internalGetMutableLabels().getMutableMap().put(key, value);
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Labels with user-defined metadata.
+     * </pre>
+     *
+     * <code>map&lt;string, string&gt; labels = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    public Builder putAllLabels(java.util.Map<java.lang.String, java.lang.String> values) {
+      internalGetMutableLabels().getMutableMap().putAll(values);
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.CaPool)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.CaPool)
+  private static final com.google.cloud.security.privateca.v1.CaPool DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.CaPool();
+  }
+
+  public static com.google.cloud.security.privateca.v1.CaPool getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<CaPool> PARSER =
+      new com.google.protobuf.AbstractParser<CaPool>() {
+        @java.lang.Override
+        public CaPool parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new CaPool(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<CaPool> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<CaPool> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CaPool getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CaPoolName.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CaPoolName.java
new file mode 100644
index 00000000..bd378001
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CaPoolName.java
@@ -0,0 +1,223 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.cloud.security.privateca.v1;
+
+import com.google.api.pathtemplate.PathTemplate;
+import com.google.api.resourcenames.ResourceName;
+import com.google.common.base.Preconditions;
+import com.google.common.collect.ImmutableMap;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import javax.annotation.Generated;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS.
+@Generated("by gapic-generator-java")
+public class CaPoolName implements ResourceName {
+  private static final PathTemplate PROJECT_LOCATION_CA_POOL =
+      PathTemplate.createWithoutUrlEncoding(
+          "projects/{project}/locations/{location}/caPools/{ca_pool}");
+  private volatile Map<String, String> fieldValuesMap;
+  private final String project;
+  private final String location;
+  private final String caPool;
+
+  @Deprecated
+  protected CaPoolName() {
+    project = null;
+    location = null;
+    caPool = null;
+  }
+
+  private CaPoolName(Builder builder) {
+    project = Preconditions.checkNotNull(builder.getProject());
+    location = Preconditions.checkNotNull(builder.getLocation());
+    caPool = Preconditions.checkNotNull(builder.getCaPool());
+  }
+
+  public String getProject() {
+    return project;
+  }
+
+  public String getLocation() {
+    return location;
+  }
+
+  public String getCaPool() {
+    return caPool;
+  }
+
+  public static Builder newBuilder() {
+    return new Builder();
+  }
+
+  public Builder toBuilder() {
+    return new Builder(this);
+  }
+
+  public static CaPoolName of(String project, String location, String caPool) {
+    return newBuilder().setProject(project).setLocation(location).setCaPool(caPool).build();
+  }
+
+  public static String format(String project, String location, String caPool) {
+    return newBuilder()
+        .setProject(project)
+        .setLocation(location)
+        .setCaPool(caPool)
+        .build()
+        .toString();
+  }
+
+  public static CaPoolName parse(String formattedString) {
+    if (formattedString.isEmpty()) {
+      return null;
+    }
+    Map<String, String> matchMap =
+        PROJECT_LOCATION_CA_POOL.validatedMatch(
+            formattedString, "CaPoolName.parse: formattedString not in valid format");
+    return of(matchMap.get("project"), matchMap.get("location"), matchMap.get("ca_pool"));
+  }
+
+  public static List<CaPoolName> parseList(List<String> formattedStrings) {
+    List<CaPoolName> list = new ArrayList<>(formattedStrings.size());
+    for (String formattedString : formattedStrings) {
+      list.add(parse(formattedString));
+    }
+    return list;
+  }
+
+  public static List<String> toStringList(List<CaPoolName> values) {
+    List<String> list = new ArrayList<>(values.size());
+    for (CaPoolName value : values) {
+      if (value == null) {
+        list.add("");
+      } else {
+        list.add(value.toString());
+      }
+    }
+    return list;
+  }
+
+  public static boolean isParsableFrom(String formattedString) {
+    return PROJECT_LOCATION_CA_POOL.matches(formattedString);
+  }
+
+  @Override
+  public Map<String, String> getFieldValuesMap() {
+    if (fieldValuesMap == null) {
+      synchronized (this) {
+        if (fieldValuesMap == null) {
+          ImmutableMap.Builder<String, String> fieldMapBuilder = ImmutableMap.builder();
+          if (project != null) {
+            fieldMapBuilder.put("project", project);
+          }
+          if (location != null) {
+            fieldMapBuilder.put("location", location);
+          }
+          if (caPool != null) {
+            fieldMapBuilder.put("ca_pool", caPool);
+          }
+          fieldValuesMap = fieldMapBuilder.build();
+        }
+      }
+    }
+    return fieldValuesMap;
+  }
+
+  public String getFieldValue(String fieldName) {
+    return getFieldValuesMap().get(fieldName);
+  }
+
+  @Override
+  public String toString() {
+    return PROJECT_LOCATION_CA_POOL.instantiate(
+        "project", project, "location", location, "ca_pool", caPool);
+  }
+
+  @Override
+  public boolean equals(Object o) {
+    if (o == this) {
+      return true;
+    }
+    if (o != null || getClass() == o.getClass()) {
+      CaPoolName that = ((CaPoolName) o);
+      return Objects.equals(this.project, that.project)
+          && Objects.equals(this.location, that.location)
+          && Objects.equals(this.caPool, that.caPool);
+    }
+    return false;
+  }
+
+  @Override
+  public int hashCode() {
+    int h = 1;
+    h *= 1000003;
+    h ^= Objects.hashCode(project);
+    h *= 1000003;
+    h ^= Objects.hashCode(location);
+    h *= 1000003;
+    h ^= Objects.hashCode(caPool);
+    return h;
+  }
+
+  /** Builder for projects/{project}/locations/{location}/caPools/{ca_pool}. */
+  public static class Builder {
+    private String project;
+    private String location;
+    private String caPool;
+
+    protected Builder() {}
+
+    public String getProject() {
+      return project;
+    }
+
+    public String getLocation() {
+      return location;
+    }
+
+    public String getCaPool() {
+      return caPool;
+    }
+
+    public Builder setProject(String project) {
+      this.project = project;
+      return this;
+    }
+
+    public Builder setLocation(String location) {
+      this.location = location;
+      return this;
+    }
+
+    public Builder setCaPool(String caPool) {
+      this.caPool = caPool;
+      return this;
+    }
+
+    private Builder(CaPoolName caPoolName) {
+      project = caPoolName.project;
+      location = caPoolName.location;
+      caPool = caPoolName.caPool;
+    }
+
+    public CaPoolName build() {
+      return new CaPoolName(this);
+    }
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CaPoolOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CaPoolOrBuilder.java
new file mode 100644
index 00000000..890aeec3
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CaPoolOrBuilder.java
@@ -0,0 +1,228 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/resources.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface CaPoolOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.CaPool)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
+   * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+   * </pre>
+   *
+   * <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The name.
+   */
+  java.lang.String getName();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
+   * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+   * </pre>
+   *
+   * <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The bytes for name.
+   */
+  com.google.protobuf.ByteString getNameBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. Immutable. The [Tier][google.cloud.security.privateca.v1.CaPool.Tier] of this [CaPool][google.cloud.security.privateca.v1.CaPool].
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CaPool.Tier tier = 2 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+   * </code>
+   *
+   * @return The enum numeric value on the wire for tier.
+   */
+  int getTierValue();
+  /**
+   *
+   *
+   * <pre>
+   * Required. Immutable. The [Tier][google.cloud.security.privateca.v1.CaPool.Tier] of this [CaPool][google.cloud.security.privateca.v1.CaPool].
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CaPool.Tier tier = 2 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+   * </code>
+   *
+   * @return The tier.
+   */
+  com.google.cloud.security.privateca.v1.CaPool.Tier getTier();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. The [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] to control how [Certificates][google.cloud.security.privateca.v1.Certificate]
+   * will be issued from this [CaPool][google.cloud.security.privateca.v1.CaPool].
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy issuance_policy = 3 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return Whether the issuancePolicy field is set.
+   */
+  boolean hasIssuancePolicy();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. The [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] to control how [Certificates][google.cloud.security.privateca.v1.Certificate]
+   * will be issued from this [CaPool][google.cloud.security.privateca.v1.CaPool].
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy issuance_policy = 3 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return The issuancePolicy.
+   */
+  com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy getIssuancePolicy();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. The [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] to control how [Certificates][google.cloud.security.privateca.v1.Certificate]
+   * will be issued from this [CaPool][google.cloud.security.privateca.v1.CaPool].
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CaPool.IssuancePolicy issuance_policy = 3 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.CaPool.IssuancePolicyOrBuilder
+      getIssuancePolicyOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. The [PublishingOptions][google.cloud.security.privateca.v1.CaPool.PublishingOptions] to follow when issuing
+   * [Certificates][google.cloud.security.privateca.v1.Certificate] from any [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in this
+   * [CaPool][google.cloud.security.privateca.v1.CaPool].
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CaPool.PublishingOptions publishing_options = 4 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return Whether the publishingOptions field is set.
+   */
+  boolean hasPublishingOptions();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. The [PublishingOptions][google.cloud.security.privateca.v1.CaPool.PublishingOptions] to follow when issuing
+   * [Certificates][google.cloud.security.privateca.v1.Certificate] from any [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in this
+   * [CaPool][google.cloud.security.privateca.v1.CaPool].
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CaPool.PublishingOptions publishing_options = 4 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return The publishingOptions.
+   */
+  com.google.cloud.security.privateca.v1.CaPool.PublishingOptions getPublishingOptions();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. The [PublishingOptions][google.cloud.security.privateca.v1.CaPool.PublishingOptions] to follow when issuing
+   * [Certificates][google.cloud.security.privateca.v1.Certificate] from any [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in this
+   * [CaPool][google.cloud.security.privateca.v1.CaPool].
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CaPool.PublishingOptions publishing_options = 4 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.CaPool.PublishingOptionsOrBuilder
+      getPublishingOptionsOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  int getLabelsCount();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  boolean containsLabels(java.lang.String key);
+  /** Use {@link #getLabelsMap()} instead. */
+  @java.lang.Deprecated
+  java.util.Map<java.lang.String, java.lang.String> getLabels();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  java.util.Map<java.lang.String, java.lang.String> getLabelsMap();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  java.lang.String getLabelsOrDefault(java.lang.String key, java.lang.String defaultValue);
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  java.lang.String getLabelsOrThrow(java.lang.String key);
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/Certificate.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/Certificate.java
new file mode 100644
index 00000000..90714a38
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/Certificate.java
@@ -0,0 +1,5253 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/resources.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * A [Certificate][google.cloud.security.privateca.v1.Certificate] corresponds to a signed X.509 certificate issued by a
+ * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.Certificate}
+ */
+public final class Certificate extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.Certificate)
+    CertificateOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use Certificate.newBuilder() to construct.
+  private Certificate(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private Certificate() {
+    name_ = "";
+    issuerCertificateAuthority_ = "";
+    certificateTemplate_ = "";
+    subjectMode_ = 0;
+    pemCertificate_ = "";
+    pemCertificateChain_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new Certificate();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private Certificate(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    int mutable_bitField0_ = 0;
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              name_ = s;
+              break;
+            }
+          case 18:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+              certificateConfigCase_ = 2;
+              certificateConfig_ = s;
+              break;
+            }
+          case 26:
+            {
+              com.google.cloud.security.privateca.v1.CertificateConfig.Builder subBuilder = null;
+              if (certificateConfigCase_ == 3) {
+                subBuilder =
+                    ((com.google.cloud.security.privateca.v1.CertificateConfig) certificateConfig_)
+                        .toBuilder();
+              }
+              certificateConfig_ =
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.CertificateConfig.parser(),
+                      extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(
+                    (com.google.cloud.security.privateca.v1.CertificateConfig) certificateConfig_);
+                certificateConfig_ = subBuilder.buildPartial();
+              }
+              certificateConfigCase_ = 3;
+              break;
+            }
+          case 34:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              issuerCertificateAuthority_ = s;
+              break;
+            }
+          case 42:
+            {
+              com.google.protobuf.Duration.Builder subBuilder = null;
+              if (lifetime_ != null) {
+                subBuilder = lifetime_.toBuilder();
+              }
+              lifetime_ =
+                  input.readMessage(com.google.protobuf.Duration.parser(), extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(lifetime_);
+                lifetime_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 50:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              certificateTemplate_ = s;
+              break;
+            }
+          case 56:
+            {
+              int rawValue = input.readEnum();
+
+              subjectMode_ = rawValue;
+              break;
+            }
+          case 66:
+            {
+              com.google.cloud.security.privateca.v1.Certificate.RevocationDetails.Builder
+                  subBuilder = null;
+              if (revocationDetails_ != null) {
+                subBuilder = revocationDetails_.toBuilder();
+              }
+              revocationDetails_ =
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.Certificate.RevocationDetails.parser(),
+                      extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(revocationDetails_);
+                revocationDetails_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 74:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              pemCertificate_ = s;
+              break;
+            }
+          case 82:
+            {
+              com.google.cloud.security.privateca.v1.CertificateDescription.Builder subBuilder =
+                  null;
+              if (certificateDescription_ != null) {
+                subBuilder = certificateDescription_.toBuilder();
+              }
+              certificateDescription_ =
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.CertificateDescription.parser(),
+                      extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(certificateDescription_);
+                certificateDescription_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 90:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+              if (!((mutable_bitField0_ & 0x00000001) != 0)) {
+                pemCertificateChain_ = new com.google.protobuf.LazyStringArrayList();
+                mutable_bitField0_ |= 0x00000001;
+              }
+              pemCertificateChain_.add(s);
+              break;
+            }
+          case 98:
+            {
+              com.google.protobuf.Timestamp.Builder subBuilder = null;
+              if (createTime_ != null) {
+                subBuilder = createTime_.toBuilder();
+              }
+              createTime_ =
+                  input.readMessage(com.google.protobuf.Timestamp.parser(), extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(createTime_);
+                createTime_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 106:
+            {
+              com.google.protobuf.Timestamp.Builder subBuilder = null;
+              if (updateTime_ != null) {
+                subBuilder = updateTime_.toBuilder();
+              }
+              updateTime_ =
+                  input.readMessage(com.google.protobuf.Timestamp.parser(), extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(updateTime_);
+                updateTime_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 114:
+            {
+              if (!((mutable_bitField0_ & 0x00000002) != 0)) {
+                labels_ =
+                    com.google.protobuf.MapField.newMapField(LabelsDefaultEntryHolder.defaultEntry);
+                mutable_bitField0_ |= 0x00000002;
+              }
+              com.google.protobuf.MapEntry<java.lang.String, java.lang.String> labels__ =
+                  input.readMessage(
+                      LabelsDefaultEntryHolder.defaultEntry.getParserForType(), extensionRegistry);
+              labels_.getMutableMap().put(labels__.getKey(), labels__.getValue());
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      if (((mutable_bitField0_ & 0x00000001) != 0)) {
+        pemCertificateChain_ = pemCertificateChain_.getUnmodifiableView();
+      }
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+        .internal_static_google_cloud_security_privateca_v1_Certificate_descriptor;
+  }
+
+  @SuppressWarnings({"rawtypes"})
+  @java.lang.Override
+  protected com.google.protobuf.MapField internalGetMapField(int number) {
+    switch (number) {
+      case 14:
+        return internalGetLabels();
+      default:
+        throw new RuntimeException("Invalid map field number: " + number);
+    }
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+        .internal_static_google_cloud_security_privateca_v1_Certificate_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.Certificate.class,
+            com.google.cloud.security.privateca.v1.Certificate.Builder.class);
+  }
+
+  public interface RevocationDetailsOrBuilder
+      extends
+      // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.Certificate.RevocationDetails)
+      com.google.protobuf.MessageOrBuilder {
+
+    /**
+     *
+     *
+     * <pre>
+     * Indicates why a [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.RevocationReason revocation_state = 1;</code>
+     *
+     * @return The enum numeric value on the wire for revocationState.
+     */
+    int getRevocationStateValue();
+    /**
+     *
+     *
+     * <pre>
+     * Indicates why a [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.RevocationReason revocation_state = 1;</code>
+     *
+     * @return The revocationState.
+     */
+    com.google.cloud.security.privateca.v1.RevocationReason getRevocationState();
+
+    /**
+     *
+     *
+     * <pre>
+     * The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+     * </pre>
+     *
+     * <code>.google.protobuf.Timestamp revocation_time = 2;</code>
+     *
+     * @return Whether the revocationTime field is set.
+     */
+    boolean hasRevocationTime();
+    /**
+     *
+     *
+     * <pre>
+     * The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+     * </pre>
+     *
+     * <code>.google.protobuf.Timestamp revocation_time = 2;</code>
+     *
+     * @return The revocationTime.
+     */
+    com.google.protobuf.Timestamp getRevocationTime();
+    /**
+     *
+     *
+     * <pre>
+     * The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+     * </pre>
+     *
+     * <code>.google.protobuf.Timestamp revocation_time = 2;</code>
+     */
+    com.google.protobuf.TimestampOrBuilder getRevocationTimeOrBuilder();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Describes fields that are relavent to the revocation of a [Certificate][google.cloud.security.privateca.v1.Certificate].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.Certificate.RevocationDetails}
+   */
+  public static final class RevocationDetails extends com.google.protobuf.GeneratedMessageV3
+      implements
+      // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.Certificate.RevocationDetails)
+      RevocationDetailsOrBuilder {
+    private static final long serialVersionUID = 0L;
+    // Use RevocationDetails.newBuilder() to construct.
+    private RevocationDetails(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+      super(builder);
+    }
+
+    private RevocationDetails() {
+      revocationState_ = 0;
+    }
+
+    @java.lang.Override
+    @SuppressWarnings({"unused"})
+    protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+      return new RevocationDetails();
+    }
+
+    @java.lang.Override
+    public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+      return this.unknownFields;
+    }
+
+    private RevocationDetails(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      this();
+      if (extensionRegistry == null) {
+        throw new java.lang.NullPointerException();
+      }
+      com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+          com.google.protobuf.UnknownFieldSet.newBuilder();
+      try {
+        boolean done = false;
+        while (!done) {
+          int tag = input.readTag();
+          switch (tag) {
+            case 0:
+              done = true;
+              break;
+            case 8:
+              {
+                int rawValue = input.readEnum();
+
+                revocationState_ = rawValue;
+                break;
+              }
+            case 18:
+              {
+                com.google.protobuf.Timestamp.Builder subBuilder = null;
+                if (revocationTime_ != null) {
+                  subBuilder = revocationTime_.toBuilder();
+                }
+                revocationTime_ =
+                    input.readMessage(com.google.protobuf.Timestamp.parser(), extensionRegistry);
+                if (subBuilder != null) {
+                  subBuilder.mergeFrom(revocationTime_);
+                  revocationTime_ = subBuilder.buildPartial();
+                }
+
+                break;
+              }
+            default:
+              {
+                if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                  done = true;
+                }
+                break;
+              }
+          }
+        }
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        throw e.setUnfinishedMessage(this);
+      } catch (java.io.IOException e) {
+        throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+      } finally {
+        this.unknownFields = unknownFields.build();
+        makeExtensionsImmutable();
+      }
+    }
+
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_Certificate_RevocationDetails_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_Certificate_RevocationDetails_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.Certificate.RevocationDetails.class,
+              com.google.cloud.security.privateca.v1.Certificate.RevocationDetails.Builder.class);
+    }
+
+    public static final int REVOCATION_STATE_FIELD_NUMBER = 1;
+    private int revocationState_;
+    /**
+     *
+     *
+     * <pre>
+     * Indicates why a [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.RevocationReason revocation_state = 1;</code>
+     *
+     * @return The enum numeric value on the wire for revocationState.
+     */
+    @java.lang.Override
+    public int getRevocationStateValue() {
+      return revocationState_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Indicates why a [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.RevocationReason revocation_state = 1;</code>
+     *
+     * @return The revocationState.
+     */
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.RevocationReason getRevocationState() {
+      @SuppressWarnings("deprecation")
+      com.google.cloud.security.privateca.v1.RevocationReason result =
+          com.google.cloud.security.privateca.v1.RevocationReason.valueOf(revocationState_);
+      return result == null
+          ? com.google.cloud.security.privateca.v1.RevocationReason.UNRECOGNIZED
+          : result;
+    }
+
+    public static final int REVOCATION_TIME_FIELD_NUMBER = 2;
+    private com.google.protobuf.Timestamp revocationTime_;
+    /**
+     *
+     *
+     * <pre>
+     * The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+     * </pre>
+     *
+     * <code>.google.protobuf.Timestamp revocation_time = 2;</code>
+     *
+     * @return Whether the revocationTime field is set.
+     */
+    @java.lang.Override
+    public boolean hasRevocationTime() {
+      return revocationTime_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+     * </pre>
+     *
+     * <code>.google.protobuf.Timestamp revocation_time = 2;</code>
+     *
+     * @return The revocationTime.
+     */
+    @java.lang.Override
+    public com.google.protobuf.Timestamp getRevocationTime() {
+      return revocationTime_ == null
+          ? com.google.protobuf.Timestamp.getDefaultInstance()
+          : revocationTime_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+     * </pre>
+     *
+     * <code>.google.protobuf.Timestamp revocation_time = 2;</code>
+     */
+    @java.lang.Override
+    public com.google.protobuf.TimestampOrBuilder getRevocationTimeOrBuilder() {
+      return getRevocationTime();
+    }
+
+    private byte memoizedIsInitialized = -1;
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      byte isInitialized = memoizedIsInitialized;
+      if (isInitialized == 1) return true;
+      if (isInitialized == 0) return false;
+
+      memoizedIsInitialized = 1;
+      return true;
+    }
+
+    @java.lang.Override
+    public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+      if (revocationState_
+          != com.google.cloud.security.privateca.v1.RevocationReason.REVOCATION_REASON_UNSPECIFIED
+              .getNumber()) {
+        output.writeEnum(1, revocationState_);
+      }
+      if (revocationTime_ != null) {
+        output.writeMessage(2, getRevocationTime());
+      }
+      unknownFields.writeTo(output);
+    }
+
+    @java.lang.Override
+    public int getSerializedSize() {
+      int size = memoizedSize;
+      if (size != -1) return size;
+
+      size = 0;
+      if (revocationState_
+          != com.google.cloud.security.privateca.v1.RevocationReason.REVOCATION_REASON_UNSPECIFIED
+              .getNumber()) {
+        size += com.google.protobuf.CodedOutputStream.computeEnumSize(1, revocationState_);
+      }
+      if (revocationTime_ != null) {
+        size += com.google.protobuf.CodedOutputStream.computeMessageSize(2, getRevocationTime());
+      }
+      size += unknownFields.getSerializedSize();
+      memoizedSize = size;
+      return size;
+    }
+
+    @java.lang.Override
+    public boolean equals(final java.lang.Object obj) {
+      if (obj == this) {
+        return true;
+      }
+      if (!(obj instanceof com.google.cloud.security.privateca.v1.Certificate.RevocationDetails)) {
+        return super.equals(obj);
+      }
+      com.google.cloud.security.privateca.v1.Certificate.RevocationDetails other =
+          (com.google.cloud.security.privateca.v1.Certificate.RevocationDetails) obj;
+
+      if (revocationState_ != other.revocationState_) return false;
+      if (hasRevocationTime() != other.hasRevocationTime()) return false;
+      if (hasRevocationTime()) {
+        if (!getRevocationTime().equals(other.getRevocationTime())) return false;
+      }
+      if (!unknownFields.equals(other.unknownFields)) return false;
+      return true;
+    }
+
+    @java.lang.Override
+    public int hashCode() {
+      if (memoizedHashCode != 0) {
+        return memoizedHashCode;
+      }
+      int hash = 41;
+      hash = (19 * hash) + getDescriptor().hashCode();
+      hash = (37 * hash) + REVOCATION_STATE_FIELD_NUMBER;
+      hash = (53 * hash) + revocationState_;
+      if (hasRevocationTime()) {
+        hash = (37 * hash) + REVOCATION_TIME_FIELD_NUMBER;
+        hash = (53 * hash) + getRevocationTime().hashCode();
+      }
+      hash = (29 * hash) + unknownFields.hashCode();
+      memoizedHashCode = hash;
+      return hash;
+    }
+
+    public static com.google.cloud.security.privateca.v1.Certificate.RevocationDetails parseFrom(
+        java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.Certificate.RevocationDetails parseFrom(
+        java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.Certificate.RevocationDetails parseFrom(
+        com.google.protobuf.ByteString data)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.Certificate.RevocationDetails parseFrom(
+        com.google.protobuf.ByteString data,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.Certificate.RevocationDetails parseFrom(
+        byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.Certificate.RevocationDetails parseFrom(
+        byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.Certificate.RevocationDetails parseFrom(
+        java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.Certificate.RevocationDetails parseFrom(
+        java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.Certificate.RevocationDetails
+        parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.Certificate.RevocationDetails
+        parseDelimitedFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.Certificate.RevocationDetails parseFrom(
+        com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.Certificate.RevocationDetails parseFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    @java.lang.Override
+    public Builder newBuilderForType() {
+      return newBuilder();
+    }
+
+    public static Builder newBuilder() {
+      return DEFAULT_INSTANCE.toBuilder();
+    }
+
+    public static Builder newBuilder(
+        com.google.cloud.security.privateca.v1.Certificate.RevocationDetails prototype) {
+      return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+    }
+
+    @java.lang.Override
+    public Builder toBuilder() {
+      return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+    }
+
+    @java.lang.Override
+    protected Builder newBuilderForType(
+        com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      Builder builder = new Builder(parent);
+      return builder;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes fields that are relavent to the revocation of a [Certificate][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     *
+     * Protobuf type {@code google.cloud.security.privateca.v1.Certificate.RevocationDetails}
+     */
+    public static final class Builder
+        extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+        implements
+        // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.Certificate.RevocationDetails)
+        com.google.cloud.security.privateca.v1.Certificate.RevocationDetailsOrBuilder {
+      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_Certificate_RevocationDetails_descriptor;
+      }
+
+      @java.lang.Override
+      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+          internalGetFieldAccessorTable() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_Certificate_RevocationDetails_fieldAccessorTable
+            .ensureFieldAccessorsInitialized(
+                com.google.cloud.security.privateca.v1.Certificate.RevocationDetails.class,
+                com.google.cloud.security.privateca.v1.Certificate.RevocationDetails.Builder.class);
+      }
+
+      // Construct using
+      // com.google.cloud.security.privateca.v1.Certificate.RevocationDetails.newBuilder()
+      private Builder() {
+        maybeForceBuilderInitialization();
+      }
+
+      private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+        super(parent);
+        maybeForceBuilderInitialization();
+      }
+
+      private void maybeForceBuilderInitialization() {
+        if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+      }
+
+      @java.lang.Override
+      public Builder clear() {
+        super.clear();
+        revocationState_ = 0;
+
+        if (revocationTimeBuilder_ == null) {
+          revocationTime_ = null;
+        } else {
+          revocationTime_ = null;
+          revocationTimeBuilder_ = null;
+        }
+        return this;
+      }
+
+      @java.lang.Override
+      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_Certificate_RevocationDetails_descriptor;
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.Certificate.RevocationDetails
+          getDefaultInstanceForType() {
+        return com.google.cloud.security.privateca.v1.Certificate.RevocationDetails
+            .getDefaultInstance();
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.Certificate.RevocationDetails build() {
+        com.google.cloud.security.privateca.v1.Certificate.RevocationDetails result =
+            buildPartial();
+        if (!result.isInitialized()) {
+          throw newUninitializedMessageException(result);
+        }
+        return result;
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.Certificate.RevocationDetails buildPartial() {
+        com.google.cloud.security.privateca.v1.Certificate.RevocationDetails result =
+            new com.google.cloud.security.privateca.v1.Certificate.RevocationDetails(this);
+        result.revocationState_ = revocationState_;
+        if (revocationTimeBuilder_ == null) {
+          result.revocationTime_ = revocationTime_;
+        } else {
+          result.revocationTime_ = revocationTimeBuilder_.build();
+        }
+        onBuilt();
+        return result;
+      }
+
+      @java.lang.Override
+      public Builder clone() {
+        return super.clone();
+      }
+
+      @java.lang.Override
+      public Builder setField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.setField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+        return super.clearField(field);
+      }
+
+      @java.lang.Override
+      public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+        return super.clearOneof(oneof);
+      }
+
+      @java.lang.Override
+      public Builder setRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field,
+          int index,
+          java.lang.Object value) {
+        return super.setRepeatedField(field, index, value);
+      }
+
+      @java.lang.Override
+      public Builder addRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.addRepeatedField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(com.google.protobuf.Message other) {
+        if (other instanceof com.google.cloud.security.privateca.v1.Certificate.RevocationDetails) {
+          return mergeFrom(
+              (com.google.cloud.security.privateca.v1.Certificate.RevocationDetails) other);
+        } else {
+          super.mergeFrom(other);
+          return this;
+        }
+      }
+
+      public Builder mergeFrom(
+          com.google.cloud.security.privateca.v1.Certificate.RevocationDetails other) {
+        if (other
+            == com.google.cloud.security.privateca.v1.Certificate.RevocationDetails
+                .getDefaultInstance()) return this;
+        if (other.revocationState_ != 0) {
+          setRevocationStateValue(other.getRevocationStateValue());
+        }
+        if (other.hasRevocationTime()) {
+          mergeRevocationTime(other.getRevocationTime());
+        }
+        this.mergeUnknownFields(other.unknownFields);
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final boolean isInitialized() {
+        return true;
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+        com.google.cloud.security.privateca.v1.Certificate.RevocationDetails parsedMessage = null;
+        try {
+          parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+        } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+          parsedMessage =
+              (com.google.cloud.security.privateca.v1.Certificate.RevocationDetails)
+                  e.getUnfinishedMessage();
+          throw e.unwrapIOException();
+        } finally {
+          if (parsedMessage != null) {
+            mergeFrom(parsedMessage);
+          }
+        }
+        return this;
+      }
+
+      private int revocationState_ = 0;
+      /**
+       *
+       *
+       * <pre>
+       * Indicates why a [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+       * </pre>
+       *
+       * <code>.google.cloud.security.privateca.v1.RevocationReason revocation_state = 1;</code>
+       *
+       * @return The enum numeric value on the wire for revocationState.
+       */
+      @java.lang.Override
+      public int getRevocationStateValue() {
+        return revocationState_;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Indicates why a [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+       * </pre>
+       *
+       * <code>.google.cloud.security.privateca.v1.RevocationReason revocation_state = 1;</code>
+       *
+       * @param value The enum numeric value on the wire for revocationState to set.
+       * @return This builder for chaining.
+       */
+      public Builder setRevocationStateValue(int value) {
+
+        revocationState_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Indicates why a [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+       * </pre>
+       *
+       * <code>.google.cloud.security.privateca.v1.RevocationReason revocation_state = 1;</code>
+       *
+       * @return The revocationState.
+       */
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.RevocationReason getRevocationState() {
+        @SuppressWarnings("deprecation")
+        com.google.cloud.security.privateca.v1.RevocationReason result =
+            com.google.cloud.security.privateca.v1.RevocationReason.valueOf(revocationState_);
+        return result == null
+            ? com.google.cloud.security.privateca.v1.RevocationReason.UNRECOGNIZED
+            : result;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Indicates why a [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+       * </pre>
+       *
+       * <code>.google.cloud.security.privateca.v1.RevocationReason revocation_state = 1;</code>
+       *
+       * @param value The revocationState to set.
+       * @return This builder for chaining.
+       */
+      public Builder setRevocationState(
+          com.google.cloud.security.privateca.v1.RevocationReason value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+
+        revocationState_ = value.getNumber();
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Indicates why a [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+       * </pre>
+       *
+       * <code>.google.cloud.security.privateca.v1.RevocationReason revocation_state = 1;</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearRevocationState() {
+
+        revocationState_ = 0;
+        onChanged();
+        return this;
+      }
+
+      private com.google.protobuf.Timestamp revocationTime_;
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.protobuf.Timestamp,
+              com.google.protobuf.Timestamp.Builder,
+              com.google.protobuf.TimestampOrBuilder>
+          revocationTimeBuilder_;
+      /**
+       *
+       *
+       * <pre>
+       * The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+       * </pre>
+       *
+       * <code>.google.protobuf.Timestamp revocation_time = 2;</code>
+       *
+       * @return Whether the revocationTime field is set.
+       */
+      public boolean hasRevocationTime() {
+        return revocationTimeBuilder_ != null || revocationTime_ != null;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+       * </pre>
+       *
+       * <code>.google.protobuf.Timestamp revocation_time = 2;</code>
+       *
+       * @return The revocationTime.
+       */
+      public com.google.protobuf.Timestamp getRevocationTime() {
+        if (revocationTimeBuilder_ == null) {
+          return revocationTime_ == null
+              ? com.google.protobuf.Timestamp.getDefaultInstance()
+              : revocationTime_;
+        } else {
+          return revocationTimeBuilder_.getMessage();
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+       * </pre>
+       *
+       * <code>.google.protobuf.Timestamp revocation_time = 2;</code>
+       */
+      public Builder setRevocationTime(com.google.protobuf.Timestamp value) {
+        if (revocationTimeBuilder_ == null) {
+          if (value == null) {
+            throw new NullPointerException();
+          }
+          revocationTime_ = value;
+          onChanged();
+        } else {
+          revocationTimeBuilder_.setMessage(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+       * </pre>
+       *
+       * <code>.google.protobuf.Timestamp revocation_time = 2;</code>
+       */
+      public Builder setRevocationTime(com.google.protobuf.Timestamp.Builder builderForValue) {
+        if (revocationTimeBuilder_ == null) {
+          revocationTime_ = builderForValue.build();
+          onChanged();
+        } else {
+          revocationTimeBuilder_.setMessage(builderForValue.build());
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+       * </pre>
+       *
+       * <code>.google.protobuf.Timestamp revocation_time = 2;</code>
+       */
+      public Builder mergeRevocationTime(com.google.protobuf.Timestamp value) {
+        if (revocationTimeBuilder_ == null) {
+          if (revocationTime_ != null) {
+            revocationTime_ =
+                com.google.protobuf.Timestamp.newBuilder(revocationTime_)
+                    .mergeFrom(value)
+                    .buildPartial();
+          } else {
+            revocationTime_ = value;
+          }
+          onChanged();
+        } else {
+          revocationTimeBuilder_.mergeFrom(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+       * </pre>
+       *
+       * <code>.google.protobuf.Timestamp revocation_time = 2;</code>
+       */
+      public Builder clearRevocationTime() {
+        if (revocationTimeBuilder_ == null) {
+          revocationTime_ = null;
+          onChanged();
+        } else {
+          revocationTime_ = null;
+          revocationTimeBuilder_ = null;
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+       * </pre>
+       *
+       * <code>.google.protobuf.Timestamp revocation_time = 2;</code>
+       */
+      public com.google.protobuf.Timestamp.Builder getRevocationTimeBuilder() {
+
+        onChanged();
+        return getRevocationTimeFieldBuilder().getBuilder();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+       * </pre>
+       *
+       * <code>.google.protobuf.Timestamp revocation_time = 2;</code>
+       */
+      public com.google.protobuf.TimestampOrBuilder getRevocationTimeOrBuilder() {
+        if (revocationTimeBuilder_ != null) {
+          return revocationTimeBuilder_.getMessageOrBuilder();
+        } else {
+          return revocationTime_ == null
+              ? com.google.protobuf.Timestamp.getDefaultInstance()
+              : revocationTime_;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+       * </pre>
+       *
+       * <code>.google.protobuf.Timestamp revocation_time = 2;</code>
+       */
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.protobuf.Timestamp,
+              com.google.protobuf.Timestamp.Builder,
+              com.google.protobuf.TimestampOrBuilder>
+          getRevocationTimeFieldBuilder() {
+        if (revocationTimeBuilder_ == null) {
+          revocationTimeBuilder_ =
+              new com.google.protobuf.SingleFieldBuilderV3<
+                  com.google.protobuf.Timestamp,
+                  com.google.protobuf.Timestamp.Builder,
+                  com.google.protobuf.TimestampOrBuilder>(
+                  getRevocationTime(), getParentForChildren(), isClean());
+          revocationTime_ = null;
+        }
+        return revocationTimeBuilder_;
+      }
+
+      @java.lang.Override
+      public final Builder setUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.setUnknownFields(unknownFields);
+      }
+
+      @java.lang.Override
+      public final Builder mergeUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.mergeUnknownFields(unknownFields);
+      }
+
+      // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.Certificate.RevocationDetails)
+    }
+
+    // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.Certificate.RevocationDetails)
+    private static final com.google.cloud.security.privateca.v1.Certificate.RevocationDetails
+        DEFAULT_INSTANCE;
+
+    static {
+      DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.Certificate.RevocationDetails();
+    }
+
+    public static com.google.cloud.security.privateca.v1.Certificate.RevocationDetails
+        getDefaultInstance() {
+      return DEFAULT_INSTANCE;
+    }
+
+    private static final com.google.protobuf.Parser<RevocationDetails> PARSER =
+        new com.google.protobuf.AbstractParser<RevocationDetails>() {
+          @java.lang.Override
+          public RevocationDetails parsePartialFrom(
+              com.google.protobuf.CodedInputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+            return new RevocationDetails(input, extensionRegistry);
+          }
+        };
+
+    public static com.google.protobuf.Parser<RevocationDetails> parser() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Parser<RevocationDetails> getParserForType() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.Certificate.RevocationDetails
+        getDefaultInstanceForType() {
+      return DEFAULT_INSTANCE;
+    }
+  }
+
+  private int certificateConfigCase_ = 0;
+  private java.lang.Object certificateConfig_;
+
+  public enum CertificateConfigCase
+      implements
+          com.google.protobuf.Internal.EnumLite,
+          com.google.protobuf.AbstractMessage.InternalOneOfEnum {
+    PEM_CSR(2),
+    CONFIG(3),
+    CERTIFICATECONFIG_NOT_SET(0);
+    private final int value;
+
+    private CertificateConfigCase(int value) {
+      this.value = value;
+    }
+    /**
+     * @param value The number of the enum to look for.
+     * @return The enum associated with the given number.
+     * @deprecated Use {@link #forNumber(int)} instead.
+     */
+    @java.lang.Deprecated
+    public static CertificateConfigCase valueOf(int value) {
+      return forNumber(value);
+    }
+
+    public static CertificateConfigCase forNumber(int value) {
+      switch (value) {
+        case 2:
+          return PEM_CSR;
+        case 3:
+          return CONFIG;
+        case 0:
+          return CERTIFICATECONFIG_NOT_SET;
+        default:
+          return null;
+      }
+    }
+
+    public int getNumber() {
+      return this.value;
+    }
+  };
+
+  public CertificateConfigCase getCertificateConfigCase() {
+    return CertificateConfigCase.forNumber(certificateConfigCase_);
+  }
+
+  public static final int NAME_FIELD_NUMBER = 1;
+  private volatile java.lang.Object name_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+   * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The name.
+   */
+  @java.lang.Override
+  public java.lang.String getName() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      name_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+   * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for name.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getNameBytes() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      name_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int PEM_CSR_FIELD_NUMBER = 2;
+  /**
+   *
+   *
+   * <pre>
+   * Immutable. A pem-encoded X.509 certificate signing request (CSR).
+   * </pre>
+   *
+   * <code>string pem_csr = 2 [(.google.api.field_behavior) = IMMUTABLE];</code>
+   *
+   * @return Whether the pemCsr field is set.
+   */
+  public boolean hasPemCsr() {
+    return certificateConfigCase_ == 2;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Immutable. A pem-encoded X.509 certificate signing request (CSR).
+   * </pre>
+   *
+   * <code>string pem_csr = 2 [(.google.api.field_behavior) = IMMUTABLE];</code>
+   *
+   * @return The pemCsr.
+   */
+  public java.lang.String getPemCsr() {
+    java.lang.Object ref = "";
+    if (certificateConfigCase_ == 2) {
+      ref = certificateConfig_;
+    }
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      if (certificateConfigCase_ == 2) {
+        certificateConfig_ = s;
+      }
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Immutable. A pem-encoded X.509 certificate signing request (CSR).
+   * </pre>
+   *
+   * <code>string pem_csr = 2 [(.google.api.field_behavior) = IMMUTABLE];</code>
+   *
+   * @return The bytes for pemCsr.
+   */
+  public com.google.protobuf.ByteString getPemCsrBytes() {
+    java.lang.Object ref = "";
+    if (certificateConfigCase_ == 2) {
+      ref = certificateConfig_;
+    }
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      if (certificateConfigCase_ == 2) {
+        certificateConfig_ = b;
+      }
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int CONFIG_FIELD_NUMBER = 3;
+  /**
+   *
+   *
+   * <pre>
+   * Immutable. A description of the certificate and key that does not require X.509 or
+   * ASN.1.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateConfig config = 3 [(.google.api.field_behavior) = IMMUTABLE];
+   * </code>
+   *
+   * @return Whether the config field is set.
+   */
+  @java.lang.Override
+  public boolean hasConfig() {
+    return certificateConfigCase_ == 3;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Immutable. A description of the certificate and key that does not require X.509 or
+   * ASN.1.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateConfig config = 3 [(.google.api.field_behavior) = IMMUTABLE];
+   * </code>
+   *
+   * @return The config.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateConfig getConfig() {
+    if (certificateConfigCase_ == 3) {
+      return (com.google.cloud.security.privateca.v1.CertificateConfig) certificateConfig_;
+    }
+    return com.google.cloud.security.privateca.v1.CertificateConfig.getDefaultInstance();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Immutable. A description of the certificate and key that does not require X.509 or
+   * ASN.1.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateConfig config = 3 [(.google.api.field_behavior) = IMMUTABLE];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateConfigOrBuilder getConfigOrBuilder() {
+    if (certificateConfigCase_ == 3) {
+      return (com.google.cloud.security.privateca.v1.CertificateConfig) certificateConfig_;
+    }
+    return com.google.cloud.security.privateca.v1.CertificateConfig.getDefaultInstance();
+  }
+
+  public static final int ISSUER_CERTIFICATE_AUTHORITY_FIELD_NUMBER = 4;
+  private volatile java.lang.Object issuerCertificateAuthority_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The resource name of the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the format
+   * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string issuer_certificate_authority = 4 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The issuerCertificateAuthority.
+   */
+  @java.lang.Override
+  public java.lang.String getIssuerCertificateAuthority() {
+    java.lang.Object ref = issuerCertificateAuthority_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      issuerCertificateAuthority_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The resource name of the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the format
+   * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string issuer_certificate_authority = 4 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for issuerCertificateAuthority.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getIssuerCertificateAuthorityBytes() {
+    java.lang.Object ref = issuerCertificateAuthority_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      issuerCertificateAuthority_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int LIFETIME_FIELD_NUMBER = 5;
+  private com.google.protobuf.Duration lifetime_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. Immutable. The desired lifetime of a certificate. Used to create the
+   * "not_before_time" and "not_after_time" fields inside an X.509
+   * certificate. Note that the lifetime may be truncated if it would extend
+   * past the life of any certificate authority in the issuing chain.
+   * </pre>
+   *
+   * <code>
+   * .google.protobuf.Duration lifetime = 5 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+   * </code>
+   *
+   * @return Whether the lifetime field is set.
+   */
+  @java.lang.Override
+  public boolean hasLifetime() {
+    return lifetime_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. Immutable. The desired lifetime of a certificate. Used to create the
+   * "not_before_time" and "not_after_time" fields inside an X.509
+   * certificate. Note that the lifetime may be truncated if it would extend
+   * past the life of any certificate authority in the issuing chain.
+   * </pre>
+   *
+   * <code>
+   * .google.protobuf.Duration lifetime = 5 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+   * </code>
+   *
+   * @return The lifetime.
+   */
+  @java.lang.Override
+  public com.google.protobuf.Duration getLifetime() {
+    return lifetime_ == null ? com.google.protobuf.Duration.getDefaultInstance() : lifetime_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. Immutable. The desired lifetime of a certificate. Used to create the
+   * "not_before_time" and "not_after_time" fields inside an X.509
+   * certificate. Note that the lifetime may be truncated if it would extend
+   * past the life of any certificate authority in the issuing chain.
+   * </pre>
+   *
+   * <code>
+   * .google.protobuf.Duration lifetime = 5 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.protobuf.DurationOrBuilder getLifetimeOrBuilder() {
+    return getLifetime();
+  }
+
+  public static final int CERTIFICATE_TEMPLATE_FIELD_NUMBER = 6;
+  private volatile java.lang.Object certificateTemplate_;
+  /**
+   *
+   *
+   * <pre>
+   * Immutable. The resource name for a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] used to issue this
+   * certificate, in the format
+   * `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
+   * If this is specified, the caller must have the necessary permission to
+   * use this template. If this is omitted, no template will be used.
+   * This template must be in the same location as the [Certificate][google.cloud.security.privateca.v1.Certificate].
+   * </pre>
+   *
+   * <code>
+   * string certificate_template = 6 [(.google.api.field_behavior) = IMMUTABLE, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The certificateTemplate.
+   */
+  @java.lang.Override
+  public java.lang.String getCertificateTemplate() {
+    java.lang.Object ref = certificateTemplate_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      certificateTemplate_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Immutable. The resource name for a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] used to issue this
+   * certificate, in the format
+   * `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
+   * If this is specified, the caller must have the necessary permission to
+   * use this template. If this is omitted, no template will be used.
+   * This template must be in the same location as the [Certificate][google.cloud.security.privateca.v1.Certificate].
+   * </pre>
+   *
+   * <code>
+   * string certificate_template = 6 [(.google.api.field_behavior) = IMMUTABLE, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for certificateTemplate.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getCertificateTemplateBytes() {
+    java.lang.Object ref = certificateTemplate_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      certificateTemplate_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int SUBJECT_MODE_FIELD_NUMBER = 7;
+  private int subjectMode_;
+  /**
+   *
+   *
+   * <pre>
+   * Immutable. Specifies how the [Certificate][google.cloud.security.privateca.v1.Certificate]'s identity fields are to be decided.
+   * If this is omitted, the `DEFAULT` subject mode will be used.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.SubjectRequestMode subject_mode = 7 [(.google.api.field_behavior) = IMMUTABLE];
+   * </code>
+   *
+   * @return The enum numeric value on the wire for subjectMode.
+   */
+  @java.lang.Override
+  public int getSubjectModeValue() {
+    return subjectMode_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Immutable. Specifies how the [Certificate][google.cloud.security.privateca.v1.Certificate]'s identity fields are to be decided.
+   * If this is omitted, the `DEFAULT` subject mode will be used.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.SubjectRequestMode subject_mode = 7 [(.google.api.field_behavior) = IMMUTABLE];
+   * </code>
+   *
+   * @return The subjectMode.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.SubjectRequestMode getSubjectMode() {
+    @SuppressWarnings("deprecation")
+    com.google.cloud.security.privateca.v1.SubjectRequestMode result =
+        com.google.cloud.security.privateca.v1.SubjectRequestMode.valueOf(subjectMode_);
+    return result == null
+        ? com.google.cloud.security.privateca.v1.SubjectRequestMode.UNRECOGNIZED
+        : result;
+  }
+
+  public static final int REVOCATION_DETAILS_FIELD_NUMBER = 8;
+  private com.google.cloud.security.privateca.v1.Certificate.RevocationDetails revocationDetails_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. Details regarding the revocation of this [Certificate][google.cloud.security.privateca.v1.Certificate]. This
+   * [Certificate][google.cloud.security.privateca.v1.Certificate] is considered revoked if and only if this field is present.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.Certificate.RevocationDetails revocation_details = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return Whether the revocationDetails field is set.
+   */
+  @java.lang.Override
+  public boolean hasRevocationDetails() {
+    return revocationDetails_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. Details regarding the revocation of this [Certificate][google.cloud.security.privateca.v1.Certificate]. This
+   * [Certificate][google.cloud.security.privateca.v1.Certificate] is considered revoked if and only if this field is present.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.Certificate.RevocationDetails revocation_details = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The revocationDetails.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.Certificate.RevocationDetails
+      getRevocationDetails() {
+    return revocationDetails_ == null
+        ? com.google.cloud.security.privateca.v1.Certificate.RevocationDetails.getDefaultInstance()
+        : revocationDetails_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. Details regarding the revocation of this [Certificate][google.cloud.security.privateca.v1.Certificate]. This
+   * [Certificate][google.cloud.security.privateca.v1.Certificate] is considered revoked if and only if this field is present.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.Certificate.RevocationDetails revocation_details = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.Certificate.RevocationDetailsOrBuilder
+      getRevocationDetailsOrBuilder() {
+    return getRevocationDetails();
+  }
+
+  public static final int PEM_CERTIFICATE_FIELD_NUMBER = 9;
+  private volatile java.lang.Object pemCertificate_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The pem-encoded, signed X.509 certificate.
+   * </pre>
+   *
+   * <code>string pem_certificate = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The pemCertificate.
+   */
+  @java.lang.Override
+  public java.lang.String getPemCertificate() {
+    java.lang.Object ref = pemCertificate_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      pemCertificate_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The pem-encoded, signed X.509 certificate.
+   * </pre>
+   *
+   * <code>string pem_certificate = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The bytes for pemCertificate.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getPemCertificateBytes() {
+    java.lang.Object ref = pemCertificate_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      pemCertificate_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int CERTIFICATE_DESCRIPTION_FIELD_NUMBER = 10;
+  private com.google.cloud.security.privateca.v1.CertificateDescription certificateDescription_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. A structured description of the issued X.509 certificate.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateDescription certificate_description = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return Whether the certificateDescription field is set.
+   */
+  @java.lang.Override
+  public boolean hasCertificateDescription() {
+    return certificateDescription_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. A structured description of the issued X.509 certificate.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateDescription certificate_description = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The certificateDescription.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateDescription getCertificateDescription() {
+    return certificateDescription_ == null
+        ? com.google.cloud.security.privateca.v1.CertificateDescription.getDefaultInstance()
+        : certificateDescription_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. A structured description of the issued X.509 certificate.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateDescription certificate_description = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateDescriptionOrBuilder
+      getCertificateDescriptionOrBuilder() {
+    return getCertificateDescription();
+  }
+
+  public static final int PEM_CERTIFICATE_CHAIN_FIELD_NUMBER = 11;
+  private com.google.protobuf.LazyStringList pemCertificateChain_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The chain that may be used to verify the X.509 certificate. Expected to be
+   * in issuer-to-root order according to RFC 5246.
+   * </pre>
+   *
+   * <code>repeated string pem_certificate_chain = 11 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return A list containing the pemCertificateChain.
+   */
+  public com.google.protobuf.ProtocolStringList getPemCertificateChainList() {
+    return pemCertificateChain_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The chain that may be used to verify the X.509 certificate. Expected to be
+   * in issuer-to-root order according to RFC 5246.
+   * </pre>
+   *
+   * <code>repeated string pem_certificate_chain = 11 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The count of pemCertificateChain.
+   */
+  public int getPemCertificateChainCount() {
+    return pemCertificateChain_.size();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The chain that may be used to verify the X.509 certificate. Expected to be
+   * in issuer-to-root order according to RFC 5246.
+   * </pre>
+   *
+   * <code>repeated string pem_certificate_chain = 11 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @param index The index of the element to return.
+   * @return The pemCertificateChain at the given index.
+   */
+  public java.lang.String getPemCertificateChain(int index) {
+    return pemCertificateChain_.get(index);
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The chain that may be used to verify the X.509 certificate. Expected to be
+   * in issuer-to-root order according to RFC 5246.
+   * </pre>
+   *
+   * <code>repeated string pem_certificate_chain = 11 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @param index The index of the value to return.
+   * @return The bytes of the pemCertificateChain at the given index.
+   */
+  public com.google.protobuf.ByteString getPemCertificateChainBytes(int index) {
+    return pemCertificateChain_.getByteString(index);
+  }
+
+  public static final int CREATE_TIME_FIELD_NUMBER = 12;
+  private com.google.protobuf.Timestamp createTime_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was created.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp create_time = 12 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return Whether the createTime field is set.
+   */
+  @java.lang.Override
+  public boolean hasCreateTime() {
+    return createTime_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was created.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp create_time = 12 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The createTime.
+   */
+  @java.lang.Override
+  public com.google.protobuf.Timestamp getCreateTime() {
+    return createTime_ == null ? com.google.protobuf.Timestamp.getDefaultInstance() : createTime_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was created.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp create_time = 12 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.protobuf.TimestampOrBuilder getCreateTimeOrBuilder() {
+    return getCreateTime();
+  }
+
+  public static final int UPDATE_TIME_FIELD_NUMBER = 13;
+  private com.google.protobuf.Timestamp updateTime_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was updated.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp update_time = 13 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return Whether the updateTime field is set.
+   */
+  @java.lang.Override
+  public boolean hasUpdateTime() {
+    return updateTime_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was updated.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp update_time = 13 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The updateTime.
+   */
+  @java.lang.Override
+  public com.google.protobuf.Timestamp getUpdateTime() {
+    return updateTime_ == null ? com.google.protobuf.Timestamp.getDefaultInstance() : updateTime_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was updated.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp update_time = 13 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.protobuf.TimestampOrBuilder getUpdateTimeOrBuilder() {
+    return getUpdateTime();
+  }
+
+  public static final int LABELS_FIELD_NUMBER = 14;
+
+  private static final class LabelsDefaultEntryHolder {
+    static final com.google.protobuf.MapEntry<java.lang.String, java.lang.String> defaultEntry =
+        com.google.protobuf.MapEntry.<java.lang.String, java.lang.String>newDefaultInstance(
+            com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+                .internal_static_google_cloud_security_privateca_v1_Certificate_LabelsEntry_descriptor,
+            com.google.protobuf.WireFormat.FieldType.STRING,
+            "",
+            com.google.protobuf.WireFormat.FieldType.STRING,
+            "");
+  }
+
+  private com.google.protobuf.MapField<java.lang.String, java.lang.String> labels_;
+
+  private com.google.protobuf.MapField<java.lang.String, java.lang.String> internalGetLabels() {
+    if (labels_ == null) {
+      return com.google.protobuf.MapField.emptyMapField(LabelsDefaultEntryHolder.defaultEntry);
+    }
+    return labels_;
+  }
+
+  public int getLabelsCount() {
+    return internalGetLabels().getMap().size();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 14 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  @java.lang.Override
+  public boolean containsLabels(java.lang.String key) {
+    if (key == null) {
+      throw new java.lang.NullPointerException();
+    }
+    return internalGetLabels().getMap().containsKey(key);
+  }
+  /** Use {@link #getLabelsMap()} instead. */
+  @java.lang.Override
+  @java.lang.Deprecated
+  public java.util.Map<java.lang.String, java.lang.String> getLabels() {
+    return getLabelsMap();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 14 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  @java.lang.Override
+  public java.util.Map<java.lang.String, java.lang.String> getLabelsMap() {
+    return internalGetLabels().getMap();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 14 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  @java.lang.Override
+  public java.lang.String getLabelsOrDefault(java.lang.String key, java.lang.String defaultValue) {
+    if (key == null) {
+      throw new java.lang.NullPointerException();
+    }
+    java.util.Map<java.lang.String, java.lang.String> map = internalGetLabels().getMap();
+    return map.containsKey(key) ? map.get(key) : defaultValue;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 14 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  @java.lang.Override
+  public java.lang.String getLabelsOrThrow(java.lang.String key) {
+    if (key == null) {
+      throw new java.lang.NullPointerException();
+    }
+    java.util.Map<java.lang.String, java.lang.String> map = internalGetLabels().getMap();
+    if (!map.containsKey(key)) {
+      throw new java.lang.IllegalArgumentException();
+    }
+    return map.get(key);
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!getNameBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, name_);
+    }
+    if (certificateConfigCase_ == 2) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 2, certificateConfig_);
+    }
+    if (certificateConfigCase_ == 3) {
+      output.writeMessage(
+          3, (com.google.cloud.security.privateca.v1.CertificateConfig) certificateConfig_);
+    }
+    if (!getIssuerCertificateAuthorityBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 4, issuerCertificateAuthority_);
+    }
+    if (lifetime_ != null) {
+      output.writeMessage(5, getLifetime());
+    }
+    if (!getCertificateTemplateBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 6, certificateTemplate_);
+    }
+    if (subjectMode_
+        != com.google.cloud.security.privateca.v1.SubjectRequestMode
+            .SUBJECT_REQUEST_MODE_UNSPECIFIED
+            .getNumber()) {
+      output.writeEnum(7, subjectMode_);
+    }
+    if (revocationDetails_ != null) {
+      output.writeMessage(8, getRevocationDetails());
+    }
+    if (!getPemCertificateBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 9, pemCertificate_);
+    }
+    if (certificateDescription_ != null) {
+      output.writeMessage(10, getCertificateDescription());
+    }
+    for (int i = 0; i < pemCertificateChain_.size(); i++) {
+      com.google.protobuf.GeneratedMessageV3.writeString(
+          output, 11, pemCertificateChain_.getRaw(i));
+    }
+    if (createTime_ != null) {
+      output.writeMessage(12, getCreateTime());
+    }
+    if (updateTime_ != null) {
+      output.writeMessage(13, getUpdateTime());
+    }
+    com.google.protobuf.GeneratedMessageV3.serializeStringMapTo(
+        output, internalGetLabels(), LabelsDefaultEntryHolder.defaultEntry, 14);
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!getNameBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, name_);
+    }
+    if (certificateConfigCase_ == 2) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(2, certificateConfig_);
+    }
+    if (certificateConfigCase_ == 3) {
+      size +=
+          com.google.protobuf.CodedOutputStream.computeMessageSize(
+              3, (com.google.cloud.security.privateca.v1.CertificateConfig) certificateConfig_);
+    }
+    if (!getIssuerCertificateAuthorityBytes().isEmpty()) {
+      size +=
+          com.google.protobuf.GeneratedMessageV3.computeStringSize(4, issuerCertificateAuthority_);
+    }
+    if (lifetime_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(5, getLifetime());
+    }
+    if (!getCertificateTemplateBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(6, certificateTemplate_);
+    }
+    if (subjectMode_
+        != com.google.cloud.security.privateca.v1.SubjectRequestMode
+            .SUBJECT_REQUEST_MODE_UNSPECIFIED
+            .getNumber()) {
+      size += com.google.protobuf.CodedOutputStream.computeEnumSize(7, subjectMode_);
+    }
+    if (revocationDetails_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(8, getRevocationDetails());
+    }
+    if (!getPemCertificateBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(9, pemCertificate_);
+    }
+    if (certificateDescription_ != null) {
+      size +=
+          com.google.protobuf.CodedOutputStream.computeMessageSize(10, getCertificateDescription());
+    }
+    {
+      int dataSize = 0;
+      for (int i = 0; i < pemCertificateChain_.size(); i++) {
+        dataSize += computeStringSizeNoTag(pemCertificateChain_.getRaw(i));
+      }
+      size += dataSize;
+      size += 1 * getPemCertificateChainList().size();
+    }
+    if (createTime_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(12, getCreateTime());
+    }
+    if (updateTime_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(13, getUpdateTime());
+    }
+    for (java.util.Map.Entry<java.lang.String, java.lang.String> entry :
+        internalGetLabels().getMap().entrySet()) {
+      com.google.protobuf.MapEntry<java.lang.String, java.lang.String> labels__ =
+          LabelsDefaultEntryHolder.defaultEntry
+              .newBuilderForType()
+              .setKey(entry.getKey())
+              .setValue(entry.getValue())
+              .build();
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(14, labels__);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.security.privateca.v1.Certificate)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.Certificate other =
+        (com.google.cloud.security.privateca.v1.Certificate) obj;
+
+    if (!getName().equals(other.getName())) return false;
+    if (!getIssuerCertificateAuthority().equals(other.getIssuerCertificateAuthority()))
+      return false;
+    if (hasLifetime() != other.hasLifetime()) return false;
+    if (hasLifetime()) {
+      if (!getLifetime().equals(other.getLifetime())) return false;
+    }
+    if (!getCertificateTemplate().equals(other.getCertificateTemplate())) return false;
+    if (subjectMode_ != other.subjectMode_) return false;
+    if (hasRevocationDetails() != other.hasRevocationDetails()) return false;
+    if (hasRevocationDetails()) {
+      if (!getRevocationDetails().equals(other.getRevocationDetails())) return false;
+    }
+    if (!getPemCertificate().equals(other.getPemCertificate())) return false;
+    if (hasCertificateDescription() != other.hasCertificateDescription()) return false;
+    if (hasCertificateDescription()) {
+      if (!getCertificateDescription().equals(other.getCertificateDescription())) return false;
+    }
+    if (!getPemCertificateChainList().equals(other.getPemCertificateChainList())) return false;
+    if (hasCreateTime() != other.hasCreateTime()) return false;
+    if (hasCreateTime()) {
+      if (!getCreateTime().equals(other.getCreateTime())) return false;
+    }
+    if (hasUpdateTime() != other.hasUpdateTime()) return false;
+    if (hasUpdateTime()) {
+      if (!getUpdateTime().equals(other.getUpdateTime())) return false;
+    }
+    if (!internalGetLabels().equals(other.internalGetLabels())) return false;
+    if (!getCertificateConfigCase().equals(other.getCertificateConfigCase())) return false;
+    switch (certificateConfigCase_) {
+      case 2:
+        if (!getPemCsr().equals(other.getPemCsr())) return false;
+        break;
+      case 3:
+        if (!getConfig().equals(other.getConfig())) return false;
+        break;
+      case 0:
+      default:
+    }
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + NAME_FIELD_NUMBER;
+    hash = (53 * hash) + getName().hashCode();
+    hash = (37 * hash) + ISSUER_CERTIFICATE_AUTHORITY_FIELD_NUMBER;
+    hash = (53 * hash) + getIssuerCertificateAuthority().hashCode();
+    if (hasLifetime()) {
+      hash = (37 * hash) + LIFETIME_FIELD_NUMBER;
+      hash = (53 * hash) + getLifetime().hashCode();
+    }
+    hash = (37 * hash) + CERTIFICATE_TEMPLATE_FIELD_NUMBER;
+    hash = (53 * hash) + getCertificateTemplate().hashCode();
+    hash = (37 * hash) + SUBJECT_MODE_FIELD_NUMBER;
+    hash = (53 * hash) + subjectMode_;
+    if (hasRevocationDetails()) {
+      hash = (37 * hash) + REVOCATION_DETAILS_FIELD_NUMBER;
+      hash = (53 * hash) + getRevocationDetails().hashCode();
+    }
+    hash = (37 * hash) + PEM_CERTIFICATE_FIELD_NUMBER;
+    hash = (53 * hash) + getPemCertificate().hashCode();
+    if (hasCertificateDescription()) {
+      hash = (37 * hash) + CERTIFICATE_DESCRIPTION_FIELD_NUMBER;
+      hash = (53 * hash) + getCertificateDescription().hashCode();
+    }
+    if (getPemCertificateChainCount() > 0) {
+      hash = (37 * hash) + PEM_CERTIFICATE_CHAIN_FIELD_NUMBER;
+      hash = (53 * hash) + getPemCertificateChainList().hashCode();
+    }
+    if (hasCreateTime()) {
+      hash = (37 * hash) + CREATE_TIME_FIELD_NUMBER;
+      hash = (53 * hash) + getCreateTime().hashCode();
+    }
+    if (hasUpdateTime()) {
+      hash = (37 * hash) + UPDATE_TIME_FIELD_NUMBER;
+      hash = (53 * hash) + getUpdateTime().hashCode();
+    }
+    if (!internalGetLabels().getMap().isEmpty()) {
+      hash = (37 * hash) + LABELS_FIELD_NUMBER;
+      hash = (53 * hash) + internalGetLabels().hashCode();
+    }
+    switch (certificateConfigCase_) {
+      case 2:
+        hash = (37 * hash) + PEM_CSR_FIELD_NUMBER;
+        hash = (53 * hash) + getPemCsr().hashCode();
+        break;
+      case 3:
+        hash = (37 * hash) + CONFIG_FIELD_NUMBER;
+        hash = (53 * hash) + getConfig().hashCode();
+        break;
+      case 0:
+      default:
+    }
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.Certificate parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.Certificate parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.Certificate parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.Certificate parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.Certificate parseFrom(byte[] data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.Certificate parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.Certificate parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.Certificate parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.Certificate parseDelimitedFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.Certificate parseDelimitedFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.Certificate parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.Certificate parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(com.google.cloud.security.privateca.v1.Certificate prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * A [Certificate][google.cloud.security.privateca.v1.Certificate] corresponds to a signed X.509 certificate issued by a
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.Certificate}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.Certificate)
+      com.google.cloud.security.privateca.v1.CertificateOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_Certificate_descriptor;
+    }
+
+    @SuppressWarnings({"rawtypes"})
+    protected com.google.protobuf.MapField internalGetMapField(int number) {
+      switch (number) {
+        case 14:
+          return internalGetLabels();
+        default:
+          throw new RuntimeException("Invalid map field number: " + number);
+      }
+    }
+
+    @SuppressWarnings({"rawtypes"})
+    protected com.google.protobuf.MapField internalGetMutableMapField(int number) {
+      switch (number) {
+        case 14:
+          return internalGetMutableLabels();
+        default:
+          throw new RuntimeException("Invalid map field number: " + number);
+      }
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_Certificate_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.Certificate.class,
+              com.google.cloud.security.privateca.v1.Certificate.Builder.class);
+    }
+
+    // Construct using com.google.cloud.security.privateca.v1.Certificate.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      name_ = "";
+
+      issuerCertificateAuthority_ = "";
+
+      if (lifetimeBuilder_ == null) {
+        lifetime_ = null;
+      } else {
+        lifetime_ = null;
+        lifetimeBuilder_ = null;
+      }
+      certificateTemplate_ = "";
+
+      subjectMode_ = 0;
+
+      if (revocationDetailsBuilder_ == null) {
+        revocationDetails_ = null;
+      } else {
+        revocationDetails_ = null;
+        revocationDetailsBuilder_ = null;
+      }
+      pemCertificate_ = "";
+
+      if (certificateDescriptionBuilder_ == null) {
+        certificateDescription_ = null;
+      } else {
+        certificateDescription_ = null;
+        certificateDescriptionBuilder_ = null;
+      }
+      pemCertificateChain_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000001);
+      if (createTimeBuilder_ == null) {
+        createTime_ = null;
+      } else {
+        createTime_ = null;
+        createTimeBuilder_ = null;
+      }
+      if (updateTimeBuilder_ == null) {
+        updateTime_ = null;
+      } else {
+        updateTime_ = null;
+        updateTimeBuilder_ = null;
+      }
+      internalGetMutableLabels().clear();
+      certificateConfigCase_ = 0;
+      certificateConfig_ = null;
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_Certificate_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.Certificate getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.Certificate.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.Certificate build() {
+      com.google.cloud.security.privateca.v1.Certificate result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.Certificate buildPartial() {
+      com.google.cloud.security.privateca.v1.Certificate result =
+          new com.google.cloud.security.privateca.v1.Certificate(this);
+      int from_bitField0_ = bitField0_;
+      result.name_ = name_;
+      if (certificateConfigCase_ == 2) {
+        result.certificateConfig_ = certificateConfig_;
+      }
+      if (certificateConfigCase_ == 3) {
+        if (configBuilder_ == null) {
+          result.certificateConfig_ = certificateConfig_;
+        } else {
+          result.certificateConfig_ = configBuilder_.build();
+        }
+      }
+      result.issuerCertificateAuthority_ = issuerCertificateAuthority_;
+      if (lifetimeBuilder_ == null) {
+        result.lifetime_ = lifetime_;
+      } else {
+        result.lifetime_ = lifetimeBuilder_.build();
+      }
+      result.certificateTemplate_ = certificateTemplate_;
+      result.subjectMode_ = subjectMode_;
+      if (revocationDetailsBuilder_ == null) {
+        result.revocationDetails_ = revocationDetails_;
+      } else {
+        result.revocationDetails_ = revocationDetailsBuilder_.build();
+      }
+      result.pemCertificate_ = pemCertificate_;
+      if (certificateDescriptionBuilder_ == null) {
+        result.certificateDescription_ = certificateDescription_;
+      } else {
+        result.certificateDescription_ = certificateDescriptionBuilder_.build();
+      }
+      if (((bitField0_ & 0x00000001) != 0)) {
+        pemCertificateChain_ = pemCertificateChain_.getUnmodifiableView();
+        bitField0_ = (bitField0_ & ~0x00000001);
+      }
+      result.pemCertificateChain_ = pemCertificateChain_;
+      if (createTimeBuilder_ == null) {
+        result.createTime_ = createTime_;
+      } else {
+        result.createTime_ = createTimeBuilder_.build();
+      }
+      if (updateTimeBuilder_ == null) {
+        result.updateTime_ = updateTime_;
+      } else {
+        result.updateTime_ = updateTimeBuilder_.build();
+      }
+      result.labels_ = internalGetLabels();
+      result.labels_.makeImmutable();
+      result.certificateConfigCase_ = certificateConfigCase_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.security.privateca.v1.Certificate) {
+        return mergeFrom((com.google.cloud.security.privateca.v1.Certificate) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(com.google.cloud.security.privateca.v1.Certificate other) {
+      if (other == com.google.cloud.security.privateca.v1.Certificate.getDefaultInstance())
+        return this;
+      if (!other.getName().isEmpty()) {
+        name_ = other.name_;
+        onChanged();
+      }
+      if (!other.getIssuerCertificateAuthority().isEmpty()) {
+        issuerCertificateAuthority_ = other.issuerCertificateAuthority_;
+        onChanged();
+      }
+      if (other.hasLifetime()) {
+        mergeLifetime(other.getLifetime());
+      }
+      if (!other.getCertificateTemplate().isEmpty()) {
+        certificateTemplate_ = other.certificateTemplate_;
+        onChanged();
+      }
+      if (other.subjectMode_ != 0) {
+        setSubjectModeValue(other.getSubjectModeValue());
+      }
+      if (other.hasRevocationDetails()) {
+        mergeRevocationDetails(other.getRevocationDetails());
+      }
+      if (!other.getPemCertificate().isEmpty()) {
+        pemCertificate_ = other.pemCertificate_;
+        onChanged();
+      }
+      if (other.hasCertificateDescription()) {
+        mergeCertificateDescription(other.getCertificateDescription());
+      }
+      if (!other.pemCertificateChain_.isEmpty()) {
+        if (pemCertificateChain_.isEmpty()) {
+          pemCertificateChain_ = other.pemCertificateChain_;
+          bitField0_ = (bitField0_ & ~0x00000001);
+        } else {
+          ensurePemCertificateChainIsMutable();
+          pemCertificateChain_.addAll(other.pemCertificateChain_);
+        }
+        onChanged();
+      }
+      if (other.hasCreateTime()) {
+        mergeCreateTime(other.getCreateTime());
+      }
+      if (other.hasUpdateTime()) {
+        mergeUpdateTime(other.getUpdateTime());
+      }
+      internalGetMutableLabels().mergeFrom(other.internalGetLabels());
+      switch (other.getCertificateConfigCase()) {
+        case PEM_CSR:
+          {
+            certificateConfigCase_ = 2;
+            certificateConfig_ = other.certificateConfig_;
+            onChanged();
+            break;
+          }
+        case CONFIG:
+          {
+            mergeConfig(other.getConfig());
+            break;
+          }
+        case CERTIFICATECONFIG_NOT_SET:
+          {
+            break;
+          }
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.Certificate parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.Certificate) e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private int certificateConfigCase_ = 0;
+    private java.lang.Object certificateConfig_;
+
+    public CertificateConfigCase getCertificateConfigCase() {
+      return CertificateConfigCase.forNumber(certificateConfigCase_);
+    }
+
+    public Builder clearCertificateConfig() {
+      certificateConfigCase_ = 0;
+      certificateConfig_ = null;
+      onChanged();
+      return this;
+    }
+
+    private int bitField0_;
+
+    private java.lang.Object name_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The name.
+     */
+    public java.lang.String getName() {
+      java.lang.Object ref = name_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        name_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for name.
+     */
+    public com.google.protobuf.ByteString getNameBytes() {
+      java.lang.Object ref = name_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        name_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The name to set.
+     * @return This builder for chaining.
+     */
+    public Builder setName(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearName() {
+
+      name_ = getDefaultInstance().getName();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The bytes for name to set.
+     * @return This builder for chaining.
+     */
+    public Builder setNameBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Immutable. A pem-encoded X.509 certificate signing request (CSR).
+     * </pre>
+     *
+     * <code>string pem_csr = 2 [(.google.api.field_behavior) = IMMUTABLE];</code>
+     *
+     * @return Whether the pemCsr field is set.
+     */
+    @java.lang.Override
+    public boolean hasPemCsr() {
+      return certificateConfigCase_ == 2;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Immutable. A pem-encoded X.509 certificate signing request (CSR).
+     * </pre>
+     *
+     * <code>string pem_csr = 2 [(.google.api.field_behavior) = IMMUTABLE];</code>
+     *
+     * @return The pemCsr.
+     */
+    @java.lang.Override
+    public java.lang.String getPemCsr() {
+      java.lang.Object ref = "";
+      if (certificateConfigCase_ == 2) {
+        ref = certificateConfig_;
+      }
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        if (certificateConfigCase_ == 2) {
+          certificateConfig_ = s;
+        }
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Immutable. A pem-encoded X.509 certificate signing request (CSR).
+     * </pre>
+     *
+     * <code>string pem_csr = 2 [(.google.api.field_behavior) = IMMUTABLE];</code>
+     *
+     * @return The bytes for pemCsr.
+     */
+    @java.lang.Override
+    public com.google.protobuf.ByteString getPemCsrBytes() {
+      java.lang.Object ref = "";
+      if (certificateConfigCase_ == 2) {
+        ref = certificateConfig_;
+      }
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        if (certificateConfigCase_ == 2) {
+          certificateConfig_ = b;
+        }
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Immutable. A pem-encoded X.509 certificate signing request (CSR).
+     * </pre>
+     *
+     * <code>string pem_csr = 2 [(.google.api.field_behavior) = IMMUTABLE];</code>
+     *
+     * @param value The pemCsr to set.
+     * @return This builder for chaining.
+     */
+    public Builder setPemCsr(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      certificateConfigCase_ = 2;
+      certificateConfig_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Immutable. A pem-encoded X.509 certificate signing request (CSR).
+     * </pre>
+     *
+     * <code>string pem_csr = 2 [(.google.api.field_behavior) = IMMUTABLE];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearPemCsr() {
+      if (certificateConfigCase_ == 2) {
+        certificateConfigCase_ = 0;
+        certificateConfig_ = null;
+        onChanged();
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Immutable. A pem-encoded X.509 certificate signing request (CSR).
+     * </pre>
+     *
+     * <code>string pem_csr = 2 [(.google.api.field_behavior) = IMMUTABLE];</code>
+     *
+     * @param value The bytes for pemCsr to set.
+     * @return This builder for chaining.
+     */
+    public Builder setPemCsrBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+      certificateConfigCase_ = 2;
+      certificateConfig_ = value;
+      onChanged();
+      return this;
+    }
+
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateConfig,
+            com.google.cloud.security.privateca.v1.CertificateConfig.Builder,
+            com.google.cloud.security.privateca.v1.CertificateConfigOrBuilder>
+        configBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Immutable. A description of the certificate and key that does not require X.509 or
+     * ASN.1.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateConfig config = 3 [(.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     *
+     * @return Whether the config field is set.
+     */
+    @java.lang.Override
+    public boolean hasConfig() {
+      return certificateConfigCase_ == 3;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Immutable. A description of the certificate and key that does not require X.509 or
+     * ASN.1.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateConfig config = 3 [(.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     *
+     * @return The config.
+     */
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CertificateConfig getConfig() {
+      if (configBuilder_ == null) {
+        if (certificateConfigCase_ == 3) {
+          return (com.google.cloud.security.privateca.v1.CertificateConfig) certificateConfig_;
+        }
+        return com.google.cloud.security.privateca.v1.CertificateConfig.getDefaultInstance();
+      } else {
+        if (certificateConfigCase_ == 3) {
+          return configBuilder_.getMessage();
+        }
+        return com.google.cloud.security.privateca.v1.CertificateConfig.getDefaultInstance();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Immutable. A description of the certificate and key that does not require X.509 or
+     * ASN.1.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateConfig config = 3 [(.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     */
+    public Builder setConfig(com.google.cloud.security.privateca.v1.CertificateConfig value) {
+      if (configBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        certificateConfig_ = value;
+        onChanged();
+      } else {
+        configBuilder_.setMessage(value);
+      }
+      certificateConfigCase_ = 3;
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Immutable. A description of the certificate and key that does not require X.509 or
+     * ASN.1.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateConfig config = 3 [(.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     */
+    public Builder setConfig(
+        com.google.cloud.security.privateca.v1.CertificateConfig.Builder builderForValue) {
+      if (configBuilder_ == null) {
+        certificateConfig_ = builderForValue.build();
+        onChanged();
+      } else {
+        configBuilder_.setMessage(builderForValue.build());
+      }
+      certificateConfigCase_ = 3;
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Immutable. A description of the certificate and key that does not require X.509 or
+     * ASN.1.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateConfig config = 3 [(.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     */
+    public Builder mergeConfig(com.google.cloud.security.privateca.v1.CertificateConfig value) {
+      if (configBuilder_ == null) {
+        if (certificateConfigCase_ == 3
+            && certificateConfig_
+                != com.google.cloud.security.privateca.v1.CertificateConfig.getDefaultInstance()) {
+          certificateConfig_ =
+              com.google.cloud.security.privateca.v1.CertificateConfig.newBuilder(
+                      (com.google.cloud.security.privateca.v1.CertificateConfig) certificateConfig_)
+                  .mergeFrom(value)
+                  .buildPartial();
+        } else {
+          certificateConfig_ = value;
+        }
+        onChanged();
+      } else {
+        if (certificateConfigCase_ == 3) {
+          configBuilder_.mergeFrom(value);
+        }
+        configBuilder_.setMessage(value);
+      }
+      certificateConfigCase_ = 3;
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Immutable. A description of the certificate and key that does not require X.509 or
+     * ASN.1.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateConfig config = 3 [(.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     */
+    public Builder clearConfig() {
+      if (configBuilder_ == null) {
+        if (certificateConfigCase_ == 3) {
+          certificateConfigCase_ = 0;
+          certificateConfig_ = null;
+          onChanged();
+        }
+      } else {
+        if (certificateConfigCase_ == 3) {
+          certificateConfigCase_ = 0;
+          certificateConfig_ = null;
+        }
+        configBuilder_.clear();
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Immutable. A description of the certificate and key that does not require X.509 or
+     * ASN.1.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateConfig config = 3 [(.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateConfig.Builder getConfigBuilder() {
+      return getConfigFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Immutable. A description of the certificate and key that does not require X.509 or
+     * ASN.1.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateConfig config = 3 [(.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     */
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CertificateConfigOrBuilder getConfigOrBuilder() {
+      if ((certificateConfigCase_ == 3) && (configBuilder_ != null)) {
+        return configBuilder_.getMessageOrBuilder();
+      } else {
+        if (certificateConfigCase_ == 3) {
+          return (com.google.cloud.security.privateca.v1.CertificateConfig) certificateConfig_;
+        }
+        return com.google.cloud.security.privateca.v1.CertificateConfig.getDefaultInstance();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Immutable. A description of the certificate and key that does not require X.509 or
+     * ASN.1.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateConfig config = 3 [(.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateConfig,
+            com.google.cloud.security.privateca.v1.CertificateConfig.Builder,
+            com.google.cloud.security.privateca.v1.CertificateConfigOrBuilder>
+        getConfigFieldBuilder() {
+      if (configBuilder_ == null) {
+        if (!(certificateConfigCase_ == 3)) {
+          certificateConfig_ =
+              com.google.cloud.security.privateca.v1.CertificateConfig.getDefaultInstance();
+        }
+        configBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.CertificateConfig,
+                com.google.cloud.security.privateca.v1.CertificateConfig.Builder,
+                com.google.cloud.security.privateca.v1.CertificateConfigOrBuilder>(
+                (com.google.cloud.security.privateca.v1.CertificateConfig) certificateConfig_,
+                getParentForChildren(),
+                isClean());
+        certificateConfig_ = null;
+      }
+      certificateConfigCase_ = 3;
+      onChanged();
+      ;
+      return configBuilder_;
+    }
+
+    private java.lang.Object issuerCertificateAuthority_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The resource name of the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string issuer_certificate_authority = 4 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The issuerCertificateAuthority.
+     */
+    public java.lang.String getIssuerCertificateAuthority() {
+      java.lang.Object ref = issuerCertificateAuthority_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        issuerCertificateAuthority_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The resource name of the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string issuer_certificate_authority = 4 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for issuerCertificateAuthority.
+     */
+    public com.google.protobuf.ByteString getIssuerCertificateAuthorityBytes() {
+      java.lang.Object ref = issuerCertificateAuthority_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        issuerCertificateAuthority_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The resource name of the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string issuer_certificate_authority = 4 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The issuerCertificateAuthority to set.
+     * @return This builder for chaining.
+     */
+    public Builder setIssuerCertificateAuthority(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      issuerCertificateAuthority_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The resource name of the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string issuer_certificate_authority = 4 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearIssuerCertificateAuthority() {
+
+      issuerCertificateAuthority_ = getDefaultInstance().getIssuerCertificateAuthority();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The resource name of the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string issuer_certificate_authority = 4 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The bytes for issuerCertificateAuthority to set.
+     * @return This builder for chaining.
+     */
+    public Builder setIssuerCertificateAuthorityBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      issuerCertificateAuthority_ = value;
+      onChanged();
+      return this;
+    }
+
+    private com.google.protobuf.Duration lifetime_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.Duration,
+            com.google.protobuf.Duration.Builder,
+            com.google.protobuf.DurationOrBuilder>
+        lifetimeBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. Immutable. The desired lifetime of a certificate. Used to create the
+     * "not_before_time" and "not_after_time" fields inside an X.509
+     * certificate. Note that the lifetime may be truncated if it would extend
+     * past the life of any certificate authority in the issuing chain.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Duration lifetime = 5 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     *
+     * @return Whether the lifetime field is set.
+     */
+    public boolean hasLifetime() {
+      return lifetimeBuilder_ != null || lifetime_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Immutable. The desired lifetime of a certificate. Used to create the
+     * "not_before_time" and "not_after_time" fields inside an X.509
+     * certificate. Note that the lifetime may be truncated if it would extend
+     * past the life of any certificate authority in the issuing chain.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Duration lifetime = 5 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     *
+     * @return The lifetime.
+     */
+    public com.google.protobuf.Duration getLifetime() {
+      if (lifetimeBuilder_ == null) {
+        return lifetime_ == null ? com.google.protobuf.Duration.getDefaultInstance() : lifetime_;
+      } else {
+        return lifetimeBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Immutable. The desired lifetime of a certificate. Used to create the
+     * "not_before_time" and "not_after_time" fields inside an X.509
+     * certificate. Note that the lifetime may be truncated if it would extend
+     * past the life of any certificate authority in the issuing chain.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Duration lifetime = 5 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     */
+    public Builder setLifetime(com.google.protobuf.Duration value) {
+      if (lifetimeBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        lifetime_ = value;
+        onChanged();
+      } else {
+        lifetimeBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Immutable. The desired lifetime of a certificate. Used to create the
+     * "not_before_time" and "not_after_time" fields inside an X.509
+     * certificate. Note that the lifetime may be truncated if it would extend
+     * past the life of any certificate authority in the issuing chain.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Duration lifetime = 5 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     */
+    public Builder setLifetime(com.google.protobuf.Duration.Builder builderForValue) {
+      if (lifetimeBuilder_ == null) {
+        lifetime_ = builderForValue.build();
+        onChanged();
+      } else {
+        lifetimeBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Immutable. The desired lifetime of a certificate. Used to create the
+     * "not_before_time" and "not_after_time" fields inside an X.509
+     * certificate. Note that the lifetime may be truncated if it would extend
+     * past the life of any certificate authority in the issuing chain.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Duration lifetime = 5 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     */
+    public Builder mergeLifetime(com.google.protobuf.Duration value) {
+      if (lifetimeBuilder_ == null) {
+        if (lifetime_ != null) {
+          lifetime_ =
+              com.google.protobuf.Duration.newBuilder(lifetime_).mergeFrom(value).buildPartial();
+        } else {
+          lifetime_ = value;
+        }
+        onChanged();
+      } else {
+        lifetimeBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Immutable. The desired lifetime of a certificate. Used to create the
+     * "not_before_time" and "not_after_time" fields inside an X.509
+     * certificate. Note that the lifetime may be truncated if it would extend
+     * past the life of any certificate authority in the issuing chain.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Duration lifetime = 5 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     */
+    public Builder clearLifetime() {
+      if (lifetimeBuilder_ == null) {
+        lifetime_ = null;
+        onChanged();
+      } else {
+        lifetime_ = null;
+        lifetimeBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Immutable. The desired lifetime of a certificate. Used to create the
+     * "not_before_time" and "not_after_time" fields inside an X.509
+     * certificate. Note that the lifetime may be truncated if it would extend
+     * past the life of any certificate authority in the issuing chain.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Duration lifetime = 5 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     */
+    public com.google.protobuf.Duration.Builder getLifetimeBuilder() {
+
+      onChanged();
+      return getLifetimeFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Immutable. The desired lifetime of a certificate. Used to create the
+     * "not_before_time" and "not_after_time" fields inside an X.509
+     * certificate. Note that the lifetime may be truncated if it would extend
+     * past the life of any certificate authority in the issuing chain.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Duration lifetime = 5 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     */
+    public com.google.protobuf.DurationOrBuilder getLifetimeOrBuilder() {
+      if (lifetimeBuilder_ != null) {
+        return lifetimeBuilder_.getMessageOrBuilder();
+      } else {
+        return lifetime_ == null ? com.google.protobuf.Duration.getDefaultInstance() : lifetime_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Immutable. The desired lifetime of a certificate. Used to create the
+     * "not_before_time" and "not_after_time" fields inside an X.509
+     * certificate. Note that the lifetime may be truncated if it would extend
+     * past the life of any certificate authority in the issuing chain.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Duration lifetime = 5 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.Duration,
+            com.google.protobuf.Duration.Builder,
+            com.google.protobuf.DurationOrBuilder>
+        getLifetimeFieldBuilder() {
+      if (lifetimeBuilder_ == null) {
+        lifetimeBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.protobuf.Duration,
+                com.google.protobuf.Duration.Builder,
+                com.google.protobuf.DurationOrBuilder>(
+                getLifetime(), getParentForChildren(), isClean());
+        lifetime_ = null;
+      }
+      return lifetimeBuilder_;
+    }
+
+    private java.lang.Object certificateTemplate_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Immutable. The resource name for a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] used to issue this
+     * certificate, in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
+     * If this is specified, the caller must have the necessary permission to
+     * use this template. If this is omitted, no template will be used.
+     * This template must be in the same location as the [Certificate][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     *
+     * <code>
+     * string certificate_template = 6 [(.google.api.field_behavior) = IMMUTABLE, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The certificateTemplate.
+     */
+    public java.lang.String getCertificateTemplate() {
+      java.lang.Object ref = certificateTemplate_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        certificateTemplate_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Immutable. The resource name for a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] used to issue this
+     * certificate, in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
+     * If this is specified, the caller must have the necessary permission to
+     * use this template. If this is omitted, no template will be used.
+     * This template must be in the same location as the [Certificate][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     *
+     * <code>
+     * string certificate_template = 6 [(.google.api.field_behavior) = IMMUTABLE, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for certificateTemplate.
+     */
+    public com.google.protobuf.ByteString getCertificateTemplateBytes() {
+      java.lang.Object ref = certificateTemplate_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        certificateTemplate_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Immutable. The resource name for a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] used to issue this
+     * certificate, in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
+     * If this is specified, the caller must have the necessary permission to
+     * use this template. If this is omitted, no template will be used.
+     * This template must be in the same location as the [Certificate][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     *
+     * <code>
+     * string certificate_template = 6 [(.google.api.field_behavior) = IMMUTABLE, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The certificateTemplate to set.
+     * @return This builder for chaining.
+     */
+    public Builder setCertificateTemplate(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      certificateTemplate_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Immutable. The resource name for a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] used to issue this
+     * certificate, in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
+     * If this is specified, the caller must have the necessary permission to
+     * use this template. If this is omitted, no template will be used.
+     * This template must be in the same location as the [Certificate][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     *
+     * <code>
+     * string certificate_template = 6 [(.google.api.field_behavior) = IMMUTABLE, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearCertificateTemplate() {
+
+      certificateTemplate_ = getDefaultInstance().getCertificateTemplate();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Immutable. The resource name for a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] used to issue this
+     * certificate, in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
+     * If this is specified, the caller must have the necessary permission to
+     * use this template. If this is omitted, no template will be used.
+     * This template must be in the same location as the [Certificate][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     *
+     * <code>
+     * string certificate_template = 6 [(.google.api.field_behavior) = IMMUTABLE, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The bytes for certificateTemplate to set.
+     * @return This builder for chaining.
+     */
+    public Builder setCertificateTemplateBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      certificateTemplate_ = value;
+      onChanged();
+      return this;
+    }
+
+    private int subjectMode_ = 0;
+    /**
+     *
+     *
+     * <pre>
+     * Immutable. Specifies how the [Certificate][google.cloud.security.privateca.v1.Certificate]'s identity fields are to be decided.
+     * If this is omitted, the `DEFAULT` subject mode will be used.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.SubjectRequestMode subject_mode = 7 [(.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     *
+     * @return The enum numeric value on the wire for subjectMode.
+     */
+    @java.lang.Override
+    public int getSubjectModeValue() {
+      return subjectMode_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Immutable. Specifies how the [Certificate][google.cloud.security.privateca.v1.Certificate]'s identity fields are to be decided.
+     * If this is omitted, the `DEFAULT` subject mode will be used.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.SubjectRequestMode subject_mode = 7 [(.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     *
+     * @param value The enum numeric value on the wire for subjectMode to set.
+     * @return This builder for chaining.
+     */
+    public Builder setSubjectModeValue(int value) {
+
+      subjectMode_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Immutable. Specifies how the [Certificate][google.cloud.security.privateca.v1.Certificate]'s identity fields are to be decided.
+     * If this is omitted, the `DEFAULT` subject mode will be used.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.SubjectRequestMode subject_mode = 7 [(.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     *
+     * @return The subjectMode.
+     */
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.SubjectRequestMode getSubjectMode() {
+      @SuppressWarnings("deprecation")
+      com.google.cloud.security.privateca.v1.SubjectRequestMode result =
+          com.google.cloud.security.privateca.v1.SubjectRequestMode.valueOf(subjectMode_);
+      return result == null
+          ? com.google.cloud.security.privateca.v1.SubjectRequestMode.UNRECOGNIZED
+          : result;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Immutable. Specifies how the [Certificate][google.cloud.security.privateca.v1.Certificate]'s identity fields are to be decided.
+     * If this is omitted, the `DEFAULT` subject mode will be used.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.SubjectRequestMode subject_mode = 7 [(.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     *
+     * @param value The subjectMode to set.
+     * @return This builder for chaining.
+     */
+    public Builder setSubjectMode(com.google.cloud.security.privateca.v1.SubjectRequestMode value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      subjectMode_ = value.getNumber();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Immutable. Specifies how the [Certificate][google.cloud.security.privateca.v1.Certificate]'s identity fields are to be decided.
+     * If this is omitted, the `DEFAULT` subject mode will be used.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.SubjectRequestMode subject_mode = 7 [(.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearSubjectMode() {
+
+      subjectMode_ = 0;
+      onChanged();
+      return this;
+    }
+
+    private com.google.cloud.security.privateca.v1.Certificate.RevocationDetails revocationDetails_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.Certificate.RevocationDetails,
+            com.google.cloud.security.privateca.v1.Certificate.RevocationDetails.Builder,
+            com.google.cloud.security.privateca.v1.Certificate.RevocationDetailsOrBuilder>
+        revocationDetailsBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Details regarding the revocation of this [Certificate][google.cloud.security.privateca.v1.Certificate]. This
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] is considered revoked if and only if this field is present.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.Certificate.RevocationDetails revocation_details = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return Whether the revocationDetails field is set.
+     */
+    public boolean hasRevocationDetails() {
+      return revocationDetailsBuilder_ != null || revocationDetails_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Details regarding the revocation of this [Certificate][google.cloud.security.privateca.v1.Certificate]. This
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] is considered revoked if and only if this field is present.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.Certificate.RevocationDetails revocation_details = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return The revocationDetails.
+     */
+    public com.google.cloud.security.privateca.v1.Certificate.RevocationDetails
+        getRevocationDetails() {
+      if (revocationDetailsBuilder_ == null) {
+        return revocationDetails_ == null
+            ? com.google.cloud.security.privateca.v1.Certificate.RevocationDetails
+                .getDefaultInstance()
+            : revocationDetails_;
+      } else {
+        return revocationDetailsBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Details regarding the revocation of this [Certificate][google.cloud.security.privateca.v1.Certificate]. This
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] is considered revoked if and only if this field is present.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.Certificate.RevocationDetails revocation_details = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder setRevocationDetails(
+        com.google.cloud.security.privateca.v1.Certificate.RevocationDetails value) {
+      if (revocationDetailsBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        revocationDetails_ = value;
+        onChanged();
+      } else {
+        revocationDetailsBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Details regarding the revocation of this [Certificate][google.cloud.security.privateca.v1.Certificate]. This
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] is considered revoked if and only if this field is present.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.Certificate.RevocationDetails revocation_details = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder setRevocationDetails(
+        com.google.cloud.security.privateca.v1.Certificate.RevocationDetails.Builder
+            builderForValue) {
+      if (revocationDetailsBuilder_ == null) {
+        revocationDetails_ = builderForValue.build();
+        onChanged();
+      } else {
+        revocationDetailsBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Details regarding the revocation of this [Certificate][google.cloud.security.privateca.v1.Certificate]. This
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] is considered revoked if and only if this field is present.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.Certificate.RevocationDetails revocation_details = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder mergeRevocationDetails(
+        com.google.cloud.security.privateca.v1.Certificate.RevocationDetails value) {
+      if (revocationDetailsBuilder_ == null) {
+        if (revocationDetails_ != null) {
+          revocationDetails_ =
+              com.google.cloud.security.privateca.v1.Certificate.RevocationDetails.newBuilder(
+                      revocationDetails_)
+                  .mergeFrom(value)
+                  .buildPartial();
+        } else {
+          revocationDetails_ = value;
+        }
+        onChanged();
+      } else {
+        revocationDetailsBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Details regarding the revocation of this [Certificate][google.cloud.security.privateca.v1.Certificate]. This
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] is considered revoked if and only if this field is present.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.Certificate.RevocationDetails revocation_details = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder clearRevocationDetails() {
+      if (revocationDetailsBuilder_ == null) {
+        revocationDetails_ = null;
+        onChanged();
+      } else {
+        revocationDetails_ = null;
+        revocationDetailsBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Details regarding the revocation of this [Certificate][google.cloud.security.privateca.v1.Certificate]. This
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] is considered revoked if and only if this field is present.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.Certificate.RevocationDetails revocation_details = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.Certificate.RevocationDetails.Builder
+        getRevocationDetailsBuilder() {
+
+      onChanged();
+      return getRevocationDetailsFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Details regarding the revocation of this [Certificate][google.cloud.security.privateca.v1.Certificate]. This
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] is considered revoked if and only if this field is present.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.Certificate.RevocationDetails revocation_details = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.Certificate.RevocationDetailsOrBuilder
+        getRevocationDetailsOrBuilder() {
+      if (revocationDetailsBuilder_ != null) {
+        return revocationDetailsBuilder_.getMessageOrBuilder();
+      } else {
+        return revocationDetails_ == null
+            ? com.google.cloud.security.privateca.v1.Certificate.RevocationDetails
+                .getDefaultInstance()
+            : revocationDetails_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Details regarding the revocation of this [Certificate][google.cloud.security.privateca.v1.Certificate]. This
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] is considered revoked if and only if this field is present.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.Certificate.RevocationDetails revocation_details = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.Certificate.RevocationDetails,
+            com.google.cloud.security.privateca.v1.Certificate.RevocationDetails.Builder,
+            com.google.cloud.security.privateca.v1.Certificate.RevocationDetailsOrBuilder>
+        getRevocationDetailsFieldBuilder() {
+      if (revocationDetailsBuilder_ == null) {
+        revocationDetailsBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.Certificate.RevocationDetails,
+                com.google.cloud.security.privateca.v1.Certificate.RevocationDetails.Builder,
+                com.google.cloud.security.privateca.v1.Certificate.RevocationDetailsOrBuilder>(
+                getRevocationDetails(), getParentForChildren(), isClean());
+        revocationDetails_ = null;
+      }
+      return revocationDetailsBuilder_;
+    }
+
+    private java.lang.Object pemCertificate_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The pem-encoded, signed X.509 certificate.
+     * </pre>
+     *
+     * <code>string pem_certificate = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return The pemCertificate.
+     */
+    public java.lang.String getPemCertificate() {
+      java.lang.Object ref = pemCertificate_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        pemCertificate_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The pem-encoded, signed X.509 certificate.
+     * </pre>
+     *
+     * <code>string pem_certificate = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return The bytes for pemCertificate.
+     */
+    public com.google.protobuf.ByteString getPemCertificateBytes() {
+      java.lang.Object ref = pemCertificate_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        pemCertificate_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The pem-encoded, signed X.509 certificate.
+     * </pre>
+     *
+     * <code>string pem_certificate = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @param value The pemCertificate to set.
+     * @return This builder for chaining.
+     */
+    public Builder setPemCertificate(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      pemCertificate_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The pem-encoded, signed X.509 certificate.
+     * </pre>
+     *
+     * <code>string pem_certificate = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearPemCertificate() {
+
+      pemCertificate_ = getDefaultInstance().getPemCertificate();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The pem-encoded, signed X.509 certificate.
+     * </pre>
+     *
+     * <code>string pem_certificate = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @param value The bytes for pemCertificate to set.
+     * @return This builder for chaining.
+     */
+    public Builder setPemCertificateBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      pemCertificate_ = value;
+      onChanged();
+      return this;
+    }
+
+    private com.google.cloud.security.privateca.v1.CertificateDescription certificateDescription_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateDescription,
+            com.google.cloud.security.privateca.v1.CertificateDescription.Builder,
+            com.google.cloud.security.privateca.v1.CertificateDescriptionOrBuilder>
+        certificateDescriptionBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Output only. A structured description of the issued X.509 certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateDescription certificate_description = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return Whether the certificateDescription field is set.
+     */
+    public boolean hasCertificateDescription() {
+      return certificateDescriptionBuilder_ != null || certificateDescription_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. A structured description of the issued X.509 certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateDescription certificate_description = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return The certificateDescription.
+     */
+    public com.google.cloud.security.privateca.v1.CertificateDescription
+        getCertificateDescription() {
+      if (certificateDescriptionBuilder_ == null) {
+        return certificateDescription_ == null
+            ? com.google.cloud.security.privateca.v1.CertificateDescription.getDefaultInstance()
+            : certificateDescription_;
+      } else {
+        return certificateDescriptionBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. A structured description of the issued X.509 certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateDescription certificate_description = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder setCertificateDescription(
+        com.google.cloud.security.privateca.v1.CertificateDescription value) {
+      if (certificateDescriptionBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        certificateDescription_ = value;
+        onChanged();
+      } else {
+        certificateDescriptionBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. A structured description of the issued X.509 certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateDescription certificate_description = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder setCertificateDescription(
+        com.google.cloud.security.privateca.v1.CertificateDescription.Builder builderForValue) {
+      if (certificateDescriptionBuilder_ == null) {
+        certificateDescription_ = builderForValue.build();
+        onChanged();
+      } else {
+        certificateDescriptionBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. A structured description of the issued X.509 certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateDescription certificate_description = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder mergeCertificateDescription(
+        com.google.cloud.security.privateca.v1.CertificateDescription value) {
+      if (certificateDescriptionBuilder_ == null) {
+        if (certificateDescription_ != null) {
+          certificateDescription_ =
+              com.google.cloud.security.privateca.v1.CertificateDescription.newBuilder(
+                      certificateDescription_)
+                  .mergeFrom(value)
+                  .buildPartial();
+        } else {
+          certificateDescription_ = value;
+        }
+        onChanged();
+      } else {
+        certificateDescriptionBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. A structured description of the issued X.509 certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateDescription certificate_description = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder clearCertificateDescription() {
+      if (certificateDescriptionBuilder_ == null) {
+        certificateDescription_ = null;
+        onChanged();
+      } else {
+        certificateDescription_ = null;
+        certificateDescriptionBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. A structured description of the issued X.509 certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateDescription certificate_description = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateDescription.Builder
+        getCertificateDescriptionBuilder() {
+
+      onChanged();
+      return getCertificateDescriptionFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. A structured description of the issued X.509 certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateDescription certificate_description = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateDescriptionOrBuilder
+        getCertificateDescriptionOrBuilder() {
+      if (certificateDescriptionBuilder_ != null) {
+        return certificateDescriptionBuilder_.getMessageOrBuilder();
+      } else {
+        return certificateDescription_ == null
+            ? com.google.cloud.security.privateca.v1.CertificateDescription.getDefaultInstance()
+            : certificateDescription_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. A structured description of the issued X.509 certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateDescription certificate_description = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateDescription,
+            com.google.cloud.security.privateca.v1.CertificateDescription.Builder,
+            com.google.cloud.security.privateca.v1.CertificateDescriptionOrBuilder>
+        getCertificateDescriptionFieldBuilder() {
+      if (certificateDescriptionBuilder_ == null) {
+        certificateDescriptionBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.CertificateDescription,
+                com.google.cloud.security.privateca.v1.CertificateDescription.Builder,
+                com.google.cloud.security.privateca.v1.CertificateDescriptionOrBuilder>(
+                getCertificateDescription(), getParentForChildren(), isClean());
+        certificateDescription_ = null;
+      }
+      return certificateDescriptionBuilder_;
+    }
+
+    private com.google.protobuf.LazyStringList pemCertificateChain_ =
+        com.google.protobuf.LazyStringArrayList.EMPTY;
+
+    private void ensurePemCertificateChainIsMutable() {
+      if (!((bitField0_ & 0x00000001) != 0)) {
+        pemCertificateChain_ = new com.google.protobuf.LazyStringArrayList(pemCertificateChain_);
+        bitField0_ |= 0x00000001;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The chain that may be used to verify the X.509 certificate. Expected to be
+     * in issuer-to-root order according to RFC 5246.
+     * </pre>
+     *
+     * <code>
+     * repeated string pem_certificate_chain = 11 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return A list containing the pemCertificateChain.
+     */
+    public com.google.protobuf.ProtocolStringList getPemCertificateChainList() {
+      return pemCertificateChain_.getUnmodifiableView();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The chain that may be used to verify the X.509 certificate. Expected to be
+     * in issuer-to-root order according to RFC 5246.
+     * </pre>
+     *
+     * <code>
+     * repeated string pem_certificate_chain = 11 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return The count of pemCertificateChain.
+     */
+    public int getPemCertificateChainCount() {
+      return pemCertificateChain_.size();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The chain that may be used to verify the X.509 certificate. Expected to be
+     * in issuer-to-root order according to RFC 5246.
+     * </pre>
+     *
+     * <code>
+     * repeated string pem_certificate_chain = 11 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @param index The index of the element to return.
+     * @return The pemCertificateChain at the given index.
+     */
+    public java.lang.String getPemCertificateChain(int index) {
+      return pemCertificateChain_.get(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The chain that may be used to verify the X.509 certificate. Expected to be
+     * in issuer-to-root order according to RFC 5246.
+     * </pre>
+     *
+     * <code>
+     * repeated string pem_certificate_chain = 11 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @param index The index of the value to return.
+     * @return The bytes of the pemCertificateChain at the given index.
+     */
+    public com.google.protobuf.ByteString getPemCertificateChainBytes(int index) {
+      return pemCertificateChain_.getByteString(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The chain that may be used to verify the X.509 certificate. Expected to be
+     * in issuer-to-root order according to RFC 5246.
+     * </pre>
+     *
+     * <code>
+     * repeated string pem_certificate_chain = 11 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @param index The index to set the value at.
+     * @param value The pemCertificateChain to set.
+     * @return This builder for chaining.
+     */
+    public Builder setPemCertificateChain(int index, java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensurePemCertificateChainIsMutable();
+      pemCertificateChain_.set(index, value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The chain that may be used to verify the X.509 certificate. Expected to be
+     * in issuer-to-root order according to RFC 5246.
+     * </pre>
+     *
+     * <code>
+     * repeated string pem_certificate_chain = 11 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @param value The pemCertificateChain to add.
+     * @return This builder for chaining.
+     */
+    public Builder addPemCertificateChain(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensurePemCertificateChainIsMutable();
+      pemCertificateChain_.add(value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The chain that may be used to verify the X.509 certificate. Expected to be
+     * in issuer-to-root order according to RFC 5246.
+     * </pre>
+     *
+     * <code>
+     * repeated string pem_certificate_chain = 11 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @param values The pemCertificateChain to add.
+     * @return This builder for chaining.
+     */
+    public Builder addAllPemCertificateChain(java.lang.Iterable<java.lang.String> values) {
+      ensurePemCertificateChainIsMutable();
+      com.google.protobuf.AbstractMessageLite.Builder.addAll(values, pemCertificateChain_);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The chain that may be used to verify the X.509 certificate. Expected to be
+     * in issuer-to-root order according to RFC 5246.
+     * </pre>
+     *
+     * <code>
+     * repeated string pem_certificate_chain = 11 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearPemCertificateChain() {
+      pemCertificateChain_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000001);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The chain that may be used to verify the X.509 certificate. Expected to be
+     * in issuer-to-root order according to RFC 5246.
+     * </pre>
+     *
+     * <code>
+     * repeated string pem_certificate_chain = 11 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @param value The bytes of the pemCertificateChain to add.
+     * @return This builder for chaining.
+     */
+    public Builder addPemCertificateChainBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+      ensurePemCertificateChainIsMutable();
+      pemCertificateChain_.add(value);
+      onChanged();
+      return this;
+    }
+
+    private com.google.protobuf.Timestamp createTime_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.Timestamp,
+            com.google.protobuf.Timestamp.Builder,
+            com.google.protobuf.TimestampOrBuilder>
+        createTimeBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 12 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return Whether the createTime field is set.
+     */
+    public boolean hasCreateTime() {
+      return createTimeBuilder_ != null || createTime_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 12 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return The createTime.
+     */
+    public com.google.protobuf.Timestamp getCreateTime() {
+      if (createTimeBuilder_ == null) {
+        return createTime_ == null
+            ? com.google.protobuf.Timestamp.getDefaultInstance()
+            : createTime_;
+      } else {
+        return createTimeBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 12 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder setCreateTime(com.google.protobuf.Timestamp value) {
+      if (createTimeBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        createTime_ = value;
+        onChanged();
+      } else {
+        createTimeBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 12 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder setCreateTime(com.google.protobuf.Timestamp.Builder builderForValue) {
+      if (createTimeBuilder_ == null) {
+        createTime_ = builderForValue.build();
+        onChanged();
+      } else {
+        createTimeBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 12 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder mergeCreateTime(com.google.protobuf.Timestamp value) {
+      if (createTimeBuilder_ == null) {
+        if (createTime_ != null) {
+          createTime_ =
+              com.google.protobuf.Timestamp.newBuilder(createTime_).mergeFrom(value).buildPartial();
+        } else {
+          createTime_ = value;
+        }
+        onChanged();
+      } else {
+        createTimeBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 12 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder clearCreateTime() {
+      if (createTimeBuilder_ == null) {
+        createTime_ = null;
+        onChanged();
+      } else {
+        createTime_ = null;
+        createTimeBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 12 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.protobuf.Timestamp.Builder getCreateTimeBuilder() {
+
+      onChanged();
+      return getCreateTimeFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 12 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.protobuf.TimestampOrBuilder getCreateTimeOrBuilder() {
+      if (createTimeBuilder_ != null) {
+        return createTimeBuilder_.getMessageOrBuilder();
+      } else {
+        return createTime_ == null
+            ? com.google.protobuf.Timestamp.getDefaultInstance()
+            : createTime_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 12 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.Timestamp,
+            com.google.protobuf.Timestamp.Builder,
+            com.google.protobuf.TimestampOrBuilder>
+        getCreateTimeFieldBuilder() {
+      if (createTimeBuilder_ == null) {
+        createTimeBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.protobuf.Timestamp,
+                com.google.protobuf.Timestamp.Builder,
+                com.google.protobuf.TimestampOrBuilder>(
+                getCreateTime(), getParentForChildren(), isClean());
+        createTime_ = null;
+      }
+      return createTimeBuilder_;
+    }
+
+    private com.google.protobuf.Timestamp updateTime_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.Timestamp,
+            com.google.protobuf.Timestamp.Builder,
+            com.google.protobuf.TimestampOrBuilder>
+        updateTimeBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 13 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return Whether the updateTime field is set.
+     */
+    public boolean hasUpdateTime() {
+      return updateTimeBuilder_ != null || updateTime_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 13 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return The updateTime.
+     */
+    public com.google.protobuf.Timestamp getUpdateTime() {
+      if (updateTimeBuilder_ == null) {
+        return updateTime_ == null
+            ? com.google.protobuf.Timestamp.getDefaultInstance()
+            : updateTime_;
+      } else {
+        return updateTimeBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 13 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder setUpdateTime(com.google.protobuf.Timestamp value) {
+      if (updateTimeBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        updateTime_ = value;
+        onChanged();
+      } else {
+        updateTimeBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 13 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder setUpdateTime(com.google.protobuf.Timestamp.Builder builderForValue) {
+      if (updateTimeBuilder_ == null) {
+        updateTime_ = builderForValue.build();
+        onChanged();
+      } else {
+        updateTimeBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 13 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder mergeUpdateTime(com.google.protobuf.Timestamp value) {
+      if (updateTimeBuilder_ == null) {
+        if (updateTime_ != null) {
+          updateTime_ =
+              com.google.protobuf.Timestamp.newBuilder(updateTime_).mergeFrom(value).buildPartial();
+        } else {
+          updateTime_ = value;
+        }
+        onChanged();
+      } else {
+        updateTimeBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 13 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder clearUpdateTime() {
+      if (updateTimeBuilder_ == null) {
+        updateTime_ = null;
+        onChanged();
+      } else {
+        updateTime_ = null;
+        updateTimeBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 13 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.protobuf.Timestamp.Builder getUpdateTimeBuilder() {
+
+      onChanged();
+      return getUpdateTimeFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 13 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.protobuf.TimestampOrBuilder getUpdateTimeOrBuilder() {
+      if (updateTimeBuilder_ != null) {
+        return updateTimeBuilder_.getMessageOrBuilder();
+      } else {
+        return updateTime_ == null
+            ? com.google.protobuf.Timestamp.getDefaultInstance()
+            : updateTime_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 13 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.Timestamp,
+            com.google.protobuf.Timestamp.Builder,
+            com.google.protobuf.TimestampOrBuilder>
+        getUpdateTimeFieldBuilder() {
+      if (updateTimeBuilder_ == null) {
+        updateTimeBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.protobuf.Timestamp,
+                com.google.protobuf.Timestamp.Builder,
+                com.google.protobuf.TimestampOrBuilder>(
+                getUpdateTime(), getParentForChildren(), isClean());
+        updateTime_ = null;
+      }
+      return updateTimeBuilder_;
+    }
+
+    private com.google.protobuf.MapField<java.lang.String, java.lang.String> labels_;
+
+    private com.google.protobuf.MapField<java.lang.String, java.lang.String> internalGetLabels() {
+      if (labels_ == null) {
+        return com.google.protobuf.MapField.emptyMapField(LabelsDefaultEntryHolder.defaultEntry);
+      }
+      return labels_;
+    }
+
+    private com.google.protobuf.MapField<java.lang.String, java.lang.String>
+        internalGetMutableLabels() {
+      onChanged();
+      ;
+      if (labels_ == null) {
+        labels_ = com.google.protobuf.MapField.newMapField(LabelsDefaultEntryHolder.defaultEntry);
+      }
+      if (!labels_.isMutable()) {
+        labels_ = labels_.copy();
+      }
+      return labels_;
+    }
+
+    public int getLabelsCount() {
+      return internalGetLabels().getMap().size();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Labels with user-defined metadata.
+     * </pre>
+     *
+     * <code>map&lt;string, string&gt; labels = 14 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    @java.lang.Override
+    public boolean containsLabels(java.lang.String key) {
+      if (key == null) {
+        throw new java.lang.NullPointerException();
+      }
+      return internalGetLabels().getMap().containsKey(key);
+    }
+    /** Use {@link #getLabelsMap()} instead. */
+    @java.lang.Override
+    @java.lang.Deprecated
+    public java.util.Map<java.lang.String, java.lang.String> getLabels() {
+      return getLabelsMap();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Labels with user-defined metadata.
+     * </pre>
+     *
+     * <code>map&lt;string, string&gt; labels = 14 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    @java.lang.Override
+    public java.util.Map<java.lang.String, java.lang.String> getLabelsMap() {
+      return internalGetLabels().getMap();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Labels with user-defined metadata.
+     * </pre>
+     *
+     * <code>map&lt;string, string&gt; labels = 14 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    @java.lang.Override
+    public java.lang.String getLabelsOrDefault(
+        java.lang.String key, java.lang.String defaultValue) {
+      if (key == null) {
+        throw new java.lang.NullPointerException();
+      }
+      java.util.Map<java.lang.String, java.lang.String> map = internalGetLabels().getMap();
+      return map.containsKey(key) ? map.get(key) : defaultValue;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Labels with user-defined metadata.
+     * </pre>
+     *
+     * <code>map&lt;string, string&gt; labels = 14 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    @java.lang.Override
+    public java.lang.String getLabelsOrThrow(java.lang.String key) {
+      if (key == null) {
+        throw new java.lang.NullPointerException();
+      }
+      java.util.Map<java.lang.String, java.lang.String> map = internalGetLabels().getMap();
+      if (!map.containsKey(key)) {
+        throw new java.lang.IllegalArgumentException();
+      }
+      return map.get(key);
+    }
+
+    public Builder clearLabels() {
+      internalGetMutableLabels().getMutableMap().clear();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Labels with user-defined metadata.
+     * </pre>
+     *
+     * <code>map&lt;string, string&gt; labels = 14 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    public Builder removeLabels(java.lang.String key) {
+      if (key == null) {
+        throw new java.lang.NullPointerException();
+      }
+      internalGetMutableLabels().getMutableMap().remove(key);
+      return this;
+    }
+    /** Use alternate mutation accessors instead. */
+    @java.lang.Deprecated
+    public java.util.Map<java.lang.String, java.lang.String> getMutableLabels() {
+      return internalGetMutableLabels().getMutableMap();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Labels with user-defined metadata.
+     * </pre>
+     *
+     * <code>map&lt;string, string&gt; labels = 14 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    public Builder putLabels(java.lang.String key, java.lang.String value) {
+      if (key == null) {
+        throw new java.lang.NullPointerException();
+      }
+      if (value == null) {
+        throw new java.lang.NullPointerException();
+      }
+      internalGetMutableLabels().getMutableMap().put(key, value);
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Labels with user-defined metadata.
+     * </pre>
+     *
+     * <code>map&lt;string, string&gt; labels = 14 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    public Builder putAllLabels(java.util.Map<java.lang.String, java.lang.String> values) {
+      internalGetMutableLabels().getMutableMap().putAll(values);
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.Certificate)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.Certificate)
+  private static final com.google.cloud.security.privateca.v1.Certificate DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.Certificate();
+  }
+
+  public static com.google.cloud.security.privateca.v1.Certificate getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<Certificate> PARSER =
+      new com.google.protobuf.AbstractParser<Certificate>() {
+        @java.lang.Override
+        public Certificate parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new Certificate(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<Certificate> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<Certificate> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.Certificate getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateAuthority.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateAuthority.java
new file mode 100644
index 00000000..ca786163
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateAuthority.java
@@ -0,0 +1,8343 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/resources.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] represents an individual Certificate Authority.
+ * A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] can be used to create [Certificates][google.cloud.security.privateca.v1.Certificate].
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.CertificateAuthority}
+ */
+public final class CertificateAuthority extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.CertificateAuthority)
+    CertificateAuthorityOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use CertificateAuthority.newBuilder() to construct.
+  private CertificateAuthority(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private CertificateAuthority() {
+    name_ = "";
+    type_ = 0;
+    tier_ = 0;
+    state_ = 0;
+    pemCaCertificates_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+    caCertificateDescriptions_ = java.util.Collections.emptyList();
+    gcsBucket_ = "";
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new CertificateAuthority();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private CertificateAuthority(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    int mutable_bitField0_ = 0;
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              name_ = s;
+              break;
+            }
+          case 16:
+            {
+              int rawValue = input.readEnum();
+
+              type_ = rawValue;
+              break;
+            }
+          case 26:
+            {
+              com.google.cloud.security.privateca.v1.CertificateConfig.Builder subBuilder = null;
+              if (config_ != null) {
+                subBuilder = config_.toBuilder();
+              }
+              config_ =
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.CertificateConfig.parser(),
+                      extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(config_);
+                config_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 34:
+            {
+              com.google.protobuf.Duration.Builder subBuilder = null;
+              if (lifetime_ != null) {
+                subBuilder = lifetime_.toBuilder();
+              }
+              lifetime_ =
+                  input.readMessage(com.google.protobuf.Duration.parser(), extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(lifetime_);
+                lifetime_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 42:
+            {
+              com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec.Builder
+                  subBuilder = null;
+              if (keySpec_ != null) {
+                subBuilder = keySpec_.toBuilder();
+              }
+              keySpec_ =
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec
+                          .parser(),
+                      extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(keySpec_);
+                keySpec_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 50:
+            {
+              com.google.cloud.security.privateca.v1.SubordinateConfig.Builder subBuilder = null;
+              if (subordinateConfig_ != null) {
+                subBuilder = subordinateConfig_.toBuilder();
+              }
+              subordinateConfig_ =
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.SubordinateConfig.parser(),
+                      extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(subordinateConfig_);
+                subordinateConfig_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 56:
+            {
+              int rawValue = input.readEnum();
+
+              tier_ = rawValue;
+              break;
+            }
+          case 64:
+            {
+              int rawValue = input.readEnum();
+
+              state_ = rawValue;
+              break;
+            }
+          case 74:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+              if (!((mutable_bitField0_ & 0x00000001) != 0)) {
+                pemCaCertificates_ = new com.google.protobuf.LazyStringArrayList();
+                mutable_bitField0_ |= 0x00000001;
+              }
+              pemCaCertificates_.add(s);
+              break;
+            }
+          case 82:
+            {
+              if (!((mutable_bitField0_ & 0x00000002) != 0)) {
+                caCertificateDescriptions_ =
+                    new java.util.ArrayList<
+                        com.google.cloud.security.privateca.v1.CertificateDescription>();
+                mutable_bitField0_ |= 0x00000002;
+              }
+              caCertificateDescriptions_.add(
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.CertificateDescription.parser(),
+                      extensionRegistry));
+              break;
+            }
+          case 90:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              gcsBucket_ = s;
+              break;
+            }
+          case 98:
+            {
+              com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls.Builder
+                  subBuilder = null;
+              if (accessUrls_ != null) {
+                subBuilder = accessUrls_.toBuilder();
+              }
+              accessUrls_ =
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls
+                          .parser(),
+                      extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(accessUrls_);
+                accessUrls_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 106:
+            {
+              com.google.protobuf.Timestamp.Builder subBuilder = null;
+              if (createTime_ != null) {
+                subBuilder = createTime_.toBuilder();
+              }
+              createTime_ =
+                  input.readMessage(com.google.protobuf.Timestamp.parser(), extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(createTime_);
+                createTime_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 114:
+            {
+              com.google.protobuf.Timestamp.Builder subBuilder = null;
+              if (updateTime_ != null) {
+                subBuilder = updateTime_.toBuilder();
+              }
+              updateTime_ =
+                  input.readMessage(com.google.protobuf.Timestamp.parser(), extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(updateTime_);
+                updateTime_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 122:
+            {
+              com.google.protobuf.Timestamp.Builder subBuilder = null;
+              if (deleteTime_ != null) {
+                subBuilder = deleteTime_.toBuilder();
+              }
+              deleteTime_ =
+                  input.readMessage(com.google.protobuf.Timestamp.parser(), extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(deleteTime_);
+                deleteTime_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 130:
+            {
+              com.google.protobuf.Timestamp.Builder subBuilder = null;
+              if (expireTime_ != null) {
+                subBuilder = expireTime_.toBuilder();
+              }
+              expireTime_ =
+                  input.readMessage(com.google.protobuf.Timestamp.parser(), extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(expireTime_);
+                expireTime_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 138:
+            {
+              if (!((mutable_bitField0_ & 0x00000004) != 0)) {
+                labels_ =
+                    com.google.protobuf.MapField.newMapField(LabelsDefaultEntryHolder.defaultEntry);
+                mutable_bitField0_ |= 0x00000004;
+              }
+              com.google.protobuf.MapEntry<java.lang.String, java.lang.String> labels__ =
+                  input.readMessage(
+                      LabelsDefaultEntryHolder.defaultEntry.getParserForType(), extensionRegistry);
+              labels_.getMutableMap().put(labels__.getKey(), labels__.getValue());
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      if (((mutable_bitField0_ & 0x00000001) != 0)) {
+        pemCaCertificates_ = pemCaCertificates_.getUnmodifiableView();
+      }
+      if (((mutable_bitField0_ & 0x00000002) != 0)) {
+        caCertificateDescriptions_ =
+            java.util.Collections.unmodifiableList(caCertificateDescriptions_);
+      }
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+        .internal_static_google_cloud_security_privateca_v1_CertificateAuthority_descriptor;
+  }
+
+  @SuppressWarnings({"rawtypes"})
+  @java.lang.Override
+  protected com.google.protobuf.MapField internalGetMapField(int number) {
+    switch (number) {
+      case 17:
+        return internalGetLabels();
+      default:
+        throw new RuntimeException("Invalid map field number: " + number);
+    }
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+        .internal_static_google_cloud_security_privateca_v1_CertificateAuthority_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.CertificateAuthority.class,
+            com.google.cloud.security.privateca.v1.CertificateAuthority.Builder.class);
+  }
+
+  /**
+   *
+   *
+   * <pre>
+   * The type of a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], indicating its issuing chain.
+   * </pre>
+   *
+   * Protobuf enum {@code google.cloud.security.privateca.v1.CertificateAuthority.Type}
+   */
+  public enum Type implements com.google.protobuf.ProtocolMessageEnum {
+    /**
+     *
+     *
+     * <pre>
+     * Not specified.
+     * </pre>
+     *
+     * <code>TYPE_UNSPECIFIED = 0;</code>
+     */
+    TYPE_UNSPECIFIED(0),
+    /**
+     *
+     *
+     * <pre>
+     * Self-signed CA.
+     * </pre>
+     *
+     * <code>SELF_SIGNED = 1;</code>
+     */
+    SELF_SIGNED(1),
+    /**
+     *
+     *
+     * <pre>
+     * Subordinate CA. Could be issued by a Private CA [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * or an unmanaged CA.
+     * </pre>
+     *
+     * <code>SUBORDINATE = 2;</code>
+     */
+    SUBORDINATE(2),
+    UNRECOGNIZED(-1),
+    ;
+
+    /**
+     *
+     *
+     * <pre>
+     * Not specified.
+     * </pre>
+     *
+     * <code>TYPE_UNSPECIFIED = 0;</code>
+     */
+    public static final int TYPE_UNSPECIFIED_VALUE = 0;
+    /**
+     *
+     *
+     * <pre>
+     * Self-signed CA.
+     * </pre>
+     *
+     * <code>SELF_SIGNED = 1;</code>
+     */
+    public static final int SELF_SIGNED_VALUE = 1;
+    /**
+     *
+     *
+     * <pre>
+     * Subordinate CA. Could be issued by a Private CA [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * or an unmanaged CA.
+     * </pre>
+     *
+     * <code>SUBORDINATE = 2;</code>
+     */
+    public static final int SUBORDINATE_VALUE = 2;
+
+    public final int getNumber() {
+      if (this == UNRECOGNIZED) {
+        throw new java.lang.IllegalArgumentException(
+            "Can't get the number of an unknown enum value.");
+      }
+      return value;
+    }
+
+    /**
+     * @param value The numeric wire value of the corresponding enum entry.
+     * @return The enum associated with the given numeric wire value.
+     * @deprecated Use {@link #forNumber(int)} instead.
+     */
+    @java.lang.Deprecated
+    public static Type valueOf(int value) {
+      return forNumber(value);
+    }
+
+    /**
+     * @param value The numeric wire value of the corresponding enum entry.
+     * @return The enum associated with the given numeric wire value.
+     */
+    public static Type forNumber(int value) {
+      switch (value) {
+        case 0:
+          return TYPE_UNSPECIFIED;
+        case 1:
+          return SELF_SIGNED;
+        case 2:
+          return SUBORDINATE;
+        default:
+          return null;
+      }
+    }
+
+    public static com.google.protobuf.Internal.EnumLiteMap<Type> internalGetValueMap() {
+      return internalValueMap;
+    }
+
+    private static final com.google.protobuf.Internal.EnumLiteMap<Type> internalValueMap =
+        new com.google.protobuf.Internal.EnumLiteMap<Type>() {
+          public Type findValueByNumber(int number) {
+            return Type.forNumber(number);
+          }
+        };
+
+    public final com.google.protobuf.Descriptors.EnumValueDescriptor getValueDescriptor() {
+      if (this == UNRECOGNIZED) {
+        throw new java.lang.IllegalStateException(
+            "Can't get the descriptor of an unrecognized enum value.");
+      }
+      return getDescriptor().getValues().get(ordinal());
+    }
+
+    public final com.google.protobuf.Descriptors.EnumDescriptor getDescriptorForType() {
+      return getDescriptor();
+    }
+
+    public static final com.google.protobuf.Descriptors.EnumDescriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.CertificateAuthority.getDescriptor()
+          .getEnumTypes()
+          .get(0);
+    }
+
+    private static final Type[] VALUES = values();
+
+    public static Type valueOf(com.google.protobuf.Descriptors.EnumValueDescriptor desc) {
+      if (desc.getType() != getDescriptor()) {
+        throw new java.lang.IllegalArgumentException("EnumValueDescriptor is not for this type.");
+      }
+      if (desc.getIndex() == -1) {
+        return UNRECOGNIZED;
+      }
+      return VALUES[desc.getIndex()];
+    }
+
+    private final int value;
+
+    private Type(int value) {
+      this.value = value;
+    }
+
+    // @@protoc_insertion_point(enum_scope:google.cloud.security.privateca.v1.CertificateAuthority.Type)
+  }
+
+  /**
+   *
+   *
+   * <pre>
+   * The state of a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], indicating if it can be used.
+   * </pre>
+   *
+   * Protobuf enum {@code google.cloud.security.privateca.v1.CertificateAuthority.State}
+   */
+  public enum State implements com.google.protobuf.ProtocolMessageEnum {
+    /**
+     *
+     *
+     * <pre>
+     * Not specified.
+     * </pre>
+     *
+     * <code>STATE_UNSPECIFIED = 0;</code>
+     */
+    STATE_UNSPECIFIED(0),
+    /**
+     *
+     *
+     * <pre>
+     * Certificates can be issued from this CA. CRLs will be generated for this
+     * CA. The CA will be part of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, and will be
+     * used to issue certificates from the [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>ENABLED = 1;</code>
+     */
+    ENABLED(1),
+    /**
+     *
+     *
+     * <pre>
+     * Certificates cannot be issued from this CA. CRLs will still be generated.
+     * The CA will be part of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, but will not be
+     * used to issue certificates from the [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>DISABLED = 2;</code>
+     */
+    DISABLED(2),
+    /**
+     *
+     *
+     * <pre>
+     * Certificates can be issued from this CA. CRLs will be generated for this
+     * CA. The CA will be part of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, but will not
+     * be used to issue certificates from the [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>STAGED = 3;</code>
+     */
+    STAGED(3),
+    /**
+     *
+     *
+     * <pre>
+     * Certificates cannot be issued from this CA. CRLs will not be generated.
+     * The CA will not be part of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, and will not be
+     * used to issue certificates from the [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>AWAITING_USER_ACTIVATION = 4;</code>
+     */
+    AWAITING_USER_ACTIVATION(4),
+    /**
+     *
+     *
+     * <pre>
+     * Certificates cannot be issued from this CA. CRLs will not be generated.
+     * The CA may still be recovered by calling
+     * [CertificateAuthorityService.UndeleteCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.UndeleteCertificateAuthority] before
+     * [expire_time][google.cloud.security.privateca.v1.CertificateAuthority.expire_time].
+     * The CA will not be part of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, and will not be
+     * used to issue certificates from the [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>DELETED = 5;</code>
+     */
+    DELETED(5),
+    UNRECOGNIZED(-1),
+    ;
+
+    /**
+     *
+     *
+     * <pre>
+     * Not specified.
+     * </pre>
+     *
+     * <code>STATE_UNSPECIFIED = 0;</code>
+     */
+    public static final int STATE_UNSPECIFIED_VALUE = 0;
+    /**
+     *
+     *
+     * <pre>
+     * Certificates can be issued from this CA. CRLs will be generated for this
+     * CA. The CA will be part of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, and will be
+     * used to issue certificates from the [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>ENABLED = 1;</code>
+     */
+    public static final int ENABLED_VALUE = 1;
+    /**
+     *
+     *
+     * <pre>
+     * Certificates cannot be issued from this CA. CRLs will still be generated.
+     * The CA will be part of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, but will not be
+     * used to issue certificates from the [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>DISABLED = 2;</code>
+     */
+    public static final int DISABLED_VALUE = 2;
+    /**
+     *
+     *
+     * <pre>
+     * Certificates can be issued from this CA. CRLs will be generated for this
+     * CA. The CA will be part of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, but will not
+     * be used to issue certificates from the [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>STAGED = 3;</code>
+     */
+    public static final int STAGED_VALUE = 3;
+    /**
+     *
+     *
+     * <pre>
+     * Certificates cannot be issued from this CA. CRLs will not be generated.
+     * The CA will not be part of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, and will not be
+     * used to issue certificates from the [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>AWAITING_USER_ACTIVATION = 4;</code>
+     */
+    public static final int AWAITING_USER_ACTIVATION_VALUE = 4;
+    /**
+     *
+     *
+     * <pre>
+     * Certificates cannot be issued from this CA. CRLs will not be generated.
+     * The CA may still be recovered by calling
+     * [CertificateAuthorityService.UndeleteCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.UndeleteCertificateAuthority] before
+     * [expire_time][google.cloud.security.privateca.v1.CertificateAuthority.expire_time].
+     * The CA will not be part of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, and will not be
+     * used to issue certificates from the [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>DELETED = 5;</code>
+     */
+    public static final int DELETED_VALUE = 5;
+
+    public final int getNumber() {
+      if (this == UNRECOGNIZED) {
+        throw new java.lang.IllegalArgumentException(
+            "Can't get the number of an unknown enum value.");
+      }
+      return value;
+    }
+
+    /**
+     * @param value The numeric wire value of the corresponding enum entry.
+     * @return The enum associated with the given numeric wire value.
+     * @deprecated Use {@link #forNumber(int)} instead.
+     */
+    @java.lang.Deprecated
+    public static State valueOf(int value) {
+      return forNumber(value);
+    }
+
+    /**
+     * @param value The numeric wire value of the corresponding enum entry.
+     * @return The enum associated with the given numeric wire value.
+     */
+    public static State forNumber(int value) {
+      switch (value) {
+        case 0:
+          return STATE_UNSPECIFIED;
+        case 1:
+          return ENABLED;
+        case 2:
+          return DISABLED;
+        case 3:
+          return STAGED;
+        case 4:
+          return AWAITING_USER_ACTIVATION;
+        case 5:
+          return DELETED;
+        default:
+          return null;
+      }
+    }
+
+    public static com.google.protobuf.Internal.EnumLiteMap<State> internalGetValueMap() {
+      return internalValueMap;
+    }
+
+    private static final com.google.protobuf.Internal.EnumLiteMap<State> internalValueMap =
+        new com.google.protobuf.Internal.EnumLiteMap<State>() {
+          public State findValueByNumber(int number) {
+            return State.forNumber(number);
+          }
+        };
+
+    public final com.google.protobuf.Descriptors.EnumValueDescriptor getValueDescriptor() {
+      if (this == UNRECOGNIZED) {
+        throw new java.lang.IllegalStateException(
+            "Can't get the descriptor of an unrecognized enum value.");
+      }
+      return getDescriptor().getValues().get(ordinal());
+    }
+
+    public final com.google.protobuf.Descriptors.EnumDescriptor getDescriptorForType() {
+      return getDescriptor();
+    }
+
+    public static final com.google.protobuf.Descriptors.EnumDescriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.CertificateAuthority.getDescriptor()
+          .getEnumTypes()
+          .get(1);
+    }
+
+    private static final State[] VALUES = values();
+
+    public static State valueOf(com.google.protobuf.Descriptors.EnumValueDescriptor desc) {
+      if (desc.getType() != getDescriptor()) {
+        throw new java.lang.IllegalArgumentException("EnumValueDescriptor is not for this type.");
+      }
+      if (desc.getIndex() == -1) {
+        return UNRECOGNIZED;
+      }
+      return VALUES[desc.getIndex()];
+    }
+
+    private final int value;
+
+    private State(int value) {
+      this.value = value;
+    }
+
+    // @@protoc_insertion_point(enum_scope:google.cloud.security.privateca.v1.CertificateAuthority.State)
+  }
+
+  /**
+   *
+   *
+   * <pre>
+   * The algorithm of a Cloud KMS CryptoKeyVersion of a
+   * [CryptoKey][google.cloud.kms.v1.CryptoKey] with the
+   * [CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose] value
+   * `ASYMMETRIC_SIGN`. These values correspond to the
+   * [CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm]
+   * values. For RSA signing algorithms, the PSS algorithms should be preferred,
+   * use PKCS1 algorithms if required for compatibility. For further
+   * recommandations, see
+   * https://cloud.google.com/kms/docs/algorithms#algorithm_recommendations.
+   * </pre>
+   *
+   * Protobuf enum {@code google.cloud.security.privateca.v1.CertificateAuthority.SignHashAlgorithm}
+   */
+  public enum SignHashAlgorithm implements com.google.protobuf.ProtocolMessageEnum {
+    /**
+     *
+     *
+     * <pre>
+     * Not specified.
+     * </pre>
+     *
+     * <code>SIGN_HASH_ALGORITHM_UNSPECIFIED = 0;</code>
+     */
+    SIGN_HASH_ALGORITHM_UNSPECIFIED(0),
+    /**
+     *
+     *
+     * <pre>
+     * maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
+     * </pre>
+     *
+     * <code>RSA_PSS_2048_SHA256 = 1;</code>
+     */
+    RSA_PSS_2048_SHA256(1),
+    /**
+     *
+     *
+     * <pre>
+     * maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
+     * </pre>
+     *
+     * <code>RSA_PSS_3072_SHA256 = 2;</code>
+     */
+    RSA_PSS_3072_SHA256(2),
+    /**
+     *
+     *
+     * <pre>
+     * maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
+     * </pre>
+     *
+     * <code>RSA_PSS_4096_SHA256 = 3;</code>
+     */
+    RSA_PSS_4096_SHA256(3),
+    /**
+     *
+     *
+     * <pre>
+     * maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
+     * </pre>
+     *
+     * <code>RSA_PKCS1_2048_SHA256 = 6;</code>
+     */
+    RSA_PKCS1_2048_SHA256(6),
+    /**
+     *
+     *
+     * <pre>
+     * maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
+     * </pre>
+     *
+     * <code>RSA_PKCS1_3072_SHA256 = 7;</code>
+     */
+    RSA_PKCS1_3072_SHA256(7),
+    /**
+     *
+     *
+     * <pre>
+     * maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
+     * </pre>
+     *
+     * <code>RSA_PKCS1_4096_SHA256 = 8;</code>
+     */
+    RSA_PKCS1_4096_SHA256(8),
+    /**
+     *
+     *
+     * <pre>
+     * maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
+     * </pre>
+     *
+     * <code>EC_P256_SHA256 = 4;</code>
+     */
+    EC_P256_SHA256(4),
+    /**
+     *
+     *
+     * <pre>
+     * maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
+     * </pre>
+     *
+     * <code>EC_P384_SHA384 = 5;</code>
+     */
+    EC_P384_SHA384(5),
+    UNRECOGNIZED(-1),
+    ;
+
+    /**
+     *
+     *
+     * <pre>
+     * Not specified.
+     * </pre>
+     *
+     * <code>SIGN_HASH_ALGORITHM_UNSPECIFIED = 0;</code>
+     */
+    public static final int SIGN_HASH_ALGORITHM_UNSPECIFIED_VALUE = 0;
+    /**
+     *
+     *
+     * <pre>
+     * maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
+     * </pre>
+     *
+     * <code>RSA_PSS_2048_SHA256 = 1;</code>
+     */
+    public static final int RSA_PSS_2048_SHA256_VALUE = 1;
+    /**
+     *
+     *
+     * <pre>
+     * maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
+     * </pre>
+     *
+     * <code>RSA_PSS_3072_SHA256 = 2;</code>
+     */
+    public static final int RSA_PSS_3072_SHA256_VALUE = 2;
+    /**
+     *
+     *
+     * <pre>
+     * maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
+     * </pre>
+     *
+     * <code>RSA_PSS_4096_SHA256 = 3;</code>
+     */
+    public static final int RSA_PSS_4096_SHA256_VALUE = 3;
+    /**
+     *
+     *
+     * <pre>
+     * maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
+     * </pre>
+     *
+     * <code>RSA_PKCS1_2048_SHA256 = 6;</code>
+     */
+    public static final int RSA_PKCS1_2048_SHA256_VALUE = 6;
+    /**
+     *
+     *
+     * <pre>
+     * maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
+     * </pre>
+     *
+     * <code>RSA_PKCS1_3072_SHA256 = 7;</code>
+     */
+    public static final int RSA_PKCS1_3072_SHA256_VALUE = 7;
+    /**
+     *
+     *
+     * <pre>
+     * maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
+     * </pre>
+     *
+     * <code>RSA_PKCS1_4096_SHA256 = 8;</code>
+     */
+    public static final int RSA_PKCS1_4096_SHA256_VALUE = 8;
+    /**
+     *
+     *
+     * <pre>
+     * maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
+     * </pre>
+     *
+     * <code>EC_P256_SHA256 = 4;</code>
+     */
+    public static final int EC_P256_SHA256_VALUE = 4;
+    /**
+     *
+     *
+     * <pre>
+     * maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
+     * </pre>
+     *
+     * <code>EC_P384_SHA384 = 5;</code>
+     */
+    public static final int EC_P384_SHA384_VALUE = 5;
+
+    public final int getNumber() {
+      if (this == UNRECOGNIZED) {
+        throw new java.lang.IllegalArgumentException(
+            "Can't get the number of an unknown enum value.");
+      }
+      return value;
+    }
+
+    /**
+     * @param value The numeric wire value of the corresponding enum entry.
+     * @return The enum associated with the given numeric wire value.
+     * @deprecated Use {@link #forNumber(int)} instead.
+     */
+    @java.lang.Deprecated
+    public static SignHashAlgorithm valueOf(int value) {
+      return forNumber(value);
+    }
+
+    /**
+     * @param value The numeric wire value of the corresponding enum entry.
+     * @return The enum associated with the given numeric wire value.
+     */
+    public static SignHashAlgorithm forNumber(int value) {
+      switch (value) {
+        case 0:
+          return SIGN_HASH_ALGORITHM_UNSPECIFIED;
+        case 1:
+          return RSA_PSS_2048_SHA256;
+        case 2:
+          return RSA_PSS_3072_SHA256;
+        case 3:
+          return RSA_PSS_4096_SHA256;
+        case 6:
+          return RSA_PKCS1_2048_SHA256;
+        case 7:
+          return RSA_PKCS1_3072_SHA256;
+        case 8:
+          return RSA_PKCS1_4096_SHA256;
+        case 4:
+          return EC_P256_SHA256;
+        case 5:
+          return EC_P384_SHA384;
+        default:
+          return null;
+      }
+    }
+
+    public static com.google.protobuf.Internal.EnumLiteMap<SignHashAlgorithm>
+        internalGetValueMap() {
+      return internalValueMap;
+    }
+
+    private static final com.google.protobuf.Internal.EnumLiteMap<SignHashAlgorithm>
+        internalValueMap =
+            new com.google.protobuf.Internal.EnumLiteMap<SignHashAlgorithm>() {
+              public SignHashAlgorithm findValueByNumber(int number) {
+                return SignHashAlgorithm.forNumber(number);
+              }
+            };
+
+    public final com.google.protobuf.Descriptors.EnumValueDescriptor getValueDescriptor() {
+      if (this == UNRECOGNIZED) {
+        throw new java.lang.IllegalStateException(
+            "Can't get the descriptor of an unrecognized enum value.");
+      }
+      return getDescriptor().getValues().get(ordinal());
+    }
+
+    public final com.google.protobuf.Descriptors.EnumDescriptor getDescriptorForType() {
+      return getDescriptor();
+    }
+
+    public static final com.google.protobuf.Descriptors.EnumDescriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.CertificateAuthority.getDescriptor()
+          .getEnumTypes()
+          .get(2);
+    }
+
+    private static final SignHashAlgorithm[] VALUES = values();
+
+    public static SignHashAlgorithm valueOf(
+        com.google.protobuf.Descriptors.EnumValueDescriptor desc) {
+      if (desc.getType() != getDescriptor()) {
+        throw new java.lang.IllegalArgumentException("EnumValueDescriptor is not for this type.");
+      }
+      if (desc.getIndex() == -1) {
+        return UNRECOGNIZED;
+      }
+      return VALUES[desc.getIndex()];
+    }
+
+    private final int value;
+
+    private SignHashAlgorithm(int value) {
+      this.value = value;
+    }
+
+    // @@protoc_insertion_point(enum_scope:google.cloud.security.privateca.v1.CertificateAuthority.SignHashAlgorithm)
+  }
+
+  public interface AccessUrlsOrBuilder
+      extends
+      // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls)
+      com.google.protobuf.MessageOrBuilder {
+
+    /**
+     *
+     *
+     * <pre>
+     * The URL where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate is
+     * published. This will only be set for CAs that have been activated.
+     * </pre>
+     *
+     * <code>string ca_certificate_access_url = 1;</code>
+     *
+     * @return The caCertificateAccessUrl.
+     */
+    java.lang.String getCaCertificateAccessUrl();
+    /**
+     *
+     *
+     * <pre>
+     * The URL where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate is
+     * published. This will only be set for CAs that have been activated.
+     * </pre>
+     *
+     * <code>string ca_certificate_access_url = 1;</code>
+     *
+     * @return The bytes for caCertificateAccessUrl.
+     */
+    com.google.protobuf.ByteString getCaCertificateAccessUrlBytes();
+
+    /**
+     *
+     *
+     * <pre>
+     * The URLs where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CRLs are published. This
+     * will only be set for CAs that have been activated.
+     * </pre>
+     *
+     * <code>repeated string crl_access_urls = 2;</code>
+     *
+     * @return A list containing the crlAccessUrls.
+     */
+    java.util.List<java.lang.String> getCrlAccessUrlsList();
+    /**
+     *
+     *
+     * <pre>
+     * The URLs where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CRLs are published. This
+     * will only be set for CAs that have been activated.
+     * </pre>
+     *
+     * <code>repeated string crl_access_urls = 2;</code>
+     *
+     * @return The count of crlAccessUrls.
+     */
+    int getCrlAccessUrlsCount();
+    /**
+     *
+     *
+     * <pre>
+     * The URLs where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CRLs are published. This
+     * will only be set for CAs that have been activated.
+     * </pre>
+     *
+     * <code>repeated string crl_access_urls = 2;</code>
+     *
+     * @param index The index of the element to return.
+     * @return The crlAccessUrls at the given index.
+     */
+    java.lang.String getCrlAccessUrls(int index);
+    /**
+     *
+     *
+     * <pre>
+     * The URLs where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CRLs are published. This
+     * will only be set for CAs that have been activated.
+     * </pre>
+     *
+     * <code>repeated string crl_access_urls = 2;</code>
+     *
+     * @param index The index of the value to return.
+     * @return The bytes of the crlAccessUrls at the given index.
+     */
+    com.google.protobuf.ByteString getCrlAccessUrlsBytes(int index);
+  }
+  /**
+   *
+   *
+   * <pre>
+   * URLs where a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will publish content.
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls}
+   */
+  public static final class AccessUrls extends com.google.protobuf.GeneratedMessageV3
+      implements
+      // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls)
+      AccessUrlsOrBuilder {
+    private static final long serialVersionUID = 0L;
+    // Use AccessUrls.newBuilder() to construct.
+    private AccessUrls(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+      super(builder);
+    }
+
+    private AccessUrls() {
+      caCertificateAccessUrl_ = "";
+      crlAccessUrls_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+    }
+
+    @java.lang.Override
+    @SuppressWarnings({"unused"})
+    protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+      return new AccessUrls();
+    }
+
+    @java.lang.Override
+    public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+      return this.unknownFields;
+    }
+
+    private AccessUrls(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      this();
+      if (extensionRegistry == null) {
+        throw new java.lang.NullPointerException();
+      }
+      int mutable_bitField0_ = 0;
+      com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+          com.google.protobuf.UnknownFieldSet.newBuilder();
+      try {
+        boolean done = false;
+        while (!done) {
+          int tag = input.readTag();
+          switch (tag) {
+            case 0:
+              done = true;
+              break;
+            case 10:
+              {
+                java.lang.String s = input.readStringRequireUtf8();
+
+                caCertificateAccessUrl_ = s;
+                break;
+              }
+            case 18:
+              {
+                java.lang.String s = input.readStringRequireUtf8();
+                if (!((mutable_bitField0_ & 0x00000001) != 0)) {
+                  crlAccessUrls_ = new com.google.protobuf.LazyStringArrayList();
+                  mutable_bitField0_ |= 0x00000001;
+                }
+                crlAccessUrls_.add(s);
+                break;
+              }
+            default:
+              {
+                if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                  done = true;
+                }
+                break;
+              }
+          }
+        }
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        throw e.setUnfinishedMessage(this);
+      } catch (java.io.IOException e) {
+        throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+      } finally {
+        if (((mutable_bitField0_ & 0x00000001) != 0)) {
+          crlAccessUrls_ = crlAccessUrls_.getUnmodifiableView();
+        }
+        this.unknownFields = unknownFields.build();
+        makeExtensionsImmutable();
+      }
+    }
+
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CertificateAuthority_AccessUrls_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CertificateAuthority_AccessUrls_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls.class,
+              com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls.Builder.class);
+    }
+
+    public static final int CA_CERTIFICATE_ACCESS_URL_FIELD_NUMBER = 1;
+    private volatile java.lang.Object caCertificateAccessUrl_;
+    /**
+     *
+     *
+     * <pre>
+     * The URL where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate is
+     * published. This will only be set for CAs that have been activated.
+     * </pre>
+     *
+     * <code>string ca_certificate_access_url = 1;</code>
+     *
+     * @return The caCertificateAccessUrl.
+     */
+    @java.lang.Override
+    public java.lang.String getCaCertificateAccessUrl() {
+      java.lang.Object ref = caCertificateAccessUrl_;
+      if (ref instanceof java.lang.String) {
+        return (java.lang.String) ref;
+      } else {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        caCertificateAccessUrl_ = s;
+        return s;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The URL where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate is
+     * published. This will only be set for CAs that have been activated.
+     * </pre>
+     *
+     * <code>string ca_certificate_access_url = 1;</code>
+     *
+     * @return The bytes for caCertificateAccessUrl.
+     */
+    @java.lang.Override
+    public com.google.protobuf.ByteString getCaCertificateAccessUrlBytes() {
+      java.lang.Object ref = caCertificateAccessUrl_;
+      if (ref instanceof java.lang.String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        caCertificateAccessUrl_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+
+    public static final int CRL_ACCESS_URLS_FIELD_NUMBER = 2;
+    private com.google.protobuf.LazyStringList crlAccessUrls_;
+    /**
+     *
+     *
+     * <pre>
+     * The URLs where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CRLs are published. This
+     * will only be set for CAs that have been activated.
+     * </pre>
+     *
+     * <code>repeated string crl_access_urls = 2;</code>
+     *
+     * @return A list containing the crlAccessUrls.
+     */
+    public com.google.protobuf.ProtocolStringList getCrlAccessUrlsList() {
+      return crlAccessUrls_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The URLs where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CRLs are published. This
+     * will only be set for CAs that have been activated.
+     * </pre>
+     *
+     * <code>repeated string crl_access_urls = 2;</code>
+     *
+     * @return The count of crlAccessUrls.
+     */
+    public int getCrlAccessUrlsCount() {
+      return crlAccessUrls_.size();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The URLs where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CRLs are published. This
+     * will only be set for CAs that have been activated.
+     * </pre>
+     *
+     * <code>repeated string crl_access_urls = 2;</code>
+     *
+     * @param index The index of the element to return.
+     * @return The crlAccessUrls at the given index.
+     */
+    public java.lang.String getCrlAccessUrls(int index) {
+      return crlAccessUrls_.get(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The URLs where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CRLs are published. This
+     * will only be set for CAs that have been activated.
+     * </pre>
+     *
+     * <code>repeated string crl_access_urls = 2;</code>
+     *
+     * @param index The index of the value to return.
+     * @return The bytes of the crlAccessUrls at the given index.
+     */
+    public com.google.protobuf.ByteString getCrlAccessUrlsBytes(int index) {
+      return crlAccessUrls_.getByteString(index);
+    }
+
+    private byte memoizedIsInitialized = -1;
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      byte isInitialized = memoizedIsInitialized;
+      if (isInitialized == 1) return true;
+      if (isInitialized == 0) return false;
+
+      memoizedIsInitialized = 1;
+      return true;
+    }
+
+    @java.lang.Override
+    public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+      if (!getCaCertificateAccessUrlBytes().isEmpty()) {
+        com.google.protobuf.GeneratedMessageV3.writeString(output, 1, caCertificateAccessUrl_);
+      }
+      for (int i = 0; i < crlAccessUrls_.size(); i++) {
+        com.google.protobuf.GeneratedMessageV3.writeString(output, 2, crlAccessUrls_.getRaw(i));
+      }
+      unknownFields.writeTo(output);
+    }
+
+    @java.lang.Override
+    public int getSerializedSize() {
+      int size = memoizedSize;
+      if (size != -1) return size;
+
+      size = 0;
+      if (!getCaCertificateAccessUrlBytes().isEmpty()) {
+        size +=
+            com.google.protobuf.GeneratedMessageV3.computeStringSize(1, caCertificateAccessUrl_);
+      }
+      {
+        int dataSize = 0;
+        for (int i = 0; i < crlAccessUrls_.size(); i++) {
+          dataSize += computeStringSizeNoTag(crlAccessUrls_.getRaw(i));
+        }
+        size += dataSize;
+        size += 1 * getCrlAccessUrlsList().size();
+      }
+      size += unknownFields.getSerializedSize();
+      memoizedSize = size;
+      return size;
+    }
+
+    @java.lang.Override
+    public boolean equals(final java.lang.Object obj) {
+      if (obj == this) {
+        return true;
+      }
+      if (!(obj
+          instanceof com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls)) {
+        return super.equals(obj);
+      }
+      com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls other =
+          (com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls) obj;
+
+      if (!getCaCertificateAccessUrl().equals(other.getCaCertificateAccessUrl())) return false;
+      if (!getCrlAccessUrlsList().equals(other.getCrlAccessUrlsList())) return false;
+      if (!unknownFields.equals(other.unknownFields)) return false;
+      return true;
+    }
+
+    @java.lang.Override
+    public int hashCode() {
+      if (memoizedHashCode != 0) {
+        return memoizedHashCode;
+      }
+      int hash = 41;
+      hash = (19 * hash) + getDescriptor().hashCode();
+      hash = (37 * hash) + CA_CERTIFICATE_ACCESS_URL_FIELD_NUMBER;
+      hash = (53 * hash) + getCaCertificateAccessUrl().hashCode();
+      if (getCrlAccessUrlsCount() > 0) {
+        hash = (37 * hash) + CRL_ACCESS_URLS_FIELD_NUMBER;
+        hash = (53 * hash) + getCrlAccessUrlsList().hashCode();
+      }
+      hash = (29 * hash) + unknownFields.hashCode();
+      memoizedHashCode = hash;
+      return hash;
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls parseFrom(
+        java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls parseFrom(
+        java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls parseFrom(
+        com.google.protobuf.ByteString data)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls parseFrom(
+        com.google.protobuf.ByteString data,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls parseFrom(
+        byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls parseFrom(
+        byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls parseFrom(
+        java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls parseFrom(
+        java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls
+        parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls
+        parseDelimitedFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls parseFrom(
+        com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls parseFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    @java.lang.Override
+    public Builder newBuilderForType() {
+      return newBuilder();
+    }
+
+    public static Builder newBuilder() {
+      return DEFAULT_INSTANCE.toBuilder();
+    }
+
+    public static Builder newBuilder(
+        com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls prototype) {
+      return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+    }
+
+    @java.lang.Override
+    public Builder toBuilder() {
+      return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+    }
+
+    @java.lang.Override
+    protected Builder newBuilderForType(
+        com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      Builder builder = new Builder(parent);
+      return builder;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * URLs where a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will publish content.
+     * </pre>
+     *
+     * Protobuf type {@code google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls}
+     */
+    public static final class Builder
+        extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+        implements
+        // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls)
+        com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrlsOrBuilder {
+      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_CertificateAuthority_AccessUrls_descriptor;
+      }
+
+      @java.lang.Override
+      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+          internalGetFieldAccessorTable() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_CertificateAuthority_AccessUrls_fieldAccessorTable
+            .ensureFieldAccessorsInitialized(
+                com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls.class,
+                com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls.Builder
+                    .class);
+      }
+
+      // Construct using
+      // com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls.newBuilder()
+      private Builder() {
+        maybeForceBuilderInitialization();
+      }
+
+      private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+        super(parent);
+        maybeForceBuilderInitialization();
+      }
+
+      private void maybeForceBuilderInitialization() {
+        if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+      }
+
+      @java.lang.Override
+      public Builder clear() {
+        super.clear();
+        caCertificateAccessUrl_ = "";
+
+        crlAccessUrls_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+        bitField0_ = (bitField0_ & ~0x00000001);
+        return this;
+      }
+
+      @java.lang.Override
+      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_CertificateAuthority_AccessUrls_descriptor;
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls
+          getDefaultInstanceForType() {
+        return com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls
+            .getDefaultInstance();
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls build() {
+        com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls result =
+            buildPartial();
+        if (!result.isInitialized()) {
+          throw newUninitializedMessageException(result);
+        }
+        return result;
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls buildPartial() {
+        com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls result =
+            new com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls(this);
+        int from_bitField0_ = bitField0_;
+        result.caCertificateAccessUrl_ = caCertificateAccessUrl_;
+        if (((bitField0_ & 0x00000001) != 0)) {
+          crlAccessUrls_ = crlAccessUrls_.getUnmodifiableView();
+          bitField0_ = (bitField0_ & ~0x00000001);
+        }
+        result.crlAccessUrls_ = crlAccessUrls_;
+        onBuilt();
+        return result;
+      }
+
+      @java.lang.Override
+      public Builder clone() {
+        return super.clone();
+      }
+
+      @java.lang.Override
+      public Builder setField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.setField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+        return super.clearField(field);
+      }
+
+      @java.lang.Override
+      public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+        return super.clearOneof(oneof);
+      }
+
+      @java.lang.Override
+      public Builder setRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field,
+          int index,
+          java.lang.Object value) {
+        return super.setRepeatedField(field, index, value);
+      }
+
+      @java.lang.Override
+      public Builder addRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.addRepeatedField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(com.google.protobuf.Message other) {
+        if (other
+            instanceof com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls) {
+          return mergeFrom(
+              (com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls) other);
+        } else {
+          super.mergeFrom(other);
+          return this;
+        }
+      }
+
+      public Builder mergeFrom(
+          com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls other) {
+        if (other
+            == com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls
+                .getDefaultInstance()) return this;
+        if (!other.getCaCertificateAccessUrl().isEmpty()) {
+          caCertificateAccessUrl_ = other.caCertificateAccessUrl_;
+          onChanged();
+        }
+        if (!other.crlAccessUrls_.isEmpty()) {
+          if (crlAccessUrls_.isEmpty()) {
+            crlAccessUrls_ = other.crlAccessUrls_;
+            bitField0_ = (bitField0_ & ~0x00000001);
+          } else {
+            ensureCrlAccessUrlsIsMutable();
+            crlAccessUrls_.addAll(other.crlAccessUrls_);
+          }
+          onChanged();
+        }
+        this.mergeUnknownFields(other.unknownFields);
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final boolean isInitialized() {
+        return true;
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+        com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls parsedMessage = null;
+        try {
+          parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+        } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+          parsedMessage =
+              (com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls)
+                  e.getUnfinishedMessage();
+          throw e.unwrapIOException();
+        } finally {
+          if (parsedMessage != null) {
+            mergeFrom(parsedMessage);
+          }
+        }
+        return this;
+      }
+
+      private int bitField0_;
+
+      private java.lang.Object caCertificateAccessUrl_ = "";
+      /**
+       *
+       *
+       * <pre>
+       * The URL where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate is
+       * published. This will only be set for CAs that have been activated.
+       * </pre>
+       *
+       * <code>string ca_certificate_access_url = 1;</code>
+       *
+       * @return The caCertificateAccessUrl.
+       */
+      public java.lang.String getCaCertificateAccessUrl() {
+        java.lang.Object ref = caCertificateAccessUrl_;
+        if (!(ref instanceof java.lang.String)) {
+          com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+          java.lang.String s = bs.toStringUtf8();
+          caCertificateAccessUrl_ = s;
+          return s;
+        } else {
+          return (java.lang.String) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The URL where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate is
+       * published. This will only be set for CAs that have been activated.
+       * </pre>
+       *
+       * <code>string ca_certificate_access_url = 1;</code>
+       *
+       * @return The bytes for caCertificateAccessUrl.
+       */
+      public com.google.protobuf.ByteString getCaCertificateAccessUrlBytes() {
+        java.lang.Object ref = caCertificateAccessUrl_;
+        if (ref instanceof String) {
+          com.google.protobuf.ByteString b =
+              com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+          caCertificateAccessUrl_ = b;
+          return b;
+        } else {
+          return (com.google.protobuf.ByteString) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The URL where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate is
+       * published. This will only be set for CAs that have been activated.
+       * </pre>
+       *
+       * <code>string ca_certificate_access_url = 1;</code>
+       *
+       * @param value The caCertificateAccessUrl to set.
+       * @return This builder for chaining.
+       */
+      public Builder setCaCertificateAccessUrl(java.lang.String value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+
+        caCertificateAccessUrl_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The URL where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate is
+       * published. This will only be set for CAs that have been activated.
+       * </pre>
+       *
+       * <code>string ca_certificate_access_url = 1;</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearCaCertificateAccessUrl() {
+
+        caCertificateAccessUrl_ = getDefaultInstance().getCaCertificateAccessUrl();
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The URL where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate is
+       * published. This will only be set for CAs that have been activated.
+       * </pre>
+       *
+       * <code>string ca_certificate_access_url = 1;</code>
+       *
+       * @param value The bytes for caCertificateAccessUrl to set.
+       * @return This builder for chaining.
+       */
+      public Builder setCaCertificateAccessUrlBytes(com.google.protobuf.ByteString value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        checkByteStringIsUtf8(value);
+
+        caCertificateAccessUrl_ = value;
+        onChanged();
+        return this;
+      }
+
+      private com.google.protobuf.LazyStringList crlAccessUrls_ =
+          com.google.protobuf.LazyStringArrayList.EMPTY;
+
+      private void ensureCrlAccessUrlsIsMutable() {
+        if (!((bitField0_ & 0x00000001) != 0)) {
+          crlAccessUrls_ = new com.google.protobuf.LazyStringArrayList(crlAccessUrls_);
+          bitField0_ |= 0x00000001;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The URLs where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CRLs are published. This
+       * will only be set for CAs that have been activated.
+       * </pre>
+       *
+       * <code>repeated string crl_access_urls = 2;</code>
+       *
+       * @return A list containing the crlAccessUrls.
+       */
+      public com.google.protobuf.ProtocolStringList getCrlAccessUrlsList() {
+        return crlAccessUrls_.getUnmodifiableView();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The URLs where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CRLs are published. This
+       * will only be set for CAs that have been activated.
+       * </pre>
+       *
+       * <code>repeated string crl_access_urls = 2;</code>
+       *
+       * @return The count of crlAccessUrls.
+       */
+      public int getCrlAccessUrlsCount() {
+        return crlAccessUrls_.size();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The URLs where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CRLs are published. This
+       * will only be set for CAs that have been activated.
+       * </pre>
+       *
+       * <code>repeated string crl_access_urls = 2;</code>
+       *
+       * @param index The index of the element to return.
+       * @return The crlAccessUrls at the given index.
+       */
+      public java.lang.String getCrlAccessUrls(int index) {
+        return crlAccessUrls_.get(index);
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The URLs where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CRLs are published. This
+       * will only be set for CAs that have been activated.
+       * </pre>
+       *
+       * <code>repeated string crl_access_urls = 2;</code>
+       *
+       * @param index The index of the value to return.
+       * @return The bytes of the crlAccessUrls at the given index.
+       */
+      public com.google.protobuf.ByteString getCrlAccessUrlsBytes(int index) {
+        return crlAccessUrls_.getByteString(index);
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The URLs where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CRLs are published. This
+       * will only be set for CAs that have been activated.
+       * </pre>
+       *
+       * <code>repeated string crl_access_urls = 2;</code>
+       *
+       * @param index The index to set the value at.
+       * @param value The crlAccessUrls to set.
+       * @return This builder for chaining.
+       */
+      public Builder setCrlAccessUrls(int index, java.lang.String value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureCrlAccessUrlsIsMutable();
+        crlAccessUrls_.set(index, value);
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The URLs where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CRLs are published. This
+       * will only be set for CAs that have been activated.
+       * </pre>
+       *
+       * <code>repeated string crl_access_urls = 2;</code>
+       *
+       * @param value The crlAccessUrls to add.
+       * @return This builder for chaining.
+       */
+      public Builder addCrlAccessUrls(java.lang.String value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureCrlAccessUrlsIsMutable();
+        crlAccessUrls_.add(value);
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The URLs where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CRLs are published. This
+       * will only be set for CAs that have been activated.
+       * </pre>
+       *
+       * <code>repeated string crl_access_urls = 2;</code>
+       *
+       * @param values The crlAccessUrls to add.
+       * @return This builder for chaining.
+       */
+      public Builder addAllCrlAccessUrls(java.lang.Iterable<java.lang.String> values) {
+        ensureCrlAccessUrlsIsMutable();
+        com.google.protobuf.AbstractMessageLite.Builder.addAll(values, crlAccessUrls_);
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The URLs where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CRLs are published. This
+       * will only be set for CAs that have been activated.
+       * </pre>
+       *
+       * <code>repeated string crl_access_urls = 2;</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearCrlAccessUrls() {
+        crlAccessUrls_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+        bitField0_ = (bitField0_ & ~0x00000001);
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The URLs where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CRLs are published. This
+       * will only be set for CAs that have been activated.
+       * </pre>
+       *
+       * <code>repeated string crl_access_urls = 2;</code>
+       *
+       * @param value The bytes of the crlAccessUrls to add.
+       * @return This builder for chaining.
+       */
+      public Builder addCrlAccessUrlsBytes(com.google.protobuf.ByteString value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        checkByteStringIsUtf8(value);
+        ensureCrlAccessUrlsIsMutable();
+        crlAccessUrls_.add(value);
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final Builder setUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.setUnknownFields(unknownFields);
+      }
+
+      @java.lang.Override
+      public final Builder mergeUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.mergeUnknownFields(unknownFields);
+      }
+
+      // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls)
+    }
+
+    // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls)
+    private static final com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls
+        DEFAULT_INSTANCE;
+
+    static {
+      DEFAULT_INSTANCE =
+          new com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls();
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls
+        getDefaultInstance() {
+      return DEFAULT_INSTANCE;
+    }
+
+    private static final com.google.protobuf.Parser<AccessUrls> PARSER =
+        new com.google.protobuf.AbstractParser<AccessUrls>() {
+          @java.lang.Override
+          public AccessUrls parsePartialFrom(
+              com.google.protobuf.CodedInputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+            return new AccessUrls(input, extensionRegistry);
+          }
+        };
+
+    public static com.google.protobuf.Parser<AccessUrls> parser() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Parser<AccessUrls> getParserForType() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls
+        getDefaultInstanceForType() {
+      return DEFAULT_INSTANCE;
+    }
+  }
+
+  public interface KeyVersionSpecOrBuilder
+      extends
+      // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec)
+      com.google.protobuf.MessageOrBuilder {
+
+    /**
+     *
+     *
+     * <pre>
+     * The resource name for an existing Cloud KMS CryptoKeyVersion in the
+     * format
+     * `projects/&#42;&#47;locations/&#42;&#47;keyRings/&#42;&#47;cryptoKeys/&#42;&#47;cryptoKeyVersions/&#42;`.
+     * This option enables full flexibility in the key's capabilities and
+     * properties.
+     * </pre>
+     *
+     * <code>string cloud_kms_key_version = 1;</code>
+     *
+     * @return Whether the cloudKmsKeyVersion field is set.
+     */
+    boolean hasCloudKmsKeyVersion();
+    /**
+     *
+     *
+     * <pre>
+     * The resource name for an existing Cloud KMS CryptoKeyVersion in the
+     * format
+     * `projects/&#42;&#47;locations/&#42;&#47;keyRings/&#42;&#47;cryptoKeys/&#42;&#47;cryptoKeyVersions/&#42;`.
+     * This option enables full flexibility in the key's capabilities and
+     * properties.
+     * </pre>
+     *
+     * <code>string cloud_kms_key_version = 1;</code>
+     *
+     * @return The cloudKmsKeyVersion.
+     */
+    java.lang.String getCloudKmsKeyVersion();
+    /**
+     *
+     *
+     * <pre>
+     * The resource name for an existing Cloud KMS CryptoKeyVersion in the
+     * format
+     * `projects/&#42;&#47;locations/&#42;&#47;keyRings/&#42;&#47;cryptoKeys/&#42;&#47;cryptoKeyVersions/&#42;`.
+     * This option enables full flexibility in the key's capabilities and
+     * properties.
+     * </pre>
+     *
+     * <code>string cloud_kms_key_version = 1;</code>
+     *
+     * @return The bytes for cloudKmsKeyVersion.
+     */
+    com.google.protobuf.ByteString getCloudKmsKeyVersionBytes();
+
+    /**
+     *
+     *
+     * <pre>
+     * The algorithm to use for creating a managed Cloud KMS key for a for a
+     * simplified experience. All managed keys will be have their
+     * [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] as `HSM`.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority.SignHashAlgorithm algorithm = 2;
+     * </code>
+     *
+     * @return Whether the algorithm field is set.
+     */
+    boolean hasAlgorithm();
+    /**
+     *
+     *
+     * <pre>
+     * The algorithm to use for creating a managed Cloud KMS key for a for a
+     * simplified experience. All managed keys will be have their
+     * [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] as `HSM`.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority.SignHashAlgorithm algorithm = 2;
+     * </code>
+     *
+     * @return The enum numeric value on the wire for algorithm.
+     */
+    int getAlgorithmValue();
+    /**
+     *
+     *
+     * <pre>
+     * The algorithm to use for creating a managed Cloud KMS key for a for a
+     * simplified experience. All managed keys will be have their
+     * [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] as `HSM`.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority.SignHashAlgorithm algorithm = 2;
+     * </code>
+     *
+     * @return The algorithm.
+     */
+    com.google.cloud.security.privateca.v1.CertificateAuthority.SignHashAlgorithm getAlgorithm();
+
+    public com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec.KeyVersionCase
+        getKeyVersionCase();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * A Cloud KMS key configuration that a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will use.
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec}
+   */
+  public static final class KeyVersionSpec extends com.google.protobuf.GeneratedMessageV3
+      implements
+      // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec)
+      KeyVersionSpecOrBuilder {
+    private static final long serialVersionUID = 0L;
+    // Use KeyVersionSpec.newBuilder() to construct.
+    private KeyVersionSpec(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+      super(builder);
+    }
+
+    private KeyVersionSpec() {}
+
+    @java.lang.Override
+    @SuppressWarnings({"unused"})
+    protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+      return new KeyVersionSpec();
+    }
+
+    @java.lang.Override
+    public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+      return this.unknownFields;
+    }
+
+    private KeyVersionSpec(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      this();
+      if (extensionRegistry == null) {
+        throw new java.lang.NullPointerException();
+      }
+      com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+          com.google.protobuf.UnknownFieldSet.newBuilder();
+      try {
+        boolean done = false;
+        while (!done) {
+          int tag = input.readTag();
+          switch (tag) {
+            case 0:
+              done = true;
+              break;
+            case 10:
+              {
+                java.lang.String s = input.readStringRequireUtf8();
+                keyVersionCase_ = 1;
+                keyVersion_ = s;
+                break;
+              }
+            case 16:
+              {
+                int rawValue = input.readEnum();
+                keyVersionCase_ = 2;
+                keyVersion_ = rawValue;
+                break;
+              }
+            default:
+              {
+                if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                  done = true;
+                }
+                break;
+              }
+          }
+        }
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        throw e.setUnfinishedMessage(this);
+      } catch (java.io.IOException e) {
+        throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+      } finally {
+        this.unknownFields = unknownFields.build();
+        makeExtensionsImmutable();
+      }
+    }
+
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CertificateAuthority_KeyVersionSpec_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CertificateAuthority_KeyVersionSpec_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec.class,
+              com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec.Builder
+                  .class);
+    }
+
+    private int keyVersionCase_ = 0;
+    private java.lang.Object keyVersion_;
+
+    public enum KeyVersionCase
+        implements
+            com.google.protobuf.Internal.EnumLite,
+            com.google.protobuf.AbstractMessage.InternalOneOfEnum {
+      CLOUD_KMS_KEY_VERSION(1),
+      ALGORITHM(2),
+      KEYVERSION_NOT_SET(0);
+      private final int value;
+
+      private KeyVersionCase(int value) {
+        this.value = value;
+      }
+      /**
+       * @param value The number of the enum to look for.
+       * @return The enum associated with the given number.
+       * @deprecated Use {@link #forNumber(int)} instead.
+       */
+      @java.lang.Deprecated
+      public static KeyVersionCase valueOf(int value) {
+        return forNumber(value);
+      }
+
+      public static KeyVersionCase forNumber(int value) {
+        switch (value) {
+          case 1:
+            return CLOUD_KMS_KEY_VERSION;
+          case 2:
+            return ALGORITHM;
+          case 0:
+            return KEYVERSION_NOT_SET;
+          default:
+            return null;
+        }
+      }
+
+      public int getNumber() {
+        return this.value;
+      }
+    };
+
+    public KeyVersionCase getKeyVersionCase() {
+      return KeyVersionCase.forNumber(keyVersionCase_);
+    }
+
+    public static final int CLOUD_KMS_KEY_VERSION_FIELD_NUMBER = 1;
+    /**
+     *
+     *
+     * <pre>
+     * The resource name for an existing Cloud KMS CryptoKeyVersion in the
+     * format
+     * `projects/&#42;&#47;locations/&#42;&#47;keyRings/&#42;&#47;cryptoKeys/&#42;&#47;cryptoKeyVersions/&#42;`.
+     * This option enables full flexibility in the key's capabilities and
+     * properties.
+     * </pre>
+     *
+     * <code>string cloud_kms_key_version = 1;</code>
+     *
+     * @return Whether the cloudKmsKeyVersion field is set.
+     */
+    public boolean hasCloudKmsKeyVersion() {
+      return keyVersionCase_ == 1;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The resource name for an existing Cloud KMS CryptoKeyVersion in the
+     * format
+     * `projects/&#42;&#47;locations/&#42;&#47;keyRings/&#42;&#47;cryptoKeys/&#42;&#47;cryptoKeyVersions/&#42;`.
+     * This option enables full flexibility in the key's capabilities and
+     * properties.
+     * </pre>
+     *
+     * <code>string cloud_kms_key_version = 1;</code>
+     *
+     * @return The cloudKmsKeyVersion.
+     */
+    public java.lang.String getCloudKmsKeyVersion() {
+      java.lang.Object ref = "";
+      if (keyVersionCase_ == 1) {
+        ref = keyVersion_;
+      }
+      if (ref instanceof java.lang.String) {
+        return (java.lang.String) ref;
+      } else {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        if (keyVersionCase_ == 1) {
+          keyVersion_ = s;
+        }
+        return s;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The resource name for an existing Cloud KMS CryptoKeyVersion in the
+     * format
+     * `projects/&#42;&#47;locations/&#42;&#47;keyRings/&#42;&#47;cryptoKeys/&#42;&#47;cryptoKeyVersions/&#42;`.
+     * This option enables full flexibility in the key's capabilities and
+     * properties.
+     * </pre>
+     *
+     * <code>string cloud_kms_key_version = 1;</code>
+     *
+     * @return The bytes for cloudKmsKeyVersion.
+     */
+    public com.google.protobuf.ByteString getCloudKmsKeyVersionBytes() {
+      java.lang.Object ref = "";
+      if (keyVersionCase_ == 1) {
+        ref = keyVersion_;
+      }
+      if (ref instanceof java.lang.String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        if (keyVersionCase_ == 1) {
+          keyVersion_ = b;
+        }
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+
+    public static final int ALGORITHM_FIELD_NUMBER = 2;
+    /**
+     *
+     *
+     * <pre>
+     * The algorithm to use for creating a managed Cloud KMS key for a for a
+     * simplified experience. All managed keys will be have their
+     * [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] as `HSM`.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority.SignHashAlgorithm algorithm = 2;
+     * </code>
+     *
+     * @return Whether the algorithm field is set.
+     */
+    public boolean hasAlgorithm() {
+      return keyVersionCase_ == 2;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The algorithm to use for creating a managed Cloud KMS key for a for a
+     * simplified experience. All managed keys will be have their
+     * [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] as `HSM`.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority.SignHashAlgorithm algorithm = 2;
+     * </code>
+     *
+     * @return The enum numeric value on the wire for algorithm.
+     */
+    public int getAlgorithmValue() {
+      if (keyVersionCase_ == 2) {
+        return (java.lang.Integer) keyVersion_;
+      }
+      return 0;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The algorithm to use for creating a managed Cloud KMS key for a for a
+     * simplified experience. All managed keys will be have their
+     * [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] as `HSM`.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority.SignHashAlgorithm algorithm = 2;
+     * </code>
+     *
+     * @return The algorithm.
+     */
+    public com.google.cloud.security.privateca.v1.CertificateAuthority.SignHashAlgorithm
+        getAlgorithm() {
+      if (keyVersionCase_ == 2) {
+        @SuppressWarnings("deprecation")
+        com.google.cloud.security.privateca.v1.CertificateAuthority.SignHashAlgorithm result =
+            com.google.cloud.security.privateca.v1.CertificateAuthority.SignHashAlgorithm.valueOf(
+                (java.lang.Integer) keyVersion_);
+        return result == null
+            ? com.google.cloud.security.privateca.v1.CertificateAuthority.SignHashAlgorithm
+                .UNRECOGNIZED
+            : result;
+      }
+      return com.google.cloud.security.privateca.v1.CertificateAuthority.SignHashAlgorithm
+          .SIGN_HASH_ALGORITHM_UNSPECIFIED;
+    }
+
+    private byte memoizedIsInitialized = -1;
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      byte isInitialized = memoizedIsInitialized;
+      if (isInitialized == 1) return true;
+      if (isInitialized == 0) return false;
+
+      memoizedIsInitialized = 1;
+      return true;
+    }
+
+    @java.lang.Override
+    public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+      if (keyVersionCase_ == 1) {
+        com.google.protobuf.GeneratedMessageV3.writeString(output, 1, keyVersion_);
+      }
+      if (keyVersionCase_ == 2) {
+        output.writeEnum(2, ((java.lang.Integer) keyVersion_));
+      }
+      unknownFields.writeTo(output);
+    }
+
+    @java.lang.Override
+    public int getSerializedSize() {
+      int size = memoizedSize;
+      if (size != -1) return size;
+
+      size = 0;
+      if (keyVersionCase_ == 1) {
+        size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, keyVersion_);
+      }
+      if (keyVersionCase_ == 2) {
+        size +=
+            com.google.protobuf.CodedOutputStream.computeEnumSize(
+                2, ((java.lang.Integer) keyVersion_));
+      }
+      size += unknownFields.getSerializedSize();
+      memoizedSize = size;
+      return size;
+    }
+
+    @java.lang.Override
+    public boolean equals(final java.lang.Object obj) {
+      if (obj == this) {
+        return true;
+      }
+      if (!(obj
+          instanceof com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec)) {
+        return super.equals(obj);
+      }
+      com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec other =
+          (com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec) obj;
+
+      if (!getKeyVersionCase().equals(other.getKeyVersionCase())) return false;
+      switch (keyVersionCase_) {
+        case 1:
+          if (!getCloudKmsKeyVersion().equals(other.getCloudKmsKeyVersion())) return false;
+          break;
+        case 2:
+          if (getAlgorithmValue() != other.getAlgorithmValue()) return false;
+          break;
+        case 0:
+        default:
+      }
+      if (!unknownFields.equals(other.unknownFields)) return false;
+      return true;
+    }
+
+    @java.lang.Override
+    public int hashCode() {
+      if (memoizedHashCode != 0) {
+        return memoizedHashCode;
+      }
+      int hash = 41;
+      hash = (19 * hash) + getDescriptor().hashCode();
+      switch (keyVersionCase_) {
+        case 1:
+          hash = (37 * hash) + CLOUD_KMS_KEY_VERSION_FIELD_NUMBER;
+          hash = (53 * hash) + getCloudKmsKeyVersion().hashCode();
+          break;
+        case 2:
+          hash = (37 * hash) + ALGORITHM_FIELD_NUMBER;
+          hash = (53 * hash) + getAlgorithmValue();
+          break;
+        case 0:
+        default:
+      }
+      hash = (29 * hash) + unknownFields.hashCode();
+      memoizedHashCode = hash;
+      return hash;
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec
+        parseFrom(java.nio.ByteBuffer data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec
+        parseFrom(
+            java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec
+        parseFrom(com.google.protobuf.ByteString data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec
+        parseFrom(
+            com.google.protobuf.ByteString data,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec
+        parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec
+        parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec
+        parseFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec
+        parseFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec
+        parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec
+        parseDelimitedFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec
+        parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec
+        parseFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    @java.lang.Override
+    public Builder newBuilderForType() {
+      return newBuilder();
+    }
+
+    public static Builder newBuilder() {
+      return DEFAULT_INSTANCE.toBuilder();
+    }
+
+    public static Builder newBuilder(
+        com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec prototype) {
+      return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+    }
+
+    @java.lang.Override
+    public Builder toBuilder() {
+      return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+    }
+
+    @java.lang.Override
+    protected Builder newBuilderForType(
+        com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      Builder builder = new Builder(parent);
+      return builder;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A Cloud KMS key configuration that a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will use.
+     * </pre>
+     *
+     * Protobuf type {@code google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec}
+     */
+    public static final class Builder
+        extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+        implements
+        // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec)
+        com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpecOrBuilder {
+      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_CertificateAuthority_KeyVersionSpec_descriptor;
+      }
+
+      @java.lang.Override
+      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+          internalGetFieldAccessorTable() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_CertificateAuthority_KeyVersionSpec_fieldAccessorTable
+            .ensureFieldAccessorsInitialized(
+                com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec.class,
+                com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec.Builder
+                    .class);
+      }
+
+      // Construct using
+      // com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec.newBuilder()
+      private Builder() {
+        maybeForceBuilderInitialization();
+      }
+
+      private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+        super(parent);
+        maybeForceBuilderInitialization();
+      }
+
+      private void maybeForceBuilderInitialization() {
+        if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+      }
+
+      @java.lang.Override
+      public Builder clear() {
+        super.clear();
+        keyVersionCase_ = 0;
+        keyVersion_ = null;
+        return this;
+      }
+
+      @java.lang.Override
+      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_CertificateAuthority_KeyVersionSpec_descriptor;
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec
+          getDefaultInstanceForType() {
+        return com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec
+            .getDefaultInstance();
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec build() {
+        com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec result =
+            buildPartial();
+        if (!result.isInitialized()) {
+          throw newUninitializedMessageException(result);
+        }
+        return result;
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec
+          buildPartial() {
+        com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec result =
+            new com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec(this);
+        if (keyVersionCase_ == 1) {
+          result.keyVersion_ = keyVersion_;
+        }
+        if (keyVersionCase_ == 2) {
+          result.keyVersion_ = keyVersion_;
+        }
+        result.keyVersionCase_ = keyVersionCase_;
+        onBuilt();
+        return result;
+      }
+
+      @java.lang.Override
+      public Builder clone() {
+        return super.clone();
+      }
+
+      @java.lang.Override
+      public Builder setField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.setField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+        return super.clearField(field);
+      }
+
+      @java.lang.Override
+      public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+        return super.clearOneof(oneof);
+      }
+
+      @java.lang.Override
+      public Builder setRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field,
+          int index,
+          java.lang.Object value) {
+        return super.setRepeatedField(field, index, value);
+      }
+
+      @java.lang.Override
+      public Builder addRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.addRepeatedField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(com.google.protobuf.Message other) {
+        if (other
+            instanceof com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec) {
+          return mergeFrom(
+              (com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec) other);
+        } else {
+          super.mergeFrom(other);
+          return this;
+        }
+      }
+
+      public Builder mergeFrom(
+          com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec other) {
+        if (other
+            == com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec
+                .getDefaultInstance()) return this;
+        switch (other.getKeyVersionCase()) {
+          case CLOUD_KMS_KEY_VERSION:
+            {
+              keyVersionCase_ = 1;
+              keyVersion_ = other.keyVersion_;
+              onChanged();
+              break;
+            }
+          case ALGORITHM:
+            {
+              setAlgorithmValue(other.getAlgorithmValue());
+              break;
+            }
+          case KEYVERSION_NOT_SET:
+            {
+              break;
+            }
+        }
+        this.mergeUnknownFields(other.unknownFields);
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final boolean isInitialized() {
+        return true;
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+        com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec parsedMessage =
+            null;
+        try {
+          parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+        } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+          parsedMessage =
+              (com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec)
+                  e.getUnfinishedMessage();
+          throw e.unwrapIOException();
+        } finally {
+          if (parsedMessage != null) {
+            mergeFrom(parsedMessage);
+          }
+        }
+        return this;
+      }
+
+      private int keyVersionCase_ = 0;
+      private java.lang.Object keyVersion_;
+
+      public KeyVersionCase getKeyVersionCase() {
+        return KeyVersionCase.forNumber(keyVersionCase_);
+      }
+
+      public Builder clearKeyVersion() {
+        keyVersionCase_ = 0;
+        keyVersion_ = null;
+        onChanged();
+        return this;
+      }
+
+      /**
+       *
+       *
+       * <pre>
+       * The resource name for an existing Cloud KMS CryptoKeyVersion in the
+       * format
+       * `projects/&#42;&#47;locations/&#42;&#47;keyRings/&#42;&#47;cryptoKeys/&#42;&#47;cryptoKeyVersions/&#42;`.
+       * This option enables full flexibility in the key's capabilities and
+       * properties.
+       * </pre>
+       *
+       * <code>string cloud_kms_key_version = 1;</code>
+       *
+       * @return Whether the cloudKmsKeyVersion field is set.
+       */
+      @java.lang.Override
+      public boolean hasCloudKmsKeyVersion() {
+        return keyVersionCase_ == 1;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The resource name for an existing Cloud KMS CryptoKeyVersion in the
+       * format
+       * `projects/&#42;&#47;locations/&#42;&#47;keyRings/&#42;&#47;cryptoKeys/&#42;&#47;cryptoKeyVersions/&#42;`.
+       * This option enables full flexibility in the key's capabilities and
+       * properties.
+       * </pre>
+       *
+       * <code>string cloud_kms_key_version = 1;</code>
+       *
+       * @return The cloudKmsKeyVersion.
+       */
+      @java.lang.Override
+      public java.lang.String getCloudKmsKeyVersion() {
+        java.lang.Object ref = "";
+        if (keyVersionCase_ == 1) {
+          ref = keyVersion_;
+        }
+        if (!(ref instanceof java.lang.String)) {
+          com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+          java.lang.String s = bs.toStringUtf8();
+          if (keyVersionCase_ == 1) {
+            keyVersion_ = s;
+          }
+          return s;
+        } else {
+          return (java.lang.String) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The resource name for an existing Cloud KMS CryptoKeyVersion in the
+       * format
+       * `projects/&#42;&#47;locations/&#42;&#47;keyRings/&#42;&#47;cryptoKeys/&#42;&#47;cryptoKeyVersions/&#42;`.
+       * This option enables full flexibility in the key's capabilities and
+       * properties.
+       * </pre>
+       *
+       * <code>string cloud_kms_key_version = 1;</code>
+       *
+       * @return The bytes for cloudKmsKeyVersion.
+       */
+      @java.lang.Override
+      public com.google.protobuf.ByteString getCloudKmsKeyVersionBytes() {
+        java.lang.Object ref = "";
+        if (keyVersionCase_ == 1) {
+          ref = keyVersion_;
+        }
+        if (ref instanceof String) {
+          com.google.protobuf.ByteString b =
+              com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+          if (keyVersionCase_ == 1) {
+            keyVersion_ = b;
+          }
+          return b;
+        } else {
+          return (com.google.protobuf.ByteString) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The resource name for an existing Cloud KMS CryptoKeyVersion in the
+       * format
+       * `projects/&#42;&#47;locations/&#42;&#47;keyRings/&#42;&#47;cryptoKeys/&#42;&#47;cryptoKeyVersions/&#42;`.
+       * This option enables full flexibility in the key's capabilities and
+       * properties.
+       * </pre>
+       *
+       * <code>string cloud_kms_key_version = 1;</code>
+       *
+       * @param value The cloudKmsKeyVersion to set.
+       * @return This builder for chaining.
+       */
+      public Builder setCloudKmsKeyVersion(java.lang.String value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        keyVersionCase_ = 1;
+        keyVersion_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The resource name for an existing Cloud KMS CryptoKeyVersion in the
+       * format
+       * `projects/&#42;&#47;locations/&#42;&#47;keyRings/&#42;&#47;cryptoKeys/&#42;&#47;cryptoKeyVersions/&#42;`.
+       * This option enables full flexibility in the key's capabilities and
+       * properties.
+       * </pre>
+       *
+       * <code>string cloud_kms_key_version = 1;</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearCloudKmsKeyVersion() {
+        if (keyVersionCase_ == 1) {
+          keyVersionCase_ = 0;
+          keyVersion_ = null;
+          onChanged();
+        }
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The resource name for an existing Cloud KMS CryptoKeyVersion in the
+       * format
+       * `projects/&#42;&#47;locations/&#42;&#47;keyRings/&#42;&#47;cryptoKeys/&#42;&#47;cryptoKeyVersions/&#42;`.
+       * This option enables full flexibility in the key's capabilities and
+       * properties.
+       * </pre>
+       *
+       * <code>string cloud_kms_key_version = 1;</code>
+       *
+       * @param value The bytes for cloudKmsKeyVersion to set.
+       * @return This builder for chaining.
+       */
+      public Builder setCloudKmsKeyVersionBytes(com.google.protobuf.ByteString value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        checkByteStringIsUtf8(value);
+        keyVersionCase_ = 1;
+        keyVersion_ = value;
+        onChanged();
+        return this;
+      }
+
+      /**
+       *
+       *
+       * <pre>
+       * The algorithm to use for creating a managed Cloud KMS key for a for a
+       * simplified experience. All managed keys will be have their
+       * [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] as `HSM`.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CertificateAuthority.SignHashAlgorithm algorithm = 2;
+       * </code>
+       *
+       * @return Whether the algorithm field is set.
+       */
+      @java.lang.Override
+      public boolean hasAlgorithm() {
+        return keyVersionCase_ == 2;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The algorithm to use for creating a managed Cloud KMS key for a for a
+       * simplified experience. All managed keys will be have their
+       * [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] as `HSM`.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CertificateAuthority.SignHashAlgorithm algorithm = 2;
+       * </code>
+       *
+       * @return The enum numeric value on the wire for algorithm.
+       */
+      @java.lang.Override
+      public int getAlgorithmValue() {
+        if (keyVersionCase_ == 2) {
+          return ((java.lang.Integer) keyVersion_).intValue();
+        }
+        return 0;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The algorithm to use for creating a managed Cloud KMS key for a for a
+       * simplified experience. All managed keys will be have their
+       * [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] as `HSM`.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CertificateAuthority.SignHashAlgorithm algorithm = 2;
+       * </code>
+       *
+       * @param value The enum numeric value on the wire for algorithm to set.
+       * @return This builder for chaining.
+       */
+      public Builder setAlgorithmValue(int value) {
+        keyVersionCase_ = 2;
+        keyVersion_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The algorithm to use for creating a managed Cloud KMS key for a for a
+       * simplified experience. All managed keys will be have their
+       * [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] as `HSM`.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CertificateAuthority.SignHashAlgorithm algorithm = 2;
+       * </code>
+       *
+       * @return The algorithm.
+       */
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.CertificateAuthority.SignHashAlgorithm
+          getAlgorithm() {
+        if (keyVersionCase_ == 2) {
+          @SuppressWarnings("deprecation")
+          com.google.cloud.security.privateca.v1.CertificateAuthority.SignHashAlgorithm result =
+              com.google.cloud.security.privateca.v1.CertificateAuthority.SignHashAlgorithm.valueOf(
+                  (java.lang.Integer) keyVersion_);
+          return result == null
+              ? com.google.cloud.security.privateca.v1.CertificateAuthority.SignHashAlgorithm
+                  .UNRECOGNIZED
+              : result;
+        }
+        return com.google.cloud.security.privateca.v1.CertificateAuthority.SignHashAlgorithm
+            .SIGN_HASH_ALGORITHM_UNSPECIFIED;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The algorithm to use for creating a managed Cloud KMS key for a for a
+       * simplified experience. All managed keys will be have their
+       * [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] as `HSM`.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CertificateAuthority.SignHashAlgorithm algorithm = 2;
+       * </code>
+       *
+       * @param value The algorithm to set.
+       * @return This builder for chaining.
+       */
+      public Builder setAlgorithm(
+          com.google.cloud.security.privateca.v1.CertificateAuthority.SignHashAlgorithm value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        keyVersionCase_ = 2;
+        keyVersion_ = value.getNumber();
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The algorithm to use for creating a managed Cloud KMS key for a for a
+       * simplified experience. All managed keys will be have their
+       * [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] as `HSM`.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.CertificateAuthority.SignHashAlgorithm algorithm = 2;
+       * </code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearAlgorithm() {
+        if (keyVersionCase_ == 2) {
+          keyVersionCase_ = 0;
+          keyVersion_ = null;
+          onChanged();
+        }
+        return this;
+      }
+
+      @java.lang.Override
+      public final Builder setUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.setUnknownFields(unknownFields);
+      }
+
+      @java.lang.Override
+      public final Builder mergeUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.mergeUnknownFields(unknownFields);
+      }
+
+      // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec)
+    }
+
+    // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec)
+    private static final com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec
+        DEFAULT_INSTANCE;
+
+    static {
+      DEFAULT_INSTANCE =
+          new com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec();
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec
+        getDefaultInstance() {
+      return DEFAULT_INSTANCE;
+    }
+
+    private static final com.google.protobuf.Parser<KeyVersionSpec> PARSER =
+        new com.google.protobuf.AbstractParser<KeyVersionSpec>() {
+          @java.lang.Override
+          public KeyVersionSpec parsePartialFrom(
+              com.google.protobuf.CodedInputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+            return new KeyVersionSpec(input, extensionRegistry);
+          }
+        };
+
+    public static com.google.protobuf.Parser<KeyVersionSpec> parser() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Parser<KeyVersionSpec> getParserForType() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec
+        getDefaultInstanceForType() {
+      return DEFAULT_INSTANCE;
+    }
+  }
+
+  public static final int NAME_FIELD_NUMBER = 1;
+  private volatile java.lang.Object name_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The name.
+   */
+  @java.lang.Override
+  public java.lang.String getName() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      name_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The bytes for name.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getNameBytes() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      name_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int TYPE_FIELD_NUMBER = 2;
+  private int type_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. Immutable. The [Type][google.cloud.security.privateca.v1.CertificateAuthority.Type] of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateAuthority.Type type = 2 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+   * </code>
+   *
+   * @return The enum numeric value on the wire for type.
+   */
+  @java.lang.Override
+  public int getTypeValue() {
+    return type_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. Immutable. The [Type][google.cloud.security.privateca.v1.CertificateAuthority.Type] of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateAuthority.Type type = 2 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+   * </code>
+   *
+   * @return The type.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateAuthority.Type getType() {
+    @SuppressWarnings("deprecation")
+    com.google.cloud.security.privateca.v1.CertificateAuthority.Type result =
+        com.google.cloud.security.privateca.v1.CertificateAuthority.Type.valueOf(type_);
+    return result == null
+        ? com.google.cloud.security.privateca.v1.CertificateAuthority.Type.UNRECOGNIZED
+        : result;
+  }
+
+  public static final int CONFIG_FIELD_NUMBER = 3;
+  private com.google.cloud.security.privateca.v1.CertificateConfig config_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. Immutable. The config used to create a self-signed X.509 certificate or CSR.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateConfig config = 3 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+   * </code>
+   *
+   * @return Whether the config field is set.
+   */
+  @java.lang.Override
+  public boolean hasConfig() {
+    return config_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. Immutable. The config used to create a self-signed X.509 certificate or CSR.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateConfig config = 3 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+   * </code>
+   *
+   * @return The config.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateConfig getConfig() {
+    return config_ == null
+        ? com.google.cloud.security.privateca.v1.CertificateConfig.getDefaultInstance()
+        : config_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. Immutable. The config used to create a self-signed X.509 certificate or CSR.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateConfig config = 3 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateConfigOrBuilder getConfigOrBuilder() {
+    return getConfig();
+  }
+
+  public static final int LIFETIME_FIELD_NUMBER = 4;
+  private com.google.protobuf.Duration lifetime_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. The desired lifetime of the CA certificate. Used to create the
+   * "not_before_time" and "not_after_time" fields inside an X.509
+   * certificate.
+   * </pre>
+   *
+   * <code>.google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED];</code>
+   *
+   * @return Whether the lifetime field is set.
+   */
+  @java.lang.Override
+  public boolean hasLifetime() {
+    return lifetime_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. The desired lifetime of the CA certificate. Used to create the
+   * "not_before_time" and "not_after_time" fields inside an X.509
+   * certificate.
+   * </pre>
+   *
+   * <code>.google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED];</code>
+   *
+   * @return The lifetime.
+   */
+  @java.lang.Override
+  public com.google.protobuf.Duration getLifetime() {
+    return lifetime_ == null ? com.google.protobuf.Duration.getDefaultInstance() : lifetime_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. The desired lifetime of the CA certificate. Used to create the
+   * "not_before_time" and "not_after_time" fields inside an X.509
+   * certificate.
+   * </pre>
+   *
+   * <code>.google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED];</code>
+   */
+  @java.lang.Override
+  public com.google.protobuf.DurationOrBuilder getLifetimeOrBuilder() {
+    return getLifetime();
+  }
+
+  public static final int KEY_SPEC_FIELD_NUMBER = 5;
+  private com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec keySpec_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. Immutable. Used when issuing certificates for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. If this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] is a self-signed CertificateAuthority, this key
+   * is also used to sign the self-signed CA certificate. Otherwise, it
+   * is used to sign a CSR.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec key_spec = 5 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+   * </code>
+   *
+   * @return Whether the keySpec field is set.
+   */
+  @java.lang.Override
+  public boolean hasKeySpec() {
+    return keySpec_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. Immutable. Used when issuing certificates for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. If this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] is a self-signed CertificateAuthority, this key
+   * is also used to sign the self-signed CA certificate. Otherwise, it
+   * is used to sign a CSR.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec key_spec = 5 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+   * </code>
+   *
+   * @return The keySpec.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec getKeySpec() {
+    return keySpec_ == null
+        ? com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec
+            .getDefaultInstance()
+        : keySpec_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. Immutable. Used when issuing certificates for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. If this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] is a self-signed CertificateAuthority, this key
+   * is also used to sign the self-signed CA certificate. Otherwise, it
+   * is used to sign a CSR.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec key_spec = 5 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpecOrBuilder
+      getKeySpecOrBuilder() {
+    return getKeySpec();
+  }
+
+  public static final int SUBORDINATE_CONFIG_FIELD_NUMBER = 6;
+  private com.google.cloud.security.privateca.v1.SubordinateConfig subordinateConfig_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. If this is a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], this field will be set
+   * with the subordinate configuration, which describes its issuers. This may
+   * be updated, but this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] must continue to validate.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.SubordinateConfig subordinate_config = 6 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return Whether the subordinateConfig field is set.
+   */
+  @java.lang.Override
+  public boolean hasSubordinateConfig() {
+    return subordinateConfig_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. If this is a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], this field will be set
+   * with the subordinate configuration, which describes its issuers. This may
+   * be updated, but this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] must continue to validate.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.SubordinateConfig subordinate_config = 6 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return The subordinateConfig.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.SubordinateConfig getSubordinateConfig() {
+    return subordinateConfig_ == null
+        ? com.google.cloud.security.privateca.v1.SubordinateConfig.getDefaultInstance()
+        : subordinateConfig_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. If this is a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], this field will be set
+   * with the subordinate configuration, which describes its issuers. This may
+   * be updated, but this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] must continue to validate.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.SubordinateConfig subordinate_config = 6 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.SubordinateConfigOrBuilder
+      getSubordinateConfigOrBuilder() {
+    return getSubordinateConfig();
+  }
+
+  public static final int TIER_FIELD_NUMBER = 7;
+  private int tier_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier] of the [CaPool][google.cloud.security.privateca.v1.CaPool] that includes this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CaPool.Tier tier = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The enum numeric value on the wire for tier.
+   */
+  @java.lang.Override
+  public int getTierValue() {
+    return tier_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier] of the [CaPool][google.cloud.security.privateca.v1.CaPool] that includes this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CaPool.Tier tier = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The tier.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CaPool.Tier getTier() {
+    @SuppressWarnings("deprecation")
+    com.google.cloud.security.privateca.v1.CaPool.Tier result =
+        com.google.cloud.security.privateca.v1.CaPool.Tier.valueOf(tier_);
+    return result == null
+        ? com.google.cloud.security.privateca.v1.CaPool.Tier.UNRECOGNIZED
+        : result;
+  }
+
+  public static final int STATE_FIELD_NUMBER = 8;
+  private int state_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The [State][google.cloud.security.privateca.v1.CertificateAuthority.State] for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateAuthority.State state = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The enum numeric value on the wire for state.
+   */
+  @java.lang.Override
+  public int getStateValue() {
+    return state_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The [State][google.cloud.security.privateca.v1.CertificateAuthority.State] for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateAuthority.State state = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The state.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateAuthority.State getState() {
+    @SuppressWarnings("deprecation")
+    com.google.cloud.security.privateca.v1.CertificateAuthority.State result =
+        com.google.cloud.security.privateca.v1.CertificateAuthority.State.valueOf(state_);
+    return result == null
+        ? com.google.cloud.security.privateca.v1.CertificateAuthority.State.UNRECOGNIZED
+        : result;
+  }
+
+  public static final int PEM_CA_CERTIFICATES_FIELD_NUMBER = 9;
+  private com.google.protobuf.LazyStringList pemCaCertificates_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. This [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate chain, including the current
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate. Ordered such that the root issuer
+   * is the final element (consistent with RFC 5246). For a self-signed CA, this
+   * will only list the current [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate.
+   * </pre>
+   *
+   * <code>repeated string pem_ca_certificates = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return A list containing the pemCaCertificates.
+   */
+  public com.google.protobuf.ProtocolStringList getPemCaCertificatesList() {
+    return pemCaCertificates_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. This [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate chain, including the current
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate. Ordered such that the root issuer
+   * is the final element (consistent with RFC 5246). For a self-signed CA, this
+   * will only list the current [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate.
+   * </pre>
+   *
+   * <code>repeated string pem_ca_certificates = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The count of pemCaCertificates.
+   */
+  public int getPemCaCertificatesCount() {
+    return pemCaCertificates_.size();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. This [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate chain, including the current
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate. Ordered such that the root issuer
+   * is the final element (consistent with RFC 5246). For a self-signed CA, this
+   * will only list the current [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate.
+   * </pre>
+   *
+   * <code>repeated string pem_ca_certificates = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @param index The index of the element to return.
+   * @return The pemCaCertificates at the given index.
+   */
+  public java.lang.String getPemCaCertificates(int index) {
+    return pemCaCertificates_.get(index);
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. This [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate chain, including the current
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate. Ordered such that the root issuer
+   * is the final element (consistent with RFC 5246). For a self-signed CA, this
+   * will only list the current [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate.
+   * </pre>
+   *
+   * <code>repeated string pem_ca_certificates = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @param index The index of the value to return.
+   * @return The bytes of the pemCaCertificates at the given index.
+   */
+  public com.google.protobuf.ByteString getPemCaCertificatesBytes(int index) {
+    return pemCaCertificates_.getByteString(index);
+  }
+
+  public static final int CA_CERTIFICATE_DESCRIPTIONS_FIELD_NUMBER = 10;
+  private java.util.List<com.google.cloud.security.privateca.v1.CertificateDescription>
+      caCertificateDescriptions_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. A structured description of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate
+   * and its issuers. Ordered as self-to-root.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateDescription ca_certificate_descriptions = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  @java.lang.Override
+  public java.util.List<com.google.cloud.security.privateca.v1.CertificateDescription>
+      getCaCertificateDescriptionsList() {
+    return caCertificateDescriptions_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. A structured description of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate
+   * and its issuers. Ordered as self-to-root.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateDescription ca_certificate_descriptions = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  @java.lang.Override
+  public java.util.List<
+          ? extends com.google.cloud.security.privateca.v1.CertificateDescriptionOrBuilder>
+      getCaCertificateDescriptionsOrBuilderList() {
+    return caCertificateDescriptions_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. A structured description of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate
+   * and its issuers. Ordered as self-to-root.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateDescription ca_certificate_descriptions = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  @java.lang.Override
+  public int getCaCertificateDescriptionsCount() {
+    return caCertificateDescriptions_.size();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. A structured description of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate
+   * and its issuers. Ordered as self-to-root.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateDescription ca_certificate_descriptions = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateDescription getCaCertificateDescriptions(
+      int index) {
+    return caCertificateDescriptions_.get(index);
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. A structured description of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate
+   * and its issuers. Ordered as self-to-root.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateDescription ca_certificate_descriptions = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateDescriptionOrBuilder
+      getCaCertificateDescriptionsOrBuilder(int index) {
+    return caCertificateDescriptions_.get(index);
+  }
+
+  public static final int GCS_BUCKET_FIELD_NUMBER = 11;
+  private volatile java.lang.Object gcsBucket_;
+  /**
+   *
+   *
+   * <pre>
+   * Immutable. The name of a Cloud Storage bucket where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will
+   * publish content, such as the CA certificate and CRLs. This must be a bucket
+   * name, without any prefixes (such as `gs://`) or suffixes (such as
+   * `.googleapis.com`). For example, to use a bucket named `my-bucket`, you
+   * would simply specify `my-bucket`. If not specified, a managed bucket will
+   * be created.
+   * </pre>
+   *
+   * <code>string gcs_bucket = 11 [(.google.api.field_behavior) = IMMUTABLE];</code>
+   *
+   * @return The gcsBucket.
+   */
+  @java.lang.Override
+  public java.lang.String getGcsBucket() {
+    java.lang.Object ref = gcsBucket_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      gcsBucket_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Immutable. The name of a Cloud Storage bucket where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will
+   * publish content, such as the CA certificate and CRLs. This must be a bucket
+   * name, without any prefixes (such as `gs://`) or suffixes (such as
+   * `.googleapis.com`). For example, to use a bucket named `my-bucket`, you
+   * would simply specify `my-bucket`. If not specified, a managed bucket will
+   * be created.
+   * </pre>
+   *
+   * <code>string gcs_bucket = 11 [(.google.api.field_behavior) = IMMUTABLE];</code>
+   *
+   * @return The bytes for gcsBucket.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getGcsBucketBytes() {
+    java.lang.Object ref = gcsBucket_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      gcsBucket_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int ACCESS_URLS_FIELD_NUMBER = 12;
+  private com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls accessUrls_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. URLs for accessing content published by this CA, such as the CA certificate
+   * and CRLs.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls access_urls = 12 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return Whether the accessUrls field is set.
+   */
+  @java.lang.Override
+  public boolean hasAccessUrls() {
+    return accessUrls_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. URLs for accessing content published by this CA, such as the CA certificate
+   * and CRLs.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls access_urls = 12 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The accessUrls.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls getAccessUrls() {
+    return accessUrls_ == null
+        ? com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls
+            .getDefaultInstance()
+        : accessUrls_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. URLs for accessing content published by this CA, such as the CA certificate
+   * and CRLs.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls access_urls = 12 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrlsOrBuilder
+      getAccessUrlsOrBuilder() {
+    return getAccessUrls();
+  }
+
+  public static final int CREATE_TIME_FIELD_NUMBER = 13;
+  private com.google.protobuf.Timestamp createTime_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was created.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp create_time = 13 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return Whether the createTime field is set.
+   */
+  @java.lang.Override
+  public boolean hasCreateTime() {
+    return createTime_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was created.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp create_time = 13 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The createTime.
+   */
+  @java.lang.Override
+  public com.google.protobuf.Timestamp getCreateTime() {
+    return createTime_ == null ? com.google.protobuf.Timestamp.getDefaultInstance() : createTime_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was created.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp create_time = 13 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.protobuf.TimestampOrBuilder getCreateTimeOrBuilder() {
+    return getCreateTime();
+  }
+
+  public static final int UPDATE_TIME_FIELD_NUMBER = 14;
+  private com.google.protobuf.Timestamp updateTime_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was last updated.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp update_time = 14 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return Whether the updateTime field is set.
+   */
+  @java.lang.Override
+  public boolean hasUpdateTime() {
+    return updateTime_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was last updated.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp update_time = 14 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The updateTime.
+   */
+  @java.lang.Override
+  public com.google.protobuf.Timestamp getUpdateTime() {
+    return updateTime_ == null ? com.google.protobuf.Timestamp.getDefaultInstance() : updateTime_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was last updated.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp update_time = 14 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.protobuf.TimestampOrBuilder getUpdateTimeOrBuilder() {
+    return getUpdateTime();
+  }
+
+  public static final int DELETE_TIME_FIELD_NUMBER = 15;
+  private com.google.protobuf.Timestamp deleteTime_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was soft deleted, if
+   * it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp delete_time = 15 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return Whether the deleteTime field is set.
+   */
+  @java.lang.Override
+  public boolean hasDeleteTime() {
+    return deleteTime_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was soft deleted, if
+   * it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp delete_time = 15 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The deleteTime.
+   */
+  @java.lang.Override
+  public com.google.protobuf.Timestamp getDeleteTime() {
+    return deleteTime_ == null ? com.google.protobuf.Timestamp.getDefaultInstance() : deleteTime_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was soft deleted, if
+   * it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp delete_time = 15 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.protobuf.TimestampOrBuilder getDeleteTimeOrBuilder() {
+    return getDeleteTime();
+  }
+
+  public static final int EXPIRE_TIME_FIELD_NUMBER = 16;
+  private com.google.protobuf.Timestamp expireTime_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be permanently purged,
+   * if it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp expire_time = 16 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return Whether the expireTime field is set.
+   */
+  @java.lang.Override
+  public boolean hasExpireTime() {
+    return expireTime_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be permanently purged,
+   * if it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp expire_time = 16 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The expireTime.
+   */
+  @java.lang.Override
+  public com.google.protobuf.Timestamp getExpireTime() {
+    return expireTime_ == null ? com.google.protobuf.Timestamp.getDefaultInstance() : expireTime_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be permanently purged,
+   * if it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp expire_time = 16 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.protobuf.TimestampOrBuilder getExpireTimeOrBuilder() {
+    return getExpireTime();
+  }
+
+  public static final int LABELS_FIELD_NUMBER = 17;
+
+  private static final class LabelsDefaultEntryHolder {
+    static final com.google.protobuf.MapEntry<java.lang.String, java.lang.String> defaultEntry =
+        com.google.protobuf.MapEntry.<java.lang.String, java.lang.String>newDefaultInstance(
+            com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+                .internal_static_google_cloud_security_privateca_v1_CertificateAuthority_LabelsEntry_descriptor,
+            com.google.protobuf.WireFormat.FieldType.STRING,
+            "",
+            com.google.protobuf.WireFormat.FieldType.STRING,
+            "");
+  }
+
+  private com.google.protobuf.MapField<java.lang.String, java.lang.String> labels_;
+
+  private com.google.protobuf.MapField<java.lang.String, java.lang.String> internalGetLabels() {
+    if (labels_ == null) {
+      return com.google.protobuf.MapField.emptyMapField(LabelsDefaultEntryHolder.defaultEntry);
+    }
+    return labels_;
+  }
+
+  public int getLabelsCount() {
+    return internalGetLabels().getMap().size();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 17 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  @java.lang.Override
+  public boolean containsLabels(java.lang.String key) {
+    if (key == null) {
+      throw new java.lang.NullPointerException();
+    }
+    return internalGetLabels().getMap().containsKey(key);
+  }
+  /** Use {@link #getLabelsMap()} instead. */
+  @java.lang.Override
+  @java.lang.Deprecated
+  public java.util.Map<java.lang.String, java.lang.String> getLabels() {
+    return getLabelsMap();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 17 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  @java.lang.Override
+  public java.util.Map<java.lang.String, java.lang.String> getLabelsMap() {
+    return internalGetLabels().getMap();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 17 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  @java.lang.Override
+  public java.lang.String getLabelsOrDefault(java.lang.String key, java.lang.String defaultValue) {
+    if (key == null) {
+      throw new java.lang.NullPointerException();
+    }
+    java.util.Map<java.lang.String, java.lang.String> map = internalGetLabels().getMap();
+    return map.containsKey(key) ? map.get(key) : defaultValue;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 17 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  @java.lang.Override
+  public java.lang.String getLabelsOrThrow(java.lang.String key) {
+    if (key == null) {
+      throw new java.lang.NullPointerException();
+    }
+    java.util.Map<java.lang.String, java.lang.String> map = internalGetLabels().getMap();
+    if (!map.containsKey(key)) {
+      throw new java.lang.IllegalArgumentException();
+    }
+    return map.get(key);
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!getNameBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, name_);
+    }
+    if (type_
+        != com.google.cloud.security.privateca.v1.CertificateAuthority.Type.TYPE_UNSPECIFIED
+            .getNumber()) {
+      output.writeEnum(2, type_);
+    }
+    if (config_ != null) {
+      output.writeMessage(3, getConfig());
+    }
+    if (lifetime_ != null) {
+      output.writeMessage(4, getLifetime());
+    }
+    if (keySpec_ != null) {
+      output.writeMessage(5, getKeySpec());
+    }
+    if (subordinateConfig_ != null) {
+      output.writeMessage(6, getSubordinateConfig());
+    }
+    if (tier_ != com.google.cloud.security.privateca.v1.CaPool.Tier.TIER_UNSPECIFIED.getNumber()) {
+      output.writeEnum(7, tier_);
+    }
+    if (state_
+        != com.google.cloud.security.privateca.v1.CertificateAuthority.State.STATE_UNSPECIFIED
+            .getNumber()) {
+      output.writeEnum(8, state_);
+    }
+    for (int i = 0; i < pemCaCertificates_.size(); i++) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 9, pemCaCertificates_.getRaw(i));
+    }
+    for (int i = 0; i < caCertificateDescriptions_.size(); i++) {
+      output.writeMessage(10, caCertificateDescriptions_.get(i));
+    }
+    if (!getGcsBucketBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 11, gcsBucket_);
+    }
+    if (accessUrls_ != null) {
+      output.writeMessage(12, getAccessUrls());
+    }
+    if (createTime_ != null) {
+      output.writeMessage(13, getCreateTime());
+    }
+    if (updateTime_ != null) {
+      output.writeMessage(14, getUpdateTime());
+    }
+    if (deleteTime_ != null) {
+      output.writeMessage(15, getDeleteTime());
+    }
+    if (expireTime_ != null) {
+      output.writeMessage(16, getExpireTime());
+    }
+    com.google.protobuf.GeneratedMessageV3.serializeStringMapTo(
+        output, internalGetLabels(), LabelsDefaultEntryHolder.defaultEntry, 17);
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!getNameBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, name_);
+    }
+    if (type_
+        != com.google.cloud.security.privateca.v1.CertificateAuthority.Type.TYPE_UNSPECIFIED
+            .getNumber()) {
+      size += com.google.protobuf.CodedOutputStream.computeEnumSize(2, type_);
+    }
+    if (config_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(3, getConfig());
+    }
+    if (lifetime_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(4, getLifetime());
+    }
+    if (keySpec_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(5, getKeySpec());
+    }
+    if (subordinateConfig_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(6, getSubordinateConfig());
+    }
+    if (tier_ != com.google.cloud.security.privateca.v1.CaPool.Tier.TIER_UNSPECIFIED.getNumber()) {
+      size += com.google.protobuf.CodedOutputStream.computeEnumSize(7, tier_);
+    }
+    if (state_
+        != com.google.cloud.security.privateca.v1.CertificateAuthority.State.STATE_UNSPECIFIED
+            .getNumber()) {
+      size += com.google.protobuf.CodedOutputStream.computeEnumSize(8, state_);
+    }
+    {
+      int dataSize = 0;
+      for (int i = 0; i < pemCaCertificates_.size(); i++) {
+        dataSize += computeStringSizeNoTag(pemCaCertificates_.getRaw(i));
+      }
+      size += dataSize;
+      size += 1 * getPemCaCertificatesList().size();
+    }
+    for (int i = 0; i < caCertificateDescriptions_.size(); i++) {
+      size +=
+          com.google.protobuf.CodedOutputStream.computeMessageSize(
+              10, caCertificateDescriptions_.get(i));
+    }
+    if (!getGcsBucketBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(11, gcsBucket_);
+    }
+    if (accessUrls_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(12, getAccessUrls());
+    }
+    if (createTime_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(13, getCreateTime());
+    }
+    if (updateTime_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(14, getUpdateTime());
+    }
+    if (deleteTime_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(15, getDeleteTime());
+    }
+    if (expireTime_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(16, getExpireTime());
+    }
+    for (java.util.Map.Entry<java.lang.String, java.lang.String> entry :
+        internalGetLabels().getMap().entrySet()) {
+      com.google.protobuf.MapEntry<java.lang.String, java.lang.String> labels__ =
+          LabelsDefaultEntryHolder.defaultEntry
+              .newBuilderForType()
+              .setKey(entry.getKey())
+              .setValue(entry.getValue())
+              .build();
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(17, labels__);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.security.privateca.v1.CertificateAuthority)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.CertificateAuthority other =
+        (com.google.cloud.security.privateca.v1.CertificateAuthority) obj;
+
+    if (!getName().equals(other.getName())) return false;
+    if (type_ != other.type_) return false;
+    if (hasConfig() != other.hasConfig()) return false;
+    if (hasConfig()) {
+      if (!getConfig().equals(other.getConfig())) return false;
+    }
+    if (hasLifetime() != other.hasLifetime()) return false;
+    if (hasLifetime()) {
+      if (!getLifetime().equals(other.getLifetime())) return false;
+    }
+    if (hasKeySpec() != other.hasKeySpec()) return false;
+    if (hasKeySpec()) {
+      if (!getKeySpec().equals(other.getKeySpec())) return false;
+    }
+    if (hasSubordinateConfig() != other.hasSubordinateConfig()) return false;
+    if (hasSubordinateConfig()) {
+      if (!getSubordinateConfig().equals(other.getSubordinateConfig())) return false;
+    }
+    if (tier_ != other.tier_) return false;
+    if (state_ != other.state_) return false;
+    if (!getPemCaCertificatesList().equals(other.getPemCaCertificatesList())) return false;
+    if (!getCaCertificateDescriptionsList().equals(other.getCaCertificateDescriptionsList()))
+      return false;
+    if (!getGcsBucket().equals(other.getGcsBucket())) return false;
+    if (hasAccessUrls() != other.hasAccessUrls()) return false;
+    if (hasAccessUrls()) {
+      if (!getAccessUrls().equals(other.getAccessUrls())) return false;
+    }
+    if (hasCreateTime() != other.hasCreateTime()) return false;
+    if (hasCreateTime()) {
+      if (!getCreateTime().equals(other.getCreateTime())) return false;
+    }
+    if (hasUpdateTime() != other.hasUpdateTime()) return false;
+    if (hasUpdateTime()) {
+      if (!getUpdateTime().equals(other.getUpdateTime())) return false;
+    }
+    if (hasDeleteTime() != other.hasDeleteTime()) return false;
+    if (hasDeleteTime()) {
+      if (!getDeleteTime().equals(other.getDeleteTime())) return false;
+    }
+    if (hasExpireTime() != other.hasExpireTime()) return false;
+    if (hasExpireTime()) {
+      if (!getExpireTime().equals(other.getExpireTime())) return false;
+    }
+    if (!internalGetLabels().equals(other.internalGetLabels())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + NAME_FIELD_NUMBER;
+    hash = (53 * hash) + getName().hashCode();
+    hash = (37 * hash) + TYPE_FIELD_NUMBER;
+    hash = (53 * hash) + type_;
+    if (hasConfig()) {
+      hash = (37 * hash) + CONFIG_FIELD_NUMBER;
+      hash = (53 * hash) + getConfig().hashCode();
+    }
+    if (hasLifetime()) {
+      hash = (37 * hash) + LIFETIME_FIELD_NUMBER;
+      hash = (53 * hash) + getLifetime().hashCode();
+    }
+    if (hasKeySpec()) {
+      hash = (37 * hash) + KEY_SPEC_FIELD_NUMBER;
+      hash = (53 * hash) + getKeySpec().hashCode();
+    }
+    if (hasSubordinateConfig()) {
+      hash = (37 * hash) + SUBORDINATE_CONFIG_FIELD_NUMBER;
+      hash = (53 * hash) + getSubordinateConfig().hashCode();
+    }
+    hash = (37 * hash) + TIER_FIELD_NUMBER;
+    hash = (53 * hash) + tier_;
+    hash = (37 * hash) + STATE_FIELD_NUMBER;
+    hash = (53 * hash) + state_;
+    if (getPemCaCertificatesCount() > 0) {
+      hash = (37 * hash) + PEM_CA_CERTIFICATES_FIELD_NUMBER;
+      hash = (53 * hash) + getPemCaCertificatesList().hashCode();
+    }
+    if (getCaCertificateDescriptionsCount() > 0) {
+      hash = (37 * hash) + CA_CERTIFICATE_DESCRIPTIONS_FIELD_NUMBER;
+      hash = (53 * hash) + getCaCertificateDescriptionsList().hashCode();
+    }
+    hash = (37 * hash) + GCS_BUCKET_FIELD_NUMBER;
+    hash = (53 * hash) + getGcsBucket().hashCode();
+    if (hasAccessUrls()) {
+      hash = (37 * hash) + ACCESS_URLS_FIELD_NUMBER;
+      hash = (53 * hash) + getAccessUrls().hashCode();
+    }
+    if (hasCreateTime()) {
+      hash = (37 * hash) + CREATE_TIME_FIELD_NUMBER;
+      hash = (53 * hash) + getCreateTime().hashCode();
+    }
+    if (hasUpdateTime()) {
+      hash = (37 * hash) + UPDATE_TIME_FIELD_NUMBER;
+      hash = (53 * hash) + getUpdateTime().hashCode();
+    }
+    if (hasDeleteTime()) {
+      hash = (37 * hash) + DELETE_TIME_FIELD_NUMBER;
+      hash = (53 * hash) + getDeleteTime().hashCode();
+    }
+    if (hasExpireTime()) {
+      hash = (37 * hash) + EXPIRE_TIME_FIELD_NUMBER;
+      hash = (53 * hash) + getExpireTime().hashCode();
+    }
+    if (!internalGetLabels().getMap().isEmpty()) {
+      hash = (37 * hash) + LABELS_FIELD_NUMBER;
+      hash = (53 * hash) + internalGetLabels().hashCode();
+    }
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateAuthority parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateAuthority parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateAuthority parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateAuthority parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateAuthority parseFrom(byte[] data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateAuthority parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateAuthority parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateAuthority parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateAuthority parseDelimitedFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateAuthority parseDelimitedFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateAuthority parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateAuthority parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.CertificateAuthority prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] represents an individual Certificate Authority.
+   * A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] can be used to create [Certificates][google.cloud.security.privateca.v1.Certificate].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.CertificateAuthority}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.CertificateAuthority)
+      com.google.cloud.security.privateca.v1.CertificateAuthorityOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CertificateAuthority_descriptor;
+    }
+
+    @SuppressWarnings({"rawtypes"})
+    protected com.google.protobuf.MapField internalGetMapField(int number) {
+      switch (number) {
+        case 17:
+          return internalGetLabels();
+        default:
+          throw new RuntimeException("Invalid map field number: " + number);
+      }
+    }
+
+    @SuppressWarnings({"rawtypes"})
+    protected com.google.protobuf.MapField internalGetMutableMapField(int number) {
+      switch (number) {
+        case 17:
+          return internalGetMutableLabels();
+        default:
+          throw new RuntimeException("Invalid map field number: " + number);
+      }
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CertificateAuthority_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.CertificateAuthority.class,
+              com.google.cloud.security.privateca.v1.CertificateAuthority.Builder.class);
+    }
+
+    // Construct using com.google.cloud.security.privateca.v1.CertificateAuthority.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {
+        getCaCertificateDescriptionsFieldBuilder();
+      }
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      name_ = "";
+
+      type_ = 0;
+
+      if (configBuilder_ == null) {
+        config_ = null;
+      } else {
+        config_ = null;
+        configBuilder_ = null;
+      }
+      if (lifetimeBuilder_ == null) {
+        lifetime_ = null;
+      } else {
+        lifetime_ = null;
+        lifetimeBuilder_ = null;
+      }
+      if (keySpecBuilder_ == null) {
+        keySpec_ = null;
+      } else {
+        keySpec_ = null;
+        keySpecBuilder_ = null;
+      }
+      if (subordinateConfigBuilder_ == null) {
+        subordinateConfig_ = null;
+      } else {
+        subordinateConfig_ = null;
+        subordinateConfigBuilder_ = null;
+      }
+      tier_ = 0;
+
+      state_ = 0;
+
+      pemCaCertificates_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000001);
+      if (caCertificateDescriptionsBuilder_ == null) {
+        caCertificateDescriptions_ = java.util.Collections.emptyList();
+        bitField0_ = (bitField0_ & ~0x00000002);
+      } else {
+        caCertificateDescriptionsBuilder_.clear();
+      }
+      gcsBucket_ = "";
+
+      if (accessUrlsBuilder_ == null) {
+        accessUrls_ = null;
+      } else {
+        accessUrls_ = null;
+        accessUrlsBuilder_ = null;
+      }
+      if (createTimeBuilder_ == null) {
+        createTime_ = null;
+      } else {
+        createTime_ = null;
+        createTimeBuilder_ = null;
+      }
+      if (updateTimeBuilder_ == null) {
+        updateTime_ = null;
+      } else {
+        updateTime_ = null;
+        updateTimeBuilder_ = null;
+      }
+      if (deleteTimeBuilder_ == null) {
+        deleteTime_ = null;
+      } else {
+        deleteTime_ = null;
+        deleteTimeBuilder_ = null;
+      }
+      if (expireTimeBuilder_ == null) {
+        expireTime_ = null;
+      } else {
+        expireTime_ = null;
+        expireTimeBuilder_ = null;
+      }
+      internalGetMutableLabels().clear();
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CertificateAuthority_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CertificateAuthority getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.CertificateAuthority.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CertificateAuthority build() {
+      com.google.cloud.security.privateca.v1.CertificateAuthority result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CertificateAuthority buildPartial() {
+      com.google.cloud.security.privateca.v1.CertificateAuthority result =
+          new com.google.cloud.security.privateca.v1.CertificateAuthority(this);
+      int from_bitField0_ = bitField0_;
+      result.name_ = name_;
+      result.type_ = type_;
+      if (configBuilder_ == null) {
+        result.config_ = config_;
+      } else {
+        result.config_ = configBuilder_.build();
+      }
+      if (lifetimeBuilder_ == null) {
+        result.lifetime_ = lifetime_;
+      } else {
+        result.lifetime_ = lifetimeBuilder_.build();
+      }
+      if (keySpecBuilder_ == null) {
+        result.keySpec_ = keySpec_;
+      } else {
+        result.keySpec_ = keySpecBuilder_.build();
+      }
+      if (subordinateConfigBuilder_ == null) {
+        result.subordinateConfig_ = subordinateConfig_;
+      } else {
+        result.subordinateConfig_ = subordinateConfigBuilder_.build();
+      }
+      result.tier_ = tier_;
+      result.state_ = state_;
+      if (((bitField0_ & 0x00000001) != 0)) {
+        pemCaCertificates_ = pemCaCertificates_.getUnmodifiableView();
+        bitField0_ = (bitField0_ & ~0x00000001);
+      }
+      result.pemCaCertificates_ = pemCaCertificates_;
+      if (caCertificateDescriptionsBuilder_ == null) {
+        if (((bitField0_ & 0x00000002) != 0)) {
+          caCertificateDescriptions_ =
+              java.util.Collections.unmodifiableList(caCertificateDescriptions_);
+          bitField0_ = (bitField0_ & ~0x00000002);
+        }
+        result.caCertificateDescriptions_ = caCertificateDescriptions_;
+      } else {
+        result.caCertificateDescriptions_ = caCertificateDescriptionsBuilder_.build();
+      }
+      result.gcsBucket_ = gcsBucket_;
+      if (accessUrlsBuilder_ == null) {
+        result.accessUrls_ = accessUrls_;
+      } else {
+        result.accessUrls_ = accessUrlsBuilder_.build();
+      }
+      if (createTimeBuilder_ == null) {
+        result.createTime_ = createTime_;
+      } else {
+        result.createTime_ = createTimeBuilder_.build();
+      }
+      if (updateTimeBuilder_ == null) {
+        result.updateTime_ = updateTime_;
+      } else {
+        result.updateTime_ = updateTimeBuilder_.build();
+      }
+      if (deleteTimeBuilder_ == null) {
+        result.deleteTime_ = deleteTime_;
+      } else {
+        result.deleteTime_ = deleteTimeBuilder_.build();
+      }
+      if (expireTimeBuilder_ == null) {
+        result.expireTime_ = expireTime_;
+      } else {
+        result.expireTime_ = expireTimeBuilder_.build();
+      }
+      result.labels_ = internalGetLabels();
+      result.labels_.makeImmutable();
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.security.privateca.v1.CertificateAuthority) {
+        return mergeFrom((com.google.cloud.security.privateca.v1.CertificateAuthority) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(com.google.cloud.security.privateca.v1.CertificateAuthority other) {
+      if (other == com.google.cloud.security.privateca.v1.CertificateAuthority.getDefaultInstance())
+        return this;
+      if (!other.getName().isEmpty()) {
+        name_ = other.name_;
+        onChanged();
+      }
+      if (other.type_ != 0) {
+        setTypeValue(other.getTypeValue());
+      }
+      if (other.hasConfig()) {
+        mergeConfig(other.getConfig());
+      }
+      if (other.hasLifetime()) {
+        mergeLifetime(other.getLifetime());
+      }
+      if (other.hasKeySpec()) {
+        mergeKeySpec(other.getKeySpec());
+      }
+      if (other.hasSubordinateConfig()) {
+        mergeSubordinateConfig(other.getSubordinateConfig());
+      }
+      if (other.tier_ != 0) {
+        setTierValue(other.getTierValue());
+      }
+      if (other.state_ != 0) {
+        setStateValue(other.getStateValue());
+      }
+      if (!other.pemCaCertificates_.isEmpty()) {
+        if (pemCaCertificates_.isEmpty()) {
+          pemCaCertificates_ = other.pemCaCertificates_;
+          bitField0_ = (bitField0_ & ~0x00000001);
+        } else {
+          ensurePemCaCertificatesIsMutable();
+          pemCaCertificates_.addAll(other.pemCaCertificates_);
+        }
+        onChanged();
+      }
+      if (caCertificateDescriptionsBuilder_ == null) {
+        if (!other.caCertificateDescriptions_.isEmpty()) {
+          if (caCertificateDescriptions_.isEmpty()) {
+            caCertificateDescriptions_ = other.caCertificateDescriptions_;
+            bitField0_ = (bitField0_ & ~0x00000002);
+          } else {
+            ensureCaCertificateDescriptionsIsMutable();
+            caCertificateDescriptions_.addAll(other.caCertificateDescriptions_);
+          }
+          onChanged();
+        }
+      } else {
+        if (!other.caCertificateDescriptions_.isEmpty()) {
+          if (caCertificateDescriptionsBuilder_.isEmpty()) {
+            caCertificateDescriptionsBuilder_.dispose();
+            caCertificateDescriptionsBuilder_ = null;
+            caCertificateDescriptions_ = other.caCertificateDescriptions_;
+            bitField0_ = (bitField0_ & ~0x00000002);
+            caCertificateDescriptionsBuilder_ =
+                com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders
+                    ? getCaCertificateDescriptionsFieldBuilder()
+                    : null;
+          } else {
+            caCertificateDescriptionsBuilder_.addAllMessages(other.caCertificateDescriptions_);
+          }
+        }
+      }
+      if (!other.getGcsBucket().isEmpty()) {
+        gcsBucket_ = other.gcsBucket_;
+        onChanged();
+      }
+      if (other.hasAccessUrls()) {
+        mergeAccessUrls(other.getAccessUrls());
+      }
+      if (other.hasCreateTime()) {
+        mergeCreateTime(other.getCreateTime());
+      }
+      if (other.hasUpdateTime()) {
+        mergeUpdateTime(other.getUpdateTime());
+      }
+      if (other.hasDeleteTime()) {
+        mergeDeleteTime(other.getDeleteTime());
+      }
+      if (other.hasExpireTime()) {
+        mergeExpireTime(other.getExpireTime());
+      }
+      internalGetMutableLabels().mergeFrom(other.internalGetLabels());
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.CertificateAuthority parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.CertificateAuthority) e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private int bitField0_;
+
+    private java.lang.Object name_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return The name.
+     */
+    public java.lang.String getName() {
+      java.lang.Object ref = name_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        name_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return The bytes for name.
+     */
+    public com.google.protobuf.ByteString getNameBytes() {
+      java.lang.Object ref = name_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        name_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @param value The name to set.
+     * @return This builder for chaining.
+     */
+    public Builder setName(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearName() {
+
+      name_ = getDefaultInstance().getName();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @param value The bytes for name to set.
+     * @return This builder for chaining.
+     */
+    public Builder setNameBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+
+    private int type_ = 0;
+    /**
+     *
+     *
+     * <pre>
+     * Required. Immutable. The [Type][google.cloud.security.privateca.v1.CertificateAuthority.Type] of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority.Type type = 2 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     *
+     * @return The enum numeric value on the wire for type.
+     */
+    @java.lang.Override
+    public int getTypeValue() {
+      return type_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Immutable. The [Type][google.cloud.security.privateca.v1.CertificateAuthority.Type] of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority.Type type = 2 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     *
+     * @param value The enum numeric value on the wire for type to set.
+     * @return This builder for chaining.
+     */
+    public Builder setTypeValue(int value) {
+
+      type_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Immutable. The [Type][google.cloud.security.privateca.v1.CertificateAuthority.Type] of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority.Type type = 2 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     *
+     * @return The type.
+     */
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CertificateAuthority.Type getType() {
+      @SuppressWarnings("deprecation")
+      com.google.cloud.security.privateca.v1.CertificateAuthority.Type result =
+          com.google.cloud.security.privateca.v1.CertificateAuthority.Type.valueOf(type_);
+      return result == null
+          ? com.google.cloud.security.privateca.v1.CertificateAuthority.Type.UNRECOGNIZED
+          : result;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Immutable. The [Type][google.cloud.security.privateca.v1.CertificateAuthority.Type] of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority.Type type = 2 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     *
+     * @param value The type to set.
+     * @return This builder for chaining.
+     */
+    public Builder setType(com.google.cloud.security.privateca.v1.CertificateAuthority.Type value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      type_ = value.getNumber();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Immutable. The [Type][google.cloud.security.privateca.v1.CertificateAuthority.Type] of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority.Type type = 2 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearType() {
+
+      type_ = 0;
+      onChanged();
+      return this;
+    }
+
+    private com.google.cloud.security.privateca.v1.CertificateConfig config_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateConfig,
+            com.google.cloud.security.privateca.v1.CertificateConfig.Builder,
+            com.google.cloud.security.privateca.v1.CertificateConfigOrBuilder>
+        configBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. Immutable. The config used to create a self-signed X.509 certificate or CSR.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateConfig config = 3 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     *
+     * @return Whether the config field is set.
+     */
+    public boolean hasConfig() {
+      return configBuilder_ != null || config_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Immutable. The config used to create a self-signed X.509 certificate or CSR.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateConfig config = 3 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     *
+     * @return The config.
+     */
+    public com.google.cloud.security.privateca.v1.CertificateConfig getConfig() {
+      if (configBuilder_ == null) {
+        return config_ == null
+            ? com.google.cloud.security.privateca.v1.CertificateConfig.getDefaultInstance()
+            : config_;
+      } else {
+        return configBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Immutable. The config used to create a self-signed X.509 certificate or CSR.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateConfig config = 3 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     */
+    public Builder setConfig(com.google.cloud.security.privateca.v1.CertificateConfig value) {
+      if (configBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        config_ = value;
+        onChanged();
+      } else {
+        configBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Immutable. The config used to create a self-signed X.509 certificate or CSR.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateConfig config = 3 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     */
+    public Builder setConfig(
+        com.google.cloud.security.privateca.v1.CertificateConfig.Builder builderForValue) {
+      if (configBuilder_ == null) {
+        config_ = builderForValue.build();
+        onChanged();
+      } else {
+        configBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Immutable. The config used to create a self-signed X.509 certificate or CSR.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateConfig config = 3 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     */
+    public Builder mergeConfig(com.google.cloud.security.privateca.v1.CertificateConfig value) {
+      if (configBuilder_ == null) {
+        if (config_ != null) {
+          config_ =
+              com.google.cloud.security.privateca.v1.CertificateConfig.newBuilder(config_)
+                  .mergeFrom(value)
+                  .buildPartial();
+        } else {
+          config_ = value;
+        }
+        onChanged();
+      } else {
+        configBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Immutable. The config used to create a self-signed X.509 certificate or CSR.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateConfig config = 3 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     */
+    public Builder clearConfig() {
+      if (configBuilder_ == null) {
+        config_ = null;
+        onChanged();
+      } else {
+        config_ = null;
+        configBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Immutable. The config used to create a self-signed X.509 certificate or CSR.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateConfig config = 3 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateConfig.Builder getConfigBuilder() {
+
+      onChanged();
+      return getConfigFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Immutable. The config used to create a self-signed X.509 certificate or CSR.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateConfig config = 3 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateConfigOrBuilder getConfigOrBuilder() {
+      if (configBuilder_ != null) {
+        return configBuilder_.getMessageOrBuilder();
+      } else {
+        return config_ == null
+            ? com.google.cloud.security.privateca.v1.CertificateConfig.getDefaultInstance()
+            : config_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Immutable. The config used to create a self-signed X.509 certificate or CSR.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateConfig config = 3 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateConfig,
+            com.google.cloud.security.privateca.v1.CertificateConfig.Builder,
+            com.google.cloud.security.privateca.v1.CertificateConfigOrBuilder>
+        getConfigFieldBuilder() {
+      if (configBuilder_ == null) {
+        configBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.CertificateConfig,
+                com.google.cloud.security.privateca.v1.CertificateConfig.Builder,
+                com.google.cloud.security.privateca.v1.CertificateConfigOrBuilder>(
+                getConfig(), getParentForChildren(), isClean());
+        config_ = null;
+      }
+      return configBuilder_;
+    }
+
+    private com.google.protobuf.Duration lifetime_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.Duration,
+            com.google.protobuf.Duration.Builder,
+            com.google.protobuf.DurationOrBuilder>
+        lifetimeBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. The desired lifetime of the CA certificate. Used to create the
+     * "not_before_time" and "not_after_time" fields inside an X.509
+     * certificate.
+     * </pre>
+     *
+     * <code>.google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return Whether the lifetime field is set.
+     */
+    public boolean hasLifetime() {
+      return lifetimeBuilder_ != null || lifetime_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The desired lifetime of the CA certificate. Used to create the
+     * "not_before_time" and "not_after_time" fields inside an X.509
+     * certificate.
+     * </pre>
+     *
+     * <code>.google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The lifetime.
+     */
+    public com.google.protobuf.Duration getLifetime() {
+      if (lifetimeBuilder_ == null) {
+        return lifetime_ == null ? com.google.protobuf.Duration.getDefaultInstance() : lifetime_;
+      } else {
+        return lifetimeBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The desired lifetime of the CA certificate. Used to create the
+     * "not_before_time" and "not_after_time" fields inside an X.509
+     * certificate.
+     * </pre>
+     *
+     * <code>.google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setLifetime(com.google.protobuf.Duration value) {
+      if (lifetimeBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        lifetime_ = value;
+        onChanged();
+      } else {
+        lifetimeBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The desired lifetime of the CA certificate. Used to create the
+     * "not_before_time" and "not_after_time" fields inside an X.509
+     * certificate.
+     * </pre>
+     *
+     * <code>.google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setLifetime(com.google.protobuf.Duration.Builder builderForValue) {
+      if (lifetimeBuilder_ == null) {
+        lifetime_ = builderForValue.build();
+        onChanged();
+      } else {
+        lifetimeBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The desired lifetime of the CA certificate. Used to create the
+     * "not_before_time" and "not_after_time" fields inside an X.509
+     * certificate.
+     * </pre>
+     *
+     * <code>.google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder mergeLifetime(com.google.protobuf.Duration value) {
+      if (lifetimeBuilder_ == null) {
+        if (lifetime_ != null) {
+          lifetime_ =
+              com.google.protobuf.Duration.newBuilder(lifetime_).mergeFrom(value).buildPartial();
+        } else {
+          lifetime_ = value;
+        }
+        onChanged();
+      } else {
+        lifetimeBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The desired lifetime of the CA certificate. Used to create the
+     * "not_before_time" and "not_after_time" fields inside an X.509
+     * certificate.
+     * </pre>
+     *
+     * <code>.google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder clearLifetime() {
+      if (lifetimeBuilder_ == null) {
+        lifetime_ = null;
+        onChanged();
+      } else {
+        lifetime_ = null;
+        lifetimeBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The desired lifetime of the CA certificate. Used to create the
+     * "not_before_time" and "not_after_time" fields inside an X.509
+     * certificate.
+     * </pre>
+     *
+     * <code>.google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public com.google.protobuf.Duration.Builder getLifetimeBuilder() {
+
+      onChanged();
+      return getLifetimeFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The desired lifetime of the CA certificate. Used to create the
+     * "not_before_time" and "not_after_time" fields inside an X.509
+     * certificate.
+     * </pre>
+     *
+     * <code>.google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public com.google.protobuf.DurationOrBuilder getLifetimeOrBuilder() {
+      if (lifetimeBuilder_ != null) {
+        return lifetimeBuilder_.getMessageOrBuilder();
+      } else {
+        return lifetime_ == null ? com.google.protobuf.Duration.getDefaultInstance() : lifetime_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The desired lifetime of the CA certificate. Used to create the
+     * "not_before_time" and "not_after_time" fields inside an X.509
+     * certificate.
+     * </pre>
+     *
+     * <code>.google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.Duration,
+            com.google.protobuf.Duration.Builder,
+            com.google.protobuf.DurationOrBuilder>
+        getLifetimeFieldBuilder() {
+      if (lifetimeBuilder_ == null) {
+        lifetimeBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.protobuf.Duration,
+                com.google.protobuf.Duration.Builder,
+                com.google.protobuf.DurationOrBuilder>(
+                getLifetime(), getParentForChildren(), isClean());
+        lifetime_ = null;
+      }
+      return lifetimeBuilder_;
+    }
+
+    private com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec keySpec_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec,
+            com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec.Builder,
+            com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpecOrBuilder>
+        keySpecBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. Immutable. Used when issuing certificates for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. If this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] is a self-signed CertificateAuthority, this key
+     * is also used to sign the self-signed CA certificate. Otherwise, it
+     * is used to sign a CSR.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec key_spec = 5 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     *
+     * @return Whether the keySpec field is set.
+     */
+    public boolean hasKeySpec() {
+      return keySpecBuilder_ != null || keySpec_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Immutable. Used when issuing certificates for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. If this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] is a self-signed CertificateAuthority, this key
+     * is also used to sign the self-signed CA certificate. Otherwise, it
+     * is used to sign a CSR.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec key_spec = 5 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     *
+     * @return The keySpec.
+     */
+    public com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec getKeySpec() {
+      if (keySpecBuilder_ == null) {
+        return keySpec_ == null
+            ? com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec
+                .getDefaultInstance()
+            : keySpec_;
+      } else {
+        return keySpecBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Immutable. Used when issuing certificates for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. If this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] is a self-signed CertificateAuthority, this key
+     * is also used to sign the self-signed CA certificate. Otherwise, it
+     * is used to sign a CSR.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec key_spec = 5 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     */
+    public Builder setKeySpec(
+        com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec value) {
+      if (keySpecBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        keySpec_ = value;
+        onChanged();
+      } else {
+        keySpecBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Immutable. Used when issuing certificates for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. If this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] is a self-signed CertificateAuthority, this key
+     * is also used to sign the self-signed CA certificate. Otherwise, it
+     * is used to sign a CSR.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec key_spec = 5 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     */
+    public Builder setKeySpec(
+        com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec.Builder
+            builderForValue) {
+      if (keySpecBuilder_ == null) {
+        keySpec_ = builderForValue.build();
+        onChanged();
+      } else {
+        keySpecBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Immutable. Used when issuing certificates for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. If this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] is a self-signed CertificateAuthority, this key
+     * is also used to sign the self-signed CA certificate. Otherwise, it
+     * is used to sign a CSR.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec key_spec = 5 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     */
+    public Builder mergeKeySpec(
+        com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec value) {
+      if (keySpecBuilder_ == null) {
+        if (keySpec_ != null) {
+          keySpec_ =
+              com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec.newBuilder(
+                      keySpec_)
+                  .mergeFrom(value)
+                  .buildPartial();
+        } else {
+          keySpec_ = value;
+        }
+        onChanged();
+      } else {
+        keySpecBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Immutable. Used when issuing certificates for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. If this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] is a self-signed CertificateAuthority, this key
+     * is also used to sign the self-signed CA certificate. Otherwise, it
+     * is used to sign a CSR.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec key_spec = 5 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     */
+    public Builder clearKeySpec() {
+      if (keySpecBuilder_ == null) {
+        keySpec_ = null;
+        onChanged();
+      } else {
+        keySpec_ = null;
+        keySpecBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Immutable. Used when issuing certificates for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. If this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] is a self-signed CertificateAuthority, this key
+     * is also used to sign the self-signed CA certificate. Otherwise, it
+     * is used to sign a CSR.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec key_spec = 5 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec.Builder
+        getKeySpecBuilder() {
+
+      onChanged();
+      return getKeySpecFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Immutable. Used when issuing certificates for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. If this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] is a self-signed CertificateAuthority, this key
+     * is also used to sign the self-signed CA certificate. Otherwise, it
+     * is used to sign a CSR.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec key_spec = 5 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpecOrBuilder
+        getKeySpecOrBuilder() {
+      if (keySpecBuilder_ != null) {
+        return keySpecBuilder_.getMessageOrBuilder();
+      } else {
+        return keySpec_ == null
+            ? com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec
+                .getDefaultInstance()
+            : keySpec_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Immutable. Used when issuing certificates for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. If this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] is a self-signed CertificateAuthority, this key
+     * is also used to sign the self-signed CA certificate. Otherwise, it
+     * is used to sign a CSR.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec key_spec = 5 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec,
+            com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec.Builder,
+            com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpecOrBuilder>
+        getKeySpecFieldBuilder() {
+      if (keySpecBuilder_ == null) {
+        keySpecBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec,
+                com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec.Builder,
+                com.google.cloud.security.privateca.v1.CertificateAuthority
+                    .KeyVersionSpecOrBuilder>(getKeySpec(), getParentForChildren(), isClean());
+        keySpec_ = null;
+      }
+      return keySpecBuilder_;
+    }
+
+    private com.google.cloud.security.privateca.v1.SubordinateConfig subordinateConfig_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.SubordinateConfig,
+            com.google.cloud.security.privateca.v1.SubordinateConfig.Builder,
+            com.google.cloud.security.privateca.v1.SubordinateConfigOrBuilder>
+        subordinateConfigBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Optional. If this is a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], this field will be set
+     * with the subordinate configuration, which describes its issuers. This may
+     * be updated, but this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] must continue to validate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.SubordinateConfig subordinate_config = 6 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return Whether the subordinateConfig field is set.
+     */
+    public boolean hasSubordinateConfig() {
+      return subordinateConfigBuilder_ != null || subordinateConfig_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. If this is a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], this field will be set
+     * with the subordinate configuration, which describes its issuers. This may
+     * be updated, but this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] must continue to validate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.SubordinateConfig subordinate_config = 6 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return The subordinateConfig.
+     */
+    public com.google.cloud.security.privateca.v1.SubordinateConfig getSubordinateConfig() {
+      if (subordinateConfigBuilder_ == null) {
+        return subordinateConfig_ == null
+            ? com.google.cloud.security.privateca.v1.SubordinateConfig.getDefaultInstance()
+            : subordinateConfig_;
+      } else {
+        return subordinateConfigBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. If this is a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], this field will be set
+     * with the subordinate configuration, which describes its issuers. This may
+     * be updated, but this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] must continue to validate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.SubordinateConfig subordinate_config = 6 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder setSubordinateConfig(
+        com.google.cloud.security.privateca.v1.SubordinateConfig value) {
+      if (subordinateConfigBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        subordinateConfig_ = value;
+        onChanged();
+      } else {
+        subordinateConfigBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. If this is a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], this field will be set
+     * with the subordinate configuration, which describes its issuers. This may
+     * be updated, but this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] must continue to validate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.SubordinateConfig subordinate_config = 6 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder setSubordinateConfig(
+        com.google.cloud.security.privateca.v1.SubordinateConfig.Builder builderForValue) {
+      if (subordinateConfigBuilder_ == null) {
+        subordinateConfig_ = builderForValue.build();
+        onChanged();
+      } else {
+        subordinateConfigBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. If this is a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], this field will be set
+     * with the subordinate configuration, which describes its issuers. This may
+     * be updated, but this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] must continue to validate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.SubordinateConfig subordinate_config = 6 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder mergeSubordinateConfig(
+        com.google.cloud.security.privateca.v1.SubordinateConfig value) {
+      if (subordinateConfigBuilder_ == null) {
+        if (subordinateConfig_ != null) {
+          subordinateConfig_ =
+              com.google.cloud.security.privateca.v1.SubordinateConfig.newBuilder(
+                      subordinateConfig_)
+                  .mergeFrom(value)
+                  .buildPartial();
+        } else {
+          subordinateConfig_ = value;
+        }
+        onChanged();
+      } else {
+        subordinateConfigBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. If this is a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], this field will be set
+     * with the subordinate configuration, which describes its issuers. This may
+     * be updated, but this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] must continue to validate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.SubordinateConfig subordinate_config = 6 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder clearSubordinateConfig() {
+      if (subordinateConfigBuilder_ == null) {
+        subordinateConfig_ = null;
+        onChanged();
+      } else {
+        subordinateConfig_ = null;
+        subordinateConfigBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. If this is a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], this field will be set
+     * with the subordinate configuration, which describes its issuers. This may
+     * be updated, but this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] must continue to validate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.SubordinateConfig subordinate_config = 6 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.SubordinateConfig.Builder
+        getSubordinateConfigBuilder() {
+
+      onChanged();
+      return getSubordinateConfigFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. If this is a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], this field will be set
+     * with the subordinate configuration, which describes its issuers. This may
+     * be updated, but this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] must continue to validate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.SubordinateConfig subordinate_config = 6 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.SubordinateConfigOrBuilder
+        getSubordinateConfigOrBuilder() {
+      if (subordinateConfigBuilder_ != null) {
+        return subordinateConfigBuilder_.getMessageOrBuilder();
+      } else {
+        return subordinateConfig_ == null
+            ? com.google.cloud.security.privateca.v1.SubordinateConfig.getDefaultInstance()
+            : subordinateConfig_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. If this is a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], this field will be set
+     * with the subordinate configuration, which describes its issuers. This may
+     * be updated, but this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] must continue to validate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.SubordinateConfig subordinate_config = 6 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.SubordinateConfig,
+            com.google.cloud.security.privateca.v1.SubordinateConfig.Builder,
+            com.google.cloud.security.privateca.v1.SubordinateConfigOrBuilder>
+        getSubordinateConfigFieldBuilder() {
+      if (subordinateConfigBuilder_ == null) {
+        subordinateConfigBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.SubordinateConfig,
+                com.google.cloud.security.privateca.v1.SubordinateConfig.Builder,
+                com.google.cloud.security.privateca.v1.SubordinateConfigOrBuilder>(
+                getSubordinateConfig(), getParentForChildren(), isClean());
+        subordinateConfig_ = null;
+      }
+      return subordinateConfigBuilder_;
+    }
+
+    private int tier_ = 0;
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier] of the [CaPool][google.cloud.security.privateca.v1.CaPool] that includes this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool.Tier tier = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return The enum numeric value on the wire for tier.
+     */
+    @java.lang.Override
+    public int getTierValue() {
+      return tier_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier] of the [CaPool][google.cloud.security.privateca.v1.CaPool] that includes this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool.Tier tier = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @param value The enum numeric value on the wire for tier to set.
+     * @return This builder for chaining.
+     */
+    public Builder setTierValue(int value) {
+
+      tier_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier] of the [CaPool][google.cloud.security.privateca.v1.CaPool] that includes this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool.Tier tier = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return The tier.
+     */
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CaPool.Tier getTier() {
+      @SuppressWarnings("deprecation")
+      com.google.cloud.security.privateca.v1.CaPool.Tier result =
+          com.google.cloud.security.privateca.v1.CaPool.Tier.valueOf(tier_);
+      return result == null
+          ? com.google.cloud.security.privateca.v1.CaPool.Tier.UNRECOGNIZED
+          : result;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier] of the [CaPool][google.cloud.security.privateca.v1.CaPool] that includes this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool.Tier tier = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @param value The tier to set.
+     * @return This builder for chaining.
+     */
+    public Builder setTier(com.google.cloud.security.privateca.v1.CaPool.Tier value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      tier_ = value.getNumber();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier] of the [CaPool][google.cloud.security.privateca.v1.CaPool] that includes this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool.Tier tier = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearTier() {
+
+      tier_ = 0;
+      onChanged();
+      return this;
+    }
+
+    private int state_ = 0;
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The [State][google.cloud.security.privateca.v1.CertificateAuthority.State] for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority.State state = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return The enum numeric value on the wire for state.
+     */
+    @java.lang.Override
+    public int getStateValue() {
+      return state_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The [State][google.cloud.security.privateca.v1.CertificateAuthority.State] for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority.State state = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @param value The enum numeric value on the wire for state to set.
+     * @return This builder for chaining.
+     */
+    public Builder setStateValue(int value) {
+
+      state_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The [State][google.cloud.security.privateca.v1.CertificateAuthority.State] for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority.State state = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return The state.
+     */
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CertificateAuthority.State getState() {
+      @SuppressWarnings("deprecation")
+      com.google.cloud.security.privateca.v1.CertificateAuthority.State result =
+          com.google.cloud.security.privateca.v1.CertificateAuthority.State.valueOf(state_);
+      return result == null
+          ? com.google.cloud.security.privateca.v1.CertificateAuthority.State.UNRECOGNIZED
+          : result;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The [State][google.cloud.security.privateca.v1.CertificateAuthority.State] for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority.State state = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @param value The state to set.
+     * @return This builder for chaining.
+     */
+    public Builder setState(
+        com.google.cloud.security.privateca.v1.CertificateAuthority.State value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      state_ = value.getNumber();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The [State][google.cloud.security.privateca.v1.CertificateAuthority.State] for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority.State state = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearState() {
+
+      state_ = 0;
+      onChanged();
+      return this;
+    }
+
+    private com.google.protobuf.LazyStringList pemCaCertificates_ =
+        com.google.protobuf.LazyStringArrayList.EMPTY;
+
+    private void ensurePemCaCertificatesIsMutable() {
+      if (!((bitField0_ & 0x00000001) != 0)) {
+        pemCaCertificates_ = new com.google.protobuf.LazyStringArrayList(pemCaCertificates_);
+        bitField0_ |= 0x00000001;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. This [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate chain, including the current
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate. Ordered such that the root issuer
+     * is the final element (consistent with RFC 5246). For a self-signed CA, this
+     * will only list the current [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate.
+     * </pre>
+     *
+     * <code>repeated string pem_ca_certificates = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return A list containing the pemCaCertificates.
+     */
+    public com.google.protobuf.ProtocolStringList getPemCaCertificatesList() {
+      return pemCaCertificates_.getUnmodifiableView();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. This [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate chain, including the current
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate. Ordered such that the root issuer
+     * is the final element (consistent with RFC 5246). For a self-signed CA, this
+     * will only list the current [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate.
+     * </pre>
+     *
+     * <code>repeated string pem_ca_certificates = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return The count of pemCaCertificates.
+     */
+    public int getPemCaCertificatesCount() {
+      return pemCaCertificates_.size();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. This [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate chain, including the current
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate. Ordered such that the root issuer
+     * is the final element (consistent with RFC 5246). For a self-signed CA, this
+     * will only list the current [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate.
+     * </pre>
+     *
+     * <code>repeated string pem_ca_certificates = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @param index The index of the element to return.
+     * @return The pemCaCertificates at the given index.
+     */
+    public java.lang.String getPemCaCertificates(int index) {
+      return pemCaCertificates_.get(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. This [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate chain, including the current
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate. Ordered such that the root issuer
+     * is the final element (consistent with RFC 5246). For a self-signed CA, this
+     * will only list the current [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate.
+     * </pre>
+     *
+     * <code>repeated string pem_ca_certificates = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @param index The index of the value to return.
+     * @return The bytes of the pemCaCertificates at the given index.
+     */
+    public com.google.protobuf.ByteString getPemCaCertificatesBytes(int index) {
+      return pemCaCertificates_.getByteString(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. This [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate chain, including the current
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate. Ordered such that the root issuer
+     * is the final element (consistent with RFC 5246). For a self-signed CA, this
+     * will only list the current [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate.
+     * </pre>
+     *
+     * <code>repeated string pem_ca_certificates = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @param index The index to set the value at.
+     * @param value The pemCaCertificates to set.
+     * @return This builder for chaining.
+     */
+    public Builder setPemCaCertificates(int index, java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensurePemCaCertificatesIsMutable();
+      pemCaCertificates_.set(index, value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. This [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate chain, including the current
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate. Ordered such that the root issuer
+     * is the final element (consistent with RFC 5246). For a self-signed CA, this
+     * will only list the current [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate.
+     * </pre>
+     *
+     * <code>repeated string pem_ca_certificates = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @param value The pemCaCertificates to add.
+     * @return This builder for chaining.
+     */
+    public Builder addPemCaCertificates(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensurePemCaCertificatesIsMutable();
+      pemCaCertificates_.add(value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. This [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate chain, including the current
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate. Ordered such that the root issuer
+     * is the final element (consistent with RFC 5246). For a self-signed CA, this
+     * will only list the current [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate.
+     * </pre>
+     *
+     * <code>repeated string pem_ca_certificates = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @param values The pemCaCertificates to add.
+     * @return This builder for chaining.
+     */
+    public Builder addAllPemCaCertificates(java.lang.Iterable<java.lang.String> values) {
+      ensurePemCaCertificatesIsMutable();
+      com.google.protobuf.AbstractMessageLite.Builder.addAll(values, pemCaCertificates_);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. This [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate chain, including the current
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate. Ordered such that the root issuer
+     * is the final element (consistent with RFC 5246). For a self-signed CA, this
+     * will only list the current [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate.
+     * </pre>
+     *
+     * <code>repeated string pem_ca_certificates = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearPemCaCertificates() {
+      pemCaCertificates_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000001);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. This [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate chain, including the current
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate. Ordered such that the root issuer
+     * is the final element (consistent with RFC 5246). For a self-signed CA, this
+     * will only list the current [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate.
+     * </pre>
+     *
+     * <code>repeated string pem_ca_certificates = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @param value The bytes of the pemCaCertificates to add.
+     * @return This builder for chaining.
+     */
+    public Builder addPemCaCertificatesBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+      ensurePemCaCertificatesIsMutable();
+      pemCaCertificates_.add(value);
+      onChanged();
+      return this;
+    }
+
+    private java.util.List<com.google.cloud.security.privateca.v1.CertificateDescription>
+        caCertificateDescriptions_ = java.util.Collections.emptyList();
+
+    private void ensureCaCertificateDescriptionsIsMutable() {
+      if (!((bitField0_ & 0x00000002) != 0)) {
+        caCertificateDescriptions_ =
+            new java.util.ArrayList<com.google.cloud.security.privateca.v1.CertificateDescription>(
+                caCertificateDescriptions_);
+        bitField0_ |= 0x00000002;
+      }
+    }
+
+    private com.google.protobuf.RepeatedFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateDescription,
+            com.google.cloud.security.privateca.v1.CertificateDescription.Builder,
+            com.google.cloud.security.privateca.v1.CertificateDescriptionOrBuilder>
+        caCertificateDescriptionsBuilder_;
+
+    /**
+     *
+     *
+     * <pre>
+     * Output only. A structured description of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate
+     * and its issuers. Ordered as self-to-root.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateDescription ca_certificate_descriptions = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public java.util.List<com.google.cloud.security.privateca.v1.CertificateDescription>
+        getCaCertificateDescriptionsList() {
+      if (caCertificateDescriptionsBuilder_ == null) {
+        return java.util.Collections.unmodifiableList(caCertificateDescriptions_);
+      } else {
+        return caCertificateDescriptionsBuilder_.getMessageList();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. A structured description of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate
+     * and its issuers. Ordered as self-to-root.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateDescription ca_certificate_descriptions = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public int getCaCertificateDescriptionsCount() {
+      if (caCertificateDescriptionsBuilder_ == null) {
+        return caCertificateDescriptions_.size();
+      } else {
+        return caCertificateDescriptionsBuilder_.getCount();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. A structured description of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate
+     * and its issuers. Ordered as self-to-root.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateDescription ca_certificate_descriptions = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateDescription
+        getCaCertificateDescriptions(int index) {
+      if (caCertificateDescriptionsBuilder_ == null) {
+        return caCertificateDescriptions_.get(index);
+      } else {
+        return caCertificateDescriptionsBuilder_.getMessage(index);
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. A structured description of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate
+     * and its issuers. Ordered as self-to-root.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateDescription ca_certificate_descriptions = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder setCaCertificateDescriptions(
+        int index, com.google.cloud.security.privateca.v1.CertificateDescription value) {
+      if (caCertificateDescriptionsBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureCaCertificateDescriptionsIsMutable();
+        caCertificateDescriptions_.set(index, value);
+        onChanged();
+      } else {
+        caCertificateDescriptionsBuilder_.setMessage(index, value);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. A structured description of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate
+     * and its issuers. Ordered as self-to-root.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateDescription ca_certificate_descriptions = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder setCaCertificateDescriptions(
+        int index,
+        com.google.cloud.security.privateca.v1.CertificateDescription.Builder builderForValue) {
+      if (caCertificateDescriptionsBuilder_ == null) {
+        ensureCaCertificateDescriptionsIsMutable();
+        caCertificateDescriptions_.set(index, builderForValue.build());
+        onChanged();
+      } else {
+        caCertificateDescriptionsBuilder_.setMessage(index, builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. A structured description of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate
+     * and its issuers. Ordered as self-to-root.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateDescription ca_certificate_descriptions = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder addCaCertificateDescriptions(
+        com.google.cloud.security.privateca.v1.CertificateDescription value) {
+      if (caCertificateDescriptionsBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureCaCertificateDescriptionsIsMutable();
+        caCertificateDescriptions_.add(value);
+        onChanged();
+      } else {
+        caCertificateDescriptionsBuilder_.addMessage(value);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. A structured description of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate
+     * and its issuers. Ordered as self-to-root.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateDescription ca_certificate_descriptions = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder addCaCertificateDescriptions(
+        int index, com.google.cloud.security.privateca.v1.CertificateDescription value) {
+      if (caCertificateDescriptionsBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureCaCertificateDescriptionsIsMutable();
+        caCertificateDescriptions_.add(index, value);
+        onChanged();
+      } else {
+        caCertificateDescriptionsBuilder_.addMessage(index, value);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. A structured description of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate
+     * and its issuers. Ordered as self-to-root.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateDescription ca_certificate_descriptions = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder addCaCertificateDescriptions(
+        com.google.cloud.security.privateca.v1.CertificateDescription.Builder builderForValue) {
+      if (caCertificateDescriptionsBuilder_ == null) {
+        ensureCaCertificateDescriptionsIsMutable();
+        caCertificateDescriptions_.add(builderForValue.build());
+        onChanged();
+      } else {
+        caCertificateDescriptionsBuilder_.addMessage(builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. A structured description of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate
+     * and its issuers. Ordered as self-to-root.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateDescription ca_certificate_descriptions = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder addCaCertificateDescriptions(
+        int index,
+        com.google.cloud.security.privateca.v1.CertificateDescription.Builder builderForValue) {
+      if (caCertificateDescriptionsBuilder_ == null) {
+        ensureCaCertificateDescriptionsIsMutable();
+        caCertificateDescriptions_.add(index, builderForValue.build());
+        onChanged();
+      } else {
+        caCertificateDescriptionsBuilder_.addMessage(index, builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. A structured description of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate
+     * and its issuers. Ordered as self-to-root.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateDescription ca_certificate_descriptions = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder addAllCaCertificateDescriptions(
+        java.lang.Iterable<? extends com.google.cloud.security.privateca.v1.CertificateDescription>
+            values) {
+      if (caCertificateDescriptionsBuilder_ == null) {
+        ensureCaCertificateDescriptionsIsMutable();
+        com.google.protobuf.AbstractMessageLite.Builder.addAll(values, caCertificateDescriptions_);
+        onChanged();
+      } else {
+        caCertificateDescriptionsBuilder_.addAllMessages(values);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. A structured description of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate
+     * and its issuers. Ordered as self-to-root.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateDescription ca_certificate_descriptions = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder clearCaCertificateDescriptions() {
+      if (caCertificateDescriptionsBuilder_ == null) {
+        caCertificateDescriptions_ = java.util.Collections.emptyList();
+        bitField0_ = (bitField0_ & ~0x00000002);
+        onChanged();
+      } else {
+        caCertificateDescriptionsBuilder_.clear();
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. A structured description of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate
+     * and its issuers. Ordered as self-to-root.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateDescription ca_certificate_descriptions = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder removeCaCertificateDescriptions(int index) {
+      if (caCertificateDescriptionsBuilder_ == null) {
+        ensureCaCertificateDescriptionsIsMutable();
+        caCertificateDescriptions_.remove(index);
+        onChanged();
+      } else {
+        caCertificateDescriptionsBuilder_.remove(index);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. A structured description of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate
+     * and its issuers. Ordered as self-to-root.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateDescription ca_certificate_descriptions = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateDescription.Builder
+        getCaCertificateDescriptionsBuilder(int index) {
+      return getCaCertificateDescriptionsFieldBuilder().getBuilder(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. A structured description of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate
+     * and its issuers. Ordered as self-to-root.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateDescription ca_certificate_descriptions = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateDescriptionOrBuilder
+        getCaCertificateDescriptionsOrBuilder(int index) {
+      if (caCertificateDescriptionsBuilder_ == null) {
+        return caCertificateDescriptions_.get(index);
+      } else {
+        return caCertificateDescriptionsBuilder_.getMessageOrBuilder(index);
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. A structured description of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate
+     * and its issuers. Ordered as self-to-root.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateDescription ca_certificate_descriptions = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public java.util.List<
+            ? extends com.google.cloud.security.privateca.v1.CertificateDescriptionOrBuilder>
+        getCaCertificateDescriptionsOrBuilderList() {
+      if (caCertificateDescriptionsBuilder_ != null) {
+        return caCertificateDescriptionsBuilder_.getMessageOrBuilderList();
+      } else {
+        return java.util.Collections.unmodifiableList(caCertificateDescriptions_);
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. A structured description of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate
+     * and its issuers. Ordered as self-to-root.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateDescription ca_certificate_descriptions = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateDescription.Builder
+        addCaCertificateDescriptionsBuilder() {
+      return getCaCertificateDescriptionsFieldBuilder()
+          .addBuilder(
+              com.google.cloud.security.privateca.v1.CertificateDescription.getDefaultInstance());
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. A structured description of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate
+     * and its issuers. Ordered as self-to-root.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateDescription ca_certificate_descriptions = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateDescription.Builder
+        addCaCertificateDescriptionsBuilder(int index) {
+      return getCaCertificateDescriptionsFieldBuilder()
+          .addBuilder(
+              index,
+              com.google.cloud.security.privateca.v1.CertificateDescription.getDefaultInstance());
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. A structured description of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate
+     * and its issuers. Ordered as self-to-root.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateDescription ca_certificate_descriptions = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public java.util.List<com.google.cloud.security.privateca.v1.CertificateDescription.Builder>
+        getCaCertificateDescriptionsBuilderList() {
+      return getCaCertificateDescriptionsFieldBuilder().getBuilderList();
+    }
+
+    private com.google.protobuf.RepeatedFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateDescription,
+            com.google.cloud.security.privateca.v1.CertificateDescription.Builder,
+            com.google.cloud.security.privateca.v1.CertificateDescriptionOrBuilder>
+        getCaCertificateDescriptionsFieldBuilder() {
+      if (caCertificateDescriptionsBuilder_ == null) {
+        caCertificateDescriptionsBuilder_ =
+            new com.google.protobuf.RepeatedFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.CertificateDescription,
+                com.google.cloud.security.privateca.v1.CertificateDescription.Builder,
+                com.google.cloud.security.privateca.v1.CertificateDescriptionOrBuilder>(
+                caCertificateDescriptions_,
+                ((bitField0_ & 0x00000002) != 0),
+                getParentForChildren(),
+                isClean());
+        caCertificateDescriptions_ = null;
+      }
+      return caCertificateDescriptionsBuilder_;
+    }
+
+    private java.lang.Object gcsBucket_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Immutable. The name of a Cloud Storage bucket where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will
+     * publish content, such as the CA certificate and CRLs. This must be a bucket
+     * name, without any prefixes (such as `gs://`) or suffixes (such as
+     * `.googleapis.com`). For example, to use a bucket named `my-bucket`, you
+     * would simply specify `my-bucket`. If not specified, a managed bucket will
+     * be created.
+     * </pre>
+     *
+     * <code>string gcs_bucket = 11 [(.google.api.field_behavior) = IMMUTABLE];</code>
+     *
+     * @return The gcsBucket.
+     */
+    public java.lang.String getGcsBucket() {
+      java.lang.Object ref = gcsBucket_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        gcsBucket_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Immutable. The name of a Cloud Storage bucket where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will
+     * publish content, such as the CA certificate and CRLs. This must be a bucket
+     * name, without any prefixes (such as `gs://`) or suffixes (such as
+     * `.googleapis.com`). For example, to use a bucket named `my-bucket`, you
+     * would simply specify `my-bucket`. If not specified, a managed bucket will
+     * be created.
+     * </pre>
+     *
+     * <code>string gcs_bucket = 11 [(.google.api.field_behavior) = IMMUTABLE];</code>
+     *
+     * @return The bytes for gcsBucket.
+     */
+    public com.google.protobuf.ByteString getGcsBucketBytes() {
+      java.lang.Object ref = gcsBucket_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        gcsBucket_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Immutable. The name of a Cloud Storage bucket where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will
+     * publish content, such as the CA certificate and CRLs. This must be a bucket
+     * name, without any prefixes (such as `gs://`) or suffixes (such as
+     * `.googleapis.com`). For example, to use a bucket named `my-bucket`, you
+     * would simply specify `my-bucket`. If not specified, a managed bucket will
+     * be created.
+     * </pre>
+     *
+     * <code>string gcs_bucket = 11 [(.google.api.field_behavior) = IMMUTABLE];</code>
+     *
+     * @param value The gcsBucket to set.
+     * @return This builder for chaining.
+     */
+    public Builder setGcsBucket(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      gcsBucket_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Immutable. The name of a Cloud Storage bucket where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will
+     * publish content, such as the CA certificate and CRLs. This must be a bucket
+     * name, without any prefixes (such as `gs://`) or suffixes (such as
+     * `.googleapis.com`). For example, to use a bucket named `my-bucket`, you
+     * would simply specify `my-bucket`. If not specified, a managed bucket will
+     * be created.
+     * </pre>
+     *
+     * <code>string gcs_bucket = 11 [(.google.api.field_behavior) = IMMUTABLE];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearGcsBucket() {
+
+      gcsBucket_ = getDefaultInstance().getGcsBucket();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Immutable. The name of a Cloud Storage bucket where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will
+     * publish content, such as the CA certificate and CRLs. This must be a bucket
+     * name, without any prefixes (such as `gs://`) or suffixes (such as
+     * `.googleapis.com`). For example, to use a bucket named `my-bucket`, you
+     * would simply specify `my-bucket`. If not specified, a managed bucket will
+     * be created.
+     * </pre>
+     *
+     * <code>string gcs_bucket = 11 [(.google.api.field_behavior) = IMMUTABLE];</code>
+     *
+     * @param value The bytes for gcsBucket to set.
+     * @return This builder for chaining.
+     */
+    public Builder setGcsBucketBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      gcsBucket_ = value;
+      onChanged();
+      return this;
+    }
+
+    private com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls accessUrls_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls,
+            com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls.Builder,
+            com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrlsOrBuilder>
+        accessUrlsBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Output only. URLs for accessing content published by this CA, such as the CA certificate
+     * and CRLs.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls access_urls = 12 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return Whether the accessUrls field is set.
+     */
+    public boolean hasAccessUrls() {
+      return accessUrlsBuilder_ != null || accessUrls_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. URLs for accessing content published by this CA, such as the CA certificate
+     * and CRLs.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls access_urls = 12 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return The accessUrls.
+     */
+    public com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls getAccessUrls() {
+      if (accessUrlsBuilder_ == null) {
+        return accessUrls_ == null
+            ? com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls
+                .getDefaultInstance()
+            : accessUrls_;
+      } else {
+        return accessUrlsBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. URLs for accessing content published by this CA, such as the CA certificate
+     * and CRLs.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls access_urls = 12 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder setAccessUrls(
+        com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls value) {
+      if (accessUrlsBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        accessUrls_ = value;
+        onChanged();
+      } else {
+        accessUrlsBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. URLs for accessing content published by this CA, such as the CA certificate
+     * and CRLs.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls access_urls = 12 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder setAccessUrls(
+        com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls.Builder
+            builderForValue) {
+      if (accessUrlsBuilder_ == null) {
+        accessUrls_ = builderForValue.build();
+        onChanged();
+      } else {
+        accessUrlsBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. URLs for accessing content published by this CA, such as the CA certificate
+     * and CRLs.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls access_urls = 12 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder mergeAccessUrls(
+        com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls value) {
+      if (accessUrlsBuilder_ == null) {
+        if (accessUrls_ != null) {
+          accessUrls_ =
+              com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls.newBuilder(
+                      accessUrls_)
+                  .mergeFrom(value)
+                  .buildPartial();
+        } else {
+          accessUrls_ = value;
+        }
+        onChanged();
+      } else {
+        accessUrlsBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. URLs for accessing content published by this CA, such as the CA certificate
+     * and CRLs.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls access_urls = 12 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder clearAccessUrls() {
+      if (accessUrlsBuilder_ == null) {
+        accessUrls_ = null;
+        onChanged();
+      } else {
+        accessUrls_ = null;
+        accessUrlsBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. URLs for accessing content published by this CA, such as the CA certificate
+     * and CRLs.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls access_urls = 12 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls.Builder
+        getAccessUrlsBuilder() {
+
+      onChanged();
+      return getAccessUrlsFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. URLs for accessing content published by this CA, such as the CA certificate
+     * and CRLs.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls access_urls = 12 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrlsOrBuilder
+        getAccessUrlsOrBuilder() {
+      if (accessUrlsBuilder_ != null) {
+        return accessUrlsBuilder_.getMessageOrBuilder();
+      } else {
+        return accessUrls_ == null
+            ? com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls
+                .getDefaultInstance()
+            : accessUrls_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. URLs for accessing content published by this CA, such as the CA certificate
+     * and CRLs.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls access_urls = 12 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls,
+            com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls.Builder,
+            com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrlsOrBuilder>
+        getAccessUrlsFieldBuilder() {
+      if (accessUrlsBuilder_ == null) {
+        accessUrlsBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls,
+                com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls.Builder,
+                com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrlsOrBuilder>(
+                getAccessUrls(), getParentForChildren(), isClean());
+        accessUrls_ = null;
+      }
+      return accessUrlsBuilder_;
+    }
+
+    private com.google.protobuf.Timestamp createTime_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.Timestamp,
+            com.google.protobuf.Timestamp.Builder,
+            com.google.protobuf.TimestampOrBuilder>
+        createTimeBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 13 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return Whether the createTime field is set.
+     */
+    public boolean hasCreateTime() {
+      return createTimeBuilder_ != null || createTime_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 13 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return The createTime.
+     */
+    public com.google.protobuf.Timestamp getCreateTime() {
+      if (createTimeBuilder_ == null) {
+        return createTime_ == null
+            ? com.google.protobuf.Timestamp.getDefaultInstance()
+            : createTime_;
+      } else {
+        return createTimeBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 13 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder setCreateTime(com.google.protobuf.Timestamp value) {
+      if (createTimeBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        createTime_ = value;
+        onChanged();
+      } else {
+        createTimeBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 13 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder setCreateTime(com.google.protobuf.Timestamp.Builder builderForValue) {
+      if (createTimeBuilder_ == null) {
+        createTime_ = builderForValue.build();
+        onChanged();
+      } else {
+        createTimeBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 13 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder mergeCreateTime(com.google.protobuf.Timestamp value) {
+      if (createTimeBuilder_ == null) {
+        if (createTime_ != null) {
+          createTime_ =
+              com.google.protobuf.Timestamp.newBuilder(createTime_).mergeFrom(value).buildPartial();
+        } else {
+          createTime_ = value;
+        }
+        onChanged();
+      } else {
+        createTimeBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 13 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder clearCreateTime() {
+      if (createTimeBuilder_ == null) {
+        createTime_ = null;
+        onChanged();
+      } else {
+        createTime_ = null;
+        createTimeBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 13 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.protobuf.Timestamp.Builder getCreateTimeBuilder() {
+
+      onChanged();
+      return getCreateTimeFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 13 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.protobuf.TimestampOrBuilder getCreateTimeOrBuilder() {
+      if (createTimeBuilder_ != null) {
+        return createTimeBuilder_.getMessageOrBuilder();
+      } else {
+        return createTime_ == null
+            ? com.google.protobuf.Timestamp.getDefaultInstance()
+            : createTime_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 13 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.Timestamp,
+            com.google.protobuf.Timestamp.Builder,
+            com.google.protobuf.TimestampOrBuilder>
+        getCreateTimeFieldBuilder() {
+      if (createTimeBuilder_ == null) {
+        createTimeBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.protobuf.Timestamp,
+                com.google.protobuf.Timestamp.Builder,
+                com.google.protobuf.TimestampOrBuilder>(
+                getCreateTime(), getParentForChildren(), isClean());
+        createTime_ = null;
+      }
+      return createTimeBuilder_;
+    }
+
+    private com.google.protobuf.Timestamp updateTime_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.Timestamp,
+            com.google.protobuf.Timestamp.Builder,
+            com.google.protobuf.TimestampOrBuilder>
+        updateTimeBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was last updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 14 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return Whether the updateTime field is set.
+     */
+    public boolean hasUpdateTime() {
+      return updateTimeBuilder_ != null || updateTime_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was last updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 14 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return The updateTime.
+     */
+    public com.google.protobuf.Timestamp getUpdateTime() {
+      if (updateTimeBuilder_ == null) {
+        return updateTime_ == null
+            ? com.google.protobuf.Timestamp.getDefaultInstance()
+            : updateTime_;
+      } else {
+        return updateTimeBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was last updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 14 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder setUpdateTime(com.google.protobuf.Timestamp value) {
+      if (updateTimeBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        updateTime_ = value;
+        onChanged();
+      } else {
+        updateTimeBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was last updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 14 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder setUpdateTime(com.google.protobuf.Timestamp.Builder builderForValue) {
+      if (updateTimeBuilder_ == null) {
+        updateTime_ = builderForValue.build();
+        onChanged();
+      } else {
+        updateTimeBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was last updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 14 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder mergeUpdateTime(com.google.protobuf.Timestamp value) {
+      if (updateTimeBuilder_ == null) {
+        if (updateTime_ != null) {
+          updateTime_ =
+              com.google.protobuf.Timestamp.newBuilder(updateTime_).mergeFrom(value).buildPartial();
+        } else {
+          updateTime_ = value;
+        }
+        onChanged();
+      } else {
+        updateTimeBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was last updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 14 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder clearUpdateTime() {
+      if (updateTimeBuilder_ == null) {
+        updateTime_ = null;
+        onChanged();
+      } else {
+        updateTime_ = null;
+        updateTimeBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was last updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 14 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.protobuf.Timestamp.Builder getUpdateTimeBuilder() {
+
+      onChanged();
+      return getUpdateTimeFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was last updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 14 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.protobuf.TimestampOrBuilder getUpdateTimeOrBuilder() {
+      if (updateTimeBuilder_ != null) {
+        return updateTimeBuilder_.getMessageOrBuilder();
+      } else {
+        return updateTime_ == null
+            ? com.google.protobuf.Timestamp.getDefaultInstance()
+            : updateTime_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was last updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 14 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.Timestamp,
+            com.google.protobuf.Timestamp.Builder,
+            com.google.protobuf.TimestampOrBuilder>
+        getUpdateTimeFieldBuilder() {
+      if (updateTimeBuilder_ == null) {
+        updateTimeBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.protobuf.Timestamp,
+                com.google.protobuf.Timestamp.Builder,
+                com.google.protobuf.TimestampOrBuilder>(
+                getUpdateTime(), getParentForChildren(), isClean());
+        updateTime_ = null;
+      }
+      return updateTimeBuilder_;
+    }
+
+    private com.google.protobuf.Timestamp deleteTime_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.Timestamp,
+            com.google.protobuf.Timestamp.Builder,
+            com.google.protobuf.TimestampOrBuilder>
+        deleteTimeBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was soft deleted, if
+     * it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp delete_time = 15 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return Whether the deleteTime field is set.
+     */
+    public boolean hasDeleteTime() {
+      return deleteTimeBuilder_ != null || deleteTime_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was soft deleted, if
+     * it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp delete_time = 15 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return The deleteTime.
+     */
+    public com.google.protobuf.Timestamp getDeleteTime() {
+      if (deleteTimeBuilder_ == null) {
+        return deleteTime_ == null
+            ? com.google.protobuf.Timestamp.getDefaultInstance()
+            : deleteTime_;
+      } else {
+        return deleteTimeBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was soft deleted, if
+     * it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp delete_time = 15 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder setDeleteTime(com.google.protobuf.Timestamp value) {
+      if (deleteTimeBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        deleteTime_ = value;
+        onChanged();
+      } else {
+        deleteTimeBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was soft deleted, if
+     * it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp delete_time = 15 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder setDeleteTime(com.google.protobuf.Timestamp.Builder builderForValue) {
+      if (deleteTimeBuilder_ == null) {
+        deleteTime_ = builderForValue.build();
+        onChanged();
+      } else {
+        deleteTimeBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was soft deleted, if
+     * it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp delete_time = 15 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder mergeDeleteTime(com.google.protobuf.Timestamp value) {
+      if (deleteTimeBuilder_ == null) {
+        if (deleteTime_ != null) {
+          deleteTime_ =
+              com.google.protobuf.Timestamp.newBuilder(deleteTime_).mergeFrom(value).buildPartial();
+        } else {
+          deleteTime_ = value;
+        }
+        onChanged();
+      } else {
+        deleteTimeBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was soft deleted, if
+     * it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp delete_time = 15 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder clearDeleteTime() {
+      if (deleteTimeBuilder_ == null) {
+        deleteTime_ = null;
+        onChanged();
+      } else {
+        deleteTime_ = null;
+        deleteTimeBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was soft deleted, if
+     * it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp delete_time = 15 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.protobuf.Timestamp.Builder getDeleteTimeBuilder() {
+
+      onChanged();
+      return getDeleteTimeFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was soft deleted, if
+     * it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp delete_time = 15 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.protobuf.TimestampOrBuilder getDeleteTimeOrBuilder() {
+      if (deleteTimeBuilder_ != null) {
+        return deleteTimeBuilder_.getMessageOrBuilder();
+      } else {
+        return deleteTime_ == null
+            ? com.google.protobuf.Timestamp.getDefaultInstance()
+            : deleteTime_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was soft deleted, if
+     * it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp delete_time = 15 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.Timestamp,
+            com.google.protobuf.Timestamp.Builder,
+            com.google.protobuf.TimestampOrBuilder>
+        getDeleteTimeFieldBuilder() {
+      if (deleteTimeBuilder_ == null) {
+        deleteTimeBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.protobuf.Timestamp,
+                com.google.protobuf.Timestamp.Builder,
+                com.google.protobuf.TimestampOrBuilder>(
+                getDeleteTime(), getParentForChildren(), isClean());
+        deleteTime_ = null;
+      }
+      return deleteTimeBuilder_;
+    }
+
+    private com.google.protobuf.Timestamp expireTime_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.Timestamp,
+            com.google.protobuf.Timestamp.Builder,
+            com.google.protobuf.TimestampOrBuilder>
+        expireTimeBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be permanently purged,
+     * if it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp expire_time = 16 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return Whether the expireTime field is set.
+     */
+    public boolean hasExpireTime() {
+      return expireTimeBuilder_ != null || expireTime_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be permanently purged,
+     * if it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp expire_time = 16 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return The expireTime.
+     */
+    public com.google.protobuf.Timestamp getExpireTime() {
+      if (expireTimeBuilder_ == null) {
+        return expireTime_ == null
+            ? com.google.protobuf.Timestamp.getDefaultInstance()
+            : expireTime_;
+      } else {
+        return expireTimeBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be permanently purged,
+     * if it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp expire_time = 16 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder setExpireTime(com.google.protobuf.Timestamp value) {
+      if (expireTimeBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        expireTime_ = value;
+        onChanged();
+      } else {
+        expireTimeBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be permanently purged,
+     * if it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp expire_time = 16 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder setExpireTime(com.google.protobuf.Timestamp.Builder builderForValue) {
+      if (expireTimeBuilder_ == null) {
+        expireTime_ = builderForValue.build();
+        onChanged();
+      } else {
+        expireTimeBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be permanently purged,
+     * if it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp expire_time = 16 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder mergeExpireTime(com.google.protobuf.Timestamp value) {
+      if (expireTimeBuilder_ == null) {
+        if (expireTime_ != null) {
+          expireTime_ =
+              com.google.protobuf.Timestamp.newBuilder(expireTime_).mergeFrom(value).buildPartial();
+        } else {
+          expireTime_ = value;
+        }
+        onChanged();
+      } else {
+        expireTimeBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be permanently purged,
+     * if it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp expire_time = 16 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder clearExpireTime() {
+      if (expireTimeBuilder_ == null) {
+        expireTime_ = null;
+        onChanged();
+      } else {
+        expireTime_ = null;
+        expireTimeBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be permanently purged,
+     * if it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp expire_time = 16 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.protobuf.Timestamp.Builder getExpireTimeBuilder() {
+
+      onChanged();
+      return getExpireTimeFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be permanently purged,
+     * if it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp expire_time = 16 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.protobuf.TimestampOrBuilder getExpireTimeOrBuilder() {
+      if (expireTimeBuilder_ != null) {
+        return expireTimeBuilder_.getMessageOrBuilder();
+      } else {
+        return expireTime_ == null
+            ? com.google.protobuf.Timestamp.getDefaultInstance()
+            : expireTime_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be permanently purged,
+     * if it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp expire_time = 16 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.Timestamp,
+            com.google.protobuf.Timestamp.Builder,
+            com.google.protobuf.TimestampOrBuilder>
+        getExpireTimeFieldBuilder() {
+      if (expireTimeBuilder_ == null) {
+        expireTimeBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.protobuf.Timestamp,
+                com.google.protobuf.Timestamp.Builder,
+                com.google.protobuf.TimestampOrBuilder>(
+                getExpireTime(), getParentForChildren(), isClean());
+        expireTime_ = null;
+      }
+      return expireTimeBuilder_;
+    }
+
+    private com.google.protobuf.MapField<java.lang.String, java.lang.String> labels_;
+
+    private com.google.protobuf.MapField<java.lang.String, java.lang.String> internalGetLabels() {
+      if (labels_ == null) {
+        return com.google.protobuf.MapField.emptyMapField(LabelsDefaultEntryHolder.defaultEntry);
+      }
+      return labels_;
+    }
+
+    private com.google.protobuf.MapField<java.lang.String, java.lang.String>
+        internalGetMutableLabels() {
+      onChanged();
+      ;
+      if (labels_ == null) {
+        labels_ = com.google.protobuf.MapField.newMapField(LabelsDefaultEntryHolder.defaultEntry);
+      }
+      if (!labels_.isMutable()) {
+        labels_ = labels_.copy();
+      }
+      return labels_;
+    }
+
+    public int getLabelsCount() {
+      return internalGetLabels().getMap().size();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Labels with user-defined metadata.
+     * </pre>
+     *
+     * <code>map&lt;string, string&gt; labels = 17 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    @java.lang.Override
+    public boolean containsLabels(java.lang.String key) {
+      if (key == null) {
+        throw new java.lang.NullPointerException();
+      }
+      return internalGetLabels().getMap().containsKey(key);
+    }
+    /** Use {@link #getLabelsMap()} instead. */
+    @java.lang.Override
+    @java.lang.Deprecated
+    public java.util.Map<java.lang.String, java.lang.String> getLabels() {
+      return getLabelsMap();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Labels with user-defined metadata.
+     * </pre>
+     *
+     * <code>map&lt;string, string&gt; labels = 17 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    @java.lang.Override
+    public java.util.Map<java.lang.String, java.lang.String> getLabelsMap() {
+      return internalGetLabels().getMap();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Labels with user-defined metadata.
+     * </pre>
+     *
+     * <code>map&lt;string, string&gt; labels = 17 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    @java.lang.Override
+    public java.lang.String getLabelsOrDefault(
+        java.lang.String key, java.lang.String defaultValue) {
+      if (key == null) {
+        throw new java.lang.NullPointerException();
+      }
+      java.util.Map<java.lang.String, java.lang.String> map = internalGetLabels().getMap();
+      return map.containsKey(key) ? map.get(key) : defaultValue;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Labels with user-defined metadata.
+     * </pre>
+     *
+     * <code>map&lt;string, string&gt; labels = 17 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    @java.lang.Override
+    public java.lang.String getLabelsOrThrow(java.lang.String key) {
+      if (key == null) {
+        throw new java.lang.NullPointerException();
+      }
+      java.util.Map<java.lang.String, java.lang.String> map = internalGetLabels().getMap();
+      if (!map.containsKey(key)) {
+        throw new java.lang.IllegalArgumentException();
+      }
+      return map.get(key);
+    }
+
+    public Builder clearLabels() {
+      internalGetMutableLabels().getMutableMap().clear();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Labels with user-defined metadata.
+     * </pre>
+     *
+     * <code>map&lt;string, string&gt; labels = 17 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    public Builder removeLabels(java.lang.String key) {
+      if (key == null) {
+        throw new java.lang.NullPointerException();
+      }
+      internalGetMutableLabels().getMutableMap().remove(key);
+      return this;
+    }
+    /** Use alternate mutation accessors instead. */
+    @java.lang.Deprecated
+    public java.util.Map<java.lang.String, java.lang.String> getMutableLabels() {
+      return internalGetMutableLabels().getMutableMap();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Labels with user-defined metadata.
+     * </pre>
+     *
+     * <code>map&lt;string, string&gt; labels = 17 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    public Builder putLabels(java.lang.String key, java.lang.String value) {
+      if (key == null) {
+        throw new java.lang.NullPointerException();
+      }
+      if (value == null) {
+        throw new java.lang.NullPointerException();
+      }
+      internalGetMutableLabels().getMutableMap().put(key, value);
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Labels with user-defined metadata.
+     * </pre>
+     *
+     * <code>map&lt;string, string&gt; labels = 17 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    public Builder putAllLabels(java.util.Map<java.lang.String, java.lang.String> values) {
+      internalGetMutableLabels().getMutableMap().putAll(values);
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.CertificateAuthority)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.CertificateAuthority)
+  private static final com.google.cloud.security.privateca.v1.CertificateAuthority DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.CertificateAuthority();
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateAuthority getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<CertificateAuthority> PARSER =
+      new com.google.protobuf.AbstractParser<CertificateAuthority>() {
+        @java.lang.Override
+        public CertificateAuthority parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new CertificateAuthority(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<CertificateAuthority> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<CertificateAuthority> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateAuthority getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateAuthorityName.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateAuthorityName.java
new file mode 100644
index 00000000..157402eb
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateAuthorityName.java
@@ -0,0 +1,269 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.cloud.security.privateca.v1;
+
+import com.google.api.pathtemplate.PathTemplate;
+import com.google.api.resourcenames.ResourceName;
+import com.google.common.base.Preconditions;
+import com.google.common.collect.ImmutableMap;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import javax.annotation.Generated;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS.
+@Generated("by gapic-generator-java")
+public class CertificateAuthorityName implements ResourceName {
+  private static final PathTemplate PROJECT_LOCATION_CA_POOL_CERTIFICATE_AUTHORITY =
+      PathTemplate.createWithoutUrlEncoding(
+          "projects/{project}/locations/{location}/caPools/{ca_pool}/certificateAuthorities/{certificate_authority}");
+  private volatile Map<String, String> fieldValuesMap;
+  private final String project;
+  private final String location;
+  private final String caPool;
+  private final String certificateAuthority;
+
+  @Deprecated
+  protected CertificateAuthorityName() {
+    project = null;
+    location = null;
+    caPool = null;
+    certificateAuthority = null;
+  }
+
+  private CertificateAuthorityName(Builder builder) {
+    project = Preconditions.checkNotNull(builder.getProject());
+    location = Preconditions.checkNotNull(builder.getLocation());
+    caPool = Preconditions.checkNotNull(builder.getCaPool());
+    certificateAuthority = Preconditions.checkNotNull(builder.getCertificateAuthority());
+  }
+
+  public String getProject() {
+    return project;
+  }
+
+  public String getLocation() {
+    return location;
+  }
+
+  public String getCaPool() {
+    return caPool;
+  }
+
+  public String getCertificateAuthority() {
+    return certificateAuthority;
+  }
+
+  public static Builder newBuilder() {
+    return new Builder();
+  }
+
+  public Builder toBuilder() {
+    return new Builder(this);
+  }
+
+  public static CertificateAuthorityName of(
+      String project, String location, String caPool, String certificateAuthority) {
+    return newBuilder()
+        .setProject(project)
+        .setLocation(location)
+        .setCaPool(caPool)
+        .setCertificateAuthority(certificateAuthority)
+        .build();
+  }
+
+  public static String format(
+      String project, String location, String caPool, String certificateAuthority) {
+    return newBuilder()
+        .setProject(project)
+        .setLocation(location)
+        .setCaPool(caPool)
+        .setCertificateAuthority(certificateAuthority)
+        .build()
+        .toString();
+  }
+
+  public static CertificateAuthorityName parse(String formattedString) {
+    if (formattedString.isEmpty()) {
+      return null;
+    }
+    Map<String, String> matchMap =
+        PROJECT_LOCATION_CA_POOL_CERTIFICATE_AUTHORITY.validatedMatch(
+            formattedString, "CertificateAuthorityName.parse: formattedString not in valid format");
+    return of(
+        matchMap.get("project"),
+        matchMap.get("location"),
+        matchMap.get("ca_pool"),
+        matchMap.get("certificate_authority"));
+  }
+
+  public static List<CertificateAuthorityName> parseList(List<String> formattedStrings) {
+    List<CertificateAuthorityName> list = new ArrayList<>(formattedStrings.size());
+    for (String formattedString : formattedStrings) {
+      list.add(parse(formattedString));
+    }
+    return list;
+  }
+
+  public static List<String> toStringList(List<CertificateAuthorityName> values) {
+    List<String> list = new ArrayList<>(values.size());
+    for (CertificateAuthorityName value : values) {
+      if (value == null) {
+        list.add("");
+      } else {
+        list.add(value.toString());
+      }
+    }
+    return list;
+  }
+
+  public static boolean isParsableFrom(String formattedString) {
+    return PROJECT_LOCATION_CA_POOL_CERTIFICATE_AUTHORITY.matches(formattedString);
+  }
+
+  @Override
+  public Map<String, String> getFieldValuesMap() {
+    if (fieldValuesMap == null) {
+      synchronized (this) {
+        if (fieldValuesMap == null) {
+          ImmutableMap.Builder<String, String> fieldMapBuilder = ImmutableMap.builder();
+          if (project != null) {
+            fieldMapBuilder.put("project", project);
+          }
+          if (location != null) {
+            fieldMapBuilder.put("location", location);
+          }
+          if (caPool != null) {
+            fieldMapBuilder.put("ca_pool", caPool);
+          }
+          if (certificateAuthority != null) {
+            fieldMapBuilder.put("certificate_authority", certificateAuthority);
+          }
+          fieldValuesMap = fieldMapBuilder.build();
+        }
+      }
+    }
+    return fieldValuesMap;
+  }
+
+  public String getFieldValue(String fieldName) {
+    return getFieldValuesMap().get(fieldName);
+  }
+
+  @Override
+  public String toString() {
+    return PROJECT_LOCATION_CA_POOL_CERTIFICATE_AUTHORITY.instantiate(
+        "project",
+        project,
+        "location",
+        location,
+        "ca_pool",
+        caPool,
+        "certificate_authority",
+        certificateAuthority);
+  }
+
+  @Override
+  public boolean equals(Object o) {
+    if (o == this) {
+      return true;
+    }
+    if (o != null || getClass() == o.getClass()) {
+      CertificateAuthorityName that = ((CertificateAuthorityName) o);
+      return Objects.equals(this.project, that.project)
+          && Objects.equals(this.location, that.location)
+          && Objects.equals(this.caPool, that.caPool)
+          && Objects.equals(this.certificateAuthority, that.certificateAuthority);
+    }
+    return false;
+  }
+
+  @Override
+  public int hashCode() {
+    int h = 1;
+    h *= 1000003;
+    h ^= Objects.hashCode(project);
+    h *= 1000003;
+    h ^= Objects.hashCode(location);
+    h *= 1000003;
+    h ^= Objects.hashCode(caPool);
+    h *= 1000003;
+    h ^= Objects.hashCode(certificateAuthority);
+    return h;
+  }
+
+  /**
+   * Builder for
+   * projects/{project}/locations/{location}/caPools/{ca_pool}/certificateAuthorities/{certificate_authority}.
+   */
+  public static class Builder {
+    private String project;
+    private String location;
+    private String caPool;
+    private String certificateAuthority;
+
+    protected Builder() {}
+
+    public String getProject() {
+      return project;
+    }
+
+    public String getLocation() {
+      return location;
+    }
+
+    public String getCaPool() {
+      return caPool;
+    }
+
+    public String getCertificateAuthority() {
+      return certificateAuthority;
+    }
+
+    public Builder setProject(String project) {
+      this.project = project;
+      return this;
+    }
+
+    public Builder setLocation(String location) {
+      this.location = location;
+      return this;
+    }
+
+    public Builder setCaPool(String caPool) {
+      this.caPool = caPool;
+      return this;
+    }
+
+    public Builder setCertificateAuthority(String certificateAuthority) {
+      this.certificateAuthority = certificateAuthority;
+      return this;
+    }
+
+    private Builder(CertificateAuthorityName certificateAuthorityName) {
+      project = certificateAuthorityName.project;
+      location = certificateAuthorityName.location;
+      caPool = certificateAuthorityName.caPool;
+      certificateAuthority = certificateAuthorityName.certificateAuthority;
+    }
+
+    public CertificateAuthorityName build() {
+      return new CertificateAuthorityName(this);
+    }
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateAuthorityOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateAuthorityOrBuilder.java
new file mode 100644
index 00000000..767d6338
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateAuthorityOrBuilder.java
@@ -0,0 +1,750 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/resources.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface CertificateAuthorityOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.CertificateAuthority)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The name.
+   */
+  java.lang.String getName();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+   * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The bytes for name.
+   */
+  com.google.protobuf.ByteString getNameBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. Immutable. The [Type][google.cloud.security.privateca.v1.CertificateAuthority.Type] of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateAuthority.Type type = 2 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+   * </code>
+   *
+   * @return The enum numeric value on the wire for type.
+   */
+  int getTypeValue();
+  /**
+   *
+   *
+   * <pre>
+   * Required. Immutable. The [Type][google.cloud.security.privateca.v1.CertificateAuthority.Type] of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateAuthority.Type type = 2 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+   * </code>
+   *
+   * @return The type.
+   */
+  com.google.cloud.security.privateca.v1.CertificateAuthority.Type getType();
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. Immutable. The config used to create a self-signed X.509 certificate or CSR.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateConfig config = 3 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+   * </code>
+   *
+   * @return Whether the config field is set.
+   */
+  boolean hasConfig();
+  /**
+   *
+   *
+   * <pre>
+   * Required. Immutable. The config used to create a self-signed X.509 certificate or CSR.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateConfig config = 3 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+   * </code>
+   *
+   * @return The config.
+   */
+  com.google.cloud.security.privateca.v1.CertificateConfig getConfig();
+  /**
+   *
+   *
+   * <pre>
+   * Required. Immutable. The config used to create a self-signed X.509 certificate or CSR.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateConfig config = 3 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.CertificateConfigOrBuilder getConfigOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. The desired lifetime of the CA certificate. Used to create the
+   * "not_before_time" and "not_after_time" fields inside an X.509
+   * certificate.
+   * </pre>
+   *
+   * <code>.google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED];</code>
+   *
+   * @return Whether the lifetime field is set.
+   */
+  boolean hasLifetime();
+  /**
+   *
+   *
+   * <pre>
+   * Required. The desired lifetime of the CA certificate. Used to create the
+   * "not_before_time" and "not_after_time" fields inside an X.509
+   * certificate.
+   * </pre>
+   *
+   * <code>.google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED];</code>
+   *
+   * @return The lifetime.
+   */
+  com.google.protobuf.Duration getLifetime();
+  /**
+   *
+   *
+   * <pre>
+   * Required. The desired lifetime of the CA certificate. Used to create the
+   * "not_before_time" and "not_after_time" fields inside an X.509
+   * certificate.
+   * </pre>
+   *
+   * <code>.google.protobuf.Duration lifetime = 4 [(.google.api.field_behavior) = REQUIRED];</code>
+   */
+  com.google.protobuf.DurationOrBuilder getLifetimeOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. Immutable. Used when issuing certificates for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. If this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] is a self-signed CertificateAuthority, this key
+   * is also used to sign the self-signed CA certificate. Otherwise, it
+   * is used to sign a CSR.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec key_spec = 5 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+   * </code>
+   *
+   * @return Whether the keySpec field is set.
+   */
+  boolean hasKeySpec();
+  /**
+   *
+   *
+   * <pre>
+   * Required. Immutable. Used when issuing certificates for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. If this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] is a self-signed CertificateAuthority, this key
+   * is also used to sign the self-signed CA certificate. Otherwise, it
+   * is used to sign a CSR.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec key_spec = 5 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+   * </code>
+   *
+   * @return The keySpec.
+   */
+  com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec getKeySpec();
+  /**
+   *
+   *
+   * <pre>
+   * Required. Immutable. Used when issuing certificates for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. If this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] is a self-signed CertificateAuthority, this key
+   * is also used to sign the self-signed CA certificate. Otherwise, it
+   * is used to sign a CSR.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec key_spec = 5 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpecOrBuilder
+      getKeySpecOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. If this is a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], this field will be set
+   * with the subordinate configuration, which describes its issuers. This may
+   * be updated, but this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] must continue to validate.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.SubordinateConfig subordinate_config = 6 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return Whether the subordinateConfig field is set.
+   */
+  boolean hasSubordinateConfig();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. If this is a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], this field will be set
+   * with the subordinate configuration, which describes its issuers. This may
+   * be updated, but this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] must continue to validate.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.SubordinateConfig subordinate_config = 6 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return The subordinateConfig.
+   */
+  com.google.cloud.security.privateca.v1.SubordinateConfig getSubordinateConfig();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. If this is a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], this field will be set
+   * with the subordinate configuration, which describes its issuers. This may
+   * be updated, but this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] must continue to validate.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.SubordinateConfig subordinate_config = 6 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.SubordinateConfigOrBuilder getSubordinateConfigOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier] of the [CaPool][google.cloud.security.privateca.v1.CaPool] that includes this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CaPool.Tier tier = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The enum numeric value on the wire for tier.
+   */
+  int getTierValue();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier] of the [CaPool][google.cloud.security.privateca.v1.CaPool] that includes this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CaPool.Tier tier = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The tier.
+   */
+  com.google.cloud.security.privateca.v1.CaPool.Tier getTier();
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The [State][google.cloud.security.privateca.v1.CertificateAuthority.State] for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateAuthority.State state = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The enum numeric value on the wire for state.
+   */
+  int getStateValue();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The [State][google.cloud.security.privateca.v1.CertificateAuthority.State] for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateAuthority.State state = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The state.
+   */
+  com.google.cloud.security.privateca.v1.CertificateAuthority.State getState();
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. This [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate chain, including the current
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate. Ordered such that the root issuer
+   * is the final element (consistent with RFC 5246). For a self-signed CA, this
+   * will only list the current [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate.
+   * </pre>
+   *
+   * <code>repeated string pem_ca_certificates = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return A list containing the pemCaCertificates.
+   */
+  java.util.List<java.lang.String> getPemCaCertificatesList();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. This [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate chain, including the current
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate. Ordered such that the root issuer
+   * is the final element (consistent with RFC 5246). For a self-signed CA, this
+   * will only list the current [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate.
+   * </pre>
+   *
+   * <code>repeated string pem_ca_certificates = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The count of pemCaCertificates.
+   */
+  int getPemCaCertificatesCount();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. This [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate chain, including the current
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate. Ordered such that the root issuer
+   * is the final element (consistent with RFC 5246). For a self-signed CA, this
+   * will only list the current [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate.
+   * </pre>
+   *
+   * <code>repeated string pem_ca_certificates = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @param index The index of the element to return.
+   * @return The pemCaCertificates at the given index.
+   */
+  java.lang.String getPemCaCertificates(int index);
+  /**
+   *
+   *
+   * <pre>
+   * Output only. This [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate chain, including the current
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate. Ordered such that the root issuer
+   * is the final element (consistent with RFC 5246). For a self-signed CA, this
+   * will only list the current [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate.
+   * </pre>
+   *
+   * <code>repeated string pem_ca_certificates = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @param index The index of the value to return.
+   * @return The bytes of the pemCaCertificates at the given index.
+   */
+  com.google.protobuf.ByteString getPemCaCertificatesBytes(int index);
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. A structured description of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate
+   * and its issuers. Ordered as self-to-root.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateDescription ca_certificate_descriptions = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  java.util.List<com.google.cloud.security.privateca.v1.CertificateDescription>
+      getCaCertificateDescriptionsList();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. A structured description of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate
+   * and its issuers. Ordered as self-to-root.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateDescription ca_certificate_descriptions = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.CertificateDescription getCaCertificateDescriptions(
+      int index);
+  /**
+   *
+   *
+   * <pre>
+   * Output only. A structured description of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate
+   * and its issuers. Ordered as self-to-root.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateDescription ca_certificate_descriptions = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  int getCaCertificateDescriptionsCount();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. A structured description of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate
+   * and its issuers. Ordered as self-to-root.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateDescription ca_certificate_descriptions = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  java.util.List<? extends com.google.cloud.security.privateca.v1.CertificateDescriptionOrBuilder>
+      getCaCertificateDescriptionsOrBuilderList();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. A structured description of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate
+   * and its issuers. Ordered as self-to-root.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateDescription ca_certificate_descriptions = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.CertificateDescriptionOrBuilder
+      getCaCertificateDescriptionsOrBuilder(int index);
+
+  /**
+   *
+   *
+   * <pre>
+   * Immutable. The name of a Cloud Storage bucket where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will
+   * publish content, such as the CA certificate and CRLs. This must be a bucket
+   * name, without any prefixes (such as `gs://`) or suffixes (such as
+   * `.googleapis.com`). For example, to use a bucket named `my-bucket`, you
+   * would simply specify `my-bucket`. If not specified, a managed bucket will
+   * be created.
+   * </pre>
+   *
+   * <code>string gcs_bucket = 11 [(.google.api.field_behavior) = IMMUTABLE];</code>
+   *
+   * @return The gcsBucket.
+   */
+  java.lang.String getGcsBucket();
+  /**
+   *
+   *
+   * <pre>
+   * Immutable. The name of a Cloud Storage bucket where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will
+   * publish content, such as the CA certificate and CRLs. This must be a bucket
+   * name, without any prefixes (such as `gs://`) or suffixes (such as
+   * `.googleapis.com`). For example, to use a bucket named `my-bucket`, you
+   * would simply specify `my-bucket`. If not specified, a managed bucket will
+   * be created.
+   * </pre>
+   *
+   * <code>string gcs_bucket = 11 [(.google.api.field_behavior) = IMMUTABLE];</code>
+   *
+   * @return The bytes for gcsBucket.
+   */
+  com.google.protobuf.ByteString getGcsBucketBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. URLs for accessing content published by this CA, such as the CA certificate
+   * and CRLs.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls access_urls = 12 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return Whether the accessUrls field is set.
+   */
+  boolean hasAccessUrls();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. URLs for accessing content published by this CA, such as the CA certificate
+   * and CRLs.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls access_urls = 12 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The accessUrls.
+   */
+  com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls getAccessUrls();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. URLs for accessing content published by this CA, such as the CA certificate
+   * and CRLs.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateAuthority.AccessUrls access_urls = 12 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.CertificateAuthority.AccessUrlsOrBuilder
+      getAccessUrlsOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was created.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp create_time = 13 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return Whether the createTime field is set.
+   */
+  boolean hasCreateTime();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was created.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp create_time = 13 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The createTime.
+   */
+  com.google.protobuf.Timestamp getCreateTime();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was created.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp create_time = 13 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  com.google.protobuf.TimestampOrBuilder getCreateTimeOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was last updated.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp update_time = 14 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return Whether the updateTime field is set.
+   */
+  boolean hasUpdateTime();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was last updated.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp update_time = 14 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The updateTime.
+   */
+  com.google.protobuf.Timestamp getUpdateTime();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was last updated.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp update_time = 14 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  com.google.protobuf.TimestampOrBuilder getUpdateTimeOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was soft deleted, if
+   * it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp delete_time = 15 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return Whether the deleteTime field is set.
+   */
+  boolean hasDeleteTime();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was soft deleted, if
+   * it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp delete_time = 15 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The deleteTime.
+   */
+  com.google.protobuf.Timestamp getDeleteTime();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was soft deleted, if
+   * it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp delete_time = 15 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  com.google.protobuf.TimestampOrBuilder getDeleteTimeOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be permanently purged,
+   * if it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp expire_time = 16 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return Whether the expireTime field is set.
+   */
+  boolean hasExpireTime();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be permanently purged,
+   * if it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp expire_time = 16 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The expireTime.
+   */
+  com.google.protobuf.Timestamp getExpireTime();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be permanently purged,
+   * if it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp expire_time = 16 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  com.google.protobuf.TimestampOrBuilder getExpireTimeOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 17 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  int getLabelsCount();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 17 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  boolean containsLabels(java.lang.String key);
+  /** Use {@link #getLabelsMap()} instead. */
+  @java.lang.Deprecated
+  java.util.Map<java.lang.String, java.lang.String> getLabels();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 17 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  java.util.Map<java.lang.String, java.lang.String> getLabelsMap();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 17 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  java.lang.String getLabelsOrDefault(java.lang.String key, java.lang.String defaultValue);
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 17 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  java.lang.String getLabelsOrThrow(java.lang.String key);
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateConfig.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateConfig.java
new file mode 100644
index 00000000..1a53a0bd
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateConfig.java
@@ -0,0 +1,2601 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/resources.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * A [CertificateConfig][google.cloud.security.privateca.v1.CertificateConfig] describes an X.509 certificate or CSR that is to be
+ * created, as an alternative to using ASN.1.
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.CertificateConfig}
+ */
+public final class CertificateConfig extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.CertificateConfig)
+    CertificateConfigOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use CertificateConfig.newBuilder() to construct.
+  private CertificateConfig(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private CertificateConfig() {}
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new CertificateConfig();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private CertificateConfig(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig.Builder
+                  subBuilder = null;
+              if (subjectConfig_ != null) {
+                subBuilder = subjectConfig_.toBuilder();
+              }
+              subjectConfig_ =
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig
+                          .parser(),
+                      extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(subjectConfig_);
+                subjectConfig_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 18:
+            {
+              com.google.cloud.security.privateca.v1.X509Parameters.Builder subBuilder = null;
+              if (x509Config_ != null) {
+                subBuilder = x509Config_.toBuilder();
+              }
+              x509Config_ =
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.X509Parameters.parser(),
+                      extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(x509Config_);
+                x509Config_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 26:
+            {
+              com.google.cloud.security.privateca.v1.PublicKey.Builder subBuilder = null;
+              if (publicKey_ != null) {
+                subBuilder = publicKey_.toBuilder();
+              }
+              publicKey_ =
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.PublicKey.parser(), extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(publicKey_);
+                publicKey_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+        .internal_static_google_cloud_security_privateca_v1_CertificateConfig_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+        .internal_static_google_cloud_security_privateca_v1_CertificateConfig_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.CertificateConfig.class,
+            com.google.cloud.security.privateca.v1.CertificateConfig.Builder.class);
+  }
+
+  public interface SubjectConfigOrBuilder
+      extends
+      // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig)
+      com.google.protobuf.MessageOrBuilder {
+
+    /**
+     *
+     *
+     * <pre>
+     * Required. Contains distinguished name fields such as the common name, location and
+     * organization.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.Subject subject = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return Whether the subject field is set.
+     */
+    boolean hasSubject();
+    /**
+     *
+     *
+     * <pre>
+     * Required. Contains distinguished name fields such as the common name, location and
+     * organization.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.Subject subject = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The subject.
+     */
+    com.google.cloud.security.privateca.v1.Subject getSubject();
+    /**
+     *
+     *
+     * <pre>
+     * Required. Contains distinguished name fields such as the common name, location and
+     * organization.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.Subject subject = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    com.google.cloud.security.privateca.v1.SubjectOrBuilder getSubjectOrBuilder();
+
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The subject alternative name fields.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.SubjectAltNames subject_alt_name = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return Whether the subjectAltName field is set.
+     */
+    boolean hasSubjectAltName();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The subject alternative name fields.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.SubjectAltNames subject_alt_name = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return The subjectAltName.
+     */
+    com.google.cloud.security.privateca.v1.SubjectAltNames getSubjectAltName();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The subject alternative name fields.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.SubjectAltNames subject_alt_name = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    com.google.cloud.security.privateca.v1.SubjectAltNamesOrBuilder getSubjectAltNameOrBuilder();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * These values are used to create the distinguished name and subject
+   * alternative name fields in an X.509 certificate.
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig}
+   */
+  public static final class SubjectConfig extends com.google.protobuf.GeneratedMessageV3
+      implements
+      // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig)
+      SubjectConfigOrBuilder {
+    private static final long serialVersionUID = 0L;
+    // Use SubjectConfig.newBuilder() to construct.
+    private SubjectConfig(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+      super(builder);
+    }
+
+    private SubjectConfig() {}
+
+    @java.lang.Override
+    @SuppressWarnings({"unused"})
+    protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+      return new SubjectConfig();
+    }
+
+    @java.lang.Override
+    public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+      return this.unknownFields;
+    }
+
+    private SubjectConfig(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      this();
+      if (extensionRegistry == null) {
+        throw new java.lang.NullPointerException();
+      }
+      com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+          com.google.protobuf.UnknownFieldSet.newBuilder();
+      try {
+        boolean done = false;
+        while (!done) {
+          int tag = input.readTag();
+          switch (tag) {
+            case 0:
+              done = true;
+              break;
+            case 10:
+              {
+                com.google.cloud.security.privateca.v1.Subject.Builder subBuilder = null;
+                if (subject_ != null) {
+                  subBuilder = subject_.toBuilder();
+                }
+                subject_ =
+                    input.readMessage(
+                        com.google.cloud.security.privateca.v1.Subject.parser(), extensionRegistry);
+                if (subBuilder != null) {
+                  subBuilder.mergeFrom(subject_);
+                  subject_ = subBuilder.buildPartial();
+                }
+
+                break;
+              }
+            case 18:
+              {
+                com.google.cloud.security.privateca.v1.SubjectAltNames.Builder subBuilder = null;
+                if (subjectAltName_ != null) {
+                  subBuilder = subjectAltName_.toBuilder();
+                }
+                subjectAltName_ =
+                    input.readMessage(
+                        com.google.cloud.security.privateca.v1.SubjectAltNames.parser(),
+                        extensionRegistry);
+                if (subBuilder != null) {
+                  subBuilder.mergeFrom(subjectAltName_);
+                  subjectAltName_ = subBuilder.buildPartial();
+                }
+
+                break;
+              }
+            default:
+              {
+                if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                  done = true;
+                }
+                break;
+              }
+          }
+        }
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        throw e.setUnfinishedMessage(this);
+      } catch (java.io.IOException e) {
+        throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+      } finally {
+        this.unknownFields = unknownFields.build();
+        makeExtensionsImmutable();
+      }
+    }
+
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CertificateConfig_SubjectConfig_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CertificateConfig_SubjectConfig_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig.class,
+              com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig.Builder.class);
+    }
+
+    public static final int SUBJECT_FIELD_NUMBER = 1;
+    private com.google.cloud.security.privateca.v1.Subject subject_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. Contains distinguished name fields such as the common name, location and
+     * organization.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.Subject subject = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return Whether the subject field is set.
+     */
+    @java.lang.Override
+    public boolean hasSubject() {
+      return subject_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Contains distinguished name fields such as the common name, location and
+     * organization.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.Subject subject = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The subject.
+     */
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.Subject getSubject() {
+      return subject_ == null
+          ? com.google.cloud.security.privateca.v1.Subject.getDefaultInstance()
+          : subject_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Contains distinguished name fields such as the common name, location and
+     * organization.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.Subject subject = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.SubjectOrBuilder getSubjectOrBuilder() {
+      return getSubject();
+    }
+
+    public static final int SUBJECT_ALT_NAME_FIELD_NUMBER = 2;
+    private com.google.cloud.security.privateca.v1.SubjectAltNames subjectAltName_;
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The subject alternative name fields.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.SubjectAltNames subject_alt_name = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return Whether the subjectAltName field is set.
+     */
+    @java.lang.Override
+    public boolean hasSubjectAltName() {
+      return subjectAltName_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The subject alternative name fields.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.SubjectAltNames subject_alt_name = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return The subjectAltName.
+     */
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.SubjectAltNames getSubjectAltName() {
+      return subjectAltName_ == null
+          ? com.google.cloud.security.privateca.v1.SubjectAltNames.getDefaultInstance()
+          : subjectAltName_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The subject alternative name fields.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.SubjectAltNames subject_alt_name = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.SubjectAltNamesOrBuilder
+        getSubjectAltNameOrBuilder() {
+      return getSubjectAltName();
+    }
+
+    private byte memoizedIsInitialized = -1;
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      byte isInitialized = memoizedIsInitialized;
+      if (isInitialized == 1) return true;
+      if (isInitialized == 0) return false;
+
+      memoizedIsInitialized = 1;
+      return true;
+    }
+
+    @java.lang.Override
+    public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+      if (subject_ != null) {
+        output.writeMessage(1, getSubject());
+      }
+      if (subjectAltName_ != null) {
+        output.writeMessage(2, getSubjectAltName());
+      }
+      unknownFields.writeTo(output);
+    }
+
+    @java.lang.Override
+    public int getSerializedSize() {
+      int size = memoizedSize;
+      if (size != -1) return size;
+
+      size = 0;
+      if (subject_ != null) {
+        size += com.google.protobuf.CodedOutputStream.computeMessageSize(1, getSubject());
+      }
+      if (subjectAltName_ != null) {
+        size += com.google.protobuf.CodedOutputStream.computeMessageSize(2, getSubjectAltName());
+      }
+      size += unknownFields.getSerializedSize();
+      memoizedSize = size;
+      return size;
+    }
+
+    @java.lang.Override
+    public boolean equals(final java.lang.Object obj) {
+      if (obj == this) {
+        return true;
+      }
+      if (!(obj
+          instanceof com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig)) {
+        return super.equals(obj);
+      }
+      com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig other =
+          (com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig) obj;
+
+      if (hasSubject() != other.hasSubject()) return false;
+      if (hasSubject()) {
+        if (!getSubject().equals(other.getSubject())) return false;
+      }
+      if (hasSubjectAltName() != other.hasSubjectAltName()) return false;
+      if (hasSubjectAltName()) {
+        if (!getSubjectAltName().equals(other.getSubjectAltName())) return false;
+      }
+      if (!unknownFields.equals(other.unknownFields)) return false;
+      return true;
+    }
+
+    @java.lang.Override
+    public int hashCode() {
+      if (memoizedHashCode != 0) {
+        return memoizedHashCode;
+      }
+      int hash = 41;
+      hash = (19 * hash) + getDescriptor().hashCode();
+      if (hasSubject()) {
+        hash = (37 * hash) + SUBJECT_FIELD_NUMBER;
+        hash = (53 * hash) + getSubject().hashCode();
+      }
+      if (hasSubjectAltName()) {
+        hash = (37 * hash) + SUBJECT_ALT_NAME_FIELD_NUMBER;
+        hash = (53 * hash) + getSubjectAltName().hashCode();
+      }
+      hash = (29 * hash) + unknownFields.hashCode();
+      memoizedHashCode = hash;
+      return hash;
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig parseFrom(
+        java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig parseFrom(
+        java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig parseFrom(
+        com.google.protobuf.ByteString data)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig parseFrom(
+        com.google.protobuf.ByteString data,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig parseFrom(
+        byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig parseFrom(
+        byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig parseFrom(
+        java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig parseFrom(
+        java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig
+        parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig
+        parseDelimitedFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig parseFrom(
+        com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig parseFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    @java.lang.Override
+    public Builder newBuilderForType() {
+      return newBuilder();
+    }
+
+    public static Builder newBuilder() {
+      return DEFAULT_INSTANCE.toBuilder();
+    }
+
+    public static Builder newBuilder(
+        com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig prototype) {
+      return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+    }
+
+    @java.lang.Override
+    public Builder toBuilder() {
+      return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+    }
+
+    @java.lang.Override
+    protected Builder newBuilderForType(
+        com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      Builder builder = new Builder(parent);
+      return builder;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * These values are used to create the distinguished name and subject
+     * alternative name fields in an X.509 certificate.
+     * </pre>
+     *
+     * Protobuf type {@code google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig}
+     */
+    public static final class Builder
+        extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+        implements
+        // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig)
+        com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfigOrBuilder {
+      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_CertificateConfig_SubjectConfig_descriptor;
+      }
+
+      @java.lang.Override
+      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+          internalGetFieldAccessorTable() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_CertificateConfig_SubjectConfig_fieldAccessorTable
+            .ensureFieldAccessorsInitialized(
+                com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig.class,
+                com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig.Builder
+                    .class);
+      }
+
+      // Construct using
+      // com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig.newBuilder()
+      private Builder() {
+        maybeForceBuilderInitialization();
+      }
+
+      private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+        super(parent);
+        maybeForceBuilderInitialization();
+      }
+
+      private void maybeForceBuilderInitialization() {
+        if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+      }
+
+      @java.lang.Override
+      public Builder clear() {
+        super.clear();
+        if (subjectBuilder_ == null) {
+          subject_ = null;
+        } else {
+          subject_ = null;
+          subjectBuilder_ = null;
+        }
+        if (subjectAltNameBuilder_ == null) {
+          subjectAltName_ = null;
+        } else {
+          subjectAltName_ = null;
+          subjectAltNameBuilder_ = null;
+        }
+        return this;
+      }
+
+      @java.lang.Override
+      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_CertificateConfig_SubjectConfig_descriptor;
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig
+          getDefaultInstanceForType() {
+        return com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig
+            .getDefaultInstance();
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig build() {
+        com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig result =
+            buildPartial();
+        if (!result.isInitialized()) {
+          throw newUninitializedMessageException(result);
+        }
+        return result;
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig buildPartial() {
+        com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig result =
+            new com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig(this);
+        if (subjectBuilder_ == null) {
+          result.subject_ = subject_;
+        } else {
+          result.subject_ = subjectBuilder_.build();
+        }
+        if (subjectAltNameBuilder_ == null) {
+          result.subjectAltName_ = subjectAltName_;
+        } else {
+          result.subjectAltName_ = subjectAltNameBuilder_.build();
+        }
+        onBuilt();
+        return result;
+      }
+
+      @java.lang.Override
+      public Builder clone() {
+        return super.clone();
+      }
+
+      @java.lang.Override
+      public Builder setField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.setField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+        return super.clearField(field);
+      }
+
+      @java.lang.Override
+      public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+        return super.clearOneof(oneof);
+      }
+
+      @java.lang.Override
+      public Builder setRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field,
+          int index,
+          java.lang.Object value) {
+        return super.setRepeatedField(field, index, value);
+      }
+
+      @java.lang.Override
+      public Builder addRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.addRepeatedField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(com.google.protobuf.Message other) {
+        if (other
+            instanceof com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig) {
+          return mergeFrom(
+              (com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig) other);
+        } else {
+          super.mergeFrom(other);
+          return this;
+        }
+      }
+
+      public Builder mergeFrom(
+          com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig other) {
+        if (other
+            == com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig
+                .getDefaultInstance()) return this;
+        if (other.hasSubject()) {
+          mergeSubject(other.getSubject());
+        }
+        if (other.hasSubjectAltName()) {
+          mergeSubjectAltName(other.getSubjectAltName());
+        }
+        this.mergeUnknownFields(other.unknownFields);
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final boolean isInitialized() {
+        return true;
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+        com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig parsedMessage = null;
+        try {
+          parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+        } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+          parsedMessage =
+              (com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig)
+                  e.getUnfinishedMessage();
+          throw e.unwrapIOException();
+        } finally {
+          if (parsedMessage != null) {
+            mergeFrom(parsedMessage);
+          }
+        }
+        return this;
+      }
+
+      private com.google.cloud.security.privateca.v1.Subject subject_;
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.cloud.security.privateca.v1.Subject,
+              com.google.cloud.security.privateca.v1.Subject.Builder,
+              com.google.cloud.security.privateca.v1.SubjectOrBuilder>
+          subjectBuilder_;
+      /**
+       *
+       *
+       * <pre>
+       * Required. Contains distinguished name fields such as the common name, location and
+       * organization.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.Subject subject = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       *
+       * @return Whether the subject field is set.
+       */
+      public boolean hasSubject() {
+        return subjectBuilder_ != null || subject_ != null;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. Contains distinguished name fields such as the common name, location and
+       * organization.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.Subject subject = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       *
+       * @return The subject.
+       */
+      public com.google.cloud.security.privateca.v1.Subject getSubject() {
+        if (subjectBuilder_ == null) {
+          return subject_ == null
+              ? com.google.cloud.security.privateca.v1.Subject.getDefaultInstance()
+              : subject_;
+        } else {
+          return subjectBuilder_.getMessage();
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. Contains distinguished name fields such as the common name, location and
+       * organization.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.Subject subject = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      public Builder setSubject(com.google.cloud.security.privateca.v1.Subject value) {
+        if (subjectBuilder_ == null) {
+          if (value == null) {
+            throw new NullPointerException();
+          }
+          subject_ = value;
+          onChanged();
+        } else {
+          subjectBuilder_.setMessage(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. Contains distinguished name fields such as the common name, location and
+       * organization.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.Subject subject = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      public Builder setSubject(
+          com.google.cloud.security.privateca.v1.Subject.Builder builderForValue) {
+        if (subjectBuilder_ == null) {
+          subject_ = builderForValue.build();
+          onChanged();
+        } else {
+          subjectBuilder_.setMessage(builderForValue.build());
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. Contains distinguished name fields such as the common name, location and
+       * organization.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.Subject subject = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      public Builder mergeSubject(com.google.cloud.security.privateca.v1.Subject value) {
+        if (subjectBuilder_ == null) {
+          if (subject_ != null) {
+            subject_ =
+                com.google.cloud.security.privateca.v1.Subject.newBuilder(subject_)
+                    .mergeFrom(value)
+                    .buildPartial();
+          } else {
+            subject_ = value;
+          }
+          onChanged();
+        } else {
+          subjectBuilder_.mergeFrom(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. Contains distinguished name fields such as the common name, location and
+       * organization.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.Subject subject = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      public Builder clearSubject() {
+        if (subjectBuilder_ == null) {
+          subject_ = null;
+          onChanged();
+        } else {
+          subject_ = null;
+          subjectBuilder_ = null;
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. Contains distinguished name fields such as the common name, location and
+       * organization.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.Subject subject = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      public com.google.cloud.security.privateca.v1.Subject.Builder getSubjectBuilder() {
+
+        onChanged();
+        return getSubjectFieldBuilder().getBuilder();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. Contains distinguished name fields such as the common name, location and
+       * organization.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.Subject subject = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      public com.google.cloud.security.privateca.v1.SubjectOrBuilder getSubjectOrBuilder() {
+        if (subjectBuilder_ != null) {
+          return subjectBuilder_.getMessageOrBuilder();
+        } else {
+          return subject_ == null
+              ? com.google.cloud.security.privateca.v1.Subject.getDefaultInstance()
+              : subject_;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. Contains distinguished name fields such as the common name, location and
+       * organization.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.Subject subject = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       */
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.cloud.security.privateca.v1.Subject,
+              com.google.cloud.security.privateca.v1.Subject.Builder,
+              com.google.cloud.security.privateca.v1.SubjectOrBuilder>
+          getSubjectFieldBuilder() {
+        if (subjectBuilder_ == null) {
+          subjectBuilder_ =
+              new com.google.protobuf.SingleFieldBuilderV3<
+                  com.google.cloud.security.privateca.v1.Subject,
+                  com.google.cloud.security.privateca.v1.Subject.Builder,
+                  com.google.cloud.security.privateca.v1.SubjectOrBuilder>(
+                  getSubject(), getParentForChildren(), isClean());
+          subject_ = null;
+        }
+        return subjectBuilder_;
+      }
+
+      private com.google.cloud.security.privateca.v1.SubjectAltNames subjectAltName_;
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.cloud.security.privateca.v1.SubjectAltNames,
+              com.google.cloud.security.privateca.v1.SubjectAltNames.Builder,
+              com.google.cloud.security.privateca.v1.SubjectAltNamesOrBuilder>
+          subjectAltNameBuilder_;
+      /**
+       *
+       *
+       * <pre>
+       * Optional. The subject alternative name fields.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.SubjectAltNames subject_alt_name = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       *
+       * @return Whether the subjectAltName field is set.
+       */
+      public boolean hasSubjectAltName() {
+        return subjectAltNameBuilder_ != null || subjectAltName_ != null;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. The subject alternative name fields.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.SubjectAltNames subject_alt_name = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       *
+       * @return The subjectAltName.
+       */
+      public com.google.cloud.security.privateca.v1.SubjectAltNames getSubjectAltName() {
+        if (subjectAltNameBuilder_ == null) {
+          return subjectAltName_ == null
+              ? com.google.cloud.security.privateca.v1.SubjectAltNames.getDefaultInstance()
+              : subjectAltName_;
+        } else {
+          return subjectAltNameBuilder_.getMessage();
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. The subject alternative name fields.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.SubjectAltNames subject_alt_name = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder setSubjectAltName(
+          com.google.cloud.security.privateca.v1.SubjectAltNames value) {
+        if (subjectAltNameBuilder_ == null) {
+          if (value == null) {
+            throw new NullPointerException();
+          }
+          subjectAltName_ = value;
+          onChanged();
+        } else {
+          subjectAltNameBuilder_.setMessage(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. The subject alternative name fields.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.SubjectAltNames subject_alt_name = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder setSubjectAltName(
+          com.google.cloud.security.privateca.v1.SubjectAltNames.Builder builderForValue) {
+        if (subjectAltNameBuilder_ == null) {
+          subjectAltName_ = builderForValue.build();
+          onChanged();
+        } else {
+          subjectAltNameBuilder_.setMessage(builderForValue.build());
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. The subject alternative name fields.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.SubjectAltNames subject_alt_name = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder mergeSubjectAltName(
+          com.google.cloud.security.privateca.v1.SubjectAltNames value) {
+        if (subjectAltNameBuilder_ == null) {
+          if (subjectAltName_ != null) {
+            subjectAltName_ =
+                com.google.cloud.security.privateca.v1.SubjectAltNames.newBuilder(subjectAltName_)
+                    .mergeFrom(value)
+                    .buildPartial();
+          } else {
+            subjectAltName_ = value;
+          }
+          onChanged();
+        } else {
+          subjectAltNameBuilder_.mergeFrom(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. The subject alternative name fields.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.SubjectAltNames subject_alt_name = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public Builder clearSubjectAltName() {
+        if (subjectAltNameBuilder_ == null) {
+          subjectAltName_ = null;
+          onChanged();
+        } else {
+          subjectAltName_ = null;
+          subjectAltNameBuilder_ = null;
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. The subject alternative name fields.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.SubjectAltNames subject_alt_name = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public com.google.cloud.security.privateca.v1.SubjectAltNames.Builder
+          getSubjectAltNameBuilder() {
+
+        onChanged();
+        return getSubjectAltNameFieldBuilder().getBuilder();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. The subject alternative name fields.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.SubjectAltNames subject_alt_name = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      public com.google.cloud.security.privateca.v1.SubjectAltNamesOrBuilder
+          getSubjectAltNameOrBuilder() {
+        if (subjectAltNameBuilder_ != null) {
+          return subjectAltNameBuilder_.getMessageOrBuilder();
+        } else {
+          return subjectAltName_ == null
+              ? com.google.cloud.security.privateca.v1.SubjectAltNames.getDefaultInstance()
+              : subjectAltName_;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. The subject alternative name fields.
+       * </pre>
+       *
+       * <code>
+       * .google.cloud.security.privateca.v1.SubjectAltNames subject_alt_name = 2 [(.google.api.field_behavior) = OPTIONAL];
+       * </code>
+       */
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.cloud.security.privateca.v1.SubjectAltNames,
+              com.google.cloud.security.privateca.v1.SubjectAltNames.Builder,
+              com.google.cloud.security.privateca.v1.SubjectAltNamesOrBuilder>
+          getSubjectAltNameFieldBuilder() {
+        if (subjectAltNameBuilder_ == null) {
+          subjectAltNameBuilder_ =
+              new com.google.protobuf.SingleFieldBuilderV3<
+                  com.google.cloud.security.privateca.v1.SubjectAltNames,
+                  com.google.cloud.security.privateca.v1.SubjectAltNames.Builder,
+                  com.google.cloud.security.privateca.v1.SubjectAltNamesOrBuilder>(
+                  getSubjectAltName(), getParentForChildren(), isClean());
+          subjectAltName_ = null;
+        }
+        return subjectAltNameBuilder_;
+      }
+
+      @java.lang.Override
+      public final Builder setUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.setUnknownFields(unknownFields);
+      }
+
+      @java.lang.Override
+      public final Builder mergeUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.mergeUnknownFields(unknownFields);
+      }
+
+      // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig)
+    }
+
+    // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig)
+    private static final com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig
+        DEFAULT_INSTANCE;
+
+    static {
+      DEFAULT_INSTANCE =
+          new com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig();
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig
+        getDefaultInstance() {
+      return DEFAULT_INSTANCE;
+    }
+
+    private static final com.google.protobuf.Parser<SubjectConfig> PARSER =
+        new com.google.protobuf.AbstractParser<SubjectConfig>() {
+          @java.lang.Override
+          public SubjectConfig parsePartialFrom(
+              com.google.protobuf.CodedInputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+            return new SubjectConfig(input, extensionRegistry);
+          }
+        };
+
+    public static com.google.protobuf.Parser<SubjectConfig> parser() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Parser<SubjectConfig> getParserForType() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig
+        getDefaultInstanceForType() {
+      return DEFAULT_INSTANCE;
+    }
+  }
+
+  public static final int SUBJECT_CONFIG_FIELD_NUMBER = 1;
+  private com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig subjectConfig_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. Specifies some of the values in a certificate that are related to the
+   * subject.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig subject_config = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return Whether the subjectConfig field is set.
+   */
+  @java.lang.Override
+  public boolean hasSubjectConfig() {
+    return subjectConfig_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. Specifies some of the values in a certificate that are related to the
+   * subject.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig subject_config = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The subjectConfig.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig getSubjectConfig() {
+    return subjectConfig_ == null
+        ? com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig
+            .getDefaultInstance()
+        : subjectConfig_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. Specifies some of the values in a certificate that are related to the
+   * subject.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig subject_config = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfigOrBuilder
+      getSubjectConfigOrBuilder() {
+    return getSubjectConfig();
+  }
+
+  public static final int X509_CONFIG_FIELD_NUMBER = 2;
+  private com.google.cloud.security.privateca.v1.X509Parameters x509Config_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. Describes how some of the technical X.509 fields in a certificate should be
+   * populated.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.X509Parameters x509_config = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return Whether the x509Config field is set.
+   */
+  @java.lang.Override
+  public boolean hasX509Config() {
+    return x509Config_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. Describes how some of the technical X.509 fields in a certificate should be
+   * populated.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.X509Parameters x509_config = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The x509Config.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.X509Parameters getX509Config() {
+    return x509Config_ == null
+        ? com.google.cloud.security.privateca.v1.X509Parameters.getDefaultInstance()
+        : x509Config_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. Describes how some of the technical X.509 fields in a certificate should be
+   * populated.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.X509Parameters x509_config = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.X509ParametersOrBuilder getX509ConfigOrBuilder() {
+    return getX509Config();
+  }
+
+  public static final int PUBLIC_KEY_FIELD_NUMBER = 3;
+  private com.google.cloud.security.privateca.v1.PublicKey publicKey_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. The public key that corresponds to this config. This is, for example, used
+   * when issuing [Certificates][google.cloud.security.privateca.v1.Certificate], but not when creating a
+   * self-signed [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] or [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] CSR.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.PublicKey public_key = 3 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return Whether the publicKey field is set.
+   */
+  @java.lang.Override
+  public boolean hasPublicKey() {
+    return publicKey_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. The public key that corresponds to this config. This is, for example, used
+   * when issuing [Certificates][google.cloud.security.privateca.v1.Certificate], but not when creating a
+   * self-signed [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] or [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] CSR.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.PublicKey public_key = 3 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return The publicKey.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.PublicKey getPublicKey() {
+    return publicKey_ == null
+        ? com.google.cloud.security.privateca.v1.PublicKey.getDefaultInstance()
+        : publicKey_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. The public key that corresponds to this config. This is, for example, used
+   * when issuing [Certificates][google.cloud.security.privateca.v1.Certificate], but not when creating a
+   * self-signed [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] or [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] CSR.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.PublicKey public_key = 3 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.PublicKeyOrBuilder getPublicKeyOrBuilder() {
+    return getPublicKey();
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (subjectConfig_ != null) {
+      output.writeMessage(1, getSubjectConfig());
+    }
+    if (x509Config_ != null) {
+      output.writeMessage(2, getX509Config());
+    }
+    if (publicKey_ != null) {
+      output.writeMessage(3, getPublicKey());
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (subjectConfig_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(1, getSubjectConfig());
+    }
+    if (x509Config_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(2, getX509Config());
+    }
+    if (publicKey_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(3, getPublicKey());
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.security.privateca.v1.CertificateConfig)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.CertificateConfig other =
+        (com.google.cloud.security.privateca.v1.CertificateConfig) obj;
+
+    if (hasSubjectConfig() != other.hasSubjectConfig()) return false;
+    if (hasSubjectConfig()) {
+      if (!getSubjectConfig().equals(other.getSubjectConfig())) return false;
+    }
+    if (hasX509Config() != other.hasX509Config()) return false;
+    if (hasX509Config()) {
+      if (!getX509Config().equals(other.getX509Config())) return false;
+    }
+    if (hasPublicKey() != other.hasPublicKey()) return false;
+    if (hasPublicKey()) {
+      if (!getPublicKey().equals(other.getPublicKey())) return false;
+    }
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    if (hasSubjectConfig()) {
+      hash = (37 * hash) + SUBJECT_CONFIG_FIELD_NUMBER;
+      hash = (53 * hash) + getSubjectConfig().hashCode();
+    }
+    if (hasX509Config()) {
+      hash = (37 * hash) + X509_CONFIG_FIELD_NUMBER;
+      hash = (53 * hash) + getX509Config().hashCode();
+    }
+    if (hasPublicKey()) {
+      hash = (37 * hash) + PUBLIC_KEY_FIELD_NUMBER;
+      hash = (53 * hash) + getPublicKey().hashCode();
+    }
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateConfig parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateConfig parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateConfig parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateConfig parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateConfig parseFrom(byte[] data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateConfig parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateConfig parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateConfig parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateConfig parseDelimitedFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateConfig parseDelimitedFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateConfig parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateConfig parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.CertificateConfig prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * A [CertificateConfig][google.cloud.security.privateca.v1.CertificateConfig] describes an X.509 certificate or CSR that is to be
+   * created, as an alternative to using ASN.1.
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.CertificateConfig}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.CertificateConfig)
+      com.google.cloud.security.privateca.v1.CertificateConfigOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CertificateConfig_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CertificateConfig_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.CertificateConfig.class,
+              com.google.cloud.security.privateca.v1.CertificateConfig.Builder.class);
+    }
+
+    // Construct using com.google.cloud.security.privateca.v1.CertificateConfig.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      if (subjectConfigBuilder_ == null) {
+        subjectConfig_ = null;
+      } else {
+        subjectConfig_ = null;
+        subjectConfigBuilder_ = null;
+      }
+      if (x509ConfigBuilder_ == null) {
+        x509Config_ = null;
+      } else {
+        x509Config_ = null;
+        x509ConfigBuilder_ = null;
+      }
+      if (publicKeyBuilder_ == null) {
+        publicKey_ = null;
+      } else {
+        publicKey_ = null;
+        publicKeyBuilder_ = null;
+      }
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CertificateConfig_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CertificateConfig getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.CertificateConfig.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CertificateConfig build() {
+      com.google.cloud.security.privateca.v1.CertificateConfig result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CertificateConfig buildPartial() {
+      com.google.cloud.security.privateca.v1.CertificateConfig result =
+          new com.google.cloud.security.privateca.v1.CertificateConfig(this);
+      if (subjectConfigBuilder_ == null) {
+        result.subjectConfig_ = subjectConfig_;
+      } else {
+        result.subjectConfig_ = subjectConfigBuilder_.build();
+      }
+      if (x509ConfigBuilder_ == null) {
+        result.x509Config_ = x509Config_;
+      } else {
+        result.x509Config_ = x509ConfigBuilder_.build();
+      }
+      if (publicKeyBuilder_ == null) {
+        result.publicKey_ = publicKey_;
+      } else {
+        result.publicKey_ = publicKeyBuilder_.build();
+      }
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.security.privateca.v1.CertificateConfig) {
+        return mergeFrom((com.google.cloud.security.privateca.v1.CertificateConfig) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(com.google.cloud.security.privateca.v1.CertificateConfig other) {
+      if (other == com.google.cloud.security.privateca.v1.CertificateConfig.getDefaultInstance())
+        return this;
+      if (other.hasSubjectConfig()) {
+        mergeSubjectConfig(other.getSubjectConfig());
+      }
+      if (other.hasX509Config()) {
+        mergeX509Config(other.getX509Config());
+      }
+      if (other.hasPublicKey()) {
+        mergePublicKey(other.getPublicKey());
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.CertificateConfig parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.CertificateConfig) e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig subjectConfig_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig,
+            com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig.Builder,
+            com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfigOrBuilder>
+        subjectConfigBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. Specifies some of the values in a certificate that are related to the
+     * subject.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig subject_config = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return Whether the subjectConfig field is set.
+     */
+    public boolean hasSubjectConfig() {
+      return subjectConfigBuilder_ != null || subjectConfig_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Specifies some of the values in a certificate that are related to the
+     * subject.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig subject_config = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The subjectConfig.
+     */
+    public com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig
+        getSubjectConfig() {
+      if (subjectConfigBuilder_ == null) {
+        return subjectConfig_ == null
+            ? com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig
+                .getDefaultInstance()
+            : subjectConfig_;
+      } else {
+        return subjectConfigBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Specifies some of the values in a certificate that are related to the
+     * subject.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig subject_config = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setSubjectConfig(
+        com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig value) {
+      if (subjectConfigBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        subjectConfig_ = value;
+        onChanged();
+      } else {
+        subjectConfigBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Specifies some of the values in a certificate that are related to the
+     * subject.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig subject_config = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setSubjectConfig(
+        com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig.Builder
+            builderForValue) {
+      if (subjectConfigBuilder_ == null) {
+        subjectConfig_ = builderForValue.build();
+        onChanged();
+      } else {
+        subjectConfigBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Specifies some of the values in a certificate that are related to the
+     * subject.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig subject_config = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder mergeSubjectConfig(
+        com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig value) {
+      if (subjectConfigBuilder_ == null) {
+        if (subjectConfig_ != null) {
+          subjectConfig_ =
+              com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig.newBuilder(
+                      subjectConfig_)
+                  .mergeFrom(value)
+                  .buildPartial();
+        } else {
+          subjectConfig_ = value;
+        }
+        onChanged();
+      } else {
+        subjectConfigBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Specifies some of the values in a certificate that are related to the
+     * subject.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig subject_config = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder clearSubjectConfig() {
+      if (subjectConfigBuilder_ == null) {
+        subjectConfig_ = null;
+        onChanged();
+      } else {
+        subjectConfig_ = null;
+        subjectConfigBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Specifies some of the values in a certificate that are related to the
+     * subject.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig subject_config = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig.Builder
+        getSubjectConfigBuilder() {
+
+      onChanged();
+      return getSubjectConfigFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Specifies some of the values in a certificate that are related to the
+     * subject.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig subject_config = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfigOrBuilder
+        getSubjectConfigOrBuilder() {
+      if (subjectConfigBuilder_ != null) {
+        return subjectConfigBuilder_.getMessageOrBuilder();
+      } else {
+        return subjectConfig_ == null
+            ? com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig
+                .getDefaultInstance()
+            : subjectConfig_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Specifies some of the values in a certificate that are related to the
+     * subject.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig subject_config = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig,
+            com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig.Builder,
+            com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfigOrBuilder>
+        getSubjectConfigFieldBuilder() {
+      if (subjectConfigBuilder_ == null) {
+        subjectConfigBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig,
+                com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig.Builder,
+                com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfigOrBuilder>(
+                getSubjectConfig(), getParentForChildren(), isClean());
+        subjectConfig_ = null;
+      }
+      return subjectConfigBuilder_;
+    }
+
+    private com.google.cloud.security.privateca.v1.X509Parameters x509Config_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.X509Parameters,
+            com.google.cloud.security.privateca.v1.X509Parameters.Builder,
+            com.google.cloud.security.privateca.v1.X509ParametersOrBuilder>
+        x509ConfigBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. Describes how some of the technical X.509 fields in a certificate should be
+     * populated.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.X509Parameters x509_config = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return Whether the x509Config field is set.
+     */
+    public boolean hasX509Config() {
+      return x509ConfigBuilder_ != null || x509Config_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Describes how some of the technical X.509 fields in a certificate should be
+     * populated.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.X509Parameters x509_config = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The x509Config.
+     */
+    public com.google.cloud.security.privateca.v1.X509Parameters getX509Config() {
+      if (x509ConfigBuilder_ == null) {
+        return x509Config_ == null
+            ? com.google.cloud.security.privateca.v1.X509Parameters.getDefaultInstance()
+            : x509Config_;
+      } else {
+        return x509ConfigBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Describes how some of the technical X.509 fields in a certificate should be
+     * populated.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.X509Parameters x509_config = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setX509Config(com.google.cloud.security.privateca.v1.X509Parameters value) {
+      if (x509ConfigBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        x509Config_ = value;
+        onChanged();
+      } else {
+        x509ConfigBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Describes how some of the technical X.509 fields in a certificate should be
+     * populated.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.X509Parameters x509_config = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setX509Config(
+        com.google.cloud.security.privateca.v1.X509Parameters.Builder builderForValue) {
+      if (x509ConfigBuilder_ == null) {
+        x509Config_ = builderForValue.build();
+        onChanged();
+      } else {
+        x509ConfigBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Describes how some of the technical X.509 fields in a certificate should be
+     * populated.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.X509Parameters x509_config = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder mergeX509Config(com.google.cloud.security.privateca.v1.X509Parameters value) {
+      if (x509ConfigBuilder_ == null) {
+        if (x509Config_ != null) {
+          x509Config_ =
+              com.google.cloud.security.privateca.v1.X509Parameters.newBuilder(x509Config_)
+                  .mergeFrom(value)
+                  .buildPartial();
+        } else {
+          x509Config_ = value;
+        }
+        onChanged();
+      } else {
+        x509ConfigBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Describes how some of the technical X.509 fields in a certificate should be
+     * populated.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.X509Parameters x509_config = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder clearX509Config() {
+      if (x509ConfigBuilder_ == null) {
+        x509Config_ = null;
+        onChanged();
+      } else {
+        x509Config_ = null;
+        x509ConfigBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Describes how some of the technical X.509 fields in a certificate should be
+     * populated.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.X509Parameters x509_config = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.X509Parameters.Builder getX509ConfigBuilder() {
+
+      onChanged();
+      return getX509ConfigFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Describes how some of the technical X.509 fields in a certificate should be
+     * populated.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.X509Parameters x509_config = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.X509ParametersOrBuilder getX509ConfigOrBuilder() {
+      if (x509ConfigBuilder_ != null) {
+        return x509ConfigBuilder_.getMessageOrBuilder();
+      } else {
+        return x509Config_ == null
+            ? com.google.cloud.security.privateca.v1.X509Parameters.getDefaultInstance()
+            : x509Config_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Describes how some of the technical X.509 fields in a certificate should be
+     * populated.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.X509Parameters x509_config = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.X509Parameters,
+            com.google.cloud.security.privateca.v1.X509Parameters.Builder,
+            com.google.cloud.security.privateca.v1.X509ParametersOrBuilder>
+        getX509ConfigFieldBuilder() {
+      if (x509ConfigBuilder_ == null) {
+        x509ConfigBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.X509Parameters,
+                com.google.cloud.security.privateca.v1.X509Parameters.Builder,
+                com.google.cloud.security.privateca.v1.X509ParametersOrBuilder>(
+                getX509Config(), getParentForChildren(), isClean());
+        x509Config_ = null;
+      }
+      return x509ConfigBuilder_;
+    }
+
+    private com.google.cloud.security.privateca.v1.PublicKey publicKey_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.PublicKey,
+            com.google.cloud.security.privateca.v1.PublicKey.Builder,
+            com.google.cloud.security.privateca.v1.PublicKeyOrBuilder>
+        publicKeyBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The public key that corresponds to this config. This is, for example, used
+     * when issuing [Certificates][google.cloud.security.privateca.v1.Certificate], but not when creating a
+     * self-signed [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] or [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] CSR.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.PublicKey public_key = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return Whether the publicKey field is set.
+     */
+    public boolean hasPublicKey() {
+      return publicKeyBuilder_ != null || publicKey_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The public key that corresponds to this config. This is, for example, used
+     * when issuing [Certificates][google.cloud.security.privateca.v1.Certificate], but not when creating a
+     * self-signed [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] or [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] CSR.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.PublicKey public_key = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return The publicKey.
+     */
+    public com.google.cloud.security.privateca.v1.PublicKey getPublicKey() {
+      if (publicKeyBuilder_ == null) {
+        return publicKey_ == null
+            ? com.google.cloud.security.privateca.v1.PublicKey.getDefaultInstance()
+            : publicKey_;
+      } else {
+        return publicKeyBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The public key that corresponds to this config. This is, for example, used
+     * when issuing [Certificates][google.cloud.security.privateca.v1.Certificate], but not when creating a
+     * self-signed [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] or [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] CSR.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.PublicKey public_key = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder setPublicKey(com.google.cloud.security.privateca.v1.PublicKey value) {
+      if (publicKeyBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        publicKey_ = value;
+        onChanged();
+      } else {
+        publicKeyBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The public key that corresponds to this config. This is, for example, used
+     * when issuing [Certificates][google.cloud.security.privateca.v1.Certificate], but not when creating a
+     * self-signed [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] or [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] CSR.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.PublicKey public_key = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder setPublicKey(
+        com.google.cloud.security.privateca.v1.PublicKey.Builder builderForValue) {
+      if (publicKeyBuilder_ == null) {
+        publicKey_ = builderForValue.build();
+        onChanged();
+      } else {
+        publicKeyBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The public key that corresponds to this config. This is, for example, used
+     * when issuing [Certificates][google.cloud.security.privateca.v1.Certificate], but not when creating a
+     * self-signed [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] or [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] CSR.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.PublicKey public_key = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder mergePublicKey(com.google.cloud.security.privateca.v1.PublicKey value) {
+      if (publicKeyBuilder_ == null) {
+        if (publicKey_ != null) {
+          publicKey_ =
+              com.google.cloud.security.privateca.v1.PublicKey.newBuilder(publicKey_)
+                  .mergeFrom(value)
+                  .buildPartial();
+        } else {
+          publicKey_ = value;
+        }
+        onChanged();
+      } else {
+        publicKeyBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The public key that corresponds to this config. This is, for example, used
+     * when issuing [Certificates][google.cloud.security.privateca.v1.Certificate], but not when creating a
+     * self-signed [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] or [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] CSR.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.PublicKey public_key = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder clearPublicKey() {
+      if (publicKeyBuilder_ == null) {
+        publicKey_ = null;
+        onChanged();
+      } else {
+        publicKey_ = null;
+        publicKeyBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The public key that corresponds to this config. This is, for example, used
+     * when issuing [Certificates][google.cloud.security.privateca.v1.Certificate], but not when creating a
+     * self-signed [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] or [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] CSR.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.PublicKey public_key = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.PublicKey.Builder getPublicKeyBuilder() {
+
+      onChanged();
+      return getPublicKeyFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The public key that corresponds to this config. This is, for example, used
+     * when issuing [Certificates][google.cloud.security.privateca.v1.Certificate], but not when creating a
+     * self-signed [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] or [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] CSR.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.PublicKey public_key = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.PublicKeyOrBuilder getPublicKeyOrBuilder() {
+      if (publicKeyBuilder_ != null) {
+        return publicKeyBuilder_.getMessageOrBuilder();
+      } else {
+        return publicKey_ == null
+            ? com.google.cloud.security.privateca.v1.PublicKey.getDefaultInstance()
+            : publicKey_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The public key that corresponds to this config. This is, for example, used
+     * when issuing [Certificates][google.cloud.security.privateca.v1.Certificate], but not when creating a
+     * self-signed [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] or [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] CSR.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.PublicKey public_key = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.PublicKey,
+            com.google.cloud.security.privateca.v1.PublicKey.Builder,
+            com.google.cloud.security.privateca.v1.PublicKeyOrBuilder>
+        getPublicKeyFieldBuilder() {
+      if (publicKeyBuilder_ == null) {
+        publicKeyBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.PublicKey,
+                com.google.cloud.security.privateca.v1.PublicKey.Builder,
+                com.google.cloud.security.privateca.v1.PublicKeyOrBuilder>(
+                getPublicKey(), getParentForChildren(), isClean());
+        publicKey_ = null;
+      }
+      return publicKeyBuilder_;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.CertificateConfig)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.CertificateConfig)
+  private static final com.google.cloud.security.privateca.v1.CertificateConfig DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.CertificateConfig();
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateConfig getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<CertificateConfig> PARSER =
+      new com.google.protobuf.AbstractParser<CertificateConfig>() {
+        @java.lang.Override
+        public CertificateConfig parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new CertificateConfig(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<CertificateConfig> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<CertificateConfig> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateConfig getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateConfigOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateConfigOrBuilder.java
new file mode 100644
index 00000000..3e676a18
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateConfigOrBuilder.java
@@ -0,0 +1,161 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/resources.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface CertificateConfigOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.CertificateConfig)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. Specifies some of the values in a certificate that are related to the
+   * subject.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig subject_config = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return Whether the subjectConfig field is set.
+   */
+  boolean hasSubjectConfig();
+  /**
+   *
+   *
+   * <pre>
+   * Required. Specifies some of the values in a certificate that are related to the
+   * subject.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig subject_config = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The subjectConfig.
+   */
+  com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig getSubjectConfig();
+  /**
+   *
+   *
+   * <pre>
+   * Required. Specifies some of the values in a certificate that are related to the
+   * subject.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig subject_config = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfigOrBuilder
+      getSubjectConfigOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. Describes how some of the technical X.509 fields in a certificate should be
+   * populated.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.X509Parameters x509_config = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return Whether the x509Config field is set.
+   */
+  boolean hasX509Config();
+  /**
+   *
+   *
+   * <pre>
+   * Required. Describes how some of the technical X.509 fields in a certificate should be
+   * populated.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.X509Parameters x509_config = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The x509Config.
+   */
+  com.google.cloud.security.privateca.v1.X509Parameters getX509Config();
+  /**
+   *
+   *
+   * <pre>
+   * Required. Describes how some of the technical X.509 fields in a certificate should be
+   * populated.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.X509Parameters x509_config = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.X509ParametersOrBuilder getX509ConfigOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. The public key that corresponds to this config. This is, for example, used
+   * when issuing [Certificates][google.cloud.security.privateca.v1.Certificate], but not when creating a
+   * self-signed [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] or [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] CSR.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.PublicKey public_key = 3 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return Whether the publicKey field is set.
+   */
+  boolean hasPublicKey();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. The public key that corresponds to this config. This is, for example, used
+   * when issuing [Certificates][google.cloud.security.privateca.v1.Certificate], but not when creating a
+   * self-signed [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] or [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] CSR.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.PublicKey public_key = 3 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return The publicKey.
+   */
+  com.google.cloud.security.privateca.v1.PublicKey getPublicKey();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. The public key that corresponds to this config. This is, for example, used
+   * when issuing [Certificates][google.cloud.security.privateca.v1.Certificate], but not when creating a
+   * self-signed [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] or [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] CSR.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.PublicKey public_key = 3 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.PublicKeyOrBuilder getPublicKeyOrBuilder();
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateDescription.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateDescription.java
new file mode 100644
index 00000000..d7cb306b
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateDescription.java
@@ -0,0 +1,6579 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/resources.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * A [CertificateDescription][google.cloud.security.privateca.v1.CertificateDescription] describes an X.509 certificate or CSR that has
+ * been issued, as an alternative to using ASN.1 / X.509.
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.CertificateDescription}
+ */
+public final class CertificateDescription extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.CertificateDescription)
+    CertificateDescriptionOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use CertificateDescription.newBuilder() to construct.
+  private CertificateDescription(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private CertificateDescription() {
+    crlDistributionPoints_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+    aiaIssuingCertificateUrls_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new CertificateDescription();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private CertificateDescription(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    int mutable_bitField0_ = 0;
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription
+                      .Builder
+                  subBuilder = null;
+              if (subjectDescription_ != null) {
+                subBuilder = subjectDescription_.toBuilder();
+              }
+              subjectDescription_ =
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.CertificateDescription
+                          .SubjectDescription.parser(),
+                      extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(subjectDescription_);
+                subjectDescription_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 18:
+            {
+              com.google.cloud.security.privateca.v1.X509Parameters.Builder subBuilder = null;
+              if (x509Description_ != null) {
+                subBuilder = x509Description_.toBuilder();
+              }
+              x509Description_ =
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.X509Parameters.parser(),
+                      extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(x509Description_);
+                x509Description_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 26:
+            {
+              com.google.cloud.security.privateca.v1.PublicKey.Builder subBuilder = null;
+              if (publicKey_ != null) {
+                subBuilder = publicKey_.toBuilder();
+              }
+              publicKey_ =
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.PublicKey.parser(), extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(publicKey_);
+                publicKey_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 34:
+            {
+              com.google.cloud.security.privateca.v1.CertificateDescription.KeyId.Builder
+                  subBuilder = null;
+              if (subjectKeyId_ != null) {
+                subBuilder = subjectKeyId_.toBuilder();
+              }
+              subjectKeyId_ =
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.CertificateDescription.KeyId.parser(),
+                      extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(subjectKeyId_);
+                subjectKeyId_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 42:
+            {
+              com.google.cloud.security.privateca.v1.CertificateDescription.KeyId.Builder
+                  subBuilder = null;
+              if (authorityKeyId_ != null) {
+                subBuilder = authorityKeyId_.toBuilder();
+              }
+              authorityKeyId_ =
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.CertificateDescription.KeyId.parser(),
+                      extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(authorityKeyId_);
+                authorityKeyId_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 50:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+              if (!((mutable_bitField0_ & 0x00000001) != 0)) {
+                crlDistributionPoints_ = new com.google.protobuf.LazyStringArrayList();
+                mutable_bitField0_ |= 0x00000001;
+              }
+              crlDistributionPoints_.add(s);
+              break;
+            }
+          case 58:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+              if (!((mutable_bitField0_ & 0x00000002) != 0)) {
+                aiaIssuingCertificateUrls_ = new com.google.protobuf.LazyStringArrayList();
+                mutable_bitField0_ |= 0x00000002;
+              }
+              aiaIssuingCertificateUrls_.add(s);
+              break;
+            }
+          case 66:
+            {
+              com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint
+                      .Builder
+                  subBuilder = null;
+              if (certFingerprint_ != null) {
+                subBuilder = certFingerprint_.toBuilder();
+              }
+              certFingerprint_ =
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.CertificateDescription
+                          .CertificateFingerprint.parser(),
+                      extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(certFingerprint_);
+                certFingerprint_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      if (((mutable_bitField0_ & 0x00000001) != 0)) {
+        crlDistributionPoints_ = crlDistributionPoints_.getUnmodifiableView();
+      }
+      if (((mutable_bitField0_ & 0x00000002) != 0)) {
+        aiaIssuingCertificateUrls_ = aiaIssuingCertificateUrls_.getUnmodifiableView();
+      }
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+        .internal_static_google_cloud_security_privateca_v1_CertificateDescription_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+        .internal_static_google_cloud_security_privateca_v1_CertificateDescription_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.CertificateDescription.class,
+            com.google.cloud.security.privateca.v1.CertificateDescription.Builder.class);
+  }
+
+  public interface SubjectDescriptionOrBuilder
+      extends
+      // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription)
+      com.google.protobuf.MessageOrBuilder {
+
+    /**
+     *
+     *
+     * <pre>
+     * Contains distinguished name fields such as the common name, location and
+     * / organization.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.Subject subject = 1;</code>
+     *
+     * @return Whether the subject field is set.
+     */
+    boolean hasSubject();
+    /**
+     *
+     *
+     * <pre>
+     * Contains distinguished name fields such as the common name, location and
+     * / organization.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.Subject subject = 1;</code>
+     *
+     * @return The subject.
+     */
+    com.google.cloud.security.privateca.v1.Subject getSubject();
+    /**
+     *
+     *
+     * <pre>
+     * Contains distinguished name fields such as the common name, location and
+     * / organization.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.Subject subject = 1;</code>
+     */
+    com.google.cloud.security.privateca.v1.SubjectOrBuilder getSubjectOrBuilder();
+
+    /**
+     *
+     *
+     * <pre>
+     * The subject alternative name fields.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.SubjectAltNames subject_alt_name = 2;</code>
+     *
+     * @return Whether the subjectAltName field is set.
+     */
+    boolean hasSubjectAltName();
+    /**
+     *
+     *
+     * <pre>
+     * The subject alternative name fields.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.SubjectAltNames subject_alt_name = 2;</code>
+     *
+     * @return The subjectAltName.
+     */
+    com.google.cloud.security.privateca.v1.SubjectAltNames getSubjectAltName();
+    /**
+     *
+     *
+     * <pre>
+     * The subject alternative name fields.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.SubjectAltNames subject_alt_name = 2;</code>
+     */
+    com.google.cloud.security.privateca.v1.SubjectAltNamesOrBuilder getSubjectAltNameOrBuilder();
+
+    /**
+     *
+     *
+     * <pre>
+     * The serial number encoded in lowercase hexadecimal.
+     * </pre>
+     *
+     * <code>string hex_serial_number = 3;</code>
+     *
+     * @return The hexSerialNumber.
+     */
+    java.lang.String getHexSerialNumber();
+    /**
+     *
+     *
+     * <pre>
+     * The serial number encoded in lowercase hexadecimal.
+     * </pre>
+     *
+     * <code>string hex_serial_number = 3;</code>
+     *
+     * @return The bytes for hexSerialNumber.
+     */
+    com.google.protobuf.ByteString getHexSerialNumberBytes();
+
+    /**
+     *
+     *
+     * <pre>
+     * For convenience, the actual lifetime of an issued certificate.
+     * Corresponds to 'not_after_time' - 'not_before_time'.
+     * </pre>
+     *
+     * <code>.google.protobuf.Duration lifetime = 4;</code>
+     *
+     * @return Whether the lifetime field is set.
+     */
+    boolean hasLifetime();
+    /**
+     *
+     *
+     * <pre>
+     * For convenience, the actual lifetime of an issued certificate.
+     * Corresponds to 'not_after_time' - 'not_before_time'.
+     * </pre>
+     *
+     * <code>.google.protobuf.Duration lifetime = 4;</code>
+     *
+     * @return The lifetime.
+     */
+    com.google.protobuf.Duration getLifetime();
+    /**
+     *
+     *
+     * <pre>
+     * For convenience, the actual lifetime of an issued certificate.
+     * Corresponds to 'not_after_time' - 'not_before_time'.
+     * </pre>
+     *
+     * <code>.google.protobuf.Duration lifetime = 4;</code>
+     */
+    com.google.protobuf.DurationOrBuilder getLifetimeOrBuilder();
+
+    /**
+     *
+     *
+     * <pre>
+     * The time at which the certificate becomes valid.
+     * </pre>
+     *
+     * <code>.google.protobuf.Timestamp not_before_time = 5;</code>
+     *
+     * @return Whether the notBeforeTime field is set.
+     */
+    boolean hasNotBeforeTime();
+    /**
+     *
+     *
+     * <pre>
+     * The time at which the certificate becomes valid.
+     * </pre>
+     *
+     * <code>.google.protobuf.Timestamp not_before_time = 5;</code>
+     *
+     * @return The notBeforeTime.
+     */
+    com.google.protobuf.Timestamp getNotBeforeTime();
+    /**
+     *
+     *
+     * <pre>
+     * The time at which the certificate becomes valid.
+     * </pre>
+     *
+     * <code>.google.protobuf.Timestamp not_before_time = 5;</code>
+     */
+    com.google.protobuf.TimestampOrBuilder getNotBeforeTimeOrBuilder();
+
+    /**
+     *
+     *
+     * <pre>
+     * The time at which the certificate expires.
+     * </pre>
+     *
+     * <code>.google.protobuf.Timestamp not_after_time = 6;</code>
+     *
+     * @return Whether the notAfterTime field is set.
+     */
+    boolean hasNotAfterTime();
+    /**
+     *
+     *
+     * <pre>
+     * The time at which the certificate expires.
+     * </pre>
+     *
+     * <code>.google.protobuf.Timestamp not_after_time = 6;</code>
+     *
+     * @return The notAfterTime.
+     */
+    com.google.protobuf.Timestamp getNotAfterTime();
+    /**
+     *
+     *
+     * <pre>
+     * The time at which the certificate expires.
+     * </pre>
+     *
+     * <code>.google.protobuf.Timestamp not_after_time = 6;</code>
+     */
+    com.google.protobuf.TimestampOrBuilder getNotAfterTimeOrBuilder();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * These values describe fields in an issued X.509 certificate such as the
+   * distinguished name, subject alternative names, serial number, and lifetime.
+   * </pre>
+   *
+   * Protobuf type {@code
+   * google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription}
+   */
+  public static final class SubjectDescription extends com.google.protobuf.GeneratedMessageV3
+      implements
+      // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription)
+      SubjectDescriptionOrBuilder {
+    private static final long serialVersionUID = 0L;
+    // Use SubjectDescription.newBuilder() to construct.
+    private SubjectDescription(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+      super(builder);
+    }
+
+    private SubjectDescription() {
+      hexSerialNumber_ = "";
+    }
+
+    @java.lang.Override
+    @SuppressWarnings({"unused"})
+    protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+      return new SubjectDescription();
+    }
+
+    @java.lang.Override
+    public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+      return this.unknownFields;
+    }
+
+    private SubjectDescription(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      this();
+      if (extensionRegistry == null) {
+        throw new java.lang.NullPointerException();
+      }
+      com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+          com.google.protobuf.UnknownFieldSet.newBuilder();
+      try {
+        boolean done = false;
+        while (!done) {
+          int tag = input.readTag();
+          switch (tag) {
+            case 0:
+              done = true;
+              break;
+            case 10:
+              {
+                com.google.cloud.security.privateca.v1.Subject.Builder subBuilder = null;
+                if (subject_ != null) {
+                  subBuilder = subject_.toBuilder();
+                }
+                subject_ =
+                    input.readMessage(
+                        com.google.cloud.security.privateca.v1.Subject.parser(), extensionRegistry);
+                if (subBuilder != null) {
+                  subBuilder.mergeFrom(subject_);
+                  subject_ = subBuilder.buildPartial();
+                }
+
+                break;
+              }
+            case 18:
+              {
+                com.google.cloud.security.privateca.v1.SubjectAltNames.Builder subBuilder = null;
+                if (subjectAltName_ != null) {
+                  subBuilder = subjectAltName_.toBuilder();
+                }
+                subjectAltName_ =
+                    input.readMessage(
+                        com.google.cloud.security.privateca.v1.SubjectAltNames.parser(),
+                        extensionRegistry);
+                if (subBuilder != null) {
+                  subBuilder.mergeFrom(subjectAltName_);
+                  subjectAltName_ = subBuilder.buildPartial();
+                }
+
+                break;
+              }
+            case 26:
+              {
+                java.lang.String s = input.readStringRequireUtf8();
+
+                hexSerialNumber_ = s;
+                break;
+              }
+            case 34:
+              {
+                com.google.protobuf.Duration.Builder subBuilder = null;
+                if (lifetime_ != null) {
+                  subBuilder = lifetime_.toBuilder();
+                }
+                lifetime_ =
+                    input.readMessage(com.google.protobuf.Duration.parser(), extensionRegistry);
+                if (subBuilder != null) {
+                  subBuilder.mergeFrom(lifetime_);
+                  lifetime_ = subBuilder.buildPartial();
+                }
+
+                break;
+              }
+            case 42:
+              {
+                com.google.protobuf.Timestamp.Builder subBuilder = null;
+                if (notBeforeTime_ != null) {
+                  subBuilder = notBeforeTime_.toBuilder();
+                }
+                notBeforeTime_ =
+                    input.readMessage(com.google.protobuf.Timestamp.parser(), extensionRegistry);
+                if (subBuilder != null) {
+                  subBuilder.mergeFrom(notBeforeTime_);
+                  notBeforeTime_ = subBuilder.buildPartial();
+                }
+
+                break;
+              }
+            case 50:
+              {
+                com.google.protobuf.Timestamp.Builder subBuilder = null;
+                if (notAfterTime_ != null) {
+                  subBuilder = notAfterTime_.toBuilder();
+                }
+                notAfterTime_ =
+                    input.readMessage(com.google.protobuf.Timestamp.parser(), extensionRegistry);
+                if (subBuilder != null) {
+                  subBuilder.mergeFrom(notAfterTime_);
+                  notAfterTime_ = subBuilder.buildPartial();
+                }
+
+                break;
+              }
+            default:
+              {
+                if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                  done = true;
+                }
+                break;
+              }
+          }
+        }
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        throw e.setUnfinishedMessage(this);
+      } catch (java.io.IOException e) {
+        throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+      } finally {
+        this.unknownFields = unknownFields.build();
+        makeExtensionsImmutable();
+      }
+    }
+
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CertificateDescription_SubjectDescription_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CertificateDescription_SubjectDescription_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription
+                  .class,
+              com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription
+                  .Builder.class);
+    }
+
+    public static final int SUBJECT_FIELD_NUMBER = 1;
+    private com.google.cloud.security.privateca.v1.Subject subject_;
+    /**
+     *
+     *
+     * <pre>
+     * Contains distinguished name fields such as the common name, location and
+     * / organization.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.Subject subject = 1;</code>
+     *
+     * @return Whether the subject field is set.
+     */
+    @java.lang.Override
+    public boolean hasSubject() {
+      return subject_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains distinguished name fields such as the common name, location and
+     * / organization.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.Subject subject = 1;</code>
+     *
+     * @return The subject.
+     */
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.Subject getSubject() {
+      return subject_ == null
+          ? com.google.cloud.security.privateca.v1.Subject.getDefaultInstance()
+          : subject_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains distinguished name fields such as the common name, location and
+     * / organization.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.Subject subject = 1;</code>
+     */
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.SubjectOrBuilder getSubjectOrBuilder() {
+      return getSubject();
+    }
+
+    public static final int SUBJECT_ALT_NAME_FIELD_NUMBER = 2;
+    private com.google.cloud.security.privateca.v1.SubjectAltNames subjectAltName_;
+    /**
+     *
+     *
+     * <pre>
+     * The subject alternative name fields.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.SubjectAltNames subject_alt_name = 2;</code>
+     *
+     * @return Whether the subjectAltName field is set.
+     */
+    @java.lang.Override
+    public boolean hasSubjectAltName() {
+      return subjectAltName_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The subject alternative name fields.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.SubjectAltNames subject_alt_name = 2;</code>
+     *
+     * @return The subjectAltName.
+     */
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.SubjectAltNames getSubjectAltName() {
+      return subjectAltName_ == null
+          ? com.google.cloud.security.privateca.v1.SubjectAltNames.getDefaultInstance()
+          : subjectAltName_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The subject alternative name fields.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.SubjectAltNames subject_alt_name = 2;</code>
+     */
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.SubjectAltNamesOrBuilder
+        getSubjectAltNameOrBuilder() {
+      return getSubjectAltName();
+    }
+
+    public static final int HEX_SERIAL_NUMBER_FIELD_NUMBER = 3;
+    private volatile java.lang.Object hexSerialNumber_;
+    /**
+     *
+     *
+     * <pre>
+     * The serial number encoded in lowercase hexadecimal.
+     * </pre>
+     *
+     * <code>string hex_serial_number = 3;</code>
+     *
+     * @return The hexSerialNumber.
+     */
+    @java.lang.Override
+    public java.lang.String getHexSerialNumber() {
+      java.lang.Object ref = hexSerialNumber_;
+      if (ref instanceof java.lang.String) {
+        return (java.lang.String) ref;
+      } else {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        hexSerialNumber_ = s;
+        return s;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The serial number encoded in lowercase hexadecimal.
+     * </pre>
+     *
+     * <code>string hex_serial_number = 3;</code>
+     *
+     * @return The bytes for hexSerialNumber.
+     */
+    @java.lang.Override
+    public com.google.protobuf.ByteString getHexSerialNumberBytes() {
+      java.lang.Object ref = hexSerialNumber_;
+      if (ref instanceof java.lang.String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        hexSerialNumber_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+
+    public static final int LIFETIME_FIELD_NUMBER = 4;
+    private com.google.protobuf.Duration lifetime_;
+    /**
+     *
+     *
+     * <pre>
+     * For convenience, the actual lifetime of an issued certificate.
+     * Corresponds to 'not_after_time' - 'not_before_time'.
+     * </pre>
+     *
+     * <code>.google.protobuf.Duration lifetime = 4;</code>
+     *
+     * @return Whether the lifetime field is set.
+     */
+    @java.lang.Override
+    public boolean hasLifetime() {
+      return lifetime_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * For convenience, the actual lifetime of an issued certificate.
+     * Corresponds to 'not_after_time' - 'not_before_time'.
+     * </pre>
+     *
+     * <code>.google.protobuf.Duration lifetime = 4;</code>
+     *
+     * @return The lifetime.
+     */
+    @java.lang.Override
+    public com.google.protobuf.Duration getLifetime() {
+      return lifetime_ == null ? com.google.protobuf.Duration.getDefaultInstance() : lifetime_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * For convenience, the actual lifetime of an issued certificate.
+     * Corresponds to 'not_after_time' - 'not_before_time'.
+     * </pre>
+     *
+     * <code>.google.protobuf.Duration lifetime = 4;</code>
+     */
+    @java.lang.Override
+    public com.google.protobuf.DurationOrBuilder getLifetimeOrBuilder() {
+      return getLifetime();
+    }
+
+    public static final int NOT_BEFORE_TIME_FIELD_NUMBER = 5;
+    private com.google.protobuf.Timestamp notBeforeTime_;
+    /**
+     *
+     *
+     * <pre>
+     * The time at which the certificate becomes valid.
+     * </pre>
+     *
+     * <code>.google.protobuf.Timestamp not_before_time = 5;</code>
+     *
+     * @return Whether the notBeforeTime field is set.
+     */
+    @java.lang.Override
+    public boolean hasNotBeforeTime() {
+      return notBeforeTime_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The time at which the certificate becomes valid.
+     * </pre>
+     *
+     * <code>.google.protobuf.Timestamp not_before_time = 5;</code>
+     *
+     * @return The notBeforeTime.
+     */
+    @java.lang.Override
+    public com.google.protobuf.Timestamp getNotBeforeTime() {
+      return notBeforeTime_ == null
+          ? com.google.protobuf.Timestamp.getDefaultInstance()
+          : notBeforeTime_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The time at which the certificate becomes valid.
+     * </pre>
+     *
+     * <code>.google.protobuf.Timestamp not_before_time = 5;</code>
+     */
+    @java.lang.Override
+    public com.google.protobuf.TimestampOrBuilder getNotBeforeTimeOrBuilder() {
+      return getNotBeforeTime();
+    }
+
+    public static final int NOT_AFTER_TIME_FIELD_NUMBER = 6;
+    private com.google.protobuf.Timestamp notAfterTime_;
+    /**
+     *
+     *
+     * <pre>
+     * The time at which the certificate expires.
+     * </pre>
+     *
+     * <code>.google.protobuf.Timestamp not_after_time = 6;</code>
+     *
+     * @return Whether the notAfterTime field is set.
+     */
+    @java.lang.Override
+    public boolean hasNotAfterTime() {
+      return notAfterTime_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The time at which the certificate expires.
+     * </pre>
+     *
+     * <code>.google.protobuf.Timestamp not_after_time = 6;</code>
+     *
+     * @return The notAfterTime.
+     */
+    @java.lang.Override
+    public com.google.protobuf.Timestamp getNotAfterTime() {
+      return notAfterTime_ == null
+          ? com.google.protobuf.Timestamp.getDefaultInstance()
+          : notAfterTime_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The time at which the certificate expires.
+     * </pre>
+     *
+     * <code>.google.protobuf.Timestamp not_after_time = 6;</code>
+     */
+    @java.lang.Override
+    public com.google.protobuf.TimestampOrBuilder getNotAfterTimeOrBuilder() {
+      return getNotAfterTime();
+    }
+
+    private byte memoizedIsInitialized = -1;
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      byte isInitialized = memoizedIsInitialized;
+      if (isInitialized == 1) return true;
+      if (isInitialized == 0) return false;
+
+      memoizedIsInitialized = 1;
+      return true;
+    }
+
+    @java.lang.Override
+    public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+      if (subject_ != null) {
+        output.writeMessage(1, getSubject());
+      }
+      if (subjectAltName_ != null) {
+        output.writeMessage(2, getSubjectAltName());
+      }
+      if (!getHexSerialNumberBytes().isEmpty()) {
+        com.google.protobuf.GeneratedMessageV3.writeString(output, 3, hexSerialNumber_);
+      }
+      if (lifetime_ != null) {
+        output.writeMessage(4, getLifetime());
+      }
+      if (notBeforeTime_ != null) {
+        output.writeMessage(5, getNotBeforeTime());
+      }
+      if (notAfterTime_ != null) {
+        output.writeMessage(6, getNotAfterTime());
+      }
+      unknownFields.writeTo(output);
+    }
+
+    @java.lang.Override
+    public int getSerializedSize() {
+      int size = memoizedSize;
+      if (size != -1) return size;
+
+      size = 0;
+      if (subject_ != null) {
+        size += com.google.protobuf.CodedOutputStream.computeMessageSize(1, getSubject());
+      }
+      if (subjectAltName_ != null) {
+        size += com.google.protobuf.CodedOutputStream.computeMessageSize(2, getSubjectAltName());
+      }
+      if (!getHexSerialNumberBytes().isEmpty()) {
+        size += com.google.protobuf.GeneratedMessageV3.computeStringSize(3, hexSerialNumber_);
+      }
+      if (lifetime_ != null) {
+        size += com.google.protobuf.CodedOutputStream.computeMessageSize(4, getLifetime());
+      }
+      if (notBeforeTime_ != null) {
+        size += com.google.protobuf.CodedOutputStream.computeMessageSize(5, getNotBeforeTime());
+      }
+      if (notAfterTime_ != null) {
+        size += com.google.protobuf.CodedOutputStream.computeMessageSize(6, getNotAfterTime());
+      }
+      size += unknownFields.getSerializedSize();
+      memoizedSize = size;
+      return size;
+    }
+
+    @java.lang.Override
+    public boolean equals(final java.lang.Object obj) {
+      if (obj == this) {
+        return true;
+      }
+      if (!(obj
+          instanceof
+          com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription)) {
+        return super.equals(obj);
+      }
+      com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription other =
+          (com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription) obj;
+
+      if (hasSubject() != other.hasSubject()) return false;
+      if (hasSubject()) {
+        if (!getSubject().equals(other.getSubject())) return false;
+      }
+      if (hasSubjectAltName() != other.hasSubjectAltName()) return false;
+      if (hasSubjectAltName()) {
+        if (!getSubjectAltName().equals(other.getSubjectAltName())) return false;
+      }
+      if (!getHexSerialNumber().equals(other.getHexSerialNumber())) return false;
+      if (hasLifetime() != other.hasLifetime()) return false;
+      if (hasLifetime()) {
+        if (!getLifetime().equals(other.getLifetime())) return false;
+      }
+      if (hasNotBeforeTime() != other.hasNotBeforeTime()) return false;
+      if (hasNotBeforeTime()) {
+        if (!getNotBeforeTime().equals(other.getNotBeforeTime())) return false;
+      }
+      if (hasNotAfterTime() != other.hasNotAfterTime()) return false;
+      if (hasNotAfterTime()) {
+        if (!getNotAfterTime().equals(other.getNotAfterTime())) return false;
+      }
+      if (!unknownFields.equals(other.unknownFields)) return false;
+      return true;
+    }
+
+    @java.lang.Override
+    public int hashCode() {
+      if (memoizedHashCode != 0) {
+        return memoizedHashCode;
+      }
+      int hash = 41;
+      hash = (19 * hash) + getDescriptor().hashCode();
+      if (hasSubject()) {
+        hash = (37 * hash) + SUBJECT_FIELD_NUMBER;
+        hash = (53 * hash) + getSubject().hashCode();
+      }
+      if (hasSubjectAltName()) {
+        hash = (37 * hash) + SUBJECT_ALT_NAME_FIELD_NUMBER;
+        hash = (53 * hash) + getSubjectAltName().hashCode();
+      }
+      hash = (37 * hash) + HEX_SERIAL_NUMBER_FIELD_NUMBER;
+      hash = (53 * hash) + getHexSerialNumber().hashCode();
+      if (hasLifetime()) {
+        hash = (37 * hash) + LIFETIME_FIELD_NUMBER;
+        hash = (53 * hash) + getLifetime().hashCode();
+      }
+      if (hasNotBeforeTime()) {
+        hash = (37 * hash) + NOT_BEFORE_TIME_FIELD_NUMBER;
+        hash = (53 * hash) + getNotBeforeTime().hashCode();
+      }
+      if (hasNotAfterTime()) {
+        hash = (37 * hash) + NOT_AFTER_TIME_FIELD_NUMBER;
+        hash = (53 * hash) + getNotAfterTime().hashCode();
+      }
+      hash = (29 * hash) + unknownFields.hashCode();
+      memoizedHashCode = hash;
+      return hash;
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription
+        parseFrom(java.nio.ByteBuffer data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription
+        parseFrom(
+            java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription
+        parseFrom(com.google.protobuf.ByteString data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription
+        parseFrom(
+            com.google.protobuf.ByteString data,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription
+        parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription
+        parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription
+        parseFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription
+        parseFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription
+        parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription
+        parseDelimitedFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription
+        parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription
+        parseFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    @java.lang.Override
+    public Builder newBuilderForType() {
+      return newBuilder();
+    }
+
+    public static Builder newBuilder() {
+      return DEFAULT_INSTANCE.toBuilder();
+    }
+
+    public static Builder newBuilder(
+        com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription
+            prototype) {
+      return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+    }
+
+    @java.lang.Override
+    public Builder toBuilder() {
+      return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+    }
+
+    @java.lang.Override
+    protected Builder newBuilderForType(
+        com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      Builder builder = new Builder(parent);
+      return builder;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * These values describe fields in an issued X.509 certificate such as the
+     * distinguished name, subject alternative names, serial number, and lifetime.
+     * </pre>
+     *
+     * Protobuf type {@code
+     * google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription}
+     */
+    public static final class Builder
+        extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+        implements
+        // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription)
+        com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescriptionOrBuilder {
+      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_CertificateDescription_SubjectDescription_descriptor;
+      }
+
+      @java.lang.Override
+      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+          internalGetFieldAccessorTable() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_CertificateDescription_SubjectDescription_fieldAccessorTable
+            .ensureFieldAccessorsInitialized(
+                com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription
+                    .class,
+                com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription
+                    .Builder.class);
+      }
+
+      // Construct using
+      // com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription.newBuilder()
+      private Builder() {
+        maybeForceBuilderInitialization();
+      }
+
+      private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+        super(parent);
+        maybeForceBuilderInitialization();
+      }
+
+      private void maybeForceBuilderInitialization() {
+        if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+      }
+
+      @java.lang.Override
+      public Builder clear() {
+        super.clear();
+        if (subjectBuilder_ == null) {
+          subject_ = null;
+        } else {
+          subject_ = null;
+          subjectBuilder_ = null;
+        }
+        if (subjectAltNameBuilder_ == null) {
+          subjectAltName_ = null;
+        } else {
+          subjectAltName_ = null;
+          subjectAltNameBuilder_ = null;
+        }
+        hexSerialNumber_ = "";
+
+        if (lifetimeBuilder_ == null) {
+          lifetime_ = null;
+        } else {
+          lifetime_ = null;
+          lifetimeBuilder_ = null;
+        }
+        if (notBeforeTimeBuilder_ == null) {
+          notBeforeTime_ = null;
+        } else {
+          notBeforeTime_ = null;
+          notBeforeTimeBuilder_ = null;
+        }
+        if (notAfterTimeBuilder_ == null) {
+          notAfterTime_ = null;
+        } else {
+          notAfterTime_ = null;
+          notAfterTimeBuilder_ = null;
+        }
+        return this;
+      }
+
+      @java.lang.Override
+      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_CertificateDescription_SubjectDescription_descriptor;
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription
+          getDefaultInstanceForType() {
+        return com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription
+            .getDefaultInstance();
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription
+          build() {
+        com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription result =
+            buildPartial();
+        if (!result.isInitialized()) {
+          throw newUninitializedMessageException(result);
+        }
+        return result;
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription
+          buildPartial() {
+        com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription result =
+            new com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription(
+                this);
+        if (subjectBuilder_ == null) {
+          result.subject_ = subject_;
+        } else {
+          result.subject_ = subjectBuilder_.build();
+        }
+        if (subjectAltNameBuilder_ == null) {
+          result.subjectAltName_ = subjectAltName_;
+        } else {
+          result.subjectAltName_ = subjectAltNameBuilder_.build();
+        }
+        result.hexSerialNumber_ = hexSerialNumber_;
+        if (lifetimeBuilder_ == null) {
+          result.lifetime_ = lifetime_;
+        } else {
+          result.lifetime_ = lifetimeBuilder_.build();
+        }
+        if (notBeforeTimeBuilder_ == null) {
+          result.notBeforeTime_ = notBeforeTime_;
+        } else {
+          result.notBeforeTime_ = notBeforeTimeBuilder_.build();
+        }
+        if (notAfterTimeBuilder_ == null) {
+          result.notAfterTime_ = notAfterTime_;
+        } else {
+          result.notAfterTime_ = notAfterTimeBuilder_.build();
+        }
+        onBuilt();
+        return result;
+      }
+
+      @java.lang.Override
+      public Builder clone() {
+        return super.clone();
+      }
+
+      @java.lang.Override
+      public Builder setField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.setField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+        return super.clearField(field);
+      }
+
+      @java.lang.Override
+      public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+        return super.clearOneof(oneof);
+      }
+
+      @java.lang.Override
+      public Builder setRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field,
+          int index,
+          java.lang.Object value) {
+        return super.setRepeatedField(field, index, value);
+      }
+
+      @java.lang.Override
+      public Builder addRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.addRepeatedField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(com.google.protobuf.Message other) {
+        if (other
+            instanceof
+            com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription) {
+          return mergeFrom(
+              (com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription)
+                  other);
+        } else {
+          super.mergeFrom(other);
+          return this;
+        }
+      }
+
+      public Builder mergeFrom(
+          com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription other) {
+        if (other
+            == com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription
+                .getDefaultInstance()) return this;
+        if (other.hasSubject()) {
+          mergeSubject(other.getSubject());
+        }
+        if (other.hasSubjectAltName()) {
+          mergeSubjectAltName(other.getSubjectAltName());
+        }
+        if (!other.getHexSerialNumber().isEmpty()) {
+          hexSerialNumber_ = other.hexSerialNumber_;
+          onChanged();
+        }
+        if (other.hasLifetime()) {
+          mergeLifetime(other.getLifetime());
+        }
+        if (other.hasNotBeforeTime()) {
+          mergeNotBeforeTime(other.getNotBeforeTime());
+        }
+        if (other.hasNotAfterTime()) {
+          mergeNotAfterTime(other.getNotAfterTime());
+        }
+        this.mergeUnknownFields(other.unknownFields);
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final boolean isInitialized() {
+        return true;
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+        com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription
+            parsedMessage = null;
+        try {
+          parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+        } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+          parsedMessage =
+              (com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription)
+                  e.getUnfinishedMessage();
+          throw e.unwrapIOException();
+        } finally {
+          if (parsedMessage != null) {
+            mergeFrom(parsedMessage);
+          }
+        }
+        return this;
+      }
+
+      private com.google.cloud.security.privateca.v1.Subject subject_;
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.cloud.security.privateca.v1.Subject,
+              com.google.cloud.security.privateca.v1.Subject.Builder,
+              com.google.cloud.security.privateca.v1.SubjectOrBuilder>
+          subjectBuilder_;
+      /**
+       *
+       *
+       * <pre>
+       * Contains distinguished name fields such as the common name, location and
+       * / organization.
+       * </pre>
+       *
+       * <code>.google.cloud.security.privateca.v1.Subject subject = 1;</code>
+       *
+       * @return Whether the subject field is set.
+       */
+      public boolean hasSubject() {
+        return subjectBuilder_ != null || subject_ != null;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Contains distinguished name fields such as the common name, location and
+       * / organization.
+       * </pre>
+       *
+       * <code>.google.cloud.security.privateca.v1.Subject subject = 1;</code>
+       *
+       * @return The subject.
+       */
+      public com.google.cloud.security.privateca.v1.Subject getSubject() {
+        if (subjectBuilder_ == null) {
+          return subject_ == null
+              ? com.google.cloud.security.privateca.v1.Subject.getDefaultInstance()
+              : subject_;
+        } else {
+          return subjectBuilder_.getMessage();
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Contains distinguished name fields such as the common name, location and
+       * / organization.
+       * </pre>
+       *
+       * <code>.google.cloud.security.privateca.v1.Subject subject = 1;</code>
+       */
+      public Builder setSubject(com.google.cloud.security.privateca.v1.Subject value) {
+        if (subjectBuilder_ == null) {
+          if (value == null) {
+            throw new NullPointerException();
+          }
+          subject_ = value;
+          onChanged();
+        } else {
+          subjectBuilder_.setMessage(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Contains distinguished name fields such as the common name, location and
+       * / organization.
+       * </pre>
+       *
+       * <code>.google.cloud.security.privateca.v1.Subject subject = 1;</code>
+       */
+      public Builder setSubject(
+          com.google.cloud.security.privateca.v1.Subject.Builder builderForValue) {
+        if (subjectBuilder_ == null) {
+          subject_ = builderForValue.build();
+          onChanged();
+        } else {
+          subjectBuilder_.setMessage(builderForValue.build());
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Contains distinguished name fields such as the common name, location and
+       * / organization.
+       * </pre>
+       *
+       * <code>.google.cloud.security.privateca.v1.Subject subject = 1;</code>
+       */
+      public Builder mergeSubject(com.google.cloud.security.privateca.v1.Subject value) {
+        if (subjectBuilder_ == null) {
+          if (subject_ != null) {
+            subject_ =
+                com.google.cloud.security.privateca.v1.Subject.newBuilder(subject_)
+                    .mergeFrom(value)
+                    .buildPartial();
+          } else {
+            subject_ = value;
+          }
+          onChanged();
+        } else {
+          subjectBuilder_.mergeFrom(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Contains distinguished name fields such as the common name, location and
+       * / organization.
+       * </pre>
+       *
+       * <code>.google.cloud.security.privateca.v1.Subject subject = 1;</code>
+       */
+      public Builder clearSubject() {
+        if (subjectBuilder_ == null) {
+          subject_ = null;
+          onChanged();
+        } else {
+          subject_ = null;
+          subjectBuilder_ = null;
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Contains distinguished name fields such as the common name, location and
+       * / organization.
+       * </pre>
+       *
+       * <code>.google.cloud.security.privateca.v1.Subject subject = 1;</code>
+       */
+      public com.google.cloud.security.privateca.v1.Subject.Builder getSubjectBuilder() {
+
+        onChanged();
+        return getSubjectFieldBuilder().getBuilder();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Contains distinguished name fields such as the common name, location and
+       * / organization.
+       * </pre>
+       *
+       * <code>.google.cloud.security.privateca.v1.Subject subject = 1;</code>
+       */
+      public com.google.cloud.security.privateca.v1.SubjectOrBuilder getSubjectOrBuilder() {
+        if (subjectBuilder_ != null) {
+          return subjectBuilder_.getMessageOrBuilder();
+        } else {
+          return subject_ == null
+              ? com.google.cloud.security.privateca.v1.Subject.getDefaultInstance()
+              : subject_;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Contains distinguished name fields such as the common name, location and
+       * / organization.
+       * </pre>
+       *
+       * <code>.google.cloud.security.privateca.v1.Subject subject = 1;</code>
+       */
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.cloud.security.privateca.v1.Subject,
+              com.google.cloud.security.privateca.v1.Subject.Builder,
+              com.google.cloud.security.privateca.v1.SubjectOrBuilder>
+          getSubjectFieldBuilder() {
+        if (subjectBuilder_ == null) {
+          subjectBuilder_ =
+              new com.google.protobuf.SingleFieldBuilderV3<
+                  com.google.cloud.security.privateca.v1.Subject,
+                  com.google.cloud.security.privateca.v1.Subject.Builder,
+                  com.google.cloud.security.privateca.v1.SubjectOrBuilder>(
+                  getSubject(), getParentForChildren(), isClean());
+          subject_ = null;
+        }
+        return subjectBuilder_;
+      }
+
+      private com.google.cloud.security.privateca.v1.SubjectAltNames subjectAltName_;
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.cloud.security.privateca.v1.SubjectAltNames,
+              com.google.cloud.security.privateca.v1.SubjectAltNames.Builder,
+              com.google.cloud.security.privateca.v1.SubjectAltNamesOrBuilder>
+          subjectAltNameBuilder_;
+      /**
+       *
+       *
+       * <pre>
+       * The subject alternative name fields.
+       * </pre>
+       *
+       * <code>.google.cloud.security.privateca.v1.SubjectAltNames subject_alt_name = 2;</code>
+       *
+       * @return Whether the subjectAltName field is set.
+       */
+      public boolean hasSubjectAltName() {
+        return subjectAltNameBuilder_ != null || subjectAltName_ != null;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The subject alternative name fields.
+       * </pre>
+       *
+       * <code>.google.cloud.security.privateca.v1.SubjectAltNames subject_alt_name = 2;</code>
+       *
+       * @return The subjectAltName.
+       */
+      public com.google.cloud.security.privateca.v1.SubjectAltNames getSubjectAltName() {
+        if (subjectAltNameBuilder_ == null) {
+          return subjectAltName_ == null
+              ? com.google.cloud.security.privateca.v1.SubjectAltNames.getDefaultInstance()
+              : subjectAltName_;
+        } else {
+          return subjectAltNameBuilder_.getMessage();
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The subject alternative name fields.
+       * </pre>
+       *
+       * <code>.google.cloud.security.privateca.v1.SubjectAltNames subject_alt_name = 2;</code>
+       */
+      public Builder setSubjectAltName(
+          com.google.cloud.security.privateca.v1.SubjectAltNames value) {
+        if (subjectAltNameBuilder_ == null) {
+          if (value == null) {
+            throw new NullPointerException();
+          }
+          subjectAltName_ = value;
+          onChanged();
+        } else {
+          subjectAltNameBuilder_.setMessage(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The subject alternative name fields.
+       * </pre>
+       *
+       * <code>.google.cloud.security.privateca.v1.SubjectAltNames subject_alt_name = 2;</code>
+       */
+      public Builder setSubjectAltName(
+          com.google.cloud.security.privateca.v1.SubjectAltNames.Builder builderForValue) {
+        if (subjectAltNameBuilder_ == null) {
+          subjectAltName_ = builderForValue.build();
+          onChanged();
+        } else {
+          subjectAltNameBuilder_.setMessage(builderForValue.build());
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The subject alternative name fields.
+       * </pre>
+       *
+       * <code>.google.cloud.security.privateca.v1.SubjectAltNames subject_alt_name = 2;</code>
+       */
+      public Builder mergeSubjectAltName(
+          com.google.cloud.security.privateca.v1.SubjectAltNames value) {
+        if (subjectAltNameBuilder_ == null) {
+          if (subjectAltName_ != null) {
+            subjectAltName_ =
+                com.google.cloud.security.privateca.v1.SubjectAltNames.newBuilder(subjectAltName_)
+                    .mergeFrom(value)
+                    .buildPartial();
+          } else {
+            subjectAltName_ = value;
+          }
+          onChanged();
+        } else {
+          subjectAltNameBuilder_.mergeFrom(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The subject alternative name fields.
+       * </pre>
+       *
+       * <code>.google.cloud.security.privateca.v1.SubjectAltNames subject_alt_name = 2;</code>
+       */
+      public Builder clearSubjectAltName() {
+        if (subjectAltNameBuilder_ == null) {
+          subjectAltName_ = null;
+          onChanged();
+        } else {
+          subjectAltName_ = null;
+          subjectAltNameBuilder_ = null;
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The subject alternative name fields.
+       * </pre>
+       *
+       * <code>.google.cloud.security.privateca.v1.SubjectAltNames subject_alt_name = 2;</code>
+       */
+      public com.google.cloud.security.privateca.v1.SubjectAltNames.Builder
+          getSubjectAltNameBuilder() {
+
+        onChanged();
+        return getSubjectAltNameFieldBuilder().getBuilder();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The subject alternative name fields.
+       * </pre>
+       *
+       * <code>.google.cloud.security.privateca.v1.SubjectAltNames subject_alt_name = 2;</code>
+       */
+      public com.google.cloud.security.privateca.v1.SubjectAltNamesOrBuilder
+          getSubjectAltNameOrBuilder() {
+        if (subjectAltNameBuilder_ != null) {
+          return subjectAltNameBuilder_.getMessageOrBuilder();
+        } else {
+          return subjectAltName_ == null
+              ? com.google.cloud.security.privateca.v1.SubjectAltNames.getDefaultInstance()
+              : subjectAltName_;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The subject alternative name fields.
+       * </pre>
+       *
+       * <code>.google.cloud.security.privateca.v1.SubjectAltNames subject_alt_name = 2;</code>
+       */
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.cloud.security.privateca.v1.SubjectAltNames,
+              com.google.cloud.security.privateca.v1.SubjectAltNames.Builder,
+              com.google.cloud.security.privateca.v1.SubjectAltNamesOrBuilder>
+          getSubjectAltNameFieldBuilder() {
+        if (subjectAltNameBuilder_ == null) {
+          subjectAltNameBuilder_ =
+              new com.google.protobuf.SingleFieldBuilderV3<
+                  com.google.cloud.security.privateca.v1.SubjectAltNames,
+                  com.google.cloud.security.privateca.v1.SubjectAltNames.Builder,
+                  com.google.cloud.security.privateca.v1.SubjectAltNamesOrBuilder>(
+                  getSubjectAltName(), getParentForChildren(), isClean());
+          subjectAltName_ = null;
+        }
+        return subjectAltNameBuilder_;
+      }
+
+      private java.lang.Object hexSerialNumber_ = "";
+      /**
+       *
+       *
+       * <pre>
+       * The serial number encoded in lowercase hexadecimal.
+       * </pre>
+       *
+       * <code>string hex_serial_number = 3;</code>
+       *
+       * @return The hexSerialNumber.
+       */
+      public java.lang.String getHexSerialNumber() {
+        java.lang.Object ref = hexSerialNumber_;
+        if (!(ref instanceof java.lang.String)) {
+          com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+          java.lang.String s = bs.toStringUtf8();
+          hexSerialNumber_ = s;
+          return s;
+        } else {
+          return (java.lang.String) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The serial number encoded in lowercase hexadecimal.
+       * </pre>
+       *
+       * <code>string hex_serial_number = 3;</code>
+       *
+       * @return The bytes for hexSerialNumber.
+       */
+      public com.google.protobuf.ByteString getHexSerialNumberBytes() {
+        java.lang.Object ref = hexSerialNumber_;
+        if (ref instanceof String) {
+          com.google.protobuf.ByteString b =
+              com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+          hexSerialNumber_ = b;
+          return b;
+        } else {
+          return (com.google.protobuf.ByteString) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The serial number encoded in lowercase hexadecimal.
+       * </pre>
+       *
+       * <code>string hex_serial_number = 3;</code>
+       *
+       * @param value The hexSerialNumber to set.
+       * @return This builder for chaining.
+       */
+      public Builder setHexSerialNumber(java.lang.String value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+
+        hexSerialNumber_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The serial number encoded in lowercase hexadecimal.
+       * </pre>
+       *
+       * <code>string hex_serial_number = 3;</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearHexSerialNumber() {
+
+        hexSerialNumber_ = getDefaultInstance().getHexSerialNumber();
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The serial number encoded in lowercase hexadecimal.
+       * </pre>
+       *
+       * <code>string hex_serial_number = 3;</code>
+       *
+       * @param value The bytes for hexSerialNumber to set.
+       * @return This builder for chaining.
+       */
+      public Builder setHexSerialNumberBytes(com.google.protobuf.ByteString value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        checkByteStringIsUtf8(value);
+
+        hexSerialNumber_ = value;
+        onChanged();
+        return this;
+      }
+
+      private com.google.protobuf.Duration lifetime_;
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.protobuf.Duration,
+              com.google.protobuf.Duration.Builder,
+              com.google.protobuf.DurationOrBuilder>
+          lifetimeBuilder_;
+      /**
+       *
+       *
+       * <pre>
+       * For convenience, the actual lifetime of an issued certificate.
+       * Corresponds to 'not_after_time' - 'not_before_time'.
+       * </pre>
+       *
+       * <code>.google.protobuf.Duration lifetime = 4;</code>
+       *
+       * @return Whether the lifetime field is set.
+       */
+      public boolean hasLifetime() {
+        return lifetimeBuilder_ != null || lifetime_ != null;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * For convenience, the actual lifetime of an issued certificate.
+       * Corresponds to 'not_after_time' - 'not_before_time'.
+       * </pre>
+       *
+       * <code>.google.protobuf.Duration lifetime = 4;</code>
+       *
+       * @return The lifetime.
+       */
+      public com.google.protobuf.Duration getLifetime() {
+        if (lifetimeBuilder_ == null) {
+          return lifetime_ == null ? com.google.protobuf.Duration.getDefaultInstance() : lifetime_;
+        } else {
+          return lifetimeBuilder_.getMessage();
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * For convenience, the actual lifetime of an issued certificate.
+       * Corresponds to 'not_after_time' - 'not_before_time'.
+       * </pre>
+       *
+       * <code>.google.protobuf.Duration lifetime = 4;</code>
+       */
+      public Builder setLifetime(com.google.protobuf.Duration value) {
+        if (lifetimeBuilder_ == null) {
+          if (value == null) {
+            throw new NullPointerException();
+          }
+          lifetime_ = value;
+          onChanged();
+        } else {
+          lifetimeBuilder_.setMessage(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * For convenience, the actual lifetime of an issued certificate.
+       * Corresponds to 'not_after_time' - 'not_before_time'.
+       * </pre>
+       *
+       * <code>.google.protobuf.Duration lifetime = 4;</code>
+       */
+      public Builder setLifetime(com.google.protobuf.Duration.Builder builderForValue) {
+        if (lifetimeBuilder_ == null) {
+          lifetime_ = builderForValue.build();
+          onChanged();
+        } else {
+          lifetimeBuilder_.setMessage(builderForValue.build());
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * For convenience, the actual lifetime of an issued certificate.
+       * Corresponds to 'not_after_time' - 'not_before_time'.
+       * </pre>
+       *
+       * <code>.google.protobuf.Duration lifetime = 4;</code>
+       */
+      public Builder mergeLifetime(com.google.protobuf.Duration value) {
+        if (lifetimeBuilder_ == null) {
+          if (lifetime_ != null) {
+            lifetime_ =
+                com.google.protobuf.Duration.newBuilder(lifetime_).mergeFrom(value).buildPartial();
+          } else {
+            lifetime_ = value;
+          }
+          onChanged();
+        } else {
+          lifetimeBuilder_.mergeFrom(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * For convenience, the actual lifetime of an issued certificate.
+       * Corresponds to 'not_after_time' - 'not_before_time'.
+       * </pre>
+       *
+       * <code>.google.protobuf.Duration lifetime = 4;</code>
+       */
+      public Builder clearLifetime() {
+        if (lifetimeBuilder_ == null) {
+          lifetime_ = null;
+          onChanged();
+        } else {
+          lifetime_ = null;
+          lifetimeBuilder_ = null;
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * For convenience, the actual lifetime of an issued certificate.
+       * Corresponds to 'not_after_time' - 'not_before_time'.
+       * </pre>
+       *
+       * <code>.google.protobuf.Duration lifetime = 4;</code>
+       */
+      public com.google.protobuf.Duration.Builder getLifetimeBuilder() {
+
+        onChanged();
+        return getLifetimeFieldBuilder().getBuilder();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * For convenience, the actual lifetime of an issued certificate.
+       * Corresponds to 'not_after_time' - 'not_before_time'.
+       * </pre>
+       *
+       * <code>.google.protobuf.Duration lifetime = 4;</code>
+       */
+      public com.google.protobuf.DurationOrBuilder getLifetimeOrBuilder() {
+        if (lifetimeBuilder_ != null) {
+          return lifetimeBuilder_.getMessageOrBuilder();
+        } else {
+          return lifetime_ == null ? com.google.protobuf.Duration.getDefaultInstance() : lifetime_;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * For convenience, the actual lifetime of an issued certificate.
+       * Corresponds to 'not_after_time' - 'not_before_time'.
+       * </pre>
+       *
+       * <code>.google.protobuf.Duration lifetime = 4;</code>
+       */
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.protobuf.Duration,
+              com.google.protobuf.Duration.Builder,
+              com.google.protobuf.DurationOrBuilder>
+          getLifetimeFieldBuilder() {
+        if (lifetimeBuilder_ == null) {
+          lifetimeBuilder_ =
+              new com.google.protobuf.SingleFieldBuilderV3<
+                  com.google.protobuf.Duration,
+                  com.google.protobuf.Duration.Builder,
+                  com.google.protobuf.DurationOrBuilder>(
+                  getLifetime(), getParentForChildren(), isClean());
+          lifetime_ = null;
+        }
+        return lifetimeBuilder_;
+      }
+
+      private com.google.protobuf.Timestamp notBeforeTime_;
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.protobuf.Timestamp,
+              com.google.protobuf.Timestamp.Builder,
+              com.google.protobuf.TimestampOrBuilder>
+          notBeforeTimeBuilder_;
+      /**
+       *
+       *
+       * <pre>
+       * The time at which the certificate becomes valid.
+       * </pre>
+       *
+       * <code>.google.protobuf.Timestamp not_before_time = 5;</code>
+       *
+       * @return Whether the notBeforeTime field is set.
+       */
+      public boolean hasNotBeforeTime() {
+        return notBeforeTimeBuilder_ != null || notBeforeTime_ != null;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The time at which the certificate becomes valid.
+       * </pre>
+       *
+       * <code>.google.protobuf.Timestamp not_before_time = 5;</code>
+       *
+       * @return The notBeforeTime.
+       */
+      public com.google.protobuf.Timestamp getNotBeforeTime() {
+        if (notBeforeTimeBuilder_ == null) {
+          return notBeforeTime_ == null
+              ? com.google.protobuf.Timestamp.getDefaultInstance()
+              : notBeforeTime_;
+        } else {
+          return notBeforeTimeBuilder_.getMessage();
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The time at which the certificate becomes valid.
+       * </pre>
+       *
+       * <code>.google.protobuf.Timestamp not_before_time = 5;</code>
+       */
+      public Builder setNotBeforeTime(com.google.protobuf.Timestamp value) {
+        if (notBeforeTimeBuilder_ == null) {
+          if (value == null) {
+            throw new NullPointerException();
+          }
+          notBeforeTime_ = value;
+          onChanged();
+        } else {
+          notBeforeTimeBuilder_.setMessage(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The time at which the certificate becomes valid.
+       * </pre>
+       *
+       * <code>.google.protobuf.Timestamp not_before_time = 5;</code>
+       */
+      public Builder setNotBeforeTime(com.google.protobuf.Timestamp.Builder builderForValue) {
+        if (notBeforeTimeBuilder_ == null) {
+          notBeforeTime_ = builderForValue.build();
+          onChanged();
+        } else {
+          notBeforeTimeBuilder_.setMessage(builderForValue.build());
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The time at which the certificate becomes valid.
+       * </pre>
+       *
+       * <code>.google.protobuf.Timestamp not_before_time = 5;</code>
+       */
+      public Builder mergeNotBeforeTime(com.google.protobuf.Timestamp value) {
+        if (notBeforeTimeBuilder_ == null) {
+          if (notBeforeTime_ != null) {
+            notBeforeTime_ =
+                com.google.protobuf.Timestamp.newBuilder(notBeforeTime_)
+                    .mergeFrom(value)
+                    .buildPartial();
+          } else {
+            notBeforeTime_ = value;
+          }
+          onChanged();
+        } else {
+          notBeforeTimeBuilder_.mergeFrom(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The time at which the certificate becomes valid.
+       * </pre>
+       *
+       * <code>.google.protobuf.Timestamp not_before_time = 5;</code>
+       */
+      public Builder clearNotBeforeTime() {
+        if (notBeforeTimeBuilder_ == null) {
+          notBeforeTime_ = null;
+          onChanged();
+        } else {
+          notBeforeTime_ = null;
+          notBeforeTimeBuilder_ = null;
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The time at which the certificate becomes valid.
+       * </pre>
+       *
+       * <code>.google.protobuf.Timestamp not_before_time = 5;</code>
+       */
+      public com.google.protobuf.Timestamp.Builder getNotBeforeTimeBuilder() {
+
+        onChanged();
+        return getNotBeforeTimeFieldBuilder().getBuilder();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The time at which the certificate becomes valid.
+       * </pre>
+       *
+       * <code>.google.protobuf.Timestamp not_before_time = 5;</code>
+       */
+      public com.google.protobuf.TimestampOrBuilder getNotBeforeTimeOrBuilder() {
+        if (notBeforeTimeBuilder_ != null) {
+          return notBeforeTimeBuilder_.getMessageOrBuilder();
+        } else {
+          return notBeforeTime_ == null
+              ? com.google.protobuf.Timestamp.getDefaultInstance()
+              : notBeforeTime_;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The time at which the certificate becomes valid.
+       * </pre>
+       *
+       * <code>.google.protobuf.Timestamp not_before_time = 5;</code>
+       */
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.protobuf.Timestamp,
+              com.google.protobuf.Timestamp.Builder,
+              com.google.protobuf.TimestampOrBuilder>
+          getNotBeforeTimeFieldBuilder() {
+        if (notBeforeTimeBuilder_ == null) {
+          notBeforeTimeBuilder_ =
+              new com.google.protobuf.SingleFieldBuilderV3<
+                  com.google.protobuf.Timestamp,
+                  com.google.protobuf.Timestamp.Builder,
+                  com.google.protobuf.TimestampOrBuilder>(
+                  getNotBeforeTime(), getParentForChildren(), isClean());
+          notBeforeTime_ = null;
+        }
+        return notBeforeTimeBuilder_;
+      }
+
+      private com.google.protobuf.Timestamp notAfterTime_;
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.protobuf.Timestamp,
+              com.google.protobuf.Timestamp.Builder,
+              com.google.protobuf.TimestampOrBuilder>
+          notAfterTimeBuilder_;
+      /**
+       *
+       *
+       * <pre>
+       * The time at which the certificate expires.
+       * </pre>
+       *
+       * <code>.google.protobuf.Timestamp not_after_time = 6;</code>
+       *
+       * @return Whether the notAfterTime field is set.
+       */
+      public boolean hasNotAfterTime() {
+        return notAfterTimeBuilder_ != null || notAfterTime_ != null;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The time at which the certificate expires.
+       * </pre>
+       *
+       * <code>.google.protobuf.Timestamp not_after_time = 6;</code>
+       *
+       * @return The notAfterTime.
+       */
+      public com.google.protobuf.Timestamp getNotAfterTime() {
+        if (notAfterTimeBuilder_ == null) {
+          return notAfterTime_ == null
+              ? com.google.protobuf.Timestamp.getDefaultInstance()
+              : notAfterTime_;
+        } else {
+          return notAfterTimeBuilder_.getMessage();
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The time at which the certificate expires.
+       * </pre>
+       *
+       * <code>.google.protobuf.Timestamp not_after_time = 6;</code>
+       */
+      public Builder setNotAfterTime(com.google.protobuf.Timestamp value) {
+        if (notAfterTimeBuilder_ == null) {
+          if (value == null) {
+            throw new NullPointerException();
+          }
+          notAfterTime_ = value;
+          onChanged();
+        } else {
+          notAfterTimeBuilder_.setMessage(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The time at which the certificate expires.
+       * </pre>
+       *
+       * <code>.google.protobuf.Timestamp not_after_time = 6;</code>
+       */
+      public Builder setNotAfterTime(com.google.protobuf.Timestamp.Builder builderForValue) {
+        if (notAfterTimeBuilder_ == null) {
+          notAfterTime_ = builderForValue.build();
+          onChanged();
+        } else {
+          notAfterTimeBuilder_.setMessage(builderForValue.build());
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The time at which the certificate expires.
+       * </pre>
+       *
+       * <code>.google.protobuf.Timestamp not_after_time = 6;</code>
+       */
+      public Builder mergeNotAfterTime(com.google.protobuf.Timestamp value) {
+        if (notAfterTimeBuilder_ == null) {
+          if (notAfterTime_ != null) {
+            notAfterTime_ =
+                com.google.protobuf.Timestamp.newBuilder(notAfterTime_)
+                    .mergeFrom(value)
+                    .buildPartial();
+          } else {
+            notAfterTime_ = value;
+          }
+          onChanged();
+        } else {
+          notAfterTimeBuilder_.mergeFrom(value);
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The time at which the certificate expires.
+       * </pre>
+       *
+       * <code>.google.protobuf.Timestamp not_after_time = 6;</code>
+       */
+      public Builder clearNotAfterTime() {
+        if (notAfterTimeBuilder_ == null) {
+          notAfterTime_ = null;
+          onChanged();
+        } else {
+          notAfterTime_ = null;
+          notAfterTimeBuilder_ = null;
+        }
+
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The time at which the certificate expires.
+       * </pre>
+       *
+       * <code>.google.protobuf.Timestamp not_after_time = 6;</code>
+       */
+      public com.google.protobuf.Timestamp.Builder getNotAfterTimeBuilder() {
+
+        onChanged();
+        return getNotAfterTimeFieldBuilder().getBuilder();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The time at which the certificate expires.
+       * </pre>
+       *
+       * <code>.google.protobuf.Timestamp not_after_time = 6;</code>
+       */
+      public com.google.protobuf.TimestampOrBuilder getNotAfterTimeOrBuilder() {
+        if (notAfterTimeBuilder_ != null) {
+          return notAfterTimeBuilder_.getMessageOrBuilder();
+        } else {
+          return notAfterTime_ == null
+              ? com.google.protobuf.Timestamp.getDefaultInstance()
+              : notAfterTime_;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The time at which the certificate expires.
+       * </pre>
+       *
+       * <code>.google.protobuf.Timestamp not_after_time = 6;</code>
+       */
+      private com.google.protobuf.SingleFieldBuilderV3<
+              com.google.protobuf.Timestamp,
+              com.google.protobuf.Timestamp.Builder,
+              com.google.protobuf.TimestampOrBuilder>
+          getNotAfterTimeFieldBuilder() {
+        if (notAfterTimeBuilder_ == null) {
+          notAfterTimeBuilder_ =
+              new com.google.protobuf.SingleFieldBuilderV3<
+                  com.google.protobuf.Timestamp,
+                  com.google.protobuf.Timestamp.Builder,
+                  com.google.protobuf.TimestampOrBuilder>(
+                  getNotAfterTime(), getParentForChildren(), isClean());
+          notAfterTime_ = null;
+        }
+        return notAfterTimeBuilder_;
+      }
+
+      @java.lang.Override
+      public final Builder setUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.setUnknownFields(unknownFields);
+      }
+
+      @java.lang.Override
+      public final Builder mergeUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.mergeUnknownFields(unknownFields);
+      }
+
+      // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription)
+    }
+
+    // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription)
+    private static final com.google.cloud.security.privateca.v1.CertificateDescription
+            .SubjectDescription
+        DEFAULT_INSTANCE;
+
+    static {
+      DEFAULT_INSTANCE =
+          new com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription();
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription
+        getDefaultInstance() {
+      return DEFAULT_INSTANCE;
+    }
+
+    private static final com.google.protobuf.Parser<SubjectDescription> PARSER =
+        new com.google.protobuf.AbstractParser<SubjectDescription>() {
+          @java.lang.Override
+          public SubjectDescription parsePartialFrom(
+              com.google.protobuf.CodedInputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+            return new SubjectDescription(input, extensionRegistry);
+          }
+        };
+
+    public static com.google.protobuf.Parser<SubjectDescription> parser() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Parser<SubjectDescription> getParserForType() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription
+        getDefaultInstanceForType() {
+      return DEFAULT_INSTANCE;
+    }
+  }
+
+  public interface KeyIdOrBuilder
+      extends
+      // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.CertificateDescription.KeyId)
+      com.google.protobuf.MessageOrBuilder {
+
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most
+     * likely the 160 bit SHA-1 hash of the public key.
+     * </pre>
+     *
+     * <code>string key_id = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The keyId.
+     */
+    java.lang.String getKeyId();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most
+     * likely the 160 bit SHA-1 hash of the public key.
+     * </pre>
+     *
+     * <code>string key_id = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for keyId.
+     */
+    com.google.protobuf.ByteString getKeyIdBytes();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * A KeyId identifies a specific public key, usually by hashing the public
+   * key.
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.CertificateDescription.KeyId}
+   */
+  public static final class KeyId extends com.google.protobuf.GeneratedMessageV3
+      implements
+      // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.CertificateDescription.KeyId)
+      KeyIdOrBuilder {
+    private static final long serialVersionUID = 0L;
+    // Use KeyId.newBuilder() to construct.
+    private KeyId(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+      super(builder);
+    }
+
+    private KeyId() {
+      keyId_ = "";
+    }
+
+    @java.lang.Override
+    @SuppressWarnings({"unused"})
+    protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+      return new KeyId();
+    }
+
+    @java.lang.Override
+    public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+      return this.unknownFields;
+    }
+
+    private KeyId(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      this();
+      if (extensionRegistry == null) {
+        throw new java.lang.NullPointerException();
+      }
+      com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+          com.google.protobuf.UnknownFieldSet.newBuilder();
+      try {
+        boolean done = false;
+        while (!done) {
+          int tag = input.readTag();
+          switch (tag) {
+            case 0:
+              done = true;
+              break;
+            case 10:
+              {
+                java.lang.String s = input.readStringRequireUtf8();
+
+                keyId_ = s;
+                break;
+              }
+            default:
+              {
+                if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                  done = true;
+                }
+                break;
+              }
+          }
+        }
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        throw e.setUnfinishedMessage(this);
+      } catch (java.io.IOException e) {
+        throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+      } finally {
+        this.unknownFields = unknownFields.build();
+        makeExtensionsImmutable();
+      }
+    }
+
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CertificateDescription_KeyId_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CertificateDescription_KeyId_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.CertificateDescription.KeyId.class,
+              com.google.cloud.security.privateca.v1.CertificateDescription.KeyId.Builder.class);
+    }
+
+    public static final int KEY_ID_FIELD_NUMBER = 1;
+    private volatile java.lang.Object keyId_;
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most
+     * likely the 160 bit SHA-1 hash of the public key.
+     * </pre>
+     *
+     * <code>string key_id = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The keyId.
+     */
+    @java.lang.Override
+    public java.lang.String getKeyId() {
+      java.lang.Object ref = keyId_;
+      if (ref instanceof java.lang.String) {
+        return (java.lang.String) ref;
+      } else {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        keyId_ = s;
+        return s;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most
+     * likely the 160 bit SHA-1 hash of the public key.
+     * </pre>
+     *
+     * <code>string key_id = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for keyId.
+     */
+    @java.lang.Override
+    public com.google.protobuf.ByteString getKeyIdBytes() {
+      java.lang.Object ref = keyId_;
+      if (ref instanceof java.lang.String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        keyId_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+
+    private byte memoizedIsInitialized = -1;
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      byte isInitialized = memoizedIsInitialized;
+      if (isInitialized == 1) return true;
+      if (isInitialized == 0) return false;
+
+      memoizedIsInitialized = 1;
+      return true;
+    }
+
+    @java.lang.Override
+    public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+      if (!getKeyIdBytes().isEmpty()) {
+        com.google.protobuf.GeneratedMessageV3.writeString(output, 1, keyId_);
+      }
+      unknownFields.writeTo(output);
+    }
+
+    @java.lang.Override
+    public int getSerializedSize() {
+      int size = memoizedSize;
+      if (size != -1) return size;
+
+      size = 0;
+      if (!getKeyIdBytes().isEmpty()) {
+        size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, keyId_);
+      }
+      size += unknownFields.getSerializedSize();
+      memoizedSize = size;
+      return size;
+    }
+
+    @java.lang.Override
+    public boolean equals(final java.lang.Object obj) {
+      if (obj == this) {
+        return true;
+      }
+      if (!(obj instanceof com.google.cloud.security.privateca.v1.CertificateDescription.KeyId)) {
+        return super.equals(obj);
+      }
+      com.google.cloud.security.privateca.v1.CertificateDescription.KeyId other =
+          (com.google.cloud.security.privateca.v1.CertificateDescription.KeyId) obj;
+
+      if (!getKeyId().equals(other.getKeyId())) return false;
+      if (!unknownFields.equals(other.unknownFields)) return false;
+      return true;
+    }
+
+    @java.lang.Override
+    public int hashCode() {
+      if (memoizedHashCode != 0) {
+        return memoizedHashCode;
+      }
+      int hash = 41;
+      hash = (19 * hash) + getDescriptor().hashCode();
+      hash = (37 * hash) + KEY_ID_FIELD_NUMBER;
+      hash = (53 * hash) + getKeyId().hashCode();
+      hash = (29 * hash) + unknownFields.hashCode();
+      memoizedHashCode = hash;
+      return hash;
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateDescription.KeyId parseFrom(
+        java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateDescription.KeyId parseFrom(
+        java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateDescription.KeyId parseFrom(
+        com.google.protobuf.ByteString data)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateDescription.KeyId parseFrom(
+        com.google.protobuf.ByteString data,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateDescription.KeyId parseFrom(
+        byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateDescription.KeyId parseFrom(
+        byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateDescription.KeyId parseFrom(
+        java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateDescription.KeyId parseFrom(
+        java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateDescription.KeyId
+        parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateDescription.KeyId
+        parseDelimitedFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateDescription.KeyId parseFrom(
+        com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateDescription.KeyId parseFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    @java.lang.Override
+    public Builder newBuilderForType() {
+      return newBuilder();
+    }
+
+    public static Builder newBuilder() {
+      return DEFAULT_INSTANCE.toBuilder();
+    }
+
+    public static Builder newBuilder(
+        com.google.cloud.security.privateca.v1.CertificateDescription.KeyId prototype) {
+      return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+    }
+
+    @java.lang.Override
+    public Builder toBuilder() {
+      return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+    }
+
+    @java.lang.Override
+    protected Builder newBuilderForType(
+        com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      Builder builder = new Builder(parent);
+      return builder;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A KeyId identifies a specific public key, usually by hashing the public
+     * key.
+     * </pre>
+     *
+     * Protobuf type {@code google.cloud.security.privateca.v1.CertificateDescription.KeyId}
+     */
+    public static final class Builder
+        extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+        implements
+        // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.CertificateDescription.KeyId)
+        com.google.cloud.security.privateca.v1.CertificateDescription.KeyIdOrBuilder {
+      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_CertificateDescription_KeyId_descriptor;
+      }
+
+      @java.lang.Override
+      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+          internalGetFieldAccessorTable() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_CertificateDescription_KeyId_fieldAccessorTable
+            .ensureFieldAccessorsInitialized(
+                com.google.cloud.security.privateca.v1.CertificateDescription.KeyId.class,
+                com.google.cloud.security.privateca.v1.CertificateDescription.KeyId.Builder.class);
+      }
+
+      // Construct using
+      // com.google.cloud.security.privateca.v1.CertificateDescription.KeyId.newBuilder()
+      private Builder() {
+        maybeForceBuilderInitialization();
+      }
+
+      private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+        super(parent);
+        maybeForceBuilderInitialization();
+      }
+
+      private void maybeForceBuilderInitialization() {
+        if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+      }
+
+      @java.lang.Override
+      public Builder clear() {
+        super.clear();
+        keyId_ = "";
+
+        return this;
+      }
+
+      @java.lang.Override
+      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_CertificateDescription_KeyId_descriptor;
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.CertificateDescription.KeyId
+          getDefaultInstanceForType() {
+        return com.google.cloud.security.privateca.v1.CertificateDescription.KeyId
+            .getDefaultInstance();
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.CertificateDescription.KeyId build() {
+        com.google.cloud.security.privateca.v1.CertificateDescription.KeyId result = buildPartial();
+        if (!result.isInitialized()) {
+          throw newUninitializedMessageException(result);
+        }
+        return result;
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.CertificateDescription.KeyId buildPartial() {
+        com.google.cloud.security.privateca.v1.CertificateDescription.KeyId result =
+            new com.google.cloud.security.privateca.v1.CertificateDescription.KeyId(this);
+        result.keyId_ = keyId_;
+        onBuilt();
+        return result;
+      }
+
+      @java.lang.Override
+      public Builder clone() {
+        return super.clone();
+      }
+
+      @java.lang.Override
+      public Builder setField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.setField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+        return super.clearField(field);
+      }
+
+      @java.lang.Override
+      public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+        return super.clearOneof(oneof);
+      }
+
+      @java.lang.Override
+      public Builder setRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field,
+          int index,
+          java.lang.Object value) {
+        return super.setRepeatedField(field, index, value);
+      }
+
+      @java.lang.Override
+      public Builder addRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.addRepeatedField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(com.google.protobuf.Message other) {
+        if (other instanceof com.google.cloud.security.privateca.v1.CertificateDescription.KeyId) {
+          return mergeFrom(
+              (com.google.cloud.security.privateca.v1.CertificateDescription.KeyId) other);
+        } else {
+          super.mergeFrom(other);
+          return this;
+        }
+      }
+
+      public Builder mergeFrom(
+          com.google.cloud.security.privateca.v1.CertificateDescription.KeyId other) {
+        if (other
+            == com.google.cloud.security.privateca.v1.CertificateDescription.KeyId
+                .getDefaultInstance()) return this;
+        if (!other.getKeyId().isEmpty()) {
+          keyId_ = other.keyId_;
+          onChanged();
+        }
+        this.mergeUnknownFields(other.unknownFields);
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final boolean isInitialized() {
+        return true;
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+        com.google.cloud.security.privateca.v1.CertificateDescription.KeyId parsedMessage = null;
+        try {
+          parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+        } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+          parsedMessage =
+              (com.google.cloud.security.privateca.v1.CertificateDescription.KeyId)
+                  e.getUnfinishedMessage();
+          throw e.unwrapIOException();
+        } finally {
+          if (parsedMessage != null) {
+            mergeFrom(parsedMessage);
+          }
+        }
+        return this;
+      }
+
+      private java.lang.Object keyId_ = "";
+      /**
+       *
+       *
+       * <pre>
+       * Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most
+       * likely the 160 bit SHA-1 hash of the public key.
+       * </pre>
+       *
+       * <code>string key_id = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+       *
+       * @return The keyId.
+       */
+      public java.lang.String getKeyId() {
+        java.lang.Object ref = keyId_;
+        if (!(ref instanceof java.lang.String)) {
+          com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+          java.lang.String s = bs.toStringUtf8();
+          keyId_ = s;
+          return s;
+        } else {
+          return (java.lang.String) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most
+       * likely the 160 bit SHA-1 hash of the public key.
+       * </pre>
+       *
+       * <code>string key_id = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+       *
+       * @return The bytes for keyId.
+       */
+      public com.google.protobuf.ByteString getKeyIdBytes() {
+        java.lang.Object ref = keyId_;
+        if (ref instanceof String) {
+          com.google.protobuf.ByteString b =
+              com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+          keyId_ = b;
+          return b;
+        } else {
+          return (com.google.protobuf.ByteString) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most
+       * likely the 160 bit SHA-1 hash of the public key.
+       * </pre>
+       *
+       * <code>string key_id = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+       *
+       * @param value The keyId to set.
+       * @return This builder for chaining.
+       */
+      public Builder setKeyId(java.lang.String value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+
+        keyId_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most
+       * likely the 160 bit SHA-1 hash of the public key.
+       * </pre>
+       *
+       * <code>string key_id = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearKeyId() {
+
+        keyId_ = getDefaultInstance().getKeyId();
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most
+       * likely the 160 bit SHA-1 hash of the public key.
+       * </pre>
+       *
+       * <code>string key_id = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+       *
+       * @param value The bytes for keyId to set.
+       * @return This builder for chaining.
+       */
+      public Builder setKeyIdBytes(com.google.protobuf.ByteString value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        checkByteStringIsUtf8(value);
+
+        keyId_ = value;
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final Builder setUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.setUnknownFields(unknownFields);
+      }
+
+      @java.lang.Override
+      public final Builder mergeUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.mergeUnknownFields(unknownFields);
+      }
+
+      // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.CertificateDescription.KeyId)
+    }
+
+    // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.CertificateDescription.KeyId)
+    private static final com.google.cloud.security.privateca.v1.CertificateDescription.KeyId
+        DEFAULT_INSTANCE;
+
+    static {
+      DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.CertificateDescription.KeyId();
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateDescription.KeyId
+        getDefaultInstance() {
+      return DEFAULT_INSTANCE;
+    }
+
+    private static final com.google.protobuf.Parser<KeyId> PARSER =
+        new com.google.protobuf.AbstractParser<KeyId>() {
+          @java.lang.Override
+          public KeyId parsePartialFrom(
+              com.google.protobuf.CodedInputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+            return new KeyId(input, extensionRegistry);
+          }
+        };
+
+    public static com.google.protobuf.Parser<KeyId> parser() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Parser<KeyId> getParserForType() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CertificateDescription.KeyId
+        getDefaultInstanceForType() {
+      return DEFAULT_INSTANCE;
+    }
+  }
+
+  public interface CertificateFingerprintOrBuilder
+      extends
+      // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint)
+      com.google.protobuf.MessageOrBuilder {
+
+    /**
+     *
+     *
+     * <pre>
+     * The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
+     * </pre>
+     *
+     * <code>string sha256_hash = 1;</code>
+     *
+     * @return The sha256Hash.
+     */
+    java.lang.String getSha256Hash();
+    /**
+     *
+     *
+     * <pre>
+     * The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
+     * </pre>
+     *
+     * <code>string sha256_hash = 1;</code>
+     *
+     * @return The bytes for sha256Hash.
+     */
+    com.google.protobuf.ByteString getSha256HashBytes();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * A group of fingerprints for the x509 certificate.
+   * </pre>
+   *
+   * Protobuf type {@code
+   * google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint}
+   */
+  public static final class CertificateFingerprint extends com.google.protobuf.GeneratedMessageV3
+      implements
+      // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint)
+      CertificateFingerprintOrBuilder {
+    private static final long serialVersionUID = 0L;
+    // Use CertificateFingerprint.newBuilder() to construct.
+    private CertificateFingerprint(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+      super(builder);
+    }
+
+    private CertificateFingerprint() {
+      sha256Hash_ = "";
+    }
+
+    @java.lang.Override
+    @SuppressWarnings({"unused"})
+    protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+      return new CertificateFingerprint();
+    }
+
+    @java.lang.Override
+    public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+      return this.unknownFields;
+    }
+
+    private CertificateFingerprint(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      this();
+      if (extensionRegistry == null) {
+        throw new java.lang.NullPointerException();
+      }
+      com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+          com.google.protobuf.UnknownFieldSet.newBuilder();
+      try {
+        boolean done = false;
+        while (!done) {
+          int tag = input.readTag();
+          switch (tag) {
+            case 0:
+              done = true;
+              break;
+            case 10:
+              {
+                java.lang.String s = input.readStringRequireUtf8();
+
+                sha256Hash_ = s;
+                break;
+              }
+            default:
+              {
+                if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                  done = true;
+                }
+                break;
+              }
+          }
+        }
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        throw e.setUnfinishedMessage(this);
+      } catch (java.io.IOException e) {
+        throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+      } finally {
+        this.unknownFields = unknownFields.build();
+        makeExtensionsImmutable();
+      }
+    }
+
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CertificateDescription_CertificateFingerprint_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CertificateDescription_CertificateFingerprint_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint
+                  .class,
+              com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint
+                  .Builder.class);
+    }
+
+    public static final int SHA256_HASH_FIELD_NUMBER = 1;
+    private volatile java.lang.Object sha256Hash_;
+    /**
+     *
+     *
+     * <pre>
+     * The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
+     * </pre>
+     *
+     * <code>string sha256_hash = 1;</code>
+     *
+     * @return The sha256Hash.
+     */
+    @java.lang.Override
+    public java.lang.String getSha256Hash() {
+      java.lang.Object ref = sha256Hash_;
+      if (ref instanceof java.lang.String) {
+        return (java.lang.String) ref;
+      } else {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        sha256Hash_ = s;
+        return s;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
+     * </pre>
+     *
+     * <code>string sha256_hash = 1;</code>
+     *
+     * @return The bytes for sha256Hash.
+     */
+    @java.lang.Override
+    public com.google.protobuf.ByteString getSha256HashBytes() {
+      java.lang.Object ref = sha256Hash_;
+      if (ref instanceof java.lang.String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        sha256Hash_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+
+    private byte memoizedIsInitialized = -1;
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      byte isInitialized = memoizedIsInitialized;
+      if (isInitialized == 1) return true;
+      if (isInitialized == 0) return false;
+
+      memoizedIsInitialized = 1;
+      return true;
+    }
+
+    @java.lang.Override
+    public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+      if (!getSha256HashBytes().isEmpty()) {
+        com.google.protobuf.GeneratedMessageV3.writeString(output, 1, sha256Hash_);
+      }
+      unknownFields.writeTo(output);
+    }
+
+    @java.lang.Override
+    public int getSerializedSize() {
+      int size = memoizedSize;
+      if (size != -1) return size;
+
+      size = 0;
+      if (!getSha256HashBytes().isEmpty()) {
+        size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, sha256Hash_);
+      }
+      size += unknownFields.getSerializedSize();
+      memoizedSize = size;
+      return size;
+    }
+
+    @java.lang.Override
+    public boolean equals(final java.lang.Object obj) {
+      if (obj == this) {
+        return true;
+      }
+      if (!(obj
+          instanceof
+          com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint)) {
+        return super.equals(obj);
+      }
+      com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint other =
+          (com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint)
+              obj;
+
+      if (!getSha256Hash().equals(other.getSha256Hash())) return false;
+      if (!unknownFields.equals(other.unknownFields)) return false;
+      return true;
+    }
+
+    @java.lang.Override
+    public int hashCode() {
+      if (memoizedHashCode != 0) {
+        return memoizedHashCode;
+      }
+      int hash = 41;
+      hash = (19 * hash) + getDescriptor().hashCode();
+      hash = (37 * hash) + SHA256_HASH_FIELD_NUMBER;
+      hash = (53 * hash) + getSha256Hash().hashCode();
+      hash = (29 * hash) + unknownFields.hashCode();
+      memoizedHashCode = hash;
+      return hash;
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateDescription
+            .CertificateFingerprint
+        parseFrom(java.nio.ByteBuffer data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateDescription
+            .CertificateFingerprint
+        parseFrom(
+            java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateDescription
+            .CertificateFingerprint
+        parseFrom(com.google.protobuf.ByteString data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateDescription
+            .CertificateFingerprint
+        parseFrom(
+            com.google.protobuf.ByteString data,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateDescription
+            .CertificateFingerprint
+        parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateDescription
+            .CertificateFingerprint
+        parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateDescription
+            .CertificateFingerprint
+        parseFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateDescription
+            .CertificateFingerprint
+        parseFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateDescription
+            .CertificateFingerprint
+        parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateDescription
+            .CertificateFingerprint
+        parseDelimitedFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateDescription
+            .CertificateFingerprint
+        parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateDescription
+            .CertificateFingerprint
+        parseFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    @java.lang.Override
+    public Builder newBuilderForType() {
+      return newBuilder();
+    }
+
+    public static Builder newBuilder() {
+      return DEFAULT_INSTANCE.toBuilder();
+    }
+
+    public static Builder newBuilder(
+        com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint
+            prototype) {
+      return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+    }
+
+    @java.lang.Override
+    public Builder toBuilder() {
+      return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+    }
+
+    @java.lang.Override
+    protected Builder newBuilderForType(
+        com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      Builder builder = new Builder(parent);
+      return builder;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A group of fingerprints for the x509 certificate.
+     * </pre>
+     *
+     * Protobuf type {@code
+     * google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint}
+     */
+    public static final class Builder
+        extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+        implements
+        // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint)
+        com.google.cloud.security.privateca.v1.CertificateDescription
+            .CertificateFingerprintOrBuilder {
+      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_CertificateDescription_CertificateFingerprint_descriptor;
+      }
+
+      @java.lang.Override
+      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+          internalGetFieldAccessorTable() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_CertificateDescription_CertificateFingerprint_fieldAccessorTable
+            .ensureFieldAccessorsInitialized(
+                com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint
+                    .class,
+                com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint
+                    .Builder.class);
+      }
+
+      // Construct using
+      // com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint.newBuilder()
+      private Builder() {
+        maybeForceBuilderInitialization();
+      }
+
+      private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+        super(parent);
+        maybeForceBuilderInitialization();
+      }
+
+      private void maybeForceBuilderInitialization() {
+        if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+      }
+
+      @java.lang.Override
+      public Builder clear() {
+        super.clear();
+        sha256Hash_ = "";
+
+        return this;
+      }
+
+      @java.lang.Override
+      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_CertificateDescription_CertificateFingerprint_descriptor;
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint
+          getDefaultInstanceForType() {
+        return com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint
+            .getDefaultInstance();
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint
+          build() {
+        com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint
+            result = buildPartial();
+        if (!result.isInitialized()) {
+          throw newUninitializedMessageException(result);
+        }
+        return result;
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint
+          buildPartial() {
+        com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint
+            result =
+                new com.google.cloud.security.privateca.v1.CertificateDescription
+                    .CertificateFingerprint(this);
+        result.sha256Hash_ = sha256Hash_;
+        onBuilt();
+        return result;
+      }
+
+      @java.lang.Override
+      public Builder clone() {
+        return super.clone();
+      }
+
+      @java.lang.Override
+      public Builder setField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.setField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+        return super.clearField(field);
+      }
+
+      @java.lang.Override
+      public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+        return super.clearOneof(oneof);
+      }
+
+      @java.lang.Override
+      public Builder setRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field,
+          int index,
+          java.lang.Object value) {
+        return super.setRepeatedField(field, index, value);
+      }
+
+      @java.lang.Override
+      public Builder addRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.addRepeatedField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(com.google.protobuf.Message other) {
+        if (other
+            instanceof
+            com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint) {
+          return mergeFrom(
+              (com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint)
+                  other);
+        } else {
+          super.mergeFrom(other);
+          return this;
+        }
+      }
+
+      public Builder mergeFrom(
+          com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint
+              other) {
+        if (other
+            == com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint
+                .getDefaultInstance()) return this;
+        if (!other.getSha256Hash().isEmpty()) {
+          sha256Hash_ = other.sha256Hash_;
+          onChanged();
+        }
+        this.mergeUnknownFields(other.unknownFields);
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final boolean isInitialized() {
+        return true;
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+        com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint
+            parsedMessage = null;
+        try {
+          parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+        } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+          parsedMessage =
+              (com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint)
+                  e.getUnfinishedMessage();
+          throw e.unwrapIOException();
+        } finally {
+          if (parsedMessage != null) {
+            mergeFrom(parsedMessage);
+          }
+        }
+        return this;
+      }
+
+      private java.lang.Object sha256Hash_ = "";
+      /**
+       *
+       *
+       * <pre>
+       * The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
+       * </pre>
+       *
+       * <code>string sha256_hash = 1;</code>
+       *
+       * @return The sha256Hash.
+       */
+      public java.lang.String getSha256Hash() {
+        java.lang.Object ref = sha256Hash_;
+        if (!(ref instanceof java.lang.String)) {
+          com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+          java.lang.String s = bs.toStringUtf8();
+          sha256Hash_ = s;
+          return s;
+        } else {
+          return (java.lang.String) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
+       * </pre>
+       *
+       * <code>string sha256_hash = 1;</code>
+       *
+       * @return The bytes for sha256Hash.
+       */
+      public com.google.protobuf.ByteString getSha256HashBytes() {
+        java.lang.Object ref = sha256Hash_;
+        if (ref instanceof String) {
+          com.google.protobuf.ByteString b =
+              com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+          sha256Hash_ = b;
+          return b;
+        } else {
+          return (com.google.protobuf.ByteString) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
+       * </pre>
+       *
+       * <code>string sha256_hash = 1;</code>
+       *
+       * @param value The sha256Hash to set.
+       * @return This builder for chaining.
+       */
+      public Builder setSha256Hash(java.lang.String value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+
+        sha256Hash_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
+       * </pre>
+       *
+       * <code>string sha256_hash = 1;</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearSha256Hash() {
+
+        sha256Hash_ = getDefaultInstance().getSha256Hash();
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
+       * </pre>
+       *
+       * <code>string sha256_hash = 1;</code>
+       *
+       * @param value The bytes for sha256Hash to set.
+       * @return This builder for chaining.
+       */
+      public Builder setSha256HashBytes(com.google.protobuf.ByteString value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        checkByteStringIsUtf8(value);
+
+        sha256Hash_ = value;
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final Builder setUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.setUnknownFields(unknownFields);
+      }
+
+      @java.lang.Override
+      public final Builder mergeUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.mergeUnknownFields(unknownFields);
+      }
+
+      // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint)
+    }
+
+    // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint)
+    private static final com.google.cloud.security.privateca.v1.CertificateDescription
+            .CertificateFingerprint
+        DEFAULT_INSTANCE;
+
+    static {
+      DEFAULT_INSTANCE =
+          new com.google.cloud.security.privateca.v1.CertificateDescription
+              .CertificateFingerprint();
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateDescription
+            .CertificateFingerprint
+        getDefaultInstance() {
+      return DEFAULT_INSTANCE;
+    }
+
+    private static final com.google.protobuf.Parser<CertificateFingerprint> PARSER =
+        new com.google.protobuf.AbstractParser<CertificateFingerprint>() {
+          @java.lang.Override
+          public CertificateFingerprint parsePartialFrom(
+              com.google.protobuf.CodedInputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+            return new CertificateFingerprint(input, extensionRegistry);
+          }
+        };
+
+    public static com.google.protobuf.Parser<CertificateFingerprint> parser() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Parser<CertificateFingerprint> getParserForType() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint
+        getDefaultInstanceForType() {
+      return DEFAULT_INSTANCE;
+    }
+  }
+
+  public static final int SUBJECT_DESCRIPTION_FIELD_NUMBER = 1;
+  private com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription
+      subjectDescription_;
+  /**
+   *
+   *
+   * <pre>
+   * Describes some of the values in a certificate that are related to the
+   * subject and lifetime.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription subject_description = 1;
+   * </code>
+   *
+   * @return Whether the subjectDescription field is set.
+   */
+  @java.lang.Override
+  public boolean hasSubjectDescription() {
+    return subjectDescription_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Describes some of the values in a certificate that are related to the
+   * subject and lifetime.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription subject_description = 1;
+   * </code>
+   *
+   * @return The subjectDescription.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription
+      getSubjectDescription() {
+    return subjectDescription_ == null
+        ? com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription
+            .getDefaultInstance()
+        : subjectDescription_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Describes some of the values in a certificate that are related to the
+   * subject and lifetime.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription subject_description = 1;
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescriptionOrBuilder
+      getSubjectDescriptionOrBuilder() {
+    return getSubjectDescription();
+  }
+
+  public static final int X509_DESCRIPTION_FIELD_NUMBER = 2;
+  private com.google.cloud.security.privateca.v1.X509Parameters x509Description_;
+  /**
+   *
+   *
+   * <pre>
+   * Describes some of the technical X.509 fields in a certificate.
+   * </pre>
+   *
+   * <code>.google.cloud.security.privateca.v1.X509Parameters x509_description = 2;</code>
+   *
+   * @return Whether the x509Description field is set.
+   */
+  @java.lang.Override
+  public boolean hasX509Description() {
+    return x509Description_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Describes some of the technical X.509 fields in a certificate.
+   * </pre>
+   *
+   * <code>.google.cloud.security.privateca.v1.X509Parameters x509_description = 2;</code>
+   *
+   * @return The x509Description.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.X509Parameters getX509Description() {
+    return x509Description_ == null
+        ? com.google.cloud.security.privateca.v1.X509Parameters.getDefaultInstance()
+        : x509Description_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Describes some of the technical X.509 fields in a certificate.
+   * </pre>
+   *
+   * <code>.google.cloud.security.privateca.v1.X509Parameters x509_description = 2;</code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.X509ParametersOrBuilder
+      getX509DescriptionOrBuilder() {
+    return getX509Description();
+  }
+
+  public static final int PUBLIC_KEY_FIELD_NUMBER = 3;
+  private com.google.cloud.security.privateca.v1.PublicKey publicKey_;
+  /**
+   *
+   *
+   * <pre>
+   * The public key that corresponds to an issued certificate.
+   * </pre>
+   *
+   * <code>.google.cloud.security.privateca.v1.PublicKey public_key = 3;</code>
+   *
+   * @return Whether the publicKey field is set.
+   */
+  @java.lang.Override
+  public boolean hasPublicKey() {
+    return publicKey_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The public key that corresponds to an issued certificate.
+   * </pre>
+   *
+   * <code>.google.cloud.security.privateca.v1.PublicKey public_key = 3;</code>
+   *
+   * @return The publicKey.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.PublicKey getPublicKey() {
+    return publicKey_ == null
+        ? com.google.cloud.security.privateca.v1.PublicKey.getDefaultInstance()
+        : publicKey_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The public key that corresponds to an issued certificate.
+   * </pre>
+   *
+   * <code>.google.cloud.security.privateca.v1.PublicKey public_key = 3;</code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.PublicKeyOrBuilder getPublicKeyOrBuilder() {
+    return getPublicKey();
+  }
+
+  public static final int SUBJECT_KEY_ID_FIELD_NUMBER = 4;
+  private com.google.cloud.security.privateca.v1.CertificateDescription.KeyId subjectKeyId_;
+  /**
+   *
+   *
+   * <pre>
+   * Provides a means of identifiying certificates that contain a particular
+   * public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
+   * </pre>
+   *
+   * <code>.google.cloud.security.privateca.v1.CertificateDescription.KeyId subject_key_id = 4;
+   * </code>
+   *
+   * @return Whether the subjectKeyId field is set.
+   */
+  @java.lang.Override
+  public boolean hasSubjectKeyId() {
+    return subjectKeyId_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Provides a means of identifiying certificates that contain a particular
+   * public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
+   * </pre>
+   *
+   * <code>.google.cloud.security.privateca.v1.CertificateDescription.KeyId subject_key_id = 4;
+   * </code>
+   *
+   * @return The subjectKeyId.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateDescription.KeyId getSubjectKeyId() {
+    return subjectKeyId_ == null
+        ? com.google.cloud.security.privateca.v1.CertificateDescription.KeyId.getDefaultInstance()
+        : subjectKeyId_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Provides a means of identifiying certificates that contain a particular
+   * public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
+   * </pre>
+   *
+   * <code>.google.cloud.security.privateca.v1.CertificateDescription.KeyId subject_key_id = 4;
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateDescription.KeyIdOrBuilder
+      getSubjectKeyIdOrBuilder() {
+    return getSubjectKeyId();
+  }
+
+  public static final int AUTHORITY_KEY_ID_FIELD_NUMBER = 5;
+  private com.google.cloud.security.privateca.v1.CertificateDescription.KeyId authorityKeyId_;
+  /**
+   *
+   *
+   * <pre>
+   * Identifies the subject_key_id of the parent certificate, per
+   * https://tools.ietf.org/html/rfc5280#section-4.2.1.1
+   * </pre>
+   *
+   * <code>.google.cloud.security.privateca.v1.CertificateDescription.KeyId authority_key_id = 5;
+   * </code>
+   *
+   * @return Whether the authorityKeyId field is set.
+   */
+  @java.lang.Override
+  public boolean hasAuthorityKeyId() {
+    return authorityKeyId_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Identifies the subject_key_id of the parent certificate, per
+   * https://tools.ietf.org/html/rfc5280#section-4.2.1.1
+   * </pre>
+   *
+   * <code>.google.cloud.security.privateca.v1.CertificateDescription.KeyId authority_key_id = 5;
+   * </code>
+   *
+   * @return The authorityKeyId.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateDescription.KeyId getAuthorityKeyId() {
+    return authorityKeyId_ == null
+        ? com.google.cloud.security.privateca.v1.CertificateDescription.KeyId.getDefaultInstance()
+        : authorityKeyId_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Identifies the subject_key_id of the parent certificate, per
+   * https://tools.ietf.org/html/rfc5280#section-4.2.1.1
+   * </pre>
+   *
+   * <code>.google.cloud.security.privateca.v1.CertificateDescription.KeyId authority_key_id = 5;
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateDescription.KeyIdOrBuilder
+      getAuthorityKeyIdOrBuilder() {
+    return getAuthorityKeyId();
+  }
+
+  public static final int CRL_DISTRIBUTION_POINTS_FIELD_NUMBER = 6;
+  private com.google.protobuf.LazyStringList crlDistributionPoints_;
+  /**
+   *
+   *
+   * <pre>
+   * Describes a list of locations to obtain CRL information, i.e.
+   * the DistributionPoint.fullName described by
+   * https://tools.ietf.org/html/rfc5280#section-4.2.1.13
+   * </pre>
+   *
+   * <code>repeated string crl_distribution_points = 6;</code>
+   *
+   * @return A list containing the crlDistributionPoints.
+   */
+  public com.google.protobuf.ProtocolStringList getCrlDistributionPointsList() {
+    return crlDistributionPoints_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Describes a list of locations to obtain CRL information, i.e.
+   * the DistributionPoint.fullName described by
+   * https://tools.ietf.org/html/rfc5280#section-4.2.1.13
+   * </pre>
+   *
+   * <code>repeated string crl_distribution_points = 6;</code>
+   *
+   * @return The count of crlDistributionPoints.
+   */
+  public int getCrlDistributionPointsCount() {
+    return crlDistributionPoints_.size();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Describes a list of locations to obtain CRL information, i.e.
+   * the DistributionPoint.fullName described by
+   * https://tools.ietf.org/html/rfc5280#section-4.2.1.13
+   * </pre>
+   *
+   * <code>repeated string crl_distribution_points = 6;</code>
+   *
+   * @param index The index of the element to return.
+   * @return The crlDistributionPoints at the given index.
+   */
+  public java.lang.String getCrlDistributionPoints(int index) {
+    return crlDistributionPoints_.get(index);
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Describes a list of locations to obtain CRL information, i.e.
+   * the DistributionPoint.fullName described by
+   * https://tools.ietf.org/html/rfc5280#section-4.2.1.13
+   * </pre>
+   *
+   * <code>repeated string crl_distribution_points = 6;</code>
+   *
+   * @param index The index of the value to return.
+   * @return The bytes of the crlDistributionPoints at the given index.
+   */
+  public com.google.protobuf.ByteString getCrlDistributionPointsBytes(int index) {
+    return crlDistributionPoints_.getByteString(index);
+  }
+
+  public static final int AIA_ISSUING_CERTIFICATE_URLS_FIELD_NUMBER = 7;
+  private com.google.protobuf.LazyStringList aiaIssuingCertificateUrls_;
+  /**
+   *
+   *
+   * <pre>
+   * Describes lists of issuer CA certificate URLs that appear in the
+   * "Authority Information Access" extension in the certificate.
+   * </pre>
+   *
+   * <code>repeated string aia_issuing_certificate_urls = 7;</code>
+   *
+   * @return A list containing the aiaIssuingCertificateUrls.
+   */
+  public com.google.protobuf.ProtocolStringList getAiaIssuingCertificateUrlsList() {
+    return aiaIssuingCertificateUrls_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Describes lists of issuer CA certificate URLs that appear in the
+   * "Authority Information Access" extension in the certificate.
+   * </pre>
+   *
+   * <code>repeated string aia_issuing_certificate_urls = 7;</code>
+   *
+   * @return The count of aiaIssuingCertificateUrls.
+   */
+  public int getAiaIssuingCertificateUrlsCount() {
+    return aiaIssuingCertificateUrls_.size();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Describes lists of issuer CA certificate URLs that appear in the
+   * "Authority Information Access" extension in the certificate.
+   * </pre>
+   *
+   * <code>repeated string aia_issuing_certificate_urls = 7;</code>
+   *
+   * @param index The index of the element to return.
+   * @return The aiaIssuingCertificateUrls at the given index.
+   */
+  public java.lang.String getAiaIssuingCertificateUrls(int index) {
+    return aiaIssuingCertificateUrls_.get(index);
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Describes lists of issuer CA certificate URLs that appear in the
+   * "Authority Information Access" extension in the certificate.
+   * </pre>
+   *
+   * <code>repeated string aia_issuing_certificate_urls = 7;</code>
+   *
+   * @param index The index of the value to return.
+   * @return The bytes of the aiaIssuingCertificateUrls at the given index.
+   */
+  public com.google.protobuf.ByteString getAiaIssuingCertificateUrlsBytes(int index) {
+    return aiaIssuingCertificateUrls_.getByteString(index);
+  }
+
+  public static final int CERT_FINGERPRINT_FIELD_NUMBER = 8;
+  private com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint
+      certFingerprint_;
+  /**
+   *
+   *
+   * <pre>
+   * The hash of the x.509 certificate.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint cert_fingerprint = 8;
+   * </code>
+   *
+   * @return Whether the certFingerprint field is set.
+   */
+  @java.lang.Override
+  public boolean hasCertFingerprint() {
+    return certFingerprint_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The hash of the x.509 certificate.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint cert_fingerprint = 8;
+   * </code>
+   *
+   * @return The certFingerprint.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint
+      getCertFingerprint() {
+    return certFingerprint_ == null
+        ? com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint
+            .getDefaultInstance()
+        : certFingerprint_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The hash of the x.509 certificate.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint cert_fingerprint = 8;
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateDescription
+          .CertificateFingerprintOrBuilder
+      getCertFingerprintOrBuilder() {
+    return getCertFingerprint();
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (subjectDescription_ != null) {
+      output.writeMessage(1, getSubjectDescription());
+    }
+    if (x509Description_ != null) {
+      output.writeMessage(2, getX509Description());
+    }
+    if (publicKey_ != null) {
+      output.writeMessage(3, getPublicKey());
+    }
+    if (subjectKeyId_ != null) {
+      output.writeMessage(4, getSubjectKeyId());
+    }
+    if (authorityKeyId_ != null) {
+      output.writeMessage(5, getAuthorityKeyId());
+    }
+    for (int i = 0; i < crlDistributionPoints_.size(); i++) {
+      com.google.protobuf.GeneratedMessageV3.writeString(
+          output, 6, crlDistributionPoints_.getRaw(i));
+    }
+    for (int i = 0; i < aiaIssuingCertificateUrls_.size(); i++) {
+      com.google.protobuf.GeneratedMessageV3.writeString(
+          output, 7, aiaIssuingCertificateUrls_.getRaw(i));
+    }
+    if (certFingerprint_ != null) {
+      output.writeMessage(8, getCertFingerprint());
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (subjectDescription_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(1, getSubjectDescription());
+    }
+    if (x509Description_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(2, getX509Description());
+    }
+    if (publicKey_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(3, getPublicKey());
+    }
+    if (subjectKeyId_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(4, getSubjectKeyId());
+    }
+    if (authorityKeyId_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(5, getAuthorityKeyId());
+    }
+    {
+      int dataSize = 0;
+      for (int i = 0; i < crlDistributionPoints_.size(); i++) {
+        dataSize += computeStringSizeNoTag(crlDistributionPoints_.getRaw(i));
+      }
+      size += dataSize;
+      size += 1 * getCrlDistributionPointsList().size();
+    }
+    {
+      int dataSize = 0;
+      for (int i = 0; i < aiaIssuingCertificateUrls_.size(); i++) {
+        dataSize += computeStringSizeNoTag(aiaIssuingCertificateUrls_.getRaw(i));
+      }
+      size += dataSize;
+      size += 1 * getAiaIssuingCertificateUrlsList().size();
+    }
+    if (certFingerprint_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(8, getCertFingerprint());
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.security.privateca.v1.CertificateDescription)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.CertificateDescription other =
+        (com.google.cloud.security.privateca.v1.CertificateDescription) obj;
+
+    if (hasSubjectDescription() != other.hasSubjectDescription()) return false;
+    if (hasSubjectDescription()) {
+      if (!getSubjectDescription().equals(other.getSubjectDescription())) return false;
+    }
+    if (hasX509Description() != other.hasX509Description()) return false;
+    if (hasX509Description()) {
+      if (!getX509Description().equals(other.getX509Description())) return false;
+    }
+    if (hasPublicKey() != other.hasPublicKey()) return false;
+    if (hasPublicKey()) {
+      if (!getPublicKey().equals(other.getPublicKey())) return false;
+    }
+    if (hasSubjectKeyId() != other.hasSubjectKeyId()) return false;
+    if (hasSubjectKeyId()) {
+      if (!getSubjectKeyId().equals(other.getSubjectKeyId())) return false;
+    }
+    if (hasAuthorityKeyId() != other.hasAuthorityKeyId()) return false;
+    if (hasAuthorityKeyId()) {
+      if (!getAuthorityKeyId().equals(other.getAuthorityKeyId())) return false;
+    }
+    if (!getCrlDistributionPointsList().equals(other.getCrlDistributionPointsList())) return false;
+    if (!getAiaIssuingCertificateUrlsList().equals(other.getAiaIssuingCertificateUrlsList()))
+      return false;
+    if (hasCertFingerprint() != other.hasCertFingerprint()) return false;
+    if (hasCertFingerprint()) {
+      if (!getCertFingerprint().equals(other.getCertFingerprint())) return false;
+    }
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    if (hasSubjectDescription()) {
+      hash = (37 * hash) + SUBJECT_DESCRIPTION_FIELD_NUMBER;
+      hash = (53 * hash) + getSubjectDescription().hashCode();
+    }
+    if (hasX509Description()) {
+      hash = (37 * hash) + X509_DESCRIPTION_FIELD_NUMBER;
+      hash = (53 * hash) + getX509Description().hashCode();
+    }
+    if (hasPublicKey()) {
+      hash = (37 * hash) + PUBLIC_KEY_FIELD_NUMBER;
+      hash = (53 * hash) + getPublicKey().hashCode();
+    }
+    if (hasSubjectKeyId()) {
+      hash = (37 * hash) + SUBJECT_KEY_ID_FIELD_NUMBER;
+      hash = (53 * hash) + getSubjectKeyId().hashCode();
+    }
+    if (hasAuthorityKeyId()) {
+      hash = (37 * hash) + AUTHORITY_KEY_ID_FIELD_NUMBER;
+      hash = (53 * hash) + getAuthorityKeyId().hashCode();
+    }
+    if (getCrlDistributionPointsCount() > 0) {
+      hash = (37 * hash) + CRL_DISTRIBUTION_POINTS_FIELD_NUMBER;
+      hash = (53 * hash) + getCrlDistributionPointsList().hashCode();
+    }
+    if (getAiaIssuingCertificateUrlsCount() > 0) {
+      hash = (37 * hash) + AIA_ISSUING_CERTIFICATE_URLS_FIELD_NUMBER;
+      hash = (53 * hash) + getAiaIssuingCertificateUrlsList().hashCode();
+    }
+    if (hasCertFingerprint()) {
+      hash = (37 * hash) + CERT_FINGERPRINT_FIELD_NUMBER;
+      hash = (53 * hash) + getCertFingerprint().hashCode();
+    }
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateDescription parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateDescription parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateDescription parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateDescription parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateDescription parseFrom(byte[] data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateDescription parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateDescription parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateDescription parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateDescription parseDelimitedFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateDescription parseDelimitedFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateDescription parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateDescription parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.CertificateDescription prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * A [CertificateDescription][google.cloud.security.privateca.v1.CertificateDescription] describes an X.509 certificate or CSR that has
+   * been issued, as an alternative to using ASN.1 / X.509.
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.CertificateDescription}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.CertificateDescription)
+      com.google.cloud.security.privateca.v1.CertificateDescriptionOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CertificateDescription_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CertificateDescription_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.CertificateDescription.class,
+              com.google.cloud.security.privateca.v1.CertificateDescription.Builder.class);
+    }
+
+    // Construct using com.google.cloud.security.privateca.v1.CertificateDescription.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      if (subjectDescriptionBuilder_ == null) {
+        subjectDescription_ = null;
+      } else {
+        subjectDescription_ = null;
+        subjectDescriptionBuilder_ = null;
+      }
+      if (x509DescriptionBuilder_ == null) {
+        x509Description_ = null;
+      } else {
+        x509Description_ = null;
+        x509DescriptionBuilder_ = null;
+      }
+      if (publicKeyBuilder_ == null) {
+        publicKey_ = null;
+      } else {
+        publicKey_ = null;
+        publicKeyBuilder_ = null;
+      }
+      if (subjectKeyIdBuilder_ == null) {
+        subjectKeyId_ = null;
+      } else {
+        subjectKeyId_ = null;
+        subjectKeyIdBuilder_ = null;
+      }
+      if (authorityKeyIdBuilder_ == null) {
+        authorityKeyId_ = null;
+      } else {
+        authorityKeyId_ = null;
+        authorityKeyIdBuilder_ = null;
+      }
+      crlDistributionPoints_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000001);
+      aiaIssuingCertificateUrls_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000002);
+      if (certFingerprintBuilder_ == null) {
+        certFingerprint_ = null;
+      } else {
+        certFingerprint_ = null;
+        certFingerprintBuilder_ = null;
+      }
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CertificateDescription_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CertificateDescription
+        getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.CertificateDescription.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CertificateDescription build() {
+      com.google.cloud.security.privateca.v1.CertificateDescription result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CertificateDescription buildPartial() {
+      com.google.cloud.security.privateca.v1.CertificateDescription result =
+          new com.google.cloud.security.privateca.v1.CertificateDescription(this);
+      int from_bitField0_ = bitField0_;
+      if (subjectDescriptionBuilder_ == null) {
+        result.subjectDescription_ = subjectDescription_;
+      } else {
+        result.subjectDescription_ = subjectDescriptionBuilder_.build();
+      }
+      if (x509DescriptionBuilder_ == null) {
+        result.x509Description_ = x509Description_;
+      } else {
+        result.x509Description_ = x509DescriptionBuilder_.build();
+      }
+      if (publicKeyBuilder_ == null) {
+        result.publicKey_ = publicKey_;
+      } else {
+        result.publicKey_ = publicKeyBuilder_.build();
+      }
+      if (subjectKeyIdBuilder_ == null) {
+        result.subjectKeyId_ = subjectKeyId_;
+      } else {
+        result.subjectKeyId_ = subjectKeyIdBuilder_.build();
+      }
+      if (authorityKeyIdBuilder_ == null) {
+        result.authorityKeyId_ = authorityKeyId_;
+      } else {
+        result.authorityKeyId_ = authorityKeyIdBuilder_.build();
+      }
+      if (((bitField0_ & 0x00000001) != 0)) {
+        crlDistributionPoints_ = crlDistributionPoints_.getUnmodifiableView();
+        bitField0_ = (bitField0_ & ~0x00000001);
+      }
+      result.crlDistributionPoints_ = crlDistributionPoints_;
+      if (((bitField0_ & 0x00000002) != 0)) {
+        aiaIssuingCertificateUrls_ = aiaIssuingCertificateUrls_.getUnmodifiableView();
+        bitField0_ = (bitField0_ & ~0x00000002);
+      }
+      result.aiaIssuingCertificateUrls_ = aiaIssuingCertificateUrls_;
+      if (certFingerprintBuilder_ == null) {
+        result.certFingerprint_ = certFingerprint_;
+      } else {
+        result.certFingerprint_ = certFingerprintBuilder_.build();
+      }
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.security.privateca.v1.CertificateDescription) {
+        return mergeFrom((com.google.cloud.security.privateca.v1.CertificateDescription) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(com.google.cloud.security.privateca.v1.CertificateDescription other) {
+      if (other
+          == com.google.cloud.security.privateca.v1.CertificateDescription.getDefaultInstance())
+        return this;
+      if (other.hasSubjectDescription()) {
+        mergeSubjectDescription(other.getSubjectDescription());
+      }
+      if (other.hasX509Description()) {
+        mergeX509Description(other.getX509Description());
+      }
+      if (other.hasPublicKey()) {
+        mergePublicKey(other.getPublicKey());
+      }
+      if (other.hasSubjectKeyId()) {
+        mergeSubjectKeyId(other.getSubjectKeyId());
+      }
+      if (other.hasAuthorityKeyId()) {
+        mergeAuthorityKeyId(other.getAuthorityKeyId());
+      }
+      if (!other.crlDistributionPoints_.isEmpty()) {
+        if (crlDistributionPoints_.isEmpty()) {
+          crlDistributionPoints_ = other.crlDistributionPoints_;
+          bitField0_ = (bitField0_ & ~0x00000001);
+        } else {
+          ensureCrlDistributionPointsIsMutable();
+          crlDistributionPoints_.addAll(other.crlDistributionPoints_);
+        }
+        onChanged();
+      }
+      if (!other.aiaIssuingCertificateUrls_.isEmpty()) {
+        if (aiaIssuingCertificateUrls_.isEmpty()) {
+          aiaIssuingCertificateUrls_ = other.aiaIssuingCertificateUrls_;
+          bitField0_ = (bitField0_ & ~0x00000002);
+        } else {
+          ensureAiaIssuingCertificateUrlsIsMutable();
+          aiaIssuingCertificateUrls_.addAll(other.aiaIssuingCertificateUrls_);
+        }
+        onChanged();
+      }
+      if (other.hasCertFingerprint()) {
+        mergeCertFingerprint(other.getCertFingerprint());
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.CertificateDescription parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.CertificateDescription)
+                e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private int bitField0_;
+
+    private com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription
+        subjectDescription_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription,
+            com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription
+                .Builder,
+            com.google.cloud.security.privateca.v1.CertificateDescription
+                .SubjectDescriptionOrBuilder>
+        subjectDescriptionBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Describes some of the values in a certificate that are related to the
+     * subject and lifetime.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription subject_description = 1;
+     * </code>
+     *
+     * @return Whether the subjectDescription field is set.
+     */
+    public boolean hasSubjectDescription() {
+      return subjectDescriptionBuilder_ != null || subjectDescription_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes some of the values in a certificate that are related to the
+     * subject and lifetime.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription subject_description = 1;
+     * </code>
+     *
+     * @return The subjectDescription.
+     */
+    public com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription
+        getSubjectDescription() {
+      if (subjectDescriptionBuilder_ == null) {
+        return subjectDescription_ == null
+            ? com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription
+                .getDefaultInstance()
+            : subjectDescription_;
+      } else {
+        return subjectDescriptionBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes some of the values in a certificate that are related to the
+     * subject and lifetime.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription subject_description = 1;
+     * </code>
+     */
+    public Builder setSubjectDescription(
+        com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription value) {
+      if (subjectDescriptionBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        subjectDescription_ = value;
+        onChanged();
+      } else {
+        subjectDescriptionBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes some of the values in a certificate that are related to the
+     * subject and lifetime.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription subject_description = 1;
+     * </code>
+     */
+    public Builder setSubjectDescription(
+        com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription.Builder
+            builderForValue) {
+      if (subjectDescriptionBuilder_ == null) {
+        subjectDescription_ = builderForValue.build();
+        onChanged();
+      } else {
+        subjectDescriptionBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes some of the values in a certificate that are related to the
+     * subject and lifetime.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription subject_description = 1;
+     * </code>
+     */
+    public Builder mergeSubjectDescription(
+        com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription value) {
+      if (subjectDescriptionBuilder_ == null) {
+        if (subjectDescription_ != null) {
+          subjectDescription_ =
+              com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription
+                  .newBuilder(subjectDescription_)
+                  .mergeFrom(value)
+                  .buildPartial();
+        } else {
+          subjectDescription_ = value;
+        }
+        onChanged();
+      } else {
+        subjectDescriptionBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes some of the values in a certificate that are related to the
+     * subject and lifetime.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription subject_description = 1;
+     * </code>
+     */
+    public Builder clearSubjectDescription() {
+      if (subjectDescriptionBuilder_ == null) {
+        subjectDescription_ = null;
+        onChanged();
+      } else {
+        subjectDescription_ = null;
+        subjectDescriptionBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes some of the values in a certificate that are related to the
+     * subject and lifetime.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription subject_description = 1;
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription.Builder
+        getSubjectDescriptionBuilder() {
+
+      onChanged();
+      return getSubjectDescriptionFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes some of the values in a certificate that are related to the
+     * subject and lifetime.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription subject_description = 1;
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescriptionOrBuilder
+        getSubjectDescriptionOrBuilder() {
+      if (subjectDescriptionBuilder_ != null) {
+        return subjectDescriptionBuilder_.getMessageOrBuilder();
+      } else {
+        return subjectDescription_ == null
+            ? com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription
+                .getDefaultInstance()
+            : subjectDescription_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes some of the values in a certificate that are related to the
+     * subject and lifetime.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription subject_description = 1;
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription,
+            com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription
+                .Builder,
+            com.google.cloud.security.privateca.v1.CertificateDescription
+                .SubjectDescriptionOrBuilder>
+        getSubjectDescriptionFieldBuilder() {
+      if (subjectDescriptionBuilder_ == null) {
+        subjectDescriptionBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription,
+                com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription
+                    .Builder,
+                com.google.cloud.security.privateca.v1.CertificateDescription
+                    .SubjectDescriptionOrBuilder>(
+                getSubjectDescription(), getParentForChildren(), isClean());
+        subjectDescription_ = null;
+      }
+      return subjectDescriptionBuilder_;
+    }
+
+    private com.google.cloud.security.privateca.v1.X509Parameters x509Description_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.X509Parameters,
+            com.google.cloud.security.privateca.v1.X509Parameters.Builder,
+            com.google.cloud.security.privateca.v1.X509ParametersOrBuilder>
+        x509DescriptionBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Describes some of the technical X.509 fields in a certificate.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.X509Parameters x509_description = 2;</code>
+     *
+     * @return Whether the x509Description field is set.
+     */
+    public boolean hasX509Description() {
+      return x509DescriptionBuilder_ != null || x509Description_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes some of the technical X.509 fields in a certificate.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.X509Parameters x509_description = 2;</code>
+     *
+     * @return The x509Description.
+     */
+    public com.google.cloud.security.privateca.v1.X509Parameters getX509Description() {
+      if (x509DescriptionBuilder_ == null) {
+        return x509Description_ == null
+            ? com.google.cloud.security.privateca.v1.X509Parameters.getDefaultInstance()
+            : x509Description_;
+      } else {
+        return x509DescriptionBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes some of the technical X.509 fields in a certificate.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.X509Parameters x509_description = 2;</code>
+     */
+    public Builder setX509Description(com.google.cloud.security.privateca.v1.X509Parameters value) {
+      if (x509DescriptionBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        x509Description_ = value;
+        onChanged();
+      } else {
+        x509DescriptionBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes some of the technical X.509 fields in a certificate.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.X509Parameters x509_description = 2;</code>
+     */
+    public Builder setX509Description(
+        com.google.cloud.security.privateca.v1.X509Parameters.Builder builderForValue) {
+      if (x509DescriptionBuilder_ == null) {
+        x509Description_ = builderForValue.build();
+        onChanged();
+      } else {
+        x509DescriptionBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes some of the technical X.509 fields in a certificate.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.X509Parameters x509_description = 2;</code>
+     */
+    public Builder mergeX509Description(
+        com.google.cloud.security.privateca.v1.X509Parameters value) {
+      if (x509DescriptionBuilder_ == null) {
+        if (x509Description_ != null) {
+          x509Description_ =
+              com.google.cloud.security.privateca.v1.X509Parameters.newBuilder(x509Description_)
+                  .mergeFrom(value)
+                  .buildPartial();
+        } else {
+          x509Description_ = value;
+        }
+        onChanged();
+      } else {
+        x509DescriptionBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes some of the technical X.509 fields in a certificate.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.X509Parameters x509_description = 2;</code>
+     */
+    public Builder clearX509Description() {
+      if (x509DescriptionBuilder_ == null) {
+        x509Description_ = null;
+        onChanged();
+      } else {
+        x509Description_ = null;
+        x509DescriptionBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes some of the technical X.509 fields in a certificate.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.X509Parameters x509_description = 2;</code>
+     */
+    public com.google.cloud.security.privateca.v1.X509Parameters.Builder
+        getX509DescriptionBuilder() {
+
+      onChanged();
+      return getX509DescriptionFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes some of the technical X.509 fields in a certificate.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.X509Parameters x509_description = 2;</code>
+     */
+    public com.google.cloud.security.privateca.v1.X509ParametersOrBuilder
+        getX509DescriptionOrBuilder() {
+      if (x509DescriptionBuilder_ != null) {
+        return x509DescriptionBuilder_.getMessageOrBuilder();
+      } else {
+        return x509Description_ == null
+            ? com.google.cloud.security.privateca.v1.X509Parameters.getDefaultInstance()
+            : x509Description_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes some of the technical X.509 fields in a certificate.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.X509Parameters x509_description = 2;</code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.X509Parameters,
+            com.google.cloud.security.privateca.v1.X509Parameters.Builder,
+            com.google.cloud.security.privateca.v1.X509ParametersOrBuilder>
+        getX509DescriptionFieldBuilder() {
+      if (x509DescriptionBuilder_ == null) {
+        x509DescriptionBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.X509Parameters,
+                com.google.cloud.security.privateca.v1.X509Parameters.Builder,
+                com.google.cloud.security.privateca.v1.X509ParametersOrBuilder>(
+                getX509Description(), getParentForChildren(), isClean());
+        x509Description_ = null;
+      }
+      return x509DescriptionBuilder_;
+    }
+
+    private com.google.cloud.security.privateca.v1.PublicKey publicKey_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.PublicKey,
+            com.google.cloud.security.privateca.v1.PublicKey.Builder,
+            com.google.cloud.security.privateca.v1.PublicKeyOrBuilder>
+        publicKeyBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * The public key that corresponds to an issued certificate.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.PublicKey public_key = 3;</code>
+     *
+     * @return Whether the publicKey field is set.
+     */
+    public boolean hasPublicKey() {
+      return publicKeyBuilder_ != null || publicKey_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The public key that corresponds to an issued certificate.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.PublicKey public_key = 3;</code>
+     *
+     * @return The publicKey.
+     */
+    public com.google.cloud.security.privateca.v1.PublicKey getPublicKey() {
+      if (publicKeyBuilder_ == null) {
+        return publicKey_ == null
+            ? com.google.cloud.security.privateca.v1.PublicKey.getDefaultInstance()
+            : publicKey_;
+      } else {
+        return publicKeyBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The public key that corresponds to an issued certificate.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.PublicKey public_key = 3;</code>
+     */
+    public Builder setPublicKey(com.google.cloud.security.privateca.v1.PublicKey value) {
+      if (publicKeyBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        publicKey_ = value;
+        onChanged();
+      } else {
+        publicKeyBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The public key that corresponds to an issued certificate.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.PublicKey public_key = 3;</code>
+     */
+    public Builder setPublicKey(
+        com.google.cloud.security.privateca.v1.PublicKey.Builder builderForValue) {
+      if (publicKeyBuilder_ == null) {
+        publicKey_ = builderForValue.build();
+        onChanged();
+      } else {
+        publicKeyBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The public key that corresponds to an issued certificate.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.PublicKey public_key = 3;</code>
+     */
+    public Builder mergePublicKey(com.google.cloud.security.privateca.v1.PublicKey value) {
+      if (publicKeyBuilder_ == null) {
+        if (publicKey_ != null) {
+          publicKey_ =
+              com.google.cloud.security.privateca.v1.PublicKey.newBuilder(publicKey_)
+                  .mergeFrom(value)
+                  .buildPartial();
+        } else {
+          publicKey_ = value;
+        }
+        onChanged();
+      } else {
+        publicKeyBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The public key that corresponds to an issued certificate.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.PublicKey public_key = 3;</code>
+     */
+    public Builder clearPublicKey() {
+      if (publicKeyBuilder_ == null) {
+        publicKey_ = null;
+        onChanged();
+      } else {
+        publicKey_ = null;
+        publicKeyBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The public key that corresponds to an issued certificate.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.PublicKey public_key = 3;</code>
+     */
+    public com.google.cloud.security.privateca.v1.PublicKey.Builder getPublicKeyBuilder() {
+
+      onChanged();
+      return getPublicKeyFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The public key that corresponds to an issued certificate.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.PublicKey public_key = 3;</code>
+     */
+    public com.google.cloud.security.privateca.v1.PublicKeyOrBuilder getPublicKeyOrBuilder() {
+      if (publicKeyBuilder_ != null) {
+        return publicKeyBuilder_.getMessageOrBuilder();
+      } else {
+        return publicKey_ == null
+            ? com.google.cloud.security.privateca.v1.PublicKey.getDefaultInstance()
+            : publicKey_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The public key that corresponds to an issued certificate.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.PublicKey public_key = 3;</code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.PublicKey,
+            com.google.cloud.security.privateca.v1.PublicKey.Builder,
+            com.google.cloud.security.privateca.v1.PublicKeyOrBuilder>
+        getPublicKeyFieldBuilder() {
+      if (publicKeyBuilder_ == null) {
+        publicKeyBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.PublicKey,
+                com.google.cloud.security.privateca.v1.PublicKey.Builder,
+                com.google.cloud.security.privateca.v1.PublicKeyOrBuilder>(
+                getPublicKey(), getParentForChildren(), isClean());
+        publicKey_ = null;
+      }
+      return publicKeyBuilder_;
+    }
+
+    private com.google.cloud.security.privateca.v1.CertificateDescription.KeyId subjectKeyId_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateDescription.KeyId,
+            com.google.cloud.security.privateca.v1.CertificateDescription.KeyId.Builder,
+            com.google.cloud.security.privateca.v1.CertificateDescription.KeyIdOrBuilder>
+        subjectKeyIdBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Provides a means of identifiying certificates that contain a particular
+     * public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.CertificateDescription.KeyId subject_key_id = 4;
+     * </code>
+     *
+     * @return Whether the subjectKeyId field is set.
+     */
+    public boolean hasSubjectKeyId() {
+      return subjectKeyIdBuilder_ != null || subjectKeyId_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Provides a means of identifiying certificates that contain a particular
+     * public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.CertificateDescription.KeyId subject_key_id = 4;
+     * </code>
+     *
+     * @return The subjectKeyId.
+     */
+    public com.google.cloud.security.privateca.v1.CertificateDescription.KeyId getSubjectKeyId() {
+      if (subjectKeyIdBuilder_ == null) {
+        return subjectKeyId_ == null
+            ? com.google.cloud.security.privateca.v1.CertificateDescription.KeyId
+                .getDefaultInstance()
+            : subjectKeyId_;
+      } else {
+        return subjectKeyIdBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Provides a means of identifiying certificates that contain a particular
+     * public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.CertificateDescription.KeyId subject_key_id = 4;
+     * </code>
+     */
+    public Builder setSubjectKeyId(
+        com.google.cloud.security.privateca.v1.CertificateDescription.KeyId value) {
+      if (subjectKeyIdBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        subjectKeyId_ = value;
+        onChanged();
+      } else {
+        subjectKeyIdBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Provides a means of identifiying certificates that contain a particular
+     * public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.CertificateDescription.KeyId subject_key_id = 4;
+     * </code>
+     */
+    public Builder setSubjectKeyId(
+        com.google.cloud.security.privateca.v1.CertificateDescription.KeyId.Builder
+            builderForValue) {
+      if (subjectKeyIdBuilder_ == null) {
+        subjectKeyId_ = builderForValue.build();
+        onChanged();
+      } else {
+        subjectKeyIdBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Provides a means of identifiying certificates that contain a particular
+     * public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.CertificateDescription.KeyId subject_key_id = 4;
+     * </code>
+     */
+    public Builder mergeSubjectKeyId(
+        com.google.cloud.security.privateca.v1.CertificateDescription.KeyId value) {
+      if (subjectKeyIdBuilder_ == null) {
+        if (subjectKeyId_ != null) {
+          subjectKeyId_ =
+              com.google.cloud.security.privateca.v1.CertificateDescription.KeyId.newBuilder(
+                      subjectKeyId_)
+                  .mergeFrom(value)
+                  .buildPartial();
+        } else {
+          subjectKeyId_ = value;
+        }
+        onChanged();
+      } else {
+        subjectKeyIdBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Provides a means of identifiying certificates that contain a particular
+     * public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.CertificateDescription.KeyId subject_key_id = 4;
+     * </code>
+     */
+    public Builder clearSubjectKeyId() {
+      if (subjectKeyIdBuilder_ == null) {
+        subjectKeyId_ = null;
+        onChanged();
+      } else {
+        subjectKeyId_ = null;
+        subjectKeyIdBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Provides a means of identifiying certificates that contain a particular
+     * public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.CertificateDescription.KeyId subject_key_id = 4;
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateDescription.KeyId.Builder
+        getSubjectKeyIdBuilder() {
+
+      onChanged();
+      return getSubjectKeyIdFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Provides a means of identifiying certificates that contain a particular
+     * public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.CertificateDescription.KeyId subject_key_id = 4;
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateDescription.KeyIdOrBuilder
+        getSubjectKeyIdOrBuilder() {
+      if (subjectKeyIdBuilder_ != null) {
+        return subjectKeyIdBuilder_.getMessageOrBuilder();
+      } else {
+        return subjectKeyId_ == null
+            ? com.google.cloud.security.privateca.v1.CertificateDescription.KeyId
+                .getDefaultInstance()
+            : subjectKeyId_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Provides a means of identifiying certificates that contain a particular
+     * public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.CertificateDescription.KeyId subject_key_id = 4;
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateDescription.KeyId,
+            com.google.cloud.security.privateca.v1.CertificateDescription.KeyId.Builder,
+            com.google.cloud.security.privateca.v1.CertificateDescription.KeyIdOrBuilder>
+        getSubjectKeyIdFieldBuilder() {
+      if (subjectKeyIdBuilder_ == null) {
+        subjectKeyIdBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.CertificateDescription.KeyId,
+                com.google.cloud.security.privateca.v1.CertificateDescription.KeyId.Builder,
+                com.google.cloud.security.privateca.v1.CertificateDescription.KeyIdOrBuilder>(
+                getSubjectKeyId(), getParentForChildren(), isClean());
+        subjectKeyId_ = null;
+      }
+      return subjectKeyIdBuilder_;
+    }
+
+    private com.google.cloud.security.privateca.v1.CertificateDescription.KeyId authorityKeyId_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateDescription.KeyId,
+            com.google.cloud.security.privateca.v1.CertificateDescription.KeyId.Builder,
+            com.google.cloud.security.privateca.v1.CertificateDescription.KeyIdOrBuilder>
+        authorityKeyIdBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Identifies the subject_key_id of the parent certificate, per
+     * https://tools.ietf.org/html/rfc5280#section-4.2.1.1
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.CertificateDescription.KeyId authority_key_id = 5;
+     * </code>
+     *
+     * @return Whether the authorityKeyId field is set.
+     */
+    public boolean hasAuthorityKeyId() {
+      return authorityKeyIdBuilder_ != null || authorityKeyId_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Identifies the subject_key_id of the parent certificate, per
+     * https://tools.ietf.org/html/rfc5280#section-4.2.1.1
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.CertificateDescription.KeyId authority_key_id = 5;
+     * </code>
+     *
+     * @return The authorityKeyId.
+     */
+    public com.google.cloud.security.privateca.v1.CertificateDescription.KeyId getAuthorityKeyId() {
+      if (authorityKeyIdBuilder_ == null) {
+        return authorityKeyId_ == null
+            ? com.google.cloud.security.privateca.v1.CertificateDescription.KeyId
+                .getDefaultInstance()
+            : authorityKeyId_;
+      } else {
+        return authorityKeyIdBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Identifies the subject_key_id of the parent certificate, per
+     * https://tools.ietf.org/html/rfc5280#section-4.2.1.1
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.CertificateDescription.KeyId authority_key_id = 5;
+     * </code>
+     */
+    public Builder setAuthorityKeyId(
+        com.google.cloud.security.privateca.v1.CertificateDescription.KeyId value) {
+      if (authorityKeyIdBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        authorityKeyId_ = value;
+        onChanged();
+      } else {
+        authorityKeyIdBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Identifies the subject_key_id of the parent certificate, per
+     * https://tools.ietf.org/html/rfc5280#section-4.2.1.1
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.CertificateDescription.KeyId authority_key_id = 5;
+     * </code>
+     */
+    public Builder setAuthorityKeyId(
+        com.google.cloud.security.privateca.v1.CertificateDescription.KeyId.Builder
+            builderForValue) {
+      if (authorityKeyIdBuilder_ == null) {
+        authorityKeyId_ = builderForValue.build();
+        onChanged();
+      } else {
+        authorityKeyIdBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Identifies the subject_key_id of the parent certificate, per
+     * https://tools.ietf.org/html/rfc5280#section-4.2.1.1
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.CertificateDescription.KeyId authority_key_id = 5;
+     * </code>
+     */
+    public Builder mergeAuthorityKeyId(
+        com.google.cloud.security.privateca.v1.CertificateDescription.KeyId value) {
+      if (authorityKeyIdBuilder_ == null) {
+        if (authorityKeyId_ != null) {
+          authorityKeyId_ =
+              com.google.cloud.security.privateca.v1.CertificateDescription.KeyId.newBuilder(
+                      authorityKeyId_)
+                  .mergeFrom(value)
+                  .buildPartial();
+        } else {
+          authorityKeyId_ = value;
+        }
+        onChanged();
+      } else {
+        authorityKeyIdBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Identifies the subject_key_id of the parent certificate, per
+     * https://tools.ietf.org/html/rfc5280#section-4.2.1.1
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.CertificateDescription.KeyId authority_key_id = 5;
+     * </code>
+     */
+    public Builder clearAuthorityKeyId() {
+      if (authorityKeyIdBuilder_ == null) {
+        authorityKeyId_ = null;
+        onChanged();
+      } else {
+        authorityKeyId_ = null;
+        authorityKeyIdBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Identifies the subject_key_id of the parent certificate, per
+     * https://tools.ietf.org/html/rfc5280#section-4.2.1.1
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.CertificateDescription.KeyId authority_key_id = 5;
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateDescription.KeyId.Builder
+        getAuthorityKeyIdBuilder() {
+
+      onChanged();
+      return getAuthorityKeyIdFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Identifies the subject_key_id of the parent certificate, per
+     * https://tools.ietf.org/html/rfc5280#section-4.2.1.1
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.CertificateDescription.KeyId authority_key_id = 5;
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateDescription.KeyIdOrBuilder
+        getAuthorityKeyIdOrBuilder() {
+      if (authorityKeyIdBuilder_ != null) {
+        return authorityKeyIdBuilder_.getMessageOrBuilder();
+      } else {
+        return authorityKeyId_ == null
+            ? com.google.cloud.security.privateca.v1.CertificateDescription.KeyId
+                .getDefaultInstance()
+            : authorityKeyId_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Identifies the subject_key_id of the parent certificate, per
+     * https://tools.ietf.org/html/rfc5280#section-4.2.1.1
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.CertificateDescription.KeyId authority_key_id = 5;
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateDescription.KeyId,
+            com.google.cloud.security.privateca.v1.CertificateDescription.KeyId.Builder,
+            com.google.cloud.security.privateca.v1.CertificateDescription.KeyIdOrBuilder>
+        getAuthorityKeyIdFieldBuilder() {
+      if (authorityKeyIdBuilder_ == null) {
+        authorityKeyIdBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.CertificateDescription.KeyId,
+                com.google.cloud.security.privateca.v1.CertificateDescription.KeyId.Builder,
+                com.google.cloud.security.privateca.v1.CertificateDescription.KeyIdOrBuilder>(
+                getAuthorityKeyId(), getParentForChildren(), isClean());
+        authorityKeyId_ = null;
+      }
+      return authorityKeyIdBuilder_;
+    }
+
+    private com.google.protobuf.LazyStringList crlDistributionPoints_ =
+        com.google.protobuf.LazyStringArrayList.EMPTY;
+
+    private void ensureCrlDistributionPointsIsMutable() {
+      if (!((bitField0_ & 0x00000001) != 0)) {
+        crlDistributionPoints_ =
+            new com.google.protobuf.LazyStringArrayList(crlDistributionPoints_);
+        bitField0_ |= 0x00000001;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes a list of locations to obtain CRL information, i.e.
+     * the DistributionPoint.fullName described by
+     * https://tools.ietf.org/html/rfc5280#section-4.2.1.13
+     * </pre>
+     *
+     * <code>repeated string crl_distribution_points = 6;</code>
+     *
+     * @return A list containing the crlDistributionPoints.
+     */
+    public com.google.protobuf.ProtocolStringList getCrlDistributionPointsList() {
+      return crlDistributionPoints_.getUnmodifiableView();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes a list of locations to obtain CRL information, i.e.
+     * the DistributionPoint.fullName described by
+     * https://tools.ietf.org/html/rfc5280#section-4.2.1.13
+     * </pre>
+     *
+     * <code>repeated string crl_distribution_points = 6;</code>
+     *
+     * @return The count of crlDistributionPoints.
+     */
+    public int getCrlDistributionPointsCount() {
+      return crlDistributionPoints_.size();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes a list of locations to obtain CRL information, i.e.
+     * the DistributionPoint.fullName described by
+     * https://tools.ietf.org/html/rfc5280#section-4.2.1.13
+     * </pre>
+     *
+     * <code>repeated string crl_distribution_points = 6;</code>
+     *
+     * @param index The index of the element to return.
+     * @return The crlDistributionPoints at the given index.
+     */
+    public java.lang.String getCrlDistributionPoints(int index) {
+      return crlDistributionPoints_.get(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes a list of locations to obtain CRL information, i.e.
+     * the DistributionPoint.fullName described by
+     * https://tools.ietf.org/html/rfc5280#section-4.2.1.13
+     * </pre>
+     *
+     * <code>repeated string crl_distribution_points = 6;</code>
+     *
+     * @param index The index of the value to return.
+     * @return The bytes of the crlDistributionPoints at the given index.
+     */
+    public com.google.protobuf.ByteString getCrlDistributionPointsBytes(int index) {
+      return crlDistributionPoints_.getByteString(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes a list of locations to obtain CRL information, i.e.
+     * the DistributionPoint.fullName described by
+     * https://tools.ietf.org/html/rfc5280#section-4.2.1.13
+     * </pre>
+     *
+     * <code>repeated string crl_distribution_points = 6;</code>
+     *
+     * @param index The index to set the value at.
+     * @param value The crlDistributionPoints to set.
+     * @return This builder for chaining.
+     */
+    public Builder setCrlDistributionPoints(int index, java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensureCrlDistributionPointsIsMutable();
+      crlDistributionPoints_.set(index, value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes a list of locations to obtain CRL information, i.e.
+     * the DistributionPoint.fullName described by
+     * https://tools.ietf.org/html/rfc5280#section-4.2.1.13
+     * </pre>
+     *
+     * <code>repeated string crl_distribution_points = 6;</code>
+     *
+     * @param value The crlDistributionPoints to add.
+     * @return This builder for chaining.
+     */
+    public Builder addCrlDistributionPoints(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensureCrlDistributionPointsIsMutable();
+      crlDistributionPoints_.add(value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes a list of locations to obtain CRL information, i.e.
+     * the DistributionPoint.fullName described by
+     * https://tools.ietf.org/html/rfc5280#section-4.2.1.13
+     * </pre>
+     *
+     * <code>repeated string crl_distribution_points = 6;</code>
+     *
+     * @param values The crlDistributionPoints to add.
+     * @return This builder for chaining.
+     */
+    public Builder addAllCrlDistributionPoints(java.lang.Iterable<java.lang.String> values) {
+      ensureCrlDistributionPointsIsMutable();
+      com.google.protobuf.AbstractMessageLite.Builder.addAll(values, crlDistributionPoints_);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes a list of locations to obtain CRL information, i.e.
+     * the DistributionPoint.fullName described by
+     * https://tools.ietf.org/html/rfc5280#section-4.2.1.13
+     * </pre>
+     *
+     * <code>repeated string crl_distribution_points = 6;</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearCrlDistributionPoints() {
+      crlDistributionPoints_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000001);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes a list of locations to obtain CRL information, i.e.
+     * the DistributionPoint.fullName described by
+     * https://tools.ietf.org/html/rfc5280#section-4.2.1.13
+     * </pre>
+     *
+     * <code>repeated string crl_distribution_points = 6;</code>
+     *
+     * @param value The bytes of the crlDistributionPoints to add.
+     * @return This builder for chaining.
+     */
+    public Builder addCrlDistributionPointsBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+      ensureCrlDistributionPointsIsMutable();
+      crlDistributionPoints_.add(value);
+      onChanged();
+      return this;
+    }
+
+    private com.google.protobuf.LazyStringList aiaIssuingCertificateUrls_ =
+        com.google.protobuf.LazyStringArrayList.EMPTY;
+
+    private void ensureAiaIssuingCertificateUrlsIsMutable() {
+      if (!((bitField0_ & 0x00000002) != 0)) {
+        aiaIssuingCertificateUrls_ =
+            new com.google.protobuf.LazyStringArrayList(aiaIssuingCertificateUrls_);
+        bitField0_ |= 0x00000002;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes lists of issuer CA certificate URLs that appear in the
+     * "Authority Information Access" extension in the certificate.
+     * </pre>
+     *
+     * <code>repeated string aia_issuing_certificate_urls = 7;</code>
+     *
+     * @return A list containing the aiaIssuingCertificateUrls.
+     */
+    public com.google.protobuf.ProtocolStringList getAiaIssuingCertificateUrlsList() {
+      return aiaIssuingCertificateUrls_.getUnmodifiableView();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes lists of issuer CA certificate URLs that appear in the
+     * "Authority Information Access" extension in the certificate.
+     * </pre>
+     *
+     * <code>repeated string aia_issuing_certificate_urls = 7;</code>
+     *
+     * @return The count of aiaIssuingCertificateUrls.
+     */
+    public int getAiaIssuingCertificateUrlsCount() {
+      return aiaIssuingCertificateUrls_.size();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes lists of issuer CA certificate URLs that appear in the
+     * "Authority Information Access" extension in the certificate.
+     * </pre>
+     *
+     * <code>repeated string aia_issuing_certificate_urls = 7;</code>
+     *
+     * @param index The index of the element to return.
+     * @return The aiaIssuingCertificateUrls at the given index.
+     */
+    public java.lang.String getAiaIssuingCertificateUrls(int index) {
+      return aiaIssuingCertificateUrls_.get(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes lists of issuer CA certificate URLs that appear in the
+     * "Authority Information Access" extension in the certificate.
+     * </pre>
+     *
+     * <code>repeated string aia_issuing_certificate_urls = 7;</code>
+     *
+     * @param index The index of the value to return.
+     * @return The bytes of the aiaIssuingCertificateUrls at the given index.
+     */
+    public com.google.protobuf.ByteString getAiaIssuingCertificateUrlsBytes(int index) {
+      return aiaIssuingCertificateUrls_.getByteString(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes lists of issuer CA certificate URLs that appear in the
+     * "Authority Information Access" extension in the certificate.
+     * </pre>
+     *
+     * <code>repeated string aia_issuing_certificate_urls = 7;</code>
+     *
+     * @param index The index to set the value at.
+     * @param value The aiaIssuingCertificateUrls to set.
+     * @return This builder for chaining.
+     */
+    public Builder setAiaIssuingCertificateUrls(int index, java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensureAiaIssuingCertificateUrlsIsMutable();
+      aiaIssuingCertificateUrls_.set(index, value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes lists of issuer CA certificate URLs that appear in the
+     * "Authority Information Access" extension in the certificate.
+     * </pre>
+     *
+     * <code>repeated string aia_issuing_certificate_urls = 7;</code>
+     *
+     * @param value The aiaIssuingCertificateUrls to add.
+     * @return This builder for chaining.
+     */
+    public Builder addAiaIssuingCertificateUrls(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensureAiaIssuingCertificateUrlsIsMutable();
+      aiaIssuingCertificateUrls_.add(value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes lists of issuer CA certificate URLs that appear in the
+     * "Authority Information Access" extension in the certificate.
+     * </pre>
+     *
+     * <code>repeated string aia_issuing_certificate_urls = 7;</code>
+     *
+     * @param values The aiaIssuingCertificateUrls to add.
+     * @return This builder for chaining.
+     */
+    public Builder addAllAiaIssuingCertificateUrls(java.lang.Iterable<java.lang.String> values) {
+      ensureAiaIssuingCertificateUrlsIsMutable();
+      com.google.protobuf.AbstractMessageLite.Builder.addAll(values, aiaIssuingCertificateUrls_);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes lists of issuer CA certificate URLs that appear in the
+     * "Authority Information Access" extension in the certificate.
+     * </pre>
+     *
+     * <code>repeated string aia_issuing_certificate_urls = 7;</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearAiaIssuingCertificateUrls() {
+      aiaIssuingCertificateUrls_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000002);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes lists of issuer CA certificate URLs that appear in the
+     * "Authority Information Access" extension in the certificate.
+     * </pre>
+     *
+     * <code>repeated string aia_issuing_certificate_urls = 7;</code>
+     *
+     * @param value The bytes of the aiaIssuingCertificateUrls to add.
+     * @return This builder for chaining.
+     */
+    public Builder addAiaIssuingCertificateUrlsBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+      ensureAiaIssuingCertificateUrlsIsMutable();
+      aiaIssuingCertificateUrls_.add(value);
+      onChanged();
+      return this;
+    }
+
+    private com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint
+        certFingerprint_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint,
+            com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint
+                .Builder,
+            com.google.cloud.security.privateca.v1.CertificateDescription
+                .CertificateFingerprintOrBuilder>
+        certFingerprintBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * The hash of the x.509 certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint cert_fingerprint = 8;
+     * </code>
+     *
+     * @return Whether the certFingerprint field is set.
+     */
+    public boolean hasCertFingerprint() {
+      return certFingerprintBuilder_ != null || certFingerprint_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The hash of the x.509 certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint cert_fingerprint = 8;
+     * </code>
+     *
+     * @return The certFingerprint.
+     */
+    public com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint
+        getCertFingerprint() {
+      if (certFingerprintBuilder_ == null) {
+        return certFingerprint_ == null
+            ? com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint
+                .getDefaultInstance()
+            : certFingerprint_;
+      } else {
+        return certFingerprintBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The hash of the x.509 certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint cert_fingerprint = 8;
+     * </code>
+     */
+    public Builder setCertFingerprint(
+        com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint
+            value) {
+      if (certFingerprintBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        certFingerprint_ = value;
+        onChanged();
+      } else {
+        certFingerprintBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The hash of the x.509 certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint cert_fingerprint = 8;
+     * </code>
+     */
+    public Builder setCertFingerprint(
+        com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint.Builder
+            builderForValue) {
+      if (certFingerprintBuilder_ == null) {
+        certFingerprint_ = builderForValue.build();
+        onChanged();
+      } else {
+        certFingerprintBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The hash of the x.509 certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint cert_fingerprint = 8;
+     * </code>
+     */
+    public Builder mergeCertFingerprint(
+        com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint
+            value) {
+      if (certFingerprintBuilder_ == null) {
+        if (certFingerprint_ != null) {
+          certFingerprint_ =
+              com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint
+                  .newBuilder(certFingerprint_)
+                  .mergeFrom(value)
+                  .buildPartial();
+        } else {
+          certFingerprint_ = value;
+        }
+        onChanged();
+      } else {
+        certFingerprintBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The hash of the x.509 certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint cert_fingerprint = 8;
+     * </code>
+     */
+    public Builder clearCertFingerprint() {
+      if (certFingerprintBuilder_ == null) {
+        certFingerprint_ = null;
+        onChanged();
+      } else {
+        certFingerprint_ = null;
+        certFingerprintBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The hash of the x.509 certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint cert_fingerprint = 8;
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint
+            .Builder
+        getCertFingerprintBuilder() {
+
+      onChanged();
+      return getCertFingerprintFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The hash of the x.509 certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint cert_fingerprint = 8;
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateDescription
+            .CertificateFingerprintOrBuilder
+        getCertFingerprintOrBuilder() {
+      if (certFingerprintBuilder_ != null) {
+        return certFingerprintBuilder_.getMessageOrBuilder();
+      } else {
+        return certFingerprint_ == null
+            ? com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint
+                .getDefaultInstance()
+            : certFingerprint_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The hash of the x.509 certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint cert_fingerprint = 8;
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint,
+            com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint
+                .Builder,
+            com.google.cloud.security.privateca.v1.CertificateDescription
+                .CertificateFingerprintOrBuilder>
+        getCertFingerprintFieldBuilder() {
+      if (certFingerprintBuilder_ == null) {
+        certFingerprintBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.CertificateDescription
+                    .CertificateFingerprint,
+                com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint
+                    .Builder,
+                com.google.cloud.security.privateca.v1.CertificateDescription
+                    .CertificateFingerprintOrBuilder>(
+                getCertFingerprint(), getParentForChildren(), isClean());
+        certFingerprint_ = null;
+      }
+      return certFingerprintBuilder_;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.CertificateDescription)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.CertificateDescription)
+  private static final com.google.cloud.security.privateca.v1.CertificateDescription
+      DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.CertificateDescription();
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateDescription getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<CertificateDescription> PARSER =
+      new com.google.protobuf.AbstractParser<CertificateDescription>() {
+        @java.lang.Override
+        public CertificateDescription parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new CertificateDescription(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<CertificateDescription> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<CertificateDescription> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateDescription getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateDescriptionOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateDescriptionOrBuilder.java
new file mode 100644
index 00000000..882cc31e
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateDescriptionOrBuilder.java
@@ -0,0 +1,382 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/resources.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface CertificateDescriptionOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.CertificateDescription)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Describes some of the values in a certificate that are related to the
+   * subject and lifetime.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription subject_description = 1;
+   * </code>
+   *
+   * @return Whether the subjectDescription field is set.
+   */
+  boolean hasSubjectDescription();
+  /**
+   *
+   *
+   * <pre>
+   * Describes some of the values in a certificate that are related to the
+   * subject and lifetime.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription subject_description = 1;
+   * </code>
+   *
+   * @return The subjectDescription.
+   */
+  com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription
+      getSubjectDescription();
+  /**
+   *
+   *
+   * <pre>
+   * Describes some of the values in a certificate that are related to the
+   * subject and lifetime.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateDescription.SubjectDescription subject_description = 1;
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.CertificateDescription.SubjectDescriptionOrBuilder
+      getSubjectDescriptionOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Describes some of the technical X.509 fields in a certificate.
+   * </pre>
+   *
+   * <code>.google.cloud.security.privateca.v1.X509Parameters x509_description = 2;</code>
+   *
+   * @return Whether the x509Description field is set.
+   */
+  boolean hasX509Description();
+  /**
+   *
+   *
+   * <pre>
+   * Describes some of the technical X.509 fields in a certificate.
+   * </pre>
+   *
+   * <code>.google.cloud.security.privateca.v1.X509Parameters x509_description = 2;</code>
+   *
+   * @return The x509Description.
+   */
+  com.google.cloud.security.privateca.v1.X509Parameters getX509Description();
+  /**
+   *
+   *
+   * <pre>
+   * Describes some of the technical X.509 fields in a certificate.
+   * </pre>
+   *
+   * <code>.google.cloud.security.privateca.v1.X509Parameters x509_description = 2;</code>
+   */
+  com.google.cloud.security.privateca.v1.X509ParametersOrBuilder getX509DescriptionOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * The public key that corresponds to an issued certificate.
+   * </pre>
+   *
+   * <code>.google.cloud.security.privateca.v1.PublicKey public_key = 3;</code>
+   *
+   * @return Whether the publicKey field is set.
+   */
+  boolean hasPublicKey();
+  /**
+   *
+   *
+   * <pre>
+   * The public key that corresponds to an issued certificate.
+   * </pre>
+   *
+   * <code>.google.cloud.security.privateca.v1.PublicKey public_key = 3;</code>
+   *
+   * @return The publicKey.
+   */
+  com.google.cloud.security.privateca.v1.PublicKey getPublicKey();
+  /**
+   *
+   *
+   * <pre>
+   * The public key that corresponds to an issued certificate.
+   * </pre>
+   *
+   * <code>.google.cloud.security.privateca.v1.PublicKey public_key = 3;</code>
+   */
+  com.google.cloud.security.privateca.v1.PublicKeyOrBuilder getPublicKeyOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Provides a means of identifiying certificates that contain a particular
+   * public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
+   * </pre>
+   *
+   * <code>.google.cloud.security.privateca.v1.CertificateDescription.KeyId subject_key_id = 4;
+   * </code>
+   *
+   * @return Whether the subjectKeyId field is set.
+   */
+  boolean hasSubjectKeyId();
+  /**
+   *
+   *
+   * <pre>
+   * Provides a means of identifiying certificates that contain a particular
+   * public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
+   * </pre>
+   *
+   * <code>.google.cloud.security.privateca.v1.CertificateDescription.KeyId subject_key_id = 4;
+   * </code>
+   *
+   * @return The subjectKeyId.
+   */
+  com.google.cloud.security.privateca.v1.CertificateDescription.KeyId getSubjectKeyId();
+  /**
+   *
+   *
+   * <pre>
+   * Provides a means of identifiying certificates that contain a particular
+   * public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
+   * </pre>
+   *
+   * <code>.google.cloud.security.privateca.v1.CertificateDescription.KeyId subject_key_id = 4;
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.CertificateDescription.KeyIdOrBuilder
+      getSubjectKeyIdOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Identifies the subject_key_id of the parent certificate, per
+   * https://tools.ietf.org/html/rfc5280#section-4.2.1.1
+   * </pre>
+   *
+   * <code>.google.cloud.security.privateca.v1.CertificateDescription.KeyId authority_key_id = 5;
+   * </code>
+   *
+   * @return Whether the authorityKeyId field is set.
+   */
+  boolean hasAuthorityKeyId();
+  /**
+   *
+   *
+   * <pre>
+   * Identifies the subject_key_id of the parent certificate, per
+   * https://tools.ietf.org/html/rfc5280#section-4.2.1.1
+   * </pre>
+   *
+   * <code>.google.cloud.security.privateca.v1.CertificateDescription.KeyId authority_key_id = 5;
+   * </code>
+   *
+   * @return The authorityKeyId.
+   */
+  com.google.cloud.security.privateca.v1.CertificateDescription.KeyId getAuthorityKeyId();
+  /**
+   *
+   *
+   * <pre>
+   * Identifies the subject_key_id of the parent certificate, per
+   * https://tools.ietf.org/html/rfc5280#section-4.2.1.1
+   * </pre>
+   *
+   * <code>.google.cloud.security.privateca.v1.CertificateDescription.KeyId authority_key_id = 5;
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.CertificateDescription.KeyIdOrBuilder
+      getAuthorityKeyIdOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Describes a list of locations to obtain CRL information, i.e.
+   * the DistributionPoint.fullName described by
+   * https://tools.ietf.org/html/rfc5280#section-4.2.1.13
+   * </pre>
+   *
+   * <code>repeated string crl_distribution_points = 6;</code>
+   *
+   * @return A list containing the crlDistributionPoints.
+   */
+  java.util.List<java.lang.String> getCrlDistributionPointsList();
+  /**
+   *
+   *
+   * <pre>
+   * Describes a list of locations to obtain CRL information, i.e.
+   * the DistributionPoint.fullName described by
+   * https://tools.ietf.org/html/rfc5280#section-4.2.1.13
+   * </pre>
+   *
+   * <code>repeated string crl_distribution_points = 6;</code>
+   *
+   * @return The count of crlDistributionPoints.
+   */
+  int getCrlDistributionPointsCount();
+  /**
+   *
+   *
+   * <pre>
+   * Describes a list of locations to obtain CRL information, i.e.
+   * the DistributionPoint.fullName described by
+   * https://tools.ietf.org/html/rfc5280#section-4.2.1.13
+   * </pre>
+   *
+   * <code>repeated string crl_distribution_points = 6;</code>
+   *
+   * @param index The index of the element to return.
+   * @return The crlDistributionPoints at the given index.
+   */
+  java.lang.String getCrlDistributionPoints(int index);
+  /**
+   *
+   *
+   * <pre>
+   * Describes a list of locations to obtain CRL information, i.e.
+   * the DistributionPoint.fullName described by
+   * https://tools.ietf.org/html/rfc5280#section-4.2.1.13
+   * </pre>
+   *
+   * <code>repeated string crl_distribution_points = 6;</code>
+   *
+   * @param index The index of the value to return.
+   * @return The bytes of the crlDistributionPoints at the given index.
+   */
+  com.google.protobuf.ByteString getCrlDistributionPointsBytes(int index);
+
+  /**
+   *
+   *
+   * <pre>
+   * Describes lists of issuer CA certificate URLs that appear in the
+   * "Authority Information Access" extension in the certificate.
+   * </pre>
+   *
+   * <code>repeated string aia_issuing_certificate_urls = 7;</code>
+   *
+   * @return A list containing the aiaIssuingCertificateUrls.
+   */
+  java.util.List<java.lang.String> getAiaIssuingCertificateUrlsList();
+  /**
+   *
+   *
+   * <pre>
+   * Describes lists of issuer CA certificate URLs that appear in the
+   * "Authority Information Access" extension in the certificate.
+   * </pre>
+   *
+   * <code>repeated string aia_issuing_certificate_urls = 7;</code>
+   *
+   * @return The count of aiaIssuingCertificateUrls.
+   */
+  int getAiaIssuingCertificateUrlsCount();
+  /**
+   *
+   *
+   * <pre>
+   * Describes lists of issuer CA certificate URLs that appear in the
+   * "Authority Information Access" extension in the certificate.
+   * </pre>
+   *
+   * <code>repeated string aia_issuing_certificate_urls = 7;</code>
+   *
+   * @param index The index of the element to return.
+   * @return The aiaIssuingCertificateUrls at the given index.
+   */
+  java.lang.String getAiaIssuingCertificateUrls(int index);
+  /**
+   *
+   *
+   * <pre>
+   * Describes lists of issuer CA certificate URLs that appear in the
+   * "Authority Information Access" extension in the certificate.
+   * </pre>
+   *
+   * <code>repeated string aia_issuing_certificate_urls = 7;</code>
+   *
+   * @param index The index of the value to return.
+   * @return The bytes of the aiaIssuingCertificateUrls at the given index.
+   */
+  com.google.protobuf.ByteString getAiaIssuingCertificateUrlsBytes(int index);
+
+  /**
+   *
+   *
+   * <pre>
+   * The hash of the x.509 certificate.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint cert_fingerprint = 8;
+   * </code>
+   *
+   * @return Whether the certFingerprint field is set.
+   */
+  boolean hasCertFingerprint();
+  /**
+   *
+   *
+   * <pre>
+   * The hash of the x.509 certificate.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint cert_fingerprint = 8;
+   * </code>
+   *
+   * @return The certFingerprint.
+   */
+  com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint
+      getCertFingerprint();
+  /**
+   *
+   *
+   * <pre>
+   * The hash of the x.509 certificate.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprint cert_fingerprint = 8;
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.CertificateDescription.CertificateFingerprintOrBuilder
+      getCertFingerprintOrBuilder();
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateExtensionConstraints.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateExtensionConstraints.java
new file mode 100644
index 00000000..a1243a8d
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateExtensionConstraints.java
@@ -0,0 +1,1811 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/resources.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Describes a set of X.509 extensions that may be part of some certificate
+ * issuance controls.
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.CertificateExtensionConstraints}
+ */
+public final class CertificateExtensionConstraints extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.CertificateExtensionConstraints)
+    CertificateExtensionConstraintsOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use CertificateExtensionConstraints.newBuilder() to construct.
+  private CertificateExtensionConstraints(
+      com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private CertificateExtensionConstraints() {
+    knownExtensions_ = java.util.Collections.emptyList();
+    additionalExtensions_ = java.util.Collections.emptyList();
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new CertificateExtensionConstraints();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private CertificateExtensionConstraints(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    int mutable_bitField0_ = 0;
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 8:
+            {
+              int rawValue = input.readEnum();
+              if (!((mutable_bitField0_ & 0x00000001) != 0)) {
+                knownExtensions_ = new java.util.ArrayList<java.lang.Integer>();
+                mutable_bitField0_ |= 0x00000001;
+              }
+              knownExtensions_.add(rawValue);
+              break;
+            }
+          case 10:
+            {
+              int length = input.readRawVarint32();
+              int oldLimit = input.pushLimit(length);
+              while (input.getBytesUntilLimit() > 0) {
+                int rawValue = input.readEnum();
+                if (!((mutable_bitField0_ & 0x00000001) != 0)) {
+                  knownExtensions_ = new java.util.ArrayList<java.lang.Integer>();
+                  mutable_bitField0_ |= 0x00000001;
+                }
+                knownExtensions_.add(rawValue);
+              }
+              input.popLimit(oldLimit);
+              break;
+            }
+          case 18:
+            {
+              if (!((mutable_bitField0_ & 0x00000002) != 0)) {
+                additionalExtensions_ =
+                    new java.util.ArrayList<com.google.cloud.security.privateca.v1.ObjectId>();
+                mutable_bitField0_ |= 0x00000002;
+              }
+              additionalExtensions_.add(
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.ObjectId.parser(), extensionRegistry));
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      if (((mutable_bitField0_ & 0x00000001) != 0)) {
+        knownExtensions_ = java.util.Collections.unmodifiableList(knownExtensions_);
+      }
+      if (((mutable_bitField0_ & 0x00000002) != 0)) {
+        additionalExtensions_ = java.util.Collections.unmodifiableList(additionalExtensions_);
+      }
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+        .internal_static_google_cloud_security_privateca_v1_CertificateExtensionConstraints_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+        .internal_static_google_cloud_security_privateca_v1_CertificateExtensionConstraints_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.CertificateExtensionConstraints.class,
+            com.google.cloud.security.privateca.v1.CertificateExtensionConstraints.Builder.class);
+  }
+
+  /**
+   *
+   *
+   * <pre>
+   * Describes well-known X.509 extensions that can appear in a [Certificate][google.cloud.security.privateca.v1.Certificate],
+   * not including the [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] extension.
+   * </pre>
+   *
+   * Protobuf enum {@code
+   * google.cloud.security.privateca.v1.CertificateExtensionConstraints.KnownCertificateExtension}
+   */
+  public enum KnownCertificateExtension implements com.google.protobuf.ProtocolMessageEnum {
+    /**
+     *
+     *
+     * <pre>
+     * Not specified.
+     * </pre>
+     *
+     * <code>KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED = 0;</code>
+     */
+    KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED(0),
+    /**
+     *
+     *
+     * <pre>
+     * Refers to a certificate's Key Usage extension, as described in [RFC 5280
+     * section 4.2.1.3](https://tools.ietf.org/html/rfc5280#section-4.2.1.3).
+     * This corresponds to the [KeyUsage.base_key_usage][google.cloud.security.privateca.v1.KeyUsage.base_key_usage] field.
+     * </pre>
+     *
+     * <code>BASE_KEY_USAGE = 1;</code>
+     */
+    BASE_KEY_USAGE(1),
+    /**
+     *
+     *
+     * <pre>
+     * Refers to a certificate's Extended Key Usage extension, as described in
+     * [RFC 5280
+     * section 4.2.1.12](https://tools.ietf.org/html/rfc5280#section-4.2.1.12).
+     * This corresponds to the [KeyUsage.extended_key_usage][google.cloud.security.privateca.v1.KeyUsage.extended_key_usage] message.
+     * </pre>
+     *
+     * <code>EXTENDED_KEY_USAGE = 2;</code>
+     */
+    EXTENDED_KEY_USAGE(2),
+    /**
+     *
+     *
+     * <pre>
+     * Refers to a certificate's Basic Constraints extension, as described in
+     * [RFC 5280
+     * section 4.2.1.9](https://tools.ietf.org/html/rfc5280#section-4.2.1.9).
+     * This corresponds to the [X509Parameters.ca_options][google.cloud.security.privateca.v1.X509Parameters.ca_options] field.
+     * </pre>
+     *
+     * <code>CA_OPTIONS = 3;</code>
+     */
+    CA_OPTIONS(3),
+    /**
+     *
+     *
+     * <pre>
+     * Refers to a certificate's Policy object identifiers, as described in
+     * [RFC 5280
+     * section 4.2.1.4](https://tools.ietf.org/html/rfc5280#section-4.2.1.4).
+     * This corresponds to the [X509Parameters.policy_ids][google.cloud.security.privateca.v1.X509Parameters.policy_ids] field.
+     * </pre>
+     *
+     * <code>POLICY_IDS = 4;</code>
+     */
+    POLICY_IDS(4),
+    /**
+     *
+     *
+     * <pre>
+     * Refers to OCSP servers in a certificate's Authority Information Access
+     * extension, as described in
+     * [RFC 5280
+     * section 4.2.2.1](https://tools.ietf.org/html/rfc5280#section-4.2.2.1),
+     * This corresponds to the [X509Parameters.aia_ocsp_servers][google.cloud.security.privateca.v1.X509Parameters.aia_ocsp_servers] field.
+     * </pre>
+     *
+     * <code>AIA_OCSP_SERVERS = 5;</code>
+     */
+    AIA_OCSP_SERVERS(5),
+    UNRECOGNIZED(-1),
+    ;
+
+    /**
+     *
+     *
+     * <pre>
+     * Not specified.
+     * </pre>
+     *
+     * <code>KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED = 0;</code>
+     */
+    public static final int KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED_VALUE = 0;
+    /**
+     *
+     *
+     * <pre>
+     * Refers to a certificate's Key Usage extension, as described in [RFC 5280
+     * section 4.2.1.3](https://tools.ietf.org/html/rfc5280#section-4.2.1.3).
+     * This corresponds to the [KeyUsage.base_key_usage][google.cloud.security.privateca.v1.KeyUsage.base_key_usage] field.
+     * </pre>
+     *
+     * <code>BASE_KEY_USAGE = 1;</code>
+     */
+    public static final int BASE_KEY_USAGE_VALUE = 1;
+    /**
+     *
+     *
+     * <pre>
+     * Refers to a certificate's Extended Key Usage extension, as described in
+     * [RFC 5280
+     * section 4.2.1.12](https://tools.ietf.org/html/rfc5280#section-4.2.1.12).
+     * This corresponds to the [KeyUsage.extended_key_usage][google.cloud.security.privateca.v1.KeyUsage.extended_key_usage] message.
+     * </pre>
+     *
+     * <code>EXTENDED_KEY_USAGE = 2;</code>
+     */
+    public static final int EXTENDED_KEY_USAGE_VALUE = 2;
+    /**
+     *
+     *
+     * <pre>
+     * Refers to a certificate's Basic Constraints extension, as described in
+     * [RFC 5280
+     * section 4.2.1.9](https://tools.ietf.org/html/rfc5280#section-4.2.1.9).
+     * This corresponds to the [X509Parameters.ca_options][google.cloud.security.privateca.v1.X509Parameters.ca_options] field.
+     * </pre>
+     *
+     * <code>CA_OPTIONS = 3;</code>
+     */
+    public static final int CA_OPTIONS_VALUE = 3;
+    /**
+     *
+     *
+     * <pre>
+     * Refers to a certificate's Policy object identifiers, as described in
+     * [RFC 5280
+     * section 4.2.1.4](https://tools.ietf.org/html/rfc5280#section-4.2.1.4).
+     * This corresponds to the [X509Parameters.policy_ids][google.cloud.security.privateca.v1.X509Parameters.policy_ids] field.
+     * </pre>
+     *
+     * <code>POLICY_IDS = 4;</code>
+     */
+    public static final int POLICY_IDS_VALUE = 4;
+    /**
+     *
+     *
+     * <pre>
+     * Refers to OCSP servers in a certificate's Authority Information Access
+     * extension, as described in
+     * [RFC 5280
+     * section 4.2.2.1](https://tools.ietf.org/html/rfc5280#section-4.2.2.1),
+     * This corresponds to the [X509Parameters.aia_ocsp_servers][google.cloud.security.privateca.v1.X509Parameters.aia_ocsp_servers] field.
+     * </pre>
+     *
+     * <code>AIA_OCSP_SERVERS = 5;</code>
+     */
+    public static final int AIA_OCSP_SERVERS_VALUE = 5;
+
+    public final int getNumber() {
+      if (this == UNRECOGNIZED) {
+        throw new java.lang.IllegalArgumentException(
+            "Can't get the number of an unknown enum value.");
+      }
+      return value;
+    }
+
+    /**
+     * @param value The numeric wire value of the corresponding enum entry.
+     * @return The enum associated with the given numeric wire value.
+     * @deprecated Use {@link #forNumber(int)} instead.
+     */
+    @java.lang.Deprecated
+    public static KnownCertificateExtension valueOf(int value) {
+      return forNumber(value);
+    }
+
+    /**
+     * @param value The numeric wire value of the corresponding enum entry.
+     * @return The enum associated with the given numeric wire value.
+     */
+    public static KnownCertificateExtension forNumber(int value) {
+      switch (value) {
+        case 0:
+          return KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED;
+        case 1:
+          return BASE_KEY_USAGE;
+        case 2:
+          return EXTENDED_KEY_USAGE;
+        case 3:
+          return CA_OPTIONS;
+        case 4:
+          return POLICY_IDS;
+        case 5:
+          return AIA_OCSP_SERVERS;
+        default:
+          return null;
+      }
+    }
+
+    public static com.google.protobuf.Internal.EnumLiteMap<KnownCertificateExtension>
+        internalGetValueMap() {
+      return internalValueMap;
+    }
+
+    private static final com.google.protobuf.Internal.EnumLiteMap<KnownCertificateExtension>
+        internalValueMap =
+            new com.google.protobuf.Internal.EnumLiteMap<KnownCertificateExtension>() {
+              public KnownCertificateExtension findValueByNumber(int number) {
+                return KnownCertificateExtension.forNumber(number);
+              }
+            };
+
+    public final com.google.protobuf.Descriptors.EnumValueDescriptor getValueDescriptor() {
+      if (this == UNRECOGNIZED) {
+        throw new java.lang.IllegalStateException(
+            "Can't get the descriptor of an unrecognized enum value.");
+      }
+      return getDescriptor().getValues().get(ordinal());
+    }
+
+    public final com.google.protobuf.Descriptors.EnumDescriptor getDescriptorForType() {
+      return getDescriptor();
+    }
+
+    public static final com.google.protobuf.Descriptors.EnumDescriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.CertificateExtensionConstraints.getDescriptor()
+          .getEnumTypes()
+          .get(0);
+    }
+
+    private static final KnownCertificateExtension[] VALUES = values();
+
+    public static KnownCertificateExtension valueOf(
+        com.google.protobuf.Descriptors.EnumValueDescriptor desc) {
+      if (desc.getType() != getDescriptor()) {
+        throw new java.lang.IllegalArgumentException("EnumValueDescriptor is not for this type.");
+      }
+      if (desc.getIndex() == -1) {
+        return UNRECOGNIZED;
+      }
+      return VALUES[desc.getIndex()];
+    }
+
+    private final int value;
+
+    private KnownCertificateExtension(int value) {
+      this.value = value;
+    }
+
+    // @@protoc_insertion_point(enum_scope:google.cloud.security.privateca.v1.CertificateExtensionConstraints.KnownCertificateExtension)
+  }
+
+  public static final int KNOWN_EXTENSIONS_FIELD_NUMBER = 1;
+  private java.util.List<java.lang.Integer> knownExtensions_;
+  private static final com.google.protobuf.Internal.ListAdapter.Converter<
+          java.lang.Integer,
+          com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+              .KnownCertificateExtension>
+      knownExtensions_converter_ =
+          new com.google.protobuf.Internal.ListAdapter.Converter<
+              java.lang.Integer,
+              com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+                  .KnownCertificateExtension>() {
+            public com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+                    .KnownCertificateExtension
+                convert(java.lang.Integer from) {
+              @SuppressWarnings("deprecation")
+              com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+                      .KnownCertificateExtension
+                  result =
+                      com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+                          .KnownCertificateExtension.valueOf(from);
+              return result == null
+                  ? com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+                      .KnownCertificateExtension.UNRECOGNIZED
+                  : result;
+            }
+          };
+  /**
+   *
+   *
+   * <pre>
+   * Optional. A set of named X.509 extensions. Will be combined with
+   * [additional_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.additional_extensions] to determine the full set of X.509 extensions.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateExtensionConstraints.KnownCertificateExtension known_extensions = 1 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return A list containing the knownExtensions.
+   */
+  @java.lang.Override
+  public java.util.List<
+          com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+              .KnownCertificateExtension>
+      getKnownExtensionsList() {
+    return new com.google.protobuf.Internal.ListAdapter<
+        java.lang.Integer,
+        com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+            .KnownCertificateExtension>(knownExtensions_, knownExtensions_converter_);
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. A set of named X.509 extensions. Will be combined with
+   * [additional_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.additional_extensions] to determine the full set of X.509 extensions.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateExtensionConstraints.KnownCertificateExtension known_extensions = 1 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return The count of knownExtensions.
+   */
+  @java.lang.Override
+  public int getKnownExtensionsCount() {
+    return knownExtensions_.size();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. A set of named X.509 extensions. Will be combined with
+   * [additional_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.additional_extensions] to determine the full set of X.509 extensions.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateExtensionConstraints.KnownCertificateExtension known_extensions = 1 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @param index The index of the element to return.
+   * @return The knownExtensions at the given index.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+          .KnownCertificateExtension
+      getKnownExtensions(int index) {
+    return knownExtensions_converter_.convert(knownExtensions_.get(index));
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. A set of named X.509 extensions. Will be combined with
+   * [additional_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.additional_extensions] to determine the full set of X.509 extensions.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateExtensionConstraints.KnownCertificateExtension known_extensions = 1 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return A list containing the enum numeric values on the wire for knownExtensions.
+   */
+  @java.lang.Override
+  public java.util.List<java.lang.Integer> getKnownExtensionsValueList() {
+    return knownExtensions_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. A set of named X.509 extensions. Will be combined with
+   * [additional_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.additional_extensions] to determine the full set of X.509 extensions.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateExtensionConstraints.KnownCertificateExtension known_extensions = 1 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @param index The index of the value to return.
+   * @return The enum numeric value on the wire of knownExtensions at the given index.
+   */
+  @java.lang.Override
+  public int getKnownExtensionsValue(int index) {
+    return knownExtensions_.get(index);
+  }
+
+  private int knownExtensionsMemoizedSerializedSize;
+
+  public static final int ADDITIONAL_EXTENSIONS_FIELD_NUMBER = 2;
+  private java.util.List<com.google.cloud.security.privateca.v1.ObjectId> additionalExtensions_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId] identifying custom X.509 extensions.
+   * Will be combined with [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions] to determine the full set of
+   * X.509 extensions.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.ObjectId additional_extensions = 2 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  @java.lang.Override
+  public java.util.List<com.google.cloud.security.privateca.v1.ObjectId>
+      getAdditionalExtensionsList() {
+    return additionalExtensions_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId] identifying custom X.509 extensions.
+   * Will be combined with [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions] to determine the full set of
+   * X.509 extensions.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.ObjectId additional_extensions = 2 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  @java.lang.Override
+  public java.util.List<? extends com.google.cloud.security.privateca.v1.ObjectIdOrBuilder>
+      getAdditionalExtensionsOrBuilderList() {
+    return additionalExtensions_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId] identifying custom X.509 extensions.
+   * Will be combined with [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions] to determine the full set of
+   * X.509 extensions.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.ObjectId additional_extensions = 2 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  @java.lang.Override
+  public int getAdditionalExtensionsCount() {
+    return additionalExtensions_.size();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId] identifying custom X.509 extensions.
+   * Will be combined with [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions] to determine the full set of
+   * X.509 extensions.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.ObjectId additional_extensions = 2 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.ObjectId getAdditionalExtensions(int index) {
+    return additionalExtensions_.get(index);
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId] identifying custom X.509 extensions.
+   * Will be combined with [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions] to determine the full set of
+   * X.509 extensions.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.ObjectId additional_extensions = 2 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.ObjectIdOrBuilder getAdditionalExtensionsOrBuilder(
+      int index) {
+    return additionalExtensions_.get(index);
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    getSerializedSize();
+    if (getKnownExtensionsList().size() > 0) {
+      output.writeUInt32NoTag(10);
+      output.writeUInt32NoTag(knownExtensionsMemoizedSerializedSize);
+    }
+    for (int i = 0; i < knownExtensions_.size(); i++) {
+      output.writeEnumNoTag(knownExtensions_.get(i));
+    }
+    for (int i = 0; i < additionalExtensions_.size(); i++) {
+      output.writeMessage(2, additionalExtensions_.get(i));
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    {
+      int dataSize = 0;
+      for (int i = 0; i < knownExtensions_.size(); i++) {
+        dataSize +=
+            com.google.protobuf.CodedOutputStream.computeEnumSizeNoTag(knownExtensions_.get(i));
+      }
+      size += dataSize;
+      if (!getKnownExtensionsList().isEmpty()) {
+        size += 1;
+        size += com.google.protobuf.CodedOutputStream.computeUInt32SizeNoTag(dataSize);
+      }
+      knownExtensionsMemoizedSerializedSize = dataSize;
+    }
+    for (int i = 0; i < additionalExtensions_.size(); i++) {
+      size +=
+          com.google.protobuf.CodedOutputStream.computeMessageSize(2, additionalExtensions_.get(i));
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.security.privateca.v1.CertificateExtensionConstraints)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.CertificateExtensionConstraints other =
+        (com.google.cloud.security.privateca.v1.CertificateExtensionConstraints) obj;
+
+    if (!knownExtensions_.equals(other.knownExtensions_)) return false;
+    if (!getAdditionalExtensionsList().equals(other.getAdditionalExtensionsList())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    if (getKnownExtensionsCount() > 0) {
+      hash = (37 * hash) + KNOWN_EXTENSIONS_FIELD_NUMBER;
+      hash = (53 * hash) + knownExtensions_.hashCode();
+    }
+    if (getAdditionalExtensionsCount() > 0) {
+      hash = (37 * hash) + ADDITIONAL_EXTENSIONS_FIELD_NUMBER;
+      hash = (53 * hash) + getAdditionalExtensionsList().hashCode();
+    }
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateExtensionConstraints parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateExtensionConstraints parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateExtensionConstraints parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateExtensionConstraints parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateExtensionConstraints parseFrom(
+      byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateExtensionConstraints parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateExtensionConstraints parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateExtensionConstraints parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+      parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+      parseDelimitedFrom(
+          java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateExtensionConstraints parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateExtensionConstraints parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.CertificateExtensionConstraints prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Describes a set of X.509 extensions that may be part of some certificate
+   * issuance controls.
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.CertificateExtensionConstraints}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.CertificateExtensionConstraints)
+      com.google.cloud.security.privateca.v1.CertificateExtensionConstraintsOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CertificateExtensionConstraints_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CertificateExtensionConstraints_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.CertificateExtensionConstraints.class,
+              com.google.cloud.security.privateca.v1.CertificateExtensionConstraints.Builder.class);
+    }
+
+    // Construct using
+    // com.google.cloud.security.privateca.v1.CertificateExtensionConstraints.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {
+        getAdditionalExtensionsFieldBuilder();
+      }
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      knownExtensions_ = java.util.Collections.emptyList();
+      bitField0_ = (bitField0_ & ~0x00000001);
+      if (additionalExtensionsBuilder_ == null) {
+        additionalExtensions_ = java.util.Collections.emptyList();
+        bitField0_ = (bitField0_ & ~0x00000002);
+      } else {
+        additionalExtensionsBuilder_.clear();
+      }
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CertificateExtensionConstraints_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+        getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+          .getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CertificateExtensionConstraints build() {
+      com.google.cloud.security.privateca.v1.CertificateExtensionConstraints result =
+          buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CertificateExtensionConstraints buildPartial() {
+      com.google.cloud.security.privateca.v1.CertificateExtensionConstraints result =
+          new com.google.cloud.security.privateca.v1.CertificateExtensionConstraints(this);
+      int from_bitField0_ = bitField0_;
+      if (((bitField0_ & 0x00000001) != 0)) {
+        knownExtensions_ = java.util.Collections.unmodifiableList(knownExtensions_);
+        bitField0_ = (bitField0_ & ~0x00000001);
+      }
+      result.knownExtensions_ = knownExtensions_;
+      if (additionalExtensionsBuilder_ == null) {
+        if (((bitField0_ & 0x00000002) != 0)) {
+          additionalExtensions_ = java.util.Collections.unmodifiableList(additionalExtensions_);
+          bitField0_ = (bitField0_ & ~0x00000002);
+        }
+        result.additionalExtensions_ = additionalExtensions_;
+      } else {
+        result.additionalExtensions_ = additionalExtensionsBuilder_.build();
+      }
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.security.privateca.v1.CertificateExtensionConstraints) {
+        return mergeFrom(
+            (com.google.cloud.security.privateca.v1.CertificateExtensionConstraints) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(
+        com.google.cloud.security.privateca.v1.CertificateExtensionConstraints other) {
+      if (other
+          == com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+              .getDefaultInstance()) return this;
+      if (!other.knownExtensions_.isEmpty()) {
+        if (knownExtensions_.isEmpty()) {
+          knownExtensions_ = other.knownExtensions_;
+          bitField0_ = (bitField0_ & ~0x00000001);
+        } else {
+          ensureKnownExtensionsIsMutable();
+          knownExtensions_.addAll(other.knownExtensions_);
+        }
+        onChanged();
+      }
+      if (additionalExtensionsBuilder_ == null) {
+        if (!other.additionalExtensions_.isEmpty()) {
+          if (additionalExtensions_.isEmpty()) {
+            additionalExtensions_ = other.additionalExtensions_;
+            bitField0_ = (bitField0_ & ~0x00000002);
+          } else {
+            ensureAdditionalExtensionsIsMutable();
+            additionalExtensions_.addAll(other.additionalExtensions_);
+          }
+          onChanged();
+        }
+      } else {
+        if (!other.additionalExtensions_.isEmpty()) {
+          if (additionalExtensionsBuilder_.isEmpty()) {
+            additionalExtensionsBuilder_.dispose();
+            additionalExtensionsBuilder_ = null;
+            additionalExtensions_ = other.additionalExtensions_;
+            bitField0_ = (bitField0_ & ~0x00000002);
+            additionalExtensionsBuilder_ =
+                com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders
+                    ? getAdditionalExtensionsFieldBuilder()
+                    : null;
+          } else {
+            additionalExtensionsBuilder_.addAllMessages(other.additionalExtensions_);
+          }
+        }
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.CertificateExtensionConstraints parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.CertificateExtensionConstraints)
+                e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private int bitField0_;
+
+    private java.util.List<java.lang.Integer> knownExtensions_ = java.util.Collections.emptyList();
+
+    private void ensureKnownExtensionsIsMutable() {
+      if (!((bitField0_ & 0x00000001) != 0)) {
+        knownExtensions_ = new java.util.ArrayList<java.lang.Integer>(knownExtensions_);
+        bitField0_ |= 0x00000001;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of named X.509 extensions. Will be combined with
+     * [additional_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.additional_extensions] to determine the full set of X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateExtensionConstraints.KnownCertificateExtension known_extensions = 1 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return A list containing the knownExtensions.
+     */
+    public java.util.List<
+            com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+                .KnownCertificateExtension>
+        getKnownExtensionsList() {
+      return new com.google.protobuf.Internal.ListAdapter<
+          java.lang.Integer,
+          com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+              .KnownCertificateExtension>(knownExtensions_, knownExtensions_converter_);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of named X.509 extensions. Will be combined with
+     * [additional_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.additional_extensions] to determine the full set of X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateExtensionConstraints.KnownCertificateExtension known_extensions = 1 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return The count of knownExtensions.
+     */
+    public int getKnownExtensionsCount() {
+      return knownExtensions_.size();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of named X.509 extensions. Will be combined with
+     * [additional_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.additional_extensions] to determine the full set of X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateExtensionConstraints.KnownCertificateExtension known_extensions = 1 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @param index The index of the element to return.
+     * @return The knownExtensions at the given index.
+     */
+    public com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+            .KnownCertificateExtension
+        getKnownExtensions(int index) {
+      return knownExtensions_converter_.convert(knownExtensions_.get(index));
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of named X.509 extensions. Will be combined with
+     * [additional_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.additional_extensions] to determine the full set of X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateExtensionConstraints.KnownCertificateExtension known_extensions = 1 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @param index The index to set the value at.
+     * @param value The knownExtensions to set.
+     * @return This builder for chaining.
+     */
+    public Builder setKnownExtensions(
+        int index,
+        com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+                .KnownCertificateExtension
+            value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensureKnownExtensionsIsMutable();
+      knownExtensions_.set(index, value.getNumber());
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of named X.509 extensions. Will be combined with
+     * [additional_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.additional_extensions] to determine the full set of X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateExtensionConstraints.KnownCertificateExtension known_extensions = 1 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @param value The knownExtensions to add.
+     * @return This builder for chaining.
+     */
+    public Builder addKnownExtensions(
+        com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+                .KnownCertificateExtension
+            value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensureKnownExtensionsIsMutable();
+      knownExtensions_.add(value.getNumber());
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of named X.509 extensions. Will be combined with
+     * [additional_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.additional_extensions] to determine the full set of X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateExtensionConstraints.KnownCertificateExtension known_extensions = 1 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @param values The knownExtensions to add.
+     * @return This builder for chaining.
+     */
+    public Builder addAllKnownExtensions(
+        java.lang.Iterable<
+                ? extends
+                    com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+                        .KnownCertificateExtension>
+            values) {
+      ensureKnownExtensionsIsMutable();
+      for (com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+              .KnownCertificateExtension
+          value : values) {
+        knownExtensions_.add(value.getNumber());
+      }
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of named X.509 extensions. Will be combined with
+     * [additional_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.additional_extensions] to determine the full set of X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateExtensionConstraints.KnownCertificateExtension known_extensions = 1 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearKnownExtensions() {
+      knownExtensions_ = java.util.Collections.emptyList();
+      bitField0_ = (bitField0_ & ~0x00000001);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of named X.509 extensions. Will be combined with
+     * [additional_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.additional_extensions] to determine the full set of X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateExtensionConstraints.KnownCertificateExtension known_extensions = 1 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return A list containing the enum numeric values on the wire for knownExtensions.
+     */
+    public java.util.List<java.lang.Integer> getKnownExtensionsValueList() {
+      return java.util.Collections.unmodifiableList(knownExtensions_);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of named X.509 extensions. Will be combined with
+     * [additional_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.additional_extensions] to determine the full set of X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateExtensionConstraints.KnownCertificateExtension known_extensions = 1 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @param index The index of the value to return.
+     * @return The enum numeric value on the wire of knownExtensions at the given index.
+     */
+    public int getKnownExtensionsValue(int index) {
+      return knownExtensions_.get(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of named X.509 extensions. Will be combined with
+     * [additional_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.additional_extensions] to determine the full set of X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateExtensionConstraints.KnownCertificateExtension known_extensions = 1 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @param index The index of the value to return.
+     * @return The enum numeric value on the wire of knownExtensions at the given index.
+     * @return This builder for chaining.
+     */
+    public Builder setKnownExtensionsValue(int index, int value) {
+      ensureKnownExtensionsIsMutable();
+      knownExtensions_.set(index, value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of named X.509 extensions. Will be combined with
+     * [additional_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.additional_extensions] to determine the full set of X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateExtensionConstraints.KnownCertificateExtension known_extensions = 1 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @param value The enum numeric value on the wire for knownExtensions to add.
+     * @return This builder for chaining.
+     */
+    public Builder addKnownExtensionsValue(int value) {
+      ensureKnownExtensionsIsMutable();
+      knownExtensions_.add(value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of named X.509 extensions. Will be combined with
+     * [additional_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.additional_extensions] to determine the full set of X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateExtensionConstraints.KnownCertificateExtension known_extensions = 1 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @param values The enum numeric values on the wire for knownExtensions to add.
+     * @return This builder for chaining.
+     */
+    public Builder addAllKnownExtensionsValue(java.lang.Iterable<java.lang.Integer> values) {
+      ensureKnownExtensionsIsMutable();
+      for (int value : values) {
+        knownExtensions_.add(value);
+      }
+      onChanged();
+      return this;
+    }
+
+    private java.util.List<com.google.cloud.security.privateca.v1.ObjectId> additionalExtensions_ =
+        java.util.Collections.emptyList();
+
+    private void ensureAdditionalExtensionsIsMutable() {
+      if (!((bitField0_ & 0x00000002) != 0)) {
+        additionalExtensions_ =
+            new java.util.ArrayList<com.google.cloud.security.privateca.v1.ObjectId>(
+                additionalExtensions_);
+        bitField0_ |= 0x00000002;
+      }
+    }
+
+    private com.google.protobuf.RepeatedFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.ObjectId,
+            com.google.cloud.security.privateca.v1.ObjectId.Builder,
+            com.google.cloud.security.privateca.v1.ObjectIdOrBuilder>
+        additionalExtensionsBuilder_;
+
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId] identifying custom X.509 extensions.
+     * Will be combined with [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions] to determine the full set of
+     * X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.ObjectId additional_extensions = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public java.util.List<com.google.cloud.security.privateca.v1.ObjectId>
+        getAdditionalExtensionsList() {
+      if (additionalExtensionsBuilder_ == null) {
+        return java.util.Collections.unmodifiableList(additionalExtensions_);
+      } else {
+        return additionalExtensionsBuilder_.getMessageList();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId] identifying custom X.509 extensions.
+     * Will be combined with [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions] to determine the full set of
+     * X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.ObjectId additional_extensions = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public int getAdditionalExtensionsCount() {
+      if (additionalExtensionsBuilder_ == null) {
+        return additionalExtensions_.size();
+      } else {
+        return additionalExtensionsBuilder_.getCount();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId] identifying custom X.509 extensions.
+     * Will be combined with [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions] to determine the full set of
+     * X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.ObjectId additional_extensions = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.ObjectId getAdditionalExtensions(int index) {
+      if (additionalExtensionsBuilder_ == null) {
+        return additionalExtensions_.get(index);
+      } else {
+        return additionalExtensionsBuilder_.getMessage(index);
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId] identifying custom X.509 extensions.
+     * Will be combined with [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions] to determine the full set of
+     * X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.ObjectId additional_extensions = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder setAdditionalExtensions(
+        int index, com.google.cloud.security.privateca.v1.ObjectId value) {
+      if (additionalExtensionsBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureAdditionalExtensionsIsMutable();
+        additionalExtensions_.set(index, value);
+        onChanged();
+      } else {
+        additionalExtensionsBuilder_.setMessage(index, value);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId] identifying custom X.509 extensions.
+     * Will be combined with [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions] to determine the full set of
+     * X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.ObjectId additional_extensions = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder setAdditionalExtensions(
+        int index, com.google.cloud.security.privateca.v1.ObjectId.Builder builderForValue) {
+      if (additionalExtensionsBuilder_ == null) {
+        ensureAdditionalExtensionsIsMutable();
+        additionalExtensions_.set(index, builderForValue.build());
+        onChanged();
+      } else {
+        additionalExtensionsBuilder_.setMessage(index, builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId] identifying custom X.509 extensions.
+     * Will be combined with [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions] to determine the full set of
+     * X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.ObjectId additional_extensions = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder addAdditionalExtensions(com.google.cloud.security.privateca.v1.ObjectId value) {
+      if (additionalExtensionsBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureAdditionalExtensionsIsMutable();
+        additionalExtensions_.add(value);
+        onChanged();
+      } else {
+        additionalExtensionsBuilder_.addMessage(value);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId] identifying custom X.509 extensions.
+     * Will be combined with [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions] to determine the full set of
+     * X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.ObjectId additional_extensions = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder addAdditionalExtensions(
+        int index, com.google.cloud.security.privateca.v1.ObjectId value) {
+      if (additionalExtensionsBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureAdditionalExtensionsIsMutable();
+        additionalExtensions_.add(index, value);
+        onChanged();
+      } else {
+        additionalExtensionsBuilder_.addMessage(index, value);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId] identifying custom X.509 extensions.
+     * Will be combined with [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions] to determine the full set of
+     * X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.ObjectId additional_extensions = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder addAdditionalExtensions(
+        com.google.cloud.security.privateca.v1.ObjectId.Builder builderForValue) {
+      if (additionalExtensionsBuilder_ == null) {
+        ensureAdditionalExtensionsIsMutable();
+        additionalExtensions_.add(builderForValue.build());
+        onChanged();
+      } else {
+        additionalExtensionsBuilder_.addMessage(builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId] identifying custom X.509 extensions.
+     * Will be combined with [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions] to determine the full set of
+     * X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.ObjectId additional_extensions = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder addAdditionalExtensions(
+        int index, com.google.cloud.security.privateca.v1.ObjectId.Builder builderForValue) {
+      if (additionalExtensionsBuilder_ == null) {
+        ensureAdditionalExtensionsIsMutable();
+        additionalExtensions_.add(index, builderForValue.build());
+        onChanged();
+      } else {
+        additionalExtensionsBuilder_.addMessage(index, builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId] identifying custom X.509 extensions.
+     * Will be combined with [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions] to determine the full set of
+     * X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.ObjectId additional_extensions = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder addAllAdditionalExtensions(
+        java.lang.Iterable<? extends com.google.cloud.security.privateca.v1.ObjectId> values) {
+      if (additionalExtensionsBuilder_ == null) {
+        ensureAdditionalExtensionsIsMutable();
+        com.google.protobuf.AbstractMessageLite.Builder.addAll(values, additionalExtensions_);
+        onChanged();
+      } else {
+        additionalExtensionsBuilder_.addAllMessages(values);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId] identifying custom X.509 extensions.
+     * Will be combined with [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions] to determine the full set of
+     * X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.ObjectId additional_extensions = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder clearAdditionalExtensions() {
+      if (additionalExtensionsBuilder_ == null) {
+        additionalExtensions_ = java.util.Collections.emptyList();
+        bitField0_ = (bitField0_ & ~0x00000002);
+        onChanged();
+      } else {
+        additionalExtensionsBuilder_.clear();
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId] identifying custom X.509 extensions.
+     * Will be combined with [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions] to determine the full set of
+     * X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.ObjectId additional_extensions = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder removeAdditionalExtensions(int index) {
+      if (additionalExtensionsBuilder_ == null) {
+        ensureAdditionalExtensionsIsMutable();
+        additionalExtensions_.remove(index);
+        onChanged();
+      } else {
+        additionalExtensionsBuilder_.remove(index);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId] identifying custom X.509 extensions.
+     * Will be combined with [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions] to determine the full set of
+     * X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.ObjectId additional_extensions = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.ObjectId.Builder getAdditionalExtensionsBuilder(
+        int index) {
+      return getAdditionalExtensionsFieldBuilder().getBuilder(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId] identifying custom X.509 extensions.
+     * Will be combined with [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions] to determine the full set of
+     * X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.ObjectId additional_extensions = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.ObjectIdOrBuilder
+        getAdditionalExtensionsOrBuilder(int index) {
+      if (additionalExtensionsBuilder_ == null) {
+        return additionalExtensions_.get(index);
+      } else {
+        return additionalExtensionsBuilder_.getMessageOrBuilder(index);
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId] identifying custom X.509 extensions.
+     * Will be combined with [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions] to determine the full set of
+     * X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.ObjectId additional_extensions = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public java.util.List<? extends com.google.cloud.security.privateca.v1.ObjectIdOrBuilder>
+        getAdditionalExtensionsOrBuilderList() {
+      if (additionalExtensionsBuilder_ != null) {
+        return additionalExtensionsBuilder_.getMessageOrBuilderList();
+      } else {
+        return java.util.Collections.unmodifiableList(additionalExtensions_);
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId] identifying custom X.509 extensions.
+     * Will be combined with [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions] to determine the full set of
+     * X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.ObjectId additional_extensions = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.ObjectId.Builder
+        addAdditionalExtensionsBuilder() {
+      return getAdditionalExtensionsFieldBuilder()
+          .addBuilder(com.google.cloud.security.privateca.v1.ObjectId.getDefaultInstance());
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId] identifying custom X.509 extensions.
+     * Will be combined with [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions] to determine the full set of
+     * X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.ObjectId additional_extensions = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.ObjectId.Builder addAdditionalExtensionsBuilder(
+        int index) {
+      return getAdditionalExtensionsFieldBuilder()
+          .addBuilder(index, com.google.cloud.security.privateca.v1.ObjectId.getDefaultInstance());
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId] identifying custom X.509 extensions.
+     * Will be combined with [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions] to determine the full set of
+     * X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.ObjectId additional_extensions = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public java.util.List<com.google.cloud.security.privateca.v1.ObjectId.Builder>
+        getAdditionalExtensionsBuilderList() {
+      return getAdditionalExtensionsFieldBuilder().getBuilderList();
+    }
+
+    private com.google.protobuf.RepeatedFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.ObjectId,
+            com.google.cloud.security.privateca.v1.ObjectId.Builder,
+            com.google.cloud.security.privateca.v1.ObjectIdOrBuilder>
+        getAdditionalExtensionsFieldBuilder() {
+      if (additionalExtensionsBuilder_ == null) {
+        additionalExtensionsBuilder_ =
+            new com.google.protobuf.RepeatedFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.ObjectId,
+                com.google.cloud.security.privateca.v1.ObjectId.Builder,
+                com.google.cloud.security.privateca.v1.ObjectIdOrBuilder>(
+                additionalExtensions_,
+                ((bitField0_ & 0x00000002) != 0),
+                getParentForChildren(),
+                isClean());
+        additionalExtensions_ = null;
+      }
+      return additionalExtensionsBuilder_;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.CertificateExtensionConstraints)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.CertificateExtensionConstraints)
+  private static final com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+      DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.CertificateExtensionConstraints();
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+      getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<CertificateExtensionConstraints> PARSER =
+      new com.google.protobuf.AbstractParser<CertificateExtensionConstraints>() {
+        @java.lang.Override
+        public CertificateExtensionConstraints parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new CertificateExtensionConstraints(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<CertificateExtensionConstraints> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<CertificateExtensionConstraints> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+      getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateExtensionConstraintsOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateExtensionConstraintsOrBuilder.java
new file mode 100644
index 00000000..44135a17
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateExtensionConstraintsOrBuilder.java
@@ -0,0 +1,180 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/resources.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface CertificateExtensionConstraintsOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.CertificateExtensionConstraints)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. A set of named X.509 extensions. Will be combined with
+   * [additional_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.additional_extensions] to determine the full set of X.509 extensions.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateExtensionConstraints.KnownCertificateExtension known_extensions = 1 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return A list containing the knownExtensions.
+   */
+  java.util.List<
+          com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+              .KnownCertificateExtension>
+      getKnownExtensionsList();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. A set of named X.509 extensions. Will be combined with
+   * [additional_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.additional_extensions] to determine the full set of X.509 extensions.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateExtensionConstraints.KnownCertificateExtension known_extensions = 1 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return The count of knownExtensions.
+   */
+  int getKnownExtensionsCount();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. A set of named X.509 extensions. Will be combined with
+   * [additional_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.additional_extensions] to determine the full set of X.509 extensions.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateExtensionConstraints.KnownCertificateExtension known_extensions = 1 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @param index The index of the element to return.
+   * @return The knownExtensions at the given index.
+   */
+  com.google.cloud.security.privateca.v1.CertificateExtensionConstraints.KnownCertificateExtension
+      getKnownExtensions(int index);
+  /**
+   *
+   *
+   * <pre>
+   * Optional. A set of named X.509 extensions. Will be combined with
+   * [additional_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.additional_extensions] to determine the full set of X.509 extensions.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateExtensionConstraints.KnownCertificateExtension known_extensions = 1 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return A list containing the enum numeric values on the wire for knownExtensions.
+   */
+  java.util.List<java.lang.Integer> getKnownExtensionsValueList();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. A set of named X.509 extensions. Will be combined with
+   * [additional_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.additional_extensions] to determine the full set of X.509 extensions.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateExtensionConstraints.KnownCertificateExtension known_extensions = 1 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @param index The index of the value to return.
+   * @return The enum numeric value on the wire of knownExtensions at the given index.
+   */
+  int getKnownExtensionsValue(int index);
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId] identifying custom X.509 extensions.
+   * Will be combined with [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions] to determine the full set of
+   * X.509 extensions.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.ObjectId additional_extensions = 2 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  java.util.List<com.google.cloud.security.privateca.v1.ObjectId> getAdditionalExtensionsList();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId] identifying custom X.509 extensions.
+   * Will be combined with [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions] to determine the full set of
+   * X.509 extensions.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.ObjectId additional_extensions = 2 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.ObjectId getAdditionalExtensions(int index);
+  /**
+   *
+   *
+   * <pre>
+   * Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId] identifying custom X.509 extensions.
+   * Will be combined with [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions] to determine the full set of
+   * X.509 extensions.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.ObjectId additional_extensions = 2 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  int getAdditionalExtensionsCount();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId] identifying custom X.509 extensions.
+   * Will be combined with [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions] to determine the full set of
+   * X.509 extensions.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.ObjectId additional_extensions = 2 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  java.util.List<? extends com.google.cloud.security.privateca.v1.ObjectIdOrBuilder>
+      getAdditionalExtensionsOrBuilderList();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId] identifying custom X.509 extensions.
+   * Will be combined with [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions] to determine the full set of
+   * X.509 extensions.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.ObjectId additional_extensions = 2 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.ObjectIdOrBuilder getAdditionalExtensionsOrBuilder(
+      int index);
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateIdentityConstraints.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateIdentityConstraints.java
new file mode 100644
index 00000000..2390b42d
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateIdentityConstraints.java
@@ -0,0 +1,973 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/resources.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Describes constraints on a [Certificate][google.cloud.security.privateca.v1.Certificate]'s [Subject][google.cloud.security.privateca.v1.Subject] and
+ * [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames].
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.CertificateIdentityConstraints}
+ */
+public final class CertificateIdentityConstraints extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.CertificateIdentityConstraints)
+    CertificateIdentityConstraintsOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use CertificateIdentityConstraints.newBuilder() to construct.
+  private CertificateIdentityConstraints(
+      com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private CertificateIdentityConstraints() {}
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new CertificateIdentityConstraints();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private CertificateIdentityConstraints(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              com.google.type.Expr.Builder subBuilder = null;
+              if (celExpression_ != null) {
+                subBuilder = celExpression_.toBuilder();
+              }
+              celExpression_ = input.readMessage(com.google.type.Expr.parser(), extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(celExpression_);
+                celExpression_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 16:
+            {
+              allowSubjectPassthrough_ = input.readBool();
+              break;
+            }
+          case 24:
+            {
+              allowSubjectAltNamesPassthrough_ = input.readBool();
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+        .internal_static_google_cloud_security_privateca_v1_CertificateIdentityConstraints_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+        .internal_static_google_cloud_security_privateca_v1_CertificateIdentityConstraints_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.CertificateIdentityConstraints.class,
+            com.google.cloud.security.privateca.v1.CertificateIdentityConstraints.Builder.class);
+  }
+
+  public static final int CEL_EXPRESSION_FIELD_NUMBER = 1;
+  private com.google.type.Expr celExpression_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. A CEL expression that may be used to validate the resolved X.509 Subject
+   * and/or Subject Alternative Name before a certificate is signed.
+   * To see the full allowed syntax and some examples, see
+   * https://cloud.google.com/certificate-authority-service/docs/cel-guide
+   * </pre>
+   *
+   * <code>.google.type.Expr cel_expression = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return Whether the celExpression field is set.
+   */
+  @java.lang.Override
+  public boolean hasCelExpression() {
+    return celExpression_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. A CEL expression that may be used to validate the resolved X.509 Subject
+   * and/or Subject Alternative Name before a certificate is signed.
+   * To see the full allowed syntax and some examples, see
+   * https://cloud.google.com/certificate-authority-service/docs/cel-guide
+   * </pre>
+   *
+   * <code>.google.type.Expr cel_expression = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The celExpression.
+   */
+  @java.lang.Override
+  public com.google.type.Expr getCelExpression() {
+    return celExpression_ == null ? com.google.type.Expr.getDefaultInstance() : celExpression_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. A CEL expression that may be used to validate the resolved X.509 Subject
+   * and/or Subject Alternative Name before a certificate is signed.
+   * To see the full allowed syntax and some examples, see
+   * https://cloud.google.com/certificate-authority-service/docs/cel-guide
+   * </pre>
+   *
+   * <code>.google.type.Expr cel_expression = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  @java.lang.Override
+  public com.google.type.ExprOrBuilder getCelExpressionOrBuilder() {
+    return getCelExpression();
+  }
+
+  public static final int ALLOW_SUBJECT_PASSTHROUGH_FIELD_NUMBER = 2;
+  private boolean allowSubjectPassthrough_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. If this is set, the [Subject][google.cloud.security.privateca.v1.Subject] field may be copied from a certificate
+   * request into the signed certificate. Otherwise, the requested [Subject][google.cloud.security.privateca.v1.Subject]
+   * will be discarded.
+   * </pre>
+   *
+   * <code>bool allow_subject_passthrough = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The allowSubjectPassthrough.
+   */
+  @java.lang.Override
+  public boolean getAllowSubjectPassthrough() {
+    return allowSubjectPassthrough_;
+  }
+
+  public static final int ALLOW_SUBJECT_ALT_NAMES_PASSTHROUGH_FIELD_NUMBER = 3;
+  private boolean allowSubjectAltNamesPassthrough_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. If this is set, the [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] extension may be copied from a
+   * certificate request into the signed certificate. Otherwise, the requested
+   * [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] will be discarded.
+   * </pre>
+   *
+   * <code>bool allow_subject_alt_names_passthrough = 3 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return The allowSubjectAltNamesPassthrough.
+   */
+  @java.lang.Override
+  public boolean getAllowSubjectAltNamesPassthrough() {
+    return allowSubjectAltNamesPassthrough_;
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (celExpression_ != null) {
+      output.writeMessage(1, getCelExpression());
+    }
+    if (allowSubjectPassthrough_ != false) {
+      output.writeBool(2, allowSubjectPassthrough_);
+    }
+    if (allowSubjectAltNamesPassthrough_ != false) {
+      output.writeBool(3, allowSubjectAltNamesPassthrough_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (celExpression_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(1, getCelExpression());
+    }
+    if (allowSubjectPassthrough_ != false) {
+      size += com.google.protobuf.CodedOutputStream.computeBoolSize(2, allowSubjectPassthrough_);
+    }
+    if (allowSubjectAltNamesPassthrough_ != false) {
+      size +=
+          com.google.protobuf.CodedOutputStream.computeBoolSize(
+              3, allowSubjectAltNamesPassthrough_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.security.privateca.v1.CertificateIdentityConstraints)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.CertificateIdentityConstraints other =
+        (com.google.cloud.security.privateca.v1.CertificateIdentityConstraints) obj;
+
+    if (hasCelExpression() != other.hasCelExpression()) return false;
+    if (hasCelExpression()) {
+      if (!getCelExpression().equals(other.getCelExpression())) return false;
+    }
+    if (getAllowSubjectPassthrough() != other.getAllowSubjectPassthrough()) return false;
+    if (getAllowSubjectAltNamesPassthrough() != other.getAllowSubjectAltNamesPassthrough())
+      return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    if (hasCelExpression()) {
+      hash = (37 * hash) + CEL_EXPRESSION_FIELD_NUMBER;
+      hash = (53 * hash) + getCelExpression().hashCode();
+    }
+    hash = (37 * hash) + ALLOW_SUBJECT_PASSTHROUGH_FIELD_NUMBER;
+    hash = (53 * hash) + com.google.protobuf.Internal.hashBoolean(getAllowSubjectPassthrough());
+    hash = (37 * hash) + ALLOW_SUBJECT_ALT_NAMES_PASSTHROUGH_FIELD_NUMBER;
+    hash =
+        (53 * hash)
+            + com.google.protobuf.Internal.hashBoolean(getAllowSubjectAltNamesPassthrough());
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateIdentityConstraints parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateIdentityConstraints parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateIdentityConstraints parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateIdentityConstraints parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateIdentityConstraints parseFrom(
+      byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateIdentityConstraints parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateIdentityConstraints parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateIdentityConstraints parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateIdentityConstraints
+      parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateIdentityConstraints
+      parseDelimitedFrom(
+          java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateIdentityConstraints parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateIdentityConstraints parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.CertificateIdentityConstraints prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Describes constraints on a [Certificate][google.cloud.security.privateca.v1.Certificate]'s [Subject][google.cloud.security.privateca.v1.Subject] and
+   * [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.CertificateIdentityConstraints}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.CertificateIdentityConstraints)
+      com.google.cloud.security.privateca.v1.CertificateIdentityConstraintsOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CertificateIdentityConstraints_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CertificateIdentityConstraints_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.CertificateIdentityConstraints.class,
+              com.google.cloud.security.privateca.v1.CertificateIdentityConstraints.Builder.class);
+    }
+
+    // Construct using
+    // com.google.cloud.security.privateca.v1.CertificateIdentityConstraints.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      if (celExpressionBuilder_ == null) {
+        celExpression_ = null;
+      } else {
+        celExpression_ = null;
+        celExpressionBuilder_ = null;
+      }
+      allowSubjectPassthrough_ = false;
+
+      allowSubjectAltNamesPassthrough_ = false;
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CertificateIdentityConstraints_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CertificateIdentityConstraints
+        getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.CertificateIdentityConstraints
+          .getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CertificateIdentityConstraints build() {
+      com.google.cloud.security.privateca.v1.CertificateIdentityConstraints result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CertificateIdentityConstraints buildPartial() {
+      com.google.cloud.security.privateca.v1.CertificateIdentityConstraints result =
+          new com.google.cloud.security.privateca.v1.CertificateIdentityConstraints(this);
+      if (celExpressionBuilder_ == null) {
+        result.celExpression_ = celExpression_;
+      } else {
+        result.celExpression_ = celExpressionBuilder_.build();
+      }
+      result.allowSubjectPassthrough_ = allowSubjectPassthrough_;
+      result.allowSubjectAltNamesPassthrough_ = allowSubjectAltNamesPassthrough_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.security.privateca.v1.CertificateIdentityConstraints) {
+        return mergeFrom(
+            (com.google.cloud.security.privateca.v1.CertificateIdentityConstraints) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(
+        com.google.cloud.security.privateca.v1.CertificateIdentityConstraints other) {
+      if (other
+          == com.google.cloud.security.privateca.v1.CertificateIdentityConstraints
+              .getDefaultInstance()) return this;
+      if (other.hasCelExpression()) {
+        mergeCelExpression(other.getCelExpression());
+      }
+      if (other.getAllowSubjectPassthrough() != false) {
+        setAllowSubjectPassthrough(other.getAllowSubjectPassthrough());
+      }
+      if (other.getAllowSubjectAltNamesPassthrough() != false) {
+        setAllowSubjectAltNamesPassthrough(other.getAllowSubjectAltNamesPassthrough());
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.CertificateIdentityConstraints parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.CertificateIdentityConstraints)
+                e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private com.google.type.Expr celExpression_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.type.Expr, com.google.type.Expr.Builder, com.google.type.ExprOrBuilder>
+        celExpressionBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A CEL expression that may be used to validate the resolved X.509 Subject
+     * and/or Subject Alternative Name before a certificate is signed.
+     * To see the full allowed syntax and some examples, see
+     * https://cloud.google.com/certificate-authority-service/docs/cel-guide
+     * </pre>
+     *
+     * <code>.google.type.Expr cel_expression = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return Whether the celExpression field is set.
+     */
+    public boolean hasCelExpression() {
+      return celExpressionBuilder_ != null || celExpression_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A CEL expression that may be used to validate the resolved X.509 Subject
+     * and/or Subject Alternative Name before a certificate is signed.
+     * To see the full allowed syntax and some examples, see
+     * https://cloud.google.com/certificate-authority-service/docs/cel-guide
+     * </pre>
+     *
+     * <code>.google.type.Expr cel_expression = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The celExpression.
+     */
+    public com.google.type.Expr getCelExpression() {
+      if (celExpressionBuilder_ == null) {
+        return celExpression_ == null ? com.google.type.Expr.getDefaultInstance() : celExpression_;
+      } else {
+        return celExpressionBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A CEL expression that may be used to validate the resolved X.509 Subject
+     * and/or Subject Alternative Name before a certificate is signed.
+     * To see the full allowed syntax and some examples, see
+     * https://cloud.google.com/certificate-authority-service/docs/cel-guide
+     * </pre>
+     *
+     * <code>.google.type.Expr cel_expression = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    public Builder setCelExpression(com.google.type.Expr value) {
+      if (celExpressionBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        celExpression_ = value;
+        onChanged();
+      } else {
+        celExpressionBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A CEL expression that may be used to validate the resolved X.509 Subject
+     * and/or Subject Alternative Name before a certificate is signed.
+     * To see the full allowed syntax and some examples, see
+     * https://cloud.google.com/certificate-authority-service/docs/cel-guide
+     * </pre>
+     *
+     * <code>.google.type.Expr cel_expression = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    public Builder setCelExpression(com.google.type.Expr.Builder builderForValue) {
+      if (celExpressionBuilder_ == null) {
+        celExpression_ = builderForValue.build();
+        onChanged();
+      } else {
+        celExpressionBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A CEL expression that may be used to validate the resolved X.509 Subject
+     * and/or Subject Alternative Name before a certificate is signed.
+     * To see the full allowed syntax and some examples, see
+     * https://cloud.google.com/certificate-authority-service/docs/cel-guide
+     * </pre>
+     *
+     * <code>.google.type.Expr cel_expression = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    public Builder mergeCelExpression(com.google.type.Expr value) {
+      if (celExpressionBuilder_ == null) {
+        if (celExpression_ != null) {
+          celExpression_ =
+              com.google.type.Expr.newBuilder(celExpression_).mergeFrom(value).buildPartial();
+        } else {
+          celExpression_ = value;
+        }
+        onChanged();
+      } else {
+        celExpressionBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A CEL expression that may be used to validate the resolved X.509 Subject
+     * and/or Subject Alternative Name before a certificate is signed.
+     * To see the full allowed syntax and some examples, see
+     * https://cloud.google.com/certificate-authority-service/docs/cel-guide
+     * </pre>
+     *
+     * <code>.google.type.Expr cel_expression = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    public Builder clearCelExpression() {
+      if (celExpressionBuilder_ == null) {
+        celExpression_ = null;
+        onChanged();
+      } else {
+        celExpression_ = null;
+        celExpressionBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A CEL expression that may be used to validate the resolved X.509 Subject
+     * and/or Subject Alternative Name before a certificate is signed.
+     * To see the full allowed syntax and some examples, see
+     * https://cloud.google.com/certificate-authority-service/docs/cel-guide
+     * </pre>
+     *
+     * <code>.google.type.Expr cel_expression = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    public com.google.type.Expr.Builder getCelExpressionBuilder() {
+
+      onChanged();
+      return getCelExpressionFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A CEL expression that may be used to validate the resolved X.509 Subject
+     * and/or Subject Alternative Name before a certificate is signed.
+     * To see the full allowed syntax and some examples, see
+     * https://cloud.google.com/certificate-authority-service/docs/cel-guide
+     * </pre>
+     *
+     * <code>.google.type.Expr cel_expression = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    public com.google.type.ExprOrBuilder getCelExpressionOrBuilder() {
+      if (celExpressionBuilder_ != null) {
+        return celExpressionBuilder_.getMessageOrBuilder();
+      } else {
+        return celExpression_ == null ? com.google.type.Expr.getDefaultInstance() : celExpression_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A CEL expression that may be used to validate the resolved X.509 Subject
+     * and/or Subject Alternative Name before a certificate is signed.
+     * To see the full allowed syntax and some examples, see
+     * https://cloud.google.com/certificate-authority-service/docs/cel-guide
+     * </pre>
+     *
+     * <code>.google.type.Expr cel_expression = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.type.Expr, com.google.type.Expr.Builder, com.google.type.ExprOrBuilder>
+        getCelExpressionFieldBuilder() {
+      if (celExpressionBuilder_ == null) {
+        celExpressionBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.type.Expr, com.google.type.Expr.Builder, com.google.type.ExprOrBuilder>(
+                getCelExpression(), getParentForChildren(), isClean());
+        celExpression_ = null;
+      }
+      return celExpressionBuilder_;
+    }
+
+    private boolean allowSubjectPassthrough_;
+    /**
+     *
+     *
+     * <pre>
+     * Optional. If this is set, the [Subject][google.cloud.security.privateca.v1.Subject] field may be copied from a certificate
+     * request into the signed certificate. Otherwise, the requested [Subject][google.cloud.security.privateca.v1.Subject]
+     * will be discarded.
+     * </pre>
+     *
+     * <code>bool allow_subject_passthrough = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The allowSubjectPassthrough.
+     */
+    @java.lang.Override
+    public boolean getAllowSubjectPassthrough() {
+      return allowSubjectPassthrough_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. If this is set, the [Subject][google.cloud.security.privateca.v1.Subject] field may be copied from a certificate
+     * request into the signed certificate. Otherwise, the requested [Subject][google.cloud.security.privateca.v1.Subject]
+     * will be discarded.
+     * </pre>
+     *
+     * <code>bool allow_subject_passthrough = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The allowSubjectPassthrough to set.
+     * @return This builder for chaining.
+     */
+    public Builder setAllowSubjectPassthrough(boolean value) {
+
+      allowSubjectPassthrough_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. If this is set, the [Subject][google.cloud.security.privateca.v1.Subject] field may be copied from a certificate
+     * request into the signed certificate. Otherwise, the requested [Subject][google.cloud.security.privateca.v1.Subject]
+     * will be discarded.
+     * </pre>
+     *
+     * <code>bool allow_subject_passthrough = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearAllowSubjectPassthrough() {
+
+      allowSubjectPassthrough_ = false;
+      onChanged();
+      return this;
+    }
+
+    private boolean allowSubjectAltNamesPassthrough_;
+    /**
+     *
+     *
+     * <pre>
+     * Optional. If this is set, the [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] extension may be copied from a
+     * certificate request into the signed certificate. Otherwise, the requested
+     * [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] will be discarded.
+     * </pre>
+     *
+     * <code>bool allow_subject_alt_names_passthrough = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return The allowSubjectAltNamesPassthrough.
+     */
+    @java.lang.Override
+    public boolean getAllowSubjectAltNamesPassthrough() {
+      return allowSubjectAltNamesPassthrough_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. If this is set, the [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] extension may be copied from a
+     * certificate request into the signed certificate. Otherwise, the requested
+     * [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] will be discarded.
+     * </pre>
+     *
+     * <code>bool allow_subject_alt_names_passthrough = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @param value The allowSubjectAltNamesPassthrough to set.
+     * @return This builder for chaining.
+     */
+    public Builder setAllowSubjectAltNamesPassthrough(boolean value) {
+
+      allowSubjectAltNamesPassthrough_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. If this is set, the [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] extension may be copied from a
+     * certificate request into the signed certificate. Otherwise, the requested
+     * [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] will be discarded.
+     * </pre>
+     *
+     * <code>bool allow_subject_alt_names_passthrough = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearAllowSubjectAltNamesPassthrough() {
+
+      allowSubjectAltNamesPassthrough_ = false;
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.CertificateIdentityConstraints)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.CertificateIdentityConstraints)
+  private static final com.google.cloud.security.privateca.v1.CertificateIdentityConstraints
+      DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.CertificateIdentityConstraints();
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateIdentityConstraints
+      getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<CertificateIdentityConstraints> PARSER =
+      new com.google.protobuf.AbstractParser<CertificateIdentityConstraints>() {
+        @java.lang.Override
+        public CertificateIdentityConstraints parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new CertificateIdentityConstraints(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<CertificateIdentityConstraints> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<CertificateIdentityConstraints> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateIdentityConstraints
+      getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateIdentityConstraintsOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateIdentityConstraintsOrBuilder.java
new file mode 100644
index 00000000..d8263c14
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateIdentityConstraintsOrBuilder.java
@@ -0,0 +1,100 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/resources.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface CertificateIdentityConstraintsOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.CertificateIdentityConstraints)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. A CEL expression that may be used to validate the resolved X.509 Subject
+   * and/or Subject Alternative Name before a certificate is signed.
+   * To see the full allowed syntax and some examples, see
+   * https://cloud.google.com/certificate-authority-service/docs/cel-guide
+   * </pre>
+   *
+   * <code>.google.type.Expr cel_expression = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return Whether the celExpression field is set.
+   */
+  boolean hasCelExpression();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. A CEL expression that may be used to validate the resolved X.509 Subject
+   * and/or Subject Alternative Name before a certificate is signed.
+   * To see the full allowed syntax and some examples, see
+   * https://cloud.google.com/certificate-authority-service/docs/cel-guide
+   * </pre>
+   *
+   * <code>.google.type.Expr cel_expression = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The celExpression.
+   */
+  com.google.type.Expr getCelExpression();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. A CEL expression that may be used to validate the resolved X.509 Subject
+   * and/or Subject Alternative Name before a certificate is signed.
+   * To see the full allowed syntax and some examples, see
+   * https://cloud.google.com/certificate-authority-service/docs/cel-guide
+   * </pre>
+   *
+   * <code>.google.type.Expr cel_expression = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  com.google.type.ExprOrBuilder getCelExpressionOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. If this is set, the [Subject][google.cloud.security.privateca.v1.Subject] field may be copied from a certificate
+   * request into the signed certificate. Otherwise, the requested [Subject][google.cloud.security.privateca.v1.Subject]
+   * will be discarded.
+   * </pre>
+   *
+   * <code>bool allow_subject_passthrough = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The allowSubjectPassthrough.
+   */
+  boolean getAllowSubjectPassthrough();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. If this is set, the [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] extension may be copied from a
+   * certificate request into the signed certificate. Otherwise, the requested
+   * [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] will be discarded.
+   * </pre>
+   *
+   * <code>bool allow_subject_alt_names_passthrough = 3 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return The allowSubjectAltNamesPassthrough.
+   */
+  boolean getAllowSubjectAltNamesPassthrough();
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateName.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateName.java
new file mode 100644
index 00000000..2929a82a
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateName.java
@@ -0,0 +1,261 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.cloud.security.privateca.v1;
+
+import com.google.api.pathtemplate.PathTemplate;
+import com.google.api.resourcenames.ResourceName;
+import com.google.common.base.Preconditions;
+import com.google.common.collect.ImmutableMap;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import javax.annotation.Generated;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS.
+@Generated("by gapic-generator-java")
+public class CertificateName implements ResourceName {
+  private static final PathTemplate PROJECT_LOCATION_CA_POOL_CERTIFICATE =
+      PathTemplate.createWithoutUrlEncoding(
+          "projects/{project}/locations/{location}/caPools/{ca_pool}/certificates/{certificate}");
+  private volatile Map<String, String> fieldValuesMap;
+  private final String project;
+  private final String location;
+  private final String caPool;
+  private final String certificate;
+
+  @Deprecated
+  protected CertificateName() {
+    project = null;
+    location = null;
+    caPool = null;
+    certificate = null;
+  }
+
+  private CertificateName(Builder builder) {
+    project = Preconditions.checkNotNull(builder.getProject());
+    location = Preconditions.checkNotNull(builder.getLocation());
+    caPool = Preconditions.checkNotNull(builder.getCaPool());
+    certificate = Preconditions.checkNotNull(builder.getCertificate());
+  }
+
+  public String getProject() {
+    return project;
+  }
+
+  public String getLocation() {
+    return location;
+  }
+
+  public String getCaPool() {
+    return caPool;
+  }
+
+  public String getCertificate() {
+    return certificate;
+  }
+
+  public static Builder newBuilder() {
+    return new Builder();
+  }
+
+  public Builder toBuilder() {
+    return new Builder(this);
+  }
+
+  public static CertificateName of(
+      String project, String location, String caPool, String certificate) {
+    return newBuilder()
+        .setProject(project)
+        .setLocation(location)
+        .setCaPool(caPool)
+        .setCertificate(certificate)
+        .build();
+  }
+
+  public static String format(String project, String location, String caPool, String certificate) {
+    return newBuilder()
+        .setProject(project)
+        .setLocation(location)
+        .setCaPool(caPool)
+        .setCertificate(certificate)
+        .build()
+        .toString();
+  }
+
+  public static CertificateName parse(String formattedString) {
+    if (formattedString.isEmpty()) {
+      return null;
+    }
+    Map<String, String> matchMap =
+        PROJECT_LOCATION_CA_POOL_CERTIFICATE.validatedMatch(
+            formattedString, "CertificateName.parse: formattedString not in valid format");
+    return of(
+        matchMap.get("project"),
+        matchMap.get("location"),
+        matchMap.get("ca_pool"),
+        matchMap.get("certificate"));
+  }
+
+  public static List<CertificateName> parseList(List<String> formattedStrings) {
+    List<CertificateName> list = new ArrayList<>(formattedStrings.size());
+    for (String formattedString : formattedStrings) {
+      list.add(parse(formattedString));
+    }
+    return list;
+  }
+
+  public static List<String> toStringList(List<CertificateName> values) {
+    List<String> list = new ArrayList<>(values.size());
+    for (CertificateName value : values) {
+      if (value == null) {
+        list.add("");
+      } else {
+        list.add(value.toString());
+      }
+    }
+    return list;
+  }
+
+  public static boolean isParsableFrom(String formattedString) {
+    return PROJECT_LOCATION_CA_POOL_CERTIFICATE.matches(formattedString);
+  }
+
+  @Override
+  public Map<String, String> getFieldValuesMap() {
+    if (fieldValuesMap == null) {
+      synchronized (this) {
+        if (fieldValuesMap == null) {
+          ImmutableMap.Builder<String, String> fieldMapBuilder = ImmutableMap.builder();
+          if (project != null) {
+            fieldMapBuilder.put("project", project);
+          }
+          if (location != null) {
+            fieldMapBuilder.put("location", location);
+          }
+          if (caPool != null) {
+            fieldMapBuilder.put("ca_pool", caPool);
+          }
+          if (certificate != null) {
+            fieldMapBuilder.put("certificate", certificate);
+          }
+          fieldValuesMap = fieldMapBuilder.build();
+        }
+      }
+    }
+    return fieldValuesMap;
+  }
+
+  public String getFieldValue(String fieldName) {
+    return getFieldValuesMap().get(fieldName);
+  }
+
+  @Override
+  public String toString() {
+    return PROJECT_LOCATION_CA_POOL_CERTIFICATE.instantiate(
+        "project", project, "location", location, "ca_pool", caPool, "certificate", certificate);
+  }
+
+  @Override
+  public boolean equals(Object o) {
+    if (o == this) {
+      return true;
+    }
+    if (o != null || getClass() == o.getClass()) {
+      CertificateName that = ((CertificateName) o);
+      return Objects.equals(this.project, that.project)
+          && Objects.equals(this.location, that.location)
+          && Objects.equals(this.caPool, that.caPool)
+          && Objects.equals(this.certificate, that.certificate);
+    }
+    return false;
+  }
+
+  @Override
+  public int hashCode() {
+    int h = 1;
+    h *= 1000003;
+    h ^= Objects.hashCode(project);
+    h *= 1000003;
+    h ^= Objects.hashCode(location);
+    h *= 1000003;
+    h ^= Objects.hashCode(caPool);
+    h *= 1000003;
+    h ^= Objects.hashCode(certificate);
+    return h;
+  }
+
+  /**
+   * Builder for
+   * projects/{project}/locations/{location}/caPools/{ca_pool}/certificates/{certificate}.
+   */
+  public static class Builder {
+    private String project;
+    private String location;
+    private String caPool;
+    private String certificate;
+
+    protected Builder() {}
+
+    public String getProject() {
+      return project;
+    }
+
+    public String getLocation() {
+      return location;
+    }
+
+    public String getCaPool() {
+      return caPool;
+    }
+
+    public String getCertificate() {
+      return certificate;
+    }
+
+    public Builder setProject(String project) {
+      this.project = project;
+      return this;
+    }
+
+    public Builder setLocation(String location) {
+      this.location = location;
+      return this;
+    }
+
+    public Builder setCaPool(String caPool) {
+      this.caPool = caPool;
+      return this;
+    }
+
+    public Builder setCertificate(String certificate) {
+      this.certificate = certificate;
+      return this;
+    }
+
+    private Builder(CertificateName certificateName) {
+      project = certificateName.project;
+      location = certificateName.location;
+      caPool = certificateName.caPool;
+      certificate = certificateName.certificate;
+    }
+
+    public CertificateName build() {
+      return new CertificateName(this);
+    }
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateOrBuilder.java
new file mode 100644
index 00000000..29a51a30
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateOrBuilder.java
@@ -0,0 +1,592 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/resources.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface CertificateOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.Certificate)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+   * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The name.
+   */
+  java.lang.String getName();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+   * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for name.
+   */
+  com.google.protobuf.ByteString getNameBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Immutable. A pem-encoded X.509 certificate signing request (CSR).
+   * </pre>
+   *
+   * <code>string pem_csr = 2 [(.google.api.field_behavior) = IMMUTABLE];</code>
+   *
+   * @return Whether the pemCsr field is set.
+   */
+  boolean hasPemCsr();
+  /**
+   *
+   *
+   * <pre>
+   * Immutable. A pem-encoded X.509 certificate signing request (CSR).
+   * </pre>
+   *
+   * <code>string pem_csr = 2 [(.google.api.field_behavior) = IMMUTABLE];</code>
+   *
+   * @return The pemCsr.
+   */
+  java.lang.String getPemCsr();
+  /**
+   *
+   *
+   * <pre>
+   * Immutable. A pem-encoded X.509 certificate signing request (CSR).
+   * </pre>
+   *
+   * <code>string pem_csr = 2 [(.google.api.field_behavior) = IMMUTABLE];</code>
+   *
+   * @return The bytes for pemCsr.
+   */
+  com.google.protobuf.ByteString getPemCsrBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Immutable. A description of the certificate and key that does not require X.509 or
+   * ASN.1.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateConfig config = 3 [(.google.api.field_behavior) = IMMUTABLE];
+   * </code>
+   *
+   * @return Whether the config field is set.
+   */
+  boolean hasConfig();
+  /**
+   *
+   *
+   * <pre>
+   * Immutable. A description of the certificate and key that does not require X.509 or
+   * ASN.1.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateConfig config = 3 [(.google.api.field_behavior) = IMMUTABLE];
+   * </code>
+   *
+   * @return The config.
+   */
+  com.google.cloud.security.privateca.v1.CertificateConfig getConfig();
+  /**
+   *
+   *
+   * <pre>
+   * Immutable. A description of the certificate and key that does not require X.509 or
+   * ASN.1.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateConfig config = 3 [(.google.api.field_behavior) = IMMUTABLE];
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.CertificateConfigOrBuilder getConfigOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The resource name of the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the format
+   * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string issuer_certificate_authority = 4 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The issuerCertificateAuthority.
+   */
+  java.lang.String getIssuerCertificateAuthority();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The resource name of the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the format
+   * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string issuer_certificate_authority = 4 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for issuerCertificateAuthority.
+   */
+  com.google.protobuf.ByteString getIssuerCertificateAuthorityBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. Immutable. The desired lifetime of a certificate. Used to create the
+   * "not_before_time" and "not_after_time" fields inside an X.509
+   * certificate. Note that the lifetime may be truncated if it would extend
+   * past the life of any certificate authority in the issuing chain.
+   * </pre>
+   *
+   * <code>
+   * .google.protobuf.Duration lifetime = 5 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+   * </code>
+   *
+   * @return Whether the lifetime field is set.
+   */
+  boolean hasLifetime();
+  /**
+   *
+   *
+   * <pre>
+   * Required. Immutable. The desired lifetime of a certificate. Used to create the
+   * "not_before_time" and "not_after_time" fields inside an X.509
+   * certificate. Note that the lifetime may be truncated if it would extend
+   * past the life of any certificate authority in the issuing chain.
+   * </pre>
+   *
+   * <code>
+   * .google.protobuf.Duration lifetime = 5 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+   * </code>
+   *
+   * @return The lifetime.
+   */
+  com.google.protobuf.Duration getLifetime();
+  /**
+   *
+   *
+   * <pre>
+   * Required. Immutable. The desired lifetime of a certificate. Used to create the
+   * "not_before_time" and "not_after_time" fields inside an X.509
+   * certificate. Note that the lifetime may be truncated if it would extend
+   * past the life of any certificate authority in the issuing chain.
+   * </pre>
+   *
+   * <code>
+   * .google.protobuf.Duration lifetime = 5 [(.google.api.field_behavior) = REQUIRED, (.google.api.field_behavior) = IMMUTABLE];
+   * </code>
+   */
+  com.google.protobuf.DurationOrBuilder getLifetimeOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Immutable. The resource name for a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] used to issue this
+   * certificate, in the format
+   * `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
+   * If this is specified, the caller must have the necessary permission to
+   * use this template. If this is omitted, no template will be used.
+   * This template must be in the same location as the [Certificate][google.cloud.security.privateca.v1.Certificate].
+   * </pre>
+   *
+   * <code>
+   * string certificate_template = 6 [(.google.api.field_behavior) = IMMUTABLE, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The certificateTemplate.
+   */
+  java.lang.String getCertificateTemplate();
+  /**
+   *
+   *
+   * <pre>
+   * Immutable. The resource name for a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] used to issue this
+   * certificate, in the format
+   * `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
+   * If this is specified, the caller must have the necessary permission to
+   * use this template. If this is omitted, no template will be used.
+   * This template must be in the same location as the [Certificate][google.cloud.security.privateca.v1.Certificate].
+   * </pre>
+   *
+   * <code>
+   * string certificate_template = 6 [(.google.api.field_behavior) = IMMUTABLE, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for certificateTemplate.
+   */
+  com.google.protobuf.ByteString getCertificateTemplateBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Immutable. Specifies how the [Certificate][google.cloud.security.privateca.v1.Certificate]'s identity fields are to be decided.
+   * If this is omitted, the `DEFAULT` subject mode will be used.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.SubjectRequestMode subject_mode = 7 [(.google.api.field_behavior) = IMMUTABLE];
+   * </code>
+   *
+   * @return The enum numeric value on the wire for subjectMode.
+   */
+  int getSubjectModeValue();
+  /**
+   *
+   *
+   * <pre>
+   * Immutable. Specifies how the [Certificate][google.cloud.security.privateca.v1.Certificate]'s identity fields are to be decided.
+   * If this is omitted, the `DEFAULT` subject mode will be used.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.SubjectRequestMode subject_mode = 7 [(.google.api.field_behavior) = IMMUTABLE];
+   * </code>
+   *
+   * @return The subjectMode.
+   */
+  com.google.cloud.security.privateca.v1.SubjectRequestMode getSubjectMode();
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. Details regarding the revocation of this [Certificate][google.cloud.security.privateca.v1.Certificate]. This
+   * [Certificate][google.cloud.security.privateca.v1.Certificate] is considered revoked if and only if this field is present.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.Certificate.RevocationDetails revocation_details = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return Whether the revocationDetails field is set.
+   */
+  boolean hasRevocationDetails();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. Details regarding the revocation of this [Certificate][google.cloud.security.privateca.v1.Certificate]. This
+   * [Certificate][google.cloud.security.privateca.v1.Certificate] is considered revoked if and only if this field is present.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.Certificate.RevocationDetails revocation_details = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The revocationDetails.
+   */
+  com.google.cloud.security.privateca.v1.Certificate.RevocationDetails getRevocationDetails();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. Details regarding the revocation of this [Certificate][google.cloud.security.privateca.v1.Certificate]. This
+   * [Certificate][google.cloud.security.privateca.v1.Certificate] is considered revoked if and only if this field is present.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.Certificate.RevocationDetails revocation_details = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.Certificate.RevocationDetailsOrBuilder
+      getRevocationDetailsOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The pem-encoded, signed X.509 certificate.
+   * </pre>
+   *
+   * <code>string pem_certificate = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The pemCertificate.
+   */
+  java.lang.String getPemCertificate();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The pem-encoded, signed X.509 certificate.
+   * </pre>
+   *
+   * <code>string pem_certificate = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The bytes for pemCertificate.
+   */
+  com.google.protobuf.ByteString getPemCertificateBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. A structured description of the issued X.509 certificate.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateDescription certificate_description = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return Whether the certificateDescription field is set.
+   */
+  boolean hasCertificateDescription();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. A structured description of the issued X.509 certificate.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateDescription certificate_description = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The certificateDescription.
+   */
+  com.google.cloud.security.privateca.v1.CertificateDescription getCertificateDescription();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. A structured description of the issued X.509 certificate.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateDescription certificate_description = 10 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.CertificateDescriptionOrBuilder
+      getCertificateDescriptionOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The chain that may be used to verify the X.509 certificate. Expected to be
+   * in issuer-to-root order according to RFC 5246.
+   * </pre>
+   *
+   * <code>repeated string pem_certificate_chain = 11 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return A list containing the pemCertificateChain.
+   */
+  java.util.List<java.lang.String> getPemCertificateChainList();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The chain that may be used to verify the X.509 certificate. Expected to be
+   * in issuer-to-root order according to RFC 5246.
+   * </pre>
+   *
+   * <code>repeated string pem_certificate_chain = 11 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The count of pemCertificateChain.
+   */
+  int getPemCertificateChainCount();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The chain that may be used to verify the X.509 certificate. Expected to be
+   * in issuer-to-root order according to RFC 5246.
+   * </pre>
+   *
+   * <code>repeated string pem_certificate_chain = 11 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @param index The index of the element to return.
+   * @return The pemCertificateChain at the given index.
+   */
+  java.lang.String getPemCertificateChain(int index);
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The chain that may be used to verify the X.509 certificate. Expected to be
+   * in issuer-to-root order according to RFC 5246.
+   * </pre>
+   *
+   * <code>repeated string pem_certificate_chain = 11 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @param index The index of the value to return.
+   * @return The bytes of the pemCertificateChain at the given index.
+   */
+  com.google.protobuf.ByteString getPemCertificateChainBytes(int index);
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was created.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp create_time = 12 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return Whether the createTime field is set.
+   */
+  boolean hasCreateTime();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was created.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp create_time = 12 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The createTime.
+   */
+  com.google.protobuf.Timestamp getCreateTime();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was created.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp create_time = 12 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  com.google.protobuf.TimestampOrBuilder getCreateTimeOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was updated.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp update_time = 13 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return Whether the updateTime field is set.
+   */
+  boolean hasUpdateTime();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was updated.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp update_time = 13 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The updateTime.
+   */
+  com.google.protobuf.Timestamp getUpdateTime();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was updated.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp update_time = 13 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  com.google.protobuf.TimestampOrBuilder getUpdateTimeOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 14 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  int getLabelsCount();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 14 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  boolean containsLabels(java.lang.String key);
+  /** Use {@link #getLabelsMap()} instead. */
+  @java.lang.Deprecated
+  java.util.Map<java.lang.String, java.lang.String> getLabels();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 14 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  java.util.Map<java.lang.String, java.lang.String> getLabelsMap();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 14 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  java.lang.String getLabelsOrDefault(java.lang.String key, java.lang.String defaultValue);
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 14 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  java.lang.String getLabelsOrThrow(java.lang.String key);
+
+  public com.google.cloud.security.privateca.v1.Certificate.CertificateConfigCase
+      getCertificateConfigCase();
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateRevocationList.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateRevocationList.java
new file mode 100644
index 00000000..ca40f434
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateRevocationList.java
@@ -0,0 +1,4251 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/resources.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * A [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] corresponds to a signed X.509 certificate
+ * Revocation List (CRL). A CRL contains the serial numbers of certificates that
+ * should no longer be trusted.
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.CertificateRevocationList}
+ */
+public final class CertificateRevocationList extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.CertificateRevocationList)
+    CertificateRevocationListOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use CertificateRevocationList.newBuilder() to construct.
+  private CertificateRevocationList(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private CertificateRevocationList() {
+    name_ = "";
+    revokedCertificates_ = java.util.Collections.emptyList();
+    pemCrl_ = "";
+    accessUrl_ = "";
+    state_ = 0;
+    revisionId_ = "";
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new CertificateRevocationList();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private CertificateRevocationList(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    int mutable_bitField0_ = 0;
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              name_ = s;
+              break;
+            }
+          case 16:
+            {
+              sequenceNumber_ = input.readInt64();
+              break;
+            }
+          case 26:
+            {
+              if (!((mutable_bitField0_ & 0x00000001) != 0)) {
+                revokedCertificates_ =
+                    new java.util.ArrayList<
+                        com.google.cloud.security.privateca.v1.CertificateRevocationList
+                            .RevokedCertificate>();
+                mutable_bitField0_ |= 0x00000001;
+              }
+              revokedCertificates_.add(
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.CertificateRevocationList
+                          .RevokedCertificate.parser(),
+                      extensionRegistry));
+              break;
+            }
+          case 34:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              pemCrl_ = s;
+              break;
+            }
+          case 42:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              accessUrl_ = s;
+              break;
+            }
+          case 48:
+            {
+              int rawValue = input.readEnum();
+
+              state_ = rawValue;
+              break;
+            }
+          case 58:
+            {
+              com.google.protobuf.Timestamp.Builder subBuilder = null;
+              if (createTime_ != null) {
+                subBuilder = createTime_.toBuilder();
+              }
+              createTime_ =
+                  input.readMessage(com.google.protobuf.Timestamp.parser(), extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(createTime_);
+                createTime_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 66:
+            {
+              com.google.protobuf.Timestamp.Builder subBuilder = null;
+              if (updateTime_ != null) {
+                subBuilder = updateTime_.toBuilder();
+              }
+              updateTime_ =
+                  input.readMessage(com.google.protobuf.Timestamp.parser(), extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(updateTime_);
+                updateTime_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 74:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              revisionId_ = s;
+              break;
+            }
+          case 82:
+            {
+              if (!((mutable_bitField0_ & 0x00000002) != 0)) {
+                labels_ =
+                    com.google.protobuf.MapField.newMapField(LabelsDefaultEntryHolder.defaultEntry);
+                mutable_bitField0_ |= 0x00000002;
+              }
+              com.google.protobuf.MapEntry<java.lang.String, java.lang.String> labels__ =
+                  input.readMessage(
+                      LabelsDefaultEntryHolder.defaultEntry.getParserForType(), extensionRegistry);
+              labels_.getMutableMap().put(labels__.getKey(), labels__.getValue());
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      if (((mutable_bitField0_ & 0x00000001) != 0)) {
+        revokedCertificates_ = java.util.Collections.unmodifiableList(revokedCertificates_);
+      }
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+        .internal_static_google_cloud_security_privateca_v1_CertificateRevocationList_descriptor;
+  }
+
+  @SuppressWarnings({"rawtypes"})
+  @java.lang.Override
+  protected com.google.protobuf.MapField internalGetMapField(int number) {
+    switch (number) {
+      case 10:
+        return internalGetLabels();
+      default:
+        throw new RuntimeException("Invalid map field number: " + number);
+    }
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+        .internal_static_google_cloud_security_privateca_v1_CertificateRevocationList_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.CertificateRevocationList.class,
+            com.google.cloud.security.privateca.v1.CertificateRevocationList.Builder.class);
+  }
+
+  /**
+   *
+   *
+   * <pre>
+   * The state of a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList], indicating if it is current.
+   * </pre>
+   *
+   * Protobuf enum {@code google.cloud.security.privateca.v1.CertificateRevocationList.State}
+   */
+  public enum State implements com.google.protobuf.ProtocolMessageEnum {
+    /**
+     *
+     *
+     * <pre>
+     * Not specified.
+     * </pre>
+     *
+     * <code>STATE_UNSPECIFIED = 0;</code>
+     */
+    STATE_UNSPECIFIED(0),
+    /**
+     *
+     *
+     * <pre>
+     * The [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] is up to date.
+     * </pre>
+     *
+     * <code>ACTIVE = 1;</code>
+     */
+    ACTIVE(1),
+    /**
+     *
+     *
+     * <pre>
+     * The [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] is no longer current.
+     * </pre>
+     *
+     * <code>SUPERSEDED = 2;</code>
+     */
+    SUPERSEDED(2),
+    UNRECOGNIZED(-1),
+    ;
+
+    /**
+     *
+     *
+     * <pre>
+     * Not specified.
+     * </pre>
+     *
+     * <code>STATE_UNSPECIFIED = 0;</code>
+     */
+    public static final int STATE_UNSPECIFIED_VALUE = 0;
+    /**
+     *
+     *
+     * <pre>
+     * The [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] is up to date.
+     * </pre>
+     *
+     * <code>ACTIVE = 1;</code>
+     */
+    public static final int ACTIVE_VALUE = 1;
+    /**
+     *
+     *
+     * <pre>
+     * The [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] is no longer current.
+     * </pre>
+     *
+     * <code>SUPERSEDED = 2;</code>
+     */
+    public static final int SUPERSEDED_VALUE = 2;
+
+    public final int getNumber() {
+      if (this == UNRECOGNIZED) {
+        throw new java.lang.IllegalArgumentException(
+            "Can't get the number of an unknown enum value.");
+      }
+      return value;
+    }
+
+    /**
+     * @param value The numeric wire value of the corresponding enum entry.
+     * @return The enum associated with the given numeric wire value.
+     * @deprecated Use {@link #forNumber(int)} instead.
+     */
+    @java.lang.Deprecated
+    public static State valueOf(int value) {
+      return forNumber(value);
+    }
+
+    /**
+     * @param value The numeric wire value of the corresponding enum entry.
+     * @return The enum associated with the given numeric wire value.
+     */
+    public static State forNumber(int value) {
+      switch (value) {
+        case 0:
+          return STATE_UNSPECIFIED;
+        case 1:
+          return ACTIVE;
+        case 2:
+          return SUPERSEDED;
+        default:
+          return null;
+      }
+    }
+
+    public static com.google.protobuf.Internal.EnumLiteMap<State> internalGetValueMap() {
+      return internalValueMap;
+    }
+
+    private static final com.google.protobuf.Internal.EnumLiteMap<State> internalValueMap =
+        new com.google.protobuf.Internal.EnumLiteMap<State>() {
+          public State findValueByNumber(int number) {
+            return State.forNumber(number);
+          }
+        };
+
+    public final com.google.protobuf.Descriptors.EnumValueDescriptor getValueDescriptor() {
+      if (this == UNRECOGNIZED) {
+        throw new java.lang.IllegalStateException(
+            "Can't get the descriptor of an unrecognized enum value.");
+      }
+      return getDescriptor().getValues().get(ordinal());
+    }
+
+    public final com.google.protobuf.Descriptors.EnumDescriptor getDescriptorForType() {
+      return getDescriptor();
+    }
+
+    public static final com.google.protobuf.Descriptors.EnumDescriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.CertificateRevocationList.getDescriptor()
+          .getEnumTypes()
+          .get(0);
+    }
+
+    private static final State[] VALUES = values();
+
+    public static State valueOf(com.google.protobuf.Descriptors.EnumValueDescriptor desc) {
+      if (desc.getType() != getDescriptor()) {
+        throw new java.lang.IllegalArgumentException("EnumValueDescriptor is not for this type.");
+      }
+      if (desc.getIndex() == -1) {
+        return UNRECOGNIZED;
+      }
+      return VALUES[desc.getIndex()];
+    }
+
+    private final int value;
+
+    private State(int value) {
+      this.value = value;
+    }
+
+    // @@protoc_insertion_point(enum_scope:google.cloud.security.privateca.v1.CertificateRevocationList.State)
+  }
+
+  public interface RevokedCertificateOrBuilder
+      extends
+      // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate)
+      com.google.protobuf.MessageOrBuilder {
+
+    /**
+     *
+     *
+     * <pre>
+     * The resource name for the [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
+     * </pre>
+     *
+     * <code>string certificate = 1 [(.google.api.resource_reference) = { ... }</code>
+     *
+     * @return The certificate.
+     */
+    java.lang.String getCertificate();
+    /**
+     *
+     *
+     * <pre>
+     * The resource name for the [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
+     * </pre>
+     *
+     * <code>string certificate = 1 [(.google.api.resource_reference) = { ... }</code>
+     *
+     * @return The bytes for certificate.
+     */
+    com.google.protobuf.ByteString getCertificateBytes();
+
+    /**
+     *
+     *
+     * <pre>
+     * The serial number of the [Certificate][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     *
+     * <code>string hex_serial_number = 2;</code>
+     *
+     * @return The hexSerialNumber.
+     */
+    java.lang.String getHexSerialNumber();
+    /**
+     *
+     *
+     * <pre>
+     * The serial number of the [Certificate][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     *
+     * <code>string hex_serial_number = 2;</code>
+     *
+     * @return The bytes for hexSerialNumber.
+     */
+    com.google.protobuf.ByteString getHexSerialNumberBytes();
+
+    /**
+     *
+     *
+     * <pre>
+     * The reason the [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.RevocationReason revocation_reason = 3;</code>
+     *
+     * @return The enum numeric value on the wire for revocationReason.
+     */
+    int getRevocationReasonValue();
+    /**
+     *
+     *
+     * <pre>
+     * The reason the [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.RevocationReason revocation_reason = 3;</code>
+     *
+     * @return The revocationReason.
+     */
+    com.google.cloud.security.privateca.v1.RevocationReason getRevocationReason();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Describes a revoked [Certificate][google.cloud.security.privateca.v1.Certificate].
+   * </pre>
+   *
+   * Protobuf type {@code
+   * google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate}
+   */
+  public static final class RevokedCertificate extends com.google.protobuf.GeneratedMessageV3
+      implements
+      // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate)
+      RevokedCertificateOrBuilder {
+    private static final long serialVersionUID = 0L;
+    // Use RevokedCertificate.newBuilder() to construct.
+    private RevokedCertificate(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+      super(builder);
+    }
+
+    private RevokedCertificate() {
+      certificate_ = "";
+      hexSerialNumber_ = "";
+      revocationReason_ = 0;
+    }
+
+    @java.lang.Override
+    @SuppressWarnings({"unused"})
+    protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+      return new RevokedCertificate();
+    }
+
+    @java.lang.Override
+    public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+      return this.unknownFields;
+    }
+
+    private RevokedCertificate(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      this();
+      if (extensionRegistry == null) {
+        throw new java.lang.NullPointerException();
+      }
+      com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+          com.google.protobuf.UnknownFieldSet.newBuilder();
+      try {
+        boolean done = false;
+        while (!done) {
+          int tag = input.readTag();
+          switch (tag) {
+            case 0:
+              done = true;
+              break;
+            case 10:
+              {
+                java.lang.String s = input.readStringRequireUtf8();
+
+                certificate_ = s;
+                break;
+              }
+            case 18:
+              {
+                java.lang.String s = input.readStringRequireUtf8();
+
+                hexSerialNumber_ = s;
+                break;
+              }
+            case 24:
+              {
+                int rawValue = input.readEnum();
+
+                revocationReason_ = rawValue;
+                break;
+              }
+            default:
+              {
+                if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                  done = true;
+                }
+                break;
+              }
+          }
+        }
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        throw e.setUnfinishedMessage(this);
+      } catch (java.io.IOException e) {
+        throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+      } finally {
+        this.unknownFields = unknownFields.build();
+        makeExtensionsImmutable();
+      }
+    }
+
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CertificateRevocationList_RevokedCertificate_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CertificateRevocationList_RevokedCertificate_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate
+                  .class,
+              com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate
+                  .Builder.class);
+    }
+
+    public static final int CERTIFICATE_FIELD_NUMBER = 1;
+    private volatile java.lang.Object certificate_;
+    /**
+     *
+     *
+     * <pre>
+     * The resource name for the [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
+     * </pre>
+     *
+     * <code>string certificate = 1 [(.google.api.resource_reference) = { ... }</code>
+     *
+     * @return The certificate.
+     */
+    @java.lang.Override
+    public java.lang.String getCertificate() {
+      java.lang.Object ref = certificate_;
+      if (ref instanceof java.lang.String) {
+        return (java.lang.String) ref;
+      } else {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        certificate_ = s;
+        return s;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The resource name for the [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
+     * </pre>
+     *
+     * <code>string certificate = 1 [(.google.api.resource_reference) = { ... }</code>
+     *
+     * @return The bytes for certificate.
+     */
+    @java.lang.Override
+    public com.google.protobuf.ByteString getCertificateBytes() {
+      java.lang.Object ref = certificate_;
+      if (ref instanceof java.lang.String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        certificate_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+
+    public static final int HEX_SERIAL_NUMBER_FIELD_NUMBER = 2;
+    private volatile java.lang.Object hexSerialNumber_;
+    /**
+     *
+     *
+     * <pre>
+     * The serial number of the [Certificate][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     *
+     * <code>string hex_serial_number = 2;</code>
+     *
+     * @return The hexSerialNumber.
+     */
+    @java.lang.Override
+    public java.lang.String getHexSerialNumber() {
+      java.lang.Object ref = hexSerialNumber_;
+      if (ref instanceof java.lang.String) {
+        return (java.lang.String) ref;
+      } else {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        hexSerialNumber_ = s;
+        return s;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The serial number of the [Certificate][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     *
+     * <code>string hex_serial_number = 2;</code>
+     *
+     * @return The bytes for hexSerialNumber.
+     */
+    @java.lang.Override
+    public com.google.protobuf.ByteString getHexSerialNumberBytes() {
+      java.lang.Object ref = hexSerialNumber_;
+      if (ref instanceof java.lang.String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        hexSerialNumber_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+
+    public static final int REVOCATION_REASON_FIELD_NUMBER = 3;
+    private int revocationReason_;
+    /**
+     *
+     *
+     * <pre>
+     * The reason the [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.RevocationReason revocation_reason = 3;</code>
+     *
+     * @return The enum numeric value on the wire for revocationReason.
+     */
+    @java.lang.Override
+    public int getRevocationReasonValue() {
+      return revocationReason_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The reason the [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.RevocationReason revocation_reason = 3;</code>
+     *
+     * @return The revocationReason.
+     */
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.RevocationReason getRevocationReason() {
+      @SuppressWarnings("deprecation")
+      com.google.cloud.security.privateca.v1.RevocationReason result =
+          com.google.cloud.security.privateca.v1.RevocationReason.valueOf(revocationReason_);
+      return result == null
+          ? com.google.cloud.security.privateca.v1.RevocationReason.UNRECOGNIZED
+          : result;
+    }
+
+    private byte memoizedIsInitialized = -1;
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      byte isInitialized = memoizedIsInitialized;
+      if (isInitialized == 1) return true;
+      if (isInitialized == 0) return false;
+
+      memoizedIsInitialized = 1;
+      return true;
+    }
+
+    @java.lang.Override
+    public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+      if (!getCertificateBytes().isEmpty()) {
+        com.google.protobuf.GeneratedMessageV3.writeString(output, 1, certificate_);
+      }
+      if (!getHexSerialNumberBytes().isEmpty()) {
+        com.google.protobuf.GeneratedMessageV3.writeString(output, 2, hexSerialNumber_);
+      }
+      if (revocationReason_
+          != com.google.cloud.security.privateca.v1.RevocationReason.REVOCATION_REASON_UNSPECIFIED
+              .getNumber()) {
+        output.writeEnum(3, revocationReason_);
+      }
+      unknownFields.writeTo(output);
+    }
+
+    @java.lang.Override
+    public int getSerializedSize() {
+      int size = memoizedSize;
+      if (size != -1) return size;
+
+      size = 0;
+      if (!getCertificateBytes().isEmpty()) {
+        size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, certificate_);
+      }
+      if (!getHexSerialNumberBytes().isEmpty()) {
+        size += com.google.protobuf.GeneratedMessageV3.computeStringSize(2, hexSerialNumber_);
+      }
+      if (revocationReason_
+          != com.google.cloud.security.privateca.v1.RevocationReason.REVOCATION_REASON_UNSPECIFIED
+              .getNumber()) {
+        size += com.google.protobuf.CodedOutputStream.computeEnumSize(3, revocationReason_);
+      }
+      size += unknownFields.getSerializedSize();
+      memoizedSize = size;
+      return size;
+    }
+
+    @java.lang.Override
+    public boolean equals(final java.lang.Object obj) {
+      if (obj == this) {
+        return true;
+      }
+      if (!(obj
+          instanceof
+          com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate)) {
+        return super.equals(obj);
+      }
+      com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate other =
+          (com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate) obj;
+
+      if (!getCertificate().equals(other.getCertificate())) return false;
+      if (!getHexSerialNumber().equals(other.getHexSerialNumber())) return false;
+      if (revocationReason_ != other.revocationReason_) return false;
+      if (!unknownFields.equals(other.unknownFields)) return false;
+      return true;
+    }
+
+    @java.lang.Override
+    public int hashCode() {
+      if (memoizedHashCode != 0) {
+        return memoizedHashCode;
+      }
+      int hash = 41;
+      hash = (19 * hash) + getDescriptor().hashCode();
+      hash = (37 * hash) + CERTIFICATE_FIELD_NUMBER;
+      hash = (53 * hash) + getCertificate().hashCode();
+      hash = (37 * hash) + HEX_SERIAL_NUMBER_FIELD_NUMBER;
+      hash = (53 * hash) + getHexSerialNumber().hashCode();
+      hash = (37 * hash) + REVOCATION_REASON_FIELD_NUMBER;
+      hash = (53 * hash) + revocationReason_;
+      hash = (29 * hash) + unknownFields.hashCode();
+      memoizedHashCode = hash;
+      return hash;
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateRevocationList
+            .RevokedCertificate
+        parseFrom(java.nio.ByteBuffer data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateRevocationList
+            .RevokedCertificate
+        parseFrom(
+            java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateRevocationList
+            .RevokedCertificate
+        parseFrom(com.google.protobuf.ByteString data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateRevocationList
+            .RevokedCertificate
+        parseFrom(
+            com.google.protobuf.ByteString data,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateRevocationList
+            .RevokedCertificate
+        parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateRevocationList
+            .RevokedCertificate
+        parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateRevocationList
+            .RevokedCertificate
+        parseFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateRevocationList
+            .RevokedCertificate
+        parseFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateRevocationList
+            .RevokedCertificate
+        parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateRevocationList
+            .RevokedCertificate
+        parseDelimitedFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateRevocationList
+            .RevokedCertificate
+        parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateRevocationList
+            .RevokedCertificate
+        parseFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    @java.lang.Override
+    public Builder newBuilderForType() {
+      return newBuilder();
+    }
+
+    public static Builder newBuilder() {
+      return DEFAULT_INSTANCE.toBuilder();
+    }
+
+    public static Builder newBuilder(
+        com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate
+            prototype) {
+      return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+    }
+
+    @java.lang.Override
+    public Builder toBuilder() {
+      return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+    }
+
+    @java.lang.Override
+    protected Builder newBuilderForType(
+        com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      Builder builder = new Builder(parent);
+      return builder;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes a revoked [Certificate][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     *
+     * Protobuf type {@code
+     * google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate}
+     */
+    public static final class Builder
+        extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+        implements
+        // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate)
+        com.google.cloud.security.privateca.v1.CertificateRevocationList
+            .RevokedCertificateOrBuilder {
+      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_CertificateRevocationList_RevokedCertificate_descriptor;
+      }
+
+      @java.lang.Override
+      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+          internalGetFieldAccessorTable() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_CertificateRevocationList_RevokedCertificate_fieldAccessorTable
+            .ensureFieldAccessorsInitialized(
+                com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate
+                    .class,
+                com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate
+                    .Builder.class);
+      }
+
+      // Construct using
+      // com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate.newBuilder()
+      private Builder() {
+        maybeForceBuilderInitialization();
+      }
+
+      private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+        super(parent);
+        maybeForceBuilderInitialization();
+      }
+
+      private void maybeForceBuilderInitialization() {
+        if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+      }
+
+      @java.lang.Override
+      public Builder clear() {
+        super.clear();
+        certificate_ = "";
+
+        hexSerialNumber_ = "";
+
+        revocationReason_ = 0;
+
+        return this;
+      }
+
+      @java.lang.Override
+      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_CertificateRevocationList_RevokedCertificate_descriptor;
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate
+          getDefaultInstanceForType() {
+        return com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate
+            .getDefaultInstance();
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate
+          build() {
+        com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate result =
+            buildPartial();
+        if (!result.isInitialized()) {
+          throw newUninitializedMessageException(result);
+        }
+        return result;
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate
+          buildPartial() {
+        com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate result =
+            new com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate(
+                this);
+        result.certificate_ = certificate_;
+        result.hexSerialNumber_ = hexSerialNumber_;
+        result.revocationReason_ = revocationReason_;
+        onBuilt();
+        return result;
+      }
+
+      @java.lang.Override
+      public Builder clone() {
+        return super.clone();
+      }
+
+      @java.lang.Override
+      public Builder setField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.setField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+        return super.clearField(field);
+      }
+
+      @java.lang.Override
+      public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+        return super.clearOneof(oneof);
+      }
+
+      @java.lang.Override
+      public Builder setRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field,
+          int index,
+          java.lang.Object value) {
+        return super.setRepeatedField(field, index, value);
+      }
+
+      @java.lang.Override
+      public Builder addRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.addRepeatedField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(com.google.protobuf.Message other) {
+        if (other
+            instanceof
+            com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate) {
+          return mergeFrom(
+              (com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate)
+                  other);
+        } else {
+          super.mergeFrom(other);
+          return this;
+        }
+      }
+
+      public Builder mergeFrom(
+          com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate
+              other) {
+        if (other
+            == com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate
+                .getDefaultInstance()) return this;
+        if (!other.getCertificate().isEmpty()) {
+          certificate_ = other.certificate_;
+          onChanged();
+        }
+        if (!other.getHexSerialNumber().isEmpty()) {
+          hexSerialNumber_ = other.hexSerialNumber_;
+          onChanged();
+        }
+        if (other.revocationReason_ != 0) {
+          setRevocationReasonValue(other.getRevocationReasonValue());
+        }
+        this.mergeUnknownFields(other.unknownFields);
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final boolean isInitialized() {
+        return true;
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+        com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate
+            parsedMessage = null;
+        try {
+          parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+        } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+          parsedMessage =
+              (com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate)
+                  e.getUnfinishedMessage();
+          throw e.unwrapIOException();
+        } finally {
+          if (parsedMessage != null) {
+            mergeFrom(parsedMessage);
+          }
+        }
+        return this;
+      }
+
+      private java.lang.Object certificate_ = "";
+      /**
+       *
+       *
+       * <pre>
+       * The resource name for the [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+       * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
+       * </pre>
+       *
+       * <code>string certificate = 1 [(.google.api.resource_reference) = { ... }</code>
+       *
+       * @return The certificate.
+       */
+      public java.lang.String getCertificate() {
+        java.lang.Object ref = certificate_;
+        if (!(ref instanceof java.lang.String)) {
+          com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+          java.lang.String s = bs.toStringUtf8();
+          certificate_ = s;
+          return s;
+        } else {
+          return (java.lang.String) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The resource name for the [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+       * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
+       * </pre>
+       *
+       * <code>string certificate = 1 [(.google.api.resource_reference) = { ... }</code>
+       *
+       * @return The bytes for certificate.
+       */
+      public com.google.protobuf.ByteString getCertificateBytes() {
+        java.lang.Object ref = certificate_;
+        if (ref instanceof String) {
+          com.google.protobuf.ByteString b =
+              com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+          certificate_ = b;
+          return b;
+        } else {
+          return (com.google.protobuf.ByteString) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The resource name for the [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+       * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
+       * </pre>
+       *
+       * <code>string certificate = 1 [(.google.api.resource_reference) = { ... }</code>
+       *
+       * @param value The certificate to set.
+       * @return This builder for chaining.
+       */
+      public Builder setCertificate(java.lang.String value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+
+        certificate_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The resource name for the [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+       * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
+       * </pre>
+       *
+       * <code>string certificate = 1 [(.google.api.resource_reference) = { ... }</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearCertificate() {
+
+        certificate_ = getDefaultInstance().getCertificate();
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The resource name for the [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+       * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
+       * </pre>
+       *
+       * <code>string certificate = 1 [(.google.api.resource_reference) = { ... }</code>
+       *
+       * @param value The bytes for certificate to set.
+       * @return This builder for chaining.
+       */
+      public Builder setCertificateBytes(com.google.protobuf.ByteString value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        checkByteStringIsUtf8(value);
+
+        certificate_ = value;
+        onChanged();
+        return this;
+      }
+
+      private java.lang.Object hexSerialNumber_ = "";
+      /**
+       *
+       *
+       * <pre>
+       * The serial number of the [Certificate][google.cloud.security.privateca.v1.Certificate].
+       * </pre>
+       *
+       * <code>string hex_serial_number = 2;</code>
+       *
+       * @return The hexSerialNumber.
+       */
+      public java.lang.String getHexSerialNumber() {
+        java.lang.Object ref = hexSerialNumber_;
+        if (!(ref instanceof java.lang.String)) {
+          com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+          java.lang.String s = bs.toStringUtf8();
+          hexSerialNumber_ = s;
+          return s;
+        } else {
+          return (java.lang.String) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The serial number of the [Certificate][google.cloud.security.privateca.v1.Certificate].
+       * </pre>
+       *
+       * <code>string hex_serial_number = 2;</code>
+       *
+       * @return The bytes for hexSerialNumber.
+       */
+      public com.google.protobuf.ByteString getHexSerialNumberBytes() {
+        java.lang.Object ref = hexSerialNumber_;
+        if (ref instanceof String) {
+          com.google.protobuf.ByteString b =
+              com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+          hexSerialNumber_ = b;
+          return b;
+        } else {
+          return (com.google.protobuf.ByteString) ref;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The serial number of the [Certificate][google.cloud.security.privateca.v1.Certificate].
+       * </pre>
+       *
+       * <code>string hex_serial_number = 2;</code>
+       *
+       * @param value The hexSerialNumber to set.
+       * @return This builder for chaining.
+       */
+      public Builder setHexSerialNumber(java.lang.String value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+
+        hexSerialNumber_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The serial number of the [Certificate][google.cloud.security.privateca.v1.Certificate].
+       * </pre>
+       *
+       * <code>string hex_serial_number = 2;</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearHexSerialNumber() {
+
+        hexSerialNumber_ = getDefaultInstance().getHexSerialNumber();
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The serial number of the [Certificate][google.cloud.security.privateca.v1.Certificate].
+       * </pre>
+       *
+       * <code>string hex_serial_number = 2;</code>
+       *
+       * @param value The bytes for hexSerialNumber to set.
+       * @return This builder for chaining.
+       */
+      public Builder setHexSerialNumberBytes(com.google.protobuf.ByteString value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        checkByteStringIsUtf8(value);
+
+        hexSerialNumber_ = value;
+        onChanged();
+        return this;
+      }
+
+      private int revocationReason_ = 0;
+      /**
+       *
+       *
+       * <pre>
+       * The reason the [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+       * </pre>
+       *
+       * <code>.google.cloud.security.privateca.v1.RevocationReason revocation_reason = 3;</code>
+       *
+       * @return The enum numeric value on the wire for revocationReason.
+       */
+      @java.lang.Override
+      public int getRevocationReasonValue() {
+        return revocationReason_;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The reason the [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+       * </pre>
+       *
+       * <code>.google.cloud.security.privateca.v1.RevocationReason revocation_reason = 3;</code>
+       *
+       * @param value The enum numeric value on the wire for revocationReason to set.
+       * @return This builder for chaining.
+       */
+      public Builder setRevocationReasonValue(int value) {
+
+        revocationReason_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The reason the [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+       * </pre>
+       *
+       * <code>.google.cloud.security.privateca.v1.RevocationReason revocation_reason = 3;</code>
+       *
+       * @return The revocationReason.
+       */
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.RevocationReason getRevocationReason() {
+        @SuppressWarnings("deprecation")
+        com.google.cloud.security.privateca.v1.RevocationReason result =
+            com.google.cloud.security.privateca.v1.RevocationReason.valueOf(revocationReason_);
+        return result == null
+            ? com.google.cloud.security.privateca.v1.RevocationReason.UNRECOGNIZED
+            : result;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The reason the [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+       * </pre>
+       *
+       * <code>.google.cloud.security.privateca.v1.RevocationReason revocation_reason = 3;</code>
+       *
+       * @param value The revocationReason to set.
+       * @return This builder for chaining.
+       */
+      public Builder setRevocationReason(
+          com.google.cloud.security.privateca.v1.RevocationReason value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+
+        revocationReason_ = value.getNumber();
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The reason the [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+       * </pre>
+       *
+       * <code>.google.cloud.security.privateca.v1.RevocationReason revocation_reason = 3;</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearRevocationReason() {
+
+        revocationReason_ = 0;
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final Builder setUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.setUnknownFields(unknownFields);
+      }
+
+      @java.lang.Override
+      public final Builder mergeUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.mergeUnknownFields(unknownFields);
+      }
+
+      // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate)
+    }
+
+    // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate)
+    private static final com.google.cloud.security.privateca.v1.CertificateRevocationList
+            .RevokedCertificate
+        DEFAULT_INSTANCE;
+
+    static {
+      DEFAULT_INSTANCE =
+          new com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate();
+    }
+
+    public static com.google.cloud.security.privateca.v1.CertificateRevocationList
+            .RevokedCertificate
+        getDefaultInstance() {
+      return DEFAULT_INSTANCE;
+    }
+
+    private static final com.google.protobuf.Parser<RevokedCertificate> PARSER =
+        new com.google.protobuf.AbstractParser<RevokedCertificate>() {
+          @java.lang.Override
+          public RevokedCertificate parsePartialFrom(
+              com.google.protobuf.CodedInputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+            return new RevokedCertificate(input, extensionRegistry);
+          }
+        };
+
+    public static com.google.protobuf.Parser<RevokedCertificate> parser() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Parser<RevokedCertificate> getParserForType() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate
+        getDefaultInstanceForType() {
+      return DEFAULT_INSTANCE;
+    }
+  }
+
+  public static final int NAME_FIELD_NUMBER = 1;
+  private volatile java.lang.Object name_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The resource name for this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] in
+   * the format
+   * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;certificateAuthorities/&#42;&#47;
+   *    certificateRevocationLists/&#42;`.
+   * </pre>
+   *
+   * <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The name.
+   */
+  @java.lang.Override
+  public java.lang.String getName() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      name_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The resource name for this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] in
+   * the format
+   * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;certificateAuthorities/&#42;&#47;
+   *    certificateRevocationLists/&#42;`.
+   * </pre>
+   *
+   * <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The bytes for name.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getNameBytes() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      name_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int SEQUENCE_NUMBER_FIELD_NUMBER = 2;
+  private long sequenceNumber_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The CRL sequence number that appears in pem_crl.
+   * </pre>
+   *
+   * <code>int64 sequence_number = 2 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The sequenceNumber.
+   */
+  @java.lang.Override
+  public long getSequenceNumber() {
+    return sequenceNumber_;
+  }
+
+  public static final int REVOKED_CERTIFICATES_FIELD_NUMBER = 3;
+  private java.util.List<
+          com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate>
+      revokedCertificates_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The revoked serial numbers that appear in pem_crl.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate revoked_certificates = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  @java.lang.Override
+  public java.util.List<
+          com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate>
+      getRevokedCertificatesList() {
+    return revokedCertificates_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The revoked serial numbers that appear in pem_crl.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate revoked_certificates = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  @java.lang.Override
+  public java.util.List<
+          ? extends
+              com.google.cloud.security.privateca.v1.CertificateRevocationList
+                  .RevokedCertificateOrBuilder>
+      getRevokedCertificatesOrBuilderList() {
+    return revokedCertificates_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The revoked serial numbers that appear in pem_crl.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate revoked_certificates = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  @java.lang.Override
+  public int getRevokedCertificatesCount() {
+    return revokedCertificates_.size();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The revoked serial numbers that appear in pem_crl.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate revoked_certificates = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate
+      getRevokedCertificates(int index) {
+    return revokedCertificates_.get(index);
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The revoked serial numbers that appear in pem_crl.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate revoked_certificates = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateRevocationList
+          .RevokedCertificateOrBuilder
+      getRevokedCertificatesOrBuilder(int index) {
+    return revokedCertificates_.get(index);
+  }
+
+  public static final int PEM_CRL_FIELD_NUMBER = 4;
+  private volatile java.lang.Object pemCrl_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The PEM-encoded X.509 CRL.
+   * </pre>
+   *
+   * <code>string pem_crl = 4 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The pemCrl.
+   */
+  @java.lang.Override
+  public java.lang.String getPemCrl() {
+    java.lang.Object ref = pemCrl_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      pemCrl_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The PEM-encoded X.509 CRL.
+   * </pre>
+   *
+   * <code>string pem_crl = 4 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The bytes for pemCrl.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getPemCrlBytes() {
+    java.lang.Object ref = pemCrl_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      pemCrl_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int ACCESS_URL_FIELD_NUMBER = 5;
+  private volatile java.lang.Object accessUrl_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The location where 'pem_crl' can be accessed.
+   * </pre>
+   *
+   * <code>string access_url = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The accessUrl.
+   */
+  @java.lang.Override
+  public java.lang.String getAccessUrl() {
+    java.lang.Object ref = accessUrl_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      accessUrl_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The location where 'pem_crl' can be accessed.
+   * </pre>
+   *
+   * <code>string access_url = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The bytes for accessUrl.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getAccessUrlBytes() {
+    java.lang.Object ref = accessUrl_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      accessUrl_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int STATE_FIELD_NUMBER = 6;
+  private int state_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The [State][google.cloud.security.privateca.v1.CertificateRevocationList.State] for this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateRevocationList.State state = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The enum numeric value on the wire for state.
+   */
+  @java.lang.Override
+  public int getStateValue() {
+    return state_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The [State][google.cloud.security.privateca.v1.CertificateRevocationList.State] for this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateRevocationList.State state = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The state.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateRevocationList.State getState() {
+    @SuppressWarnings("deprecation")
+    com.google.cloud.security.privateca.v1.CertificateRevocationList.State result =
+        com.google.cloud.security.privateca.v1.CertificateRevocationList.State.valueOf(state_);
+    return result == null
+        ? com.google.cloud.security.privateca.v1.CertificateRevocationList.State.UNRECOGNIZED
+        : result;
+  }
+
+  public static final int CREATE_TIME_FIELD_NUMBER = 7;
+  private com.google.protobuf.Timestamp createTime_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was created.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp create_time = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return Whether the createTime field is set.
+   */
+  @java.lang.Override
+  public boolean hasCreateTime() {
+    return createTime_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was created.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp create_time = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The createTime.
+   */
+  @java.lang.Override
+  public com.google.protobuf.Timestamp getCreateTime() {
+    return createTime_ == null ? com.google.protobuf.Timestamp.getDefaultInstance() : createTime_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was created.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp create_time = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.protobuf.TimestampOrBuilder getCreateTimeOrBuilder() {
+    return getCreateTime();
+  }
+
+  public static final int UPDATE_TIME_FIELD_NUMBER = 8;
+  private com.google.protobuf.Timestamp updateTime_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was updated.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp update_time = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return Whether the updateTime field is set.
+   */
+  @java.lang.Override
+  public boolean hasUpdateTime() {
+    return updateTime_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was updated.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp update_time = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The updateTime.
+   */
+  @java.lang.Override
+  public com.google.protobuf.Timestamp getUpdateTime() {
+    return updateTime_ == null ? com.google.protobuf.Timestamp.getDefaultInstance() : updateTime_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was updated.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp update_time = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.protobuf.TimestampOrBuilder getUpdateTimeOrBuilder() {
+    return getUpdateTime();
+  }
+
+  public static final int REVISION_ID_FIELD_NUMBER = 9;
+  private volatile java.lang.Object revisionId_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The revision ID of this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]. A new revision is
+   * committed whenever a new CRL is published. The format is an 8-character
+   * hexadecimal string.
+   * </pre>
+   *
+   * <code>string revision_id = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The revisionId.
+   */
+  @java.lang.Override
+  public java.lang.String getRevisionId() {
+    java.lang.Object ref = revisionId_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      revisionId_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The revision ID of this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]. A new revision is
+   * committed whenever a new CRL is published. The format is an 8-character
+   * hexadecimal string.
+   * </pre>
+   *
+   * <code>string revision_id = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The bytes for revisionId.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getRevisionIdBytes() {
+    java.lang.Object ref = revisionId_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      revisionId_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int LABELS_FIELD_NUMBER = 10;
+
+  private static final class LabelsDefaultEntryHolder {
+    static final com.google.protobuf.MapEntry<java.lang.String, java.lang.String> defaultEntry =
+        com.google.protobuf.MapEntry.<java.lang.String, java.lang.String>newDefaultInstance(
+            com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+                .internal_static_google_cloud_security_privateca_v1_CertificateRevocationList_LabelsEntry_descriptor,
+            com.google.protobuf.WireFormat.FieldType.STRING,
+            "",
+            com.google.protobuf.WireFormat.FieldType.STRING,
+            "");
+  }
+
+  private com.google.protobuf.MapField<java.lang.String, java.lang.String> labels_;
+
+  private com.google.protobuf.MapField<java.lang.String, java.lang.String> internalGetLabels() {
+    if (labels_ == null) {
+      return com.google.protobuf.MapField.emptyMapField(LabelsDefaultEntryHolder.defaultEntry);
+    }
+    return labels_;
+  }
+
+  public int getLabelsCount() {
+    return internalGetLabels().getMap().size();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 10 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  @java.lang.Override
+  public boolean containsLabels(java.lang.String key) {
+    if (key == null) {
+      throw new java.lang.NullPointerException();
+    }
+    return internalGetLabels().getMap().containsKey(key);
+  }
+  /** Use {@link #getLabelsMap()} instead. */
+  @java.lang.Override
+  @java.lang.Deprecated
+  public java.util.Map<java.lang.String, java.lang.String> getLabels() {
+    return getLabelsMap();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 10 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  @java.lang.Override
+  public java.util.Map<java.lang.String, java.lang.String> getLabelsMap() {
+    return internalGetLabels().getMap();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 10 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  @java.lang.Override
+  public java.lang.String getLabelsOrDefault(java.lang.String key, java.lang.String defaultValue) {
+    if (key == null) {
+      throw new java.lang.NullPointerException();
+    }
+    java.util.Map<java.lang.String, java.lang.String> map = internalGetLabels().getMap();
+    return map.containsKey(key) ? map.get(key) : defaultValue;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 10 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  @java.lang.Override
+  public java.lang.String getLabelsOrThrow(java.lang.String key) {
+    if (key == null) {
+      throw new java.lang.NullPointerException();
+    }
+    java.util.Map<java.lang.String, java.lang.String> map = internalGetLabels().getMap();
+    if (!map.containsKey(key)) {
+      throw new java.lang.IllegalArgumentException();
+    }
+    return map.get(key);
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!getNameBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, name_);
+    }
+    if (sequenceNumber_ != 0L) {
+      output.writeInt64(2, sequenceNumber_);
+    }
+    for (int i = 0; i < revokedCertificates_.size(); i++) {
+      output.writeMessage(3, revokedCertificates_.get(i));
+    }
+    if (!getPemCrlBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 4, pemCrl_);
+    }
+    if (!getAccessUrlBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 5, accessUrl_);
+    }
+    if (state_
+        != com.google.cloud.security.privateca.v1.CertificateRevocationList.State.STATE_UNSPECIFIED
+            .getNumber()) {
+      output.writeEnum(6, state_);
+    }
+    if (createTime_ != null) {
+      output.writeMessage(7, getCreateTime());
+    }
+    if (updateTime_ != null) {
+      output.writeMessage(8, getUpdateTime());
+    }
+    if (!getRevisionIdBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 9, revisionId_);
+    }
+    com.google.protobuf.GeneratedMessageV3.serializeStringMapTo(
+        output, internalGetLabels(), LabelsDefaultEntryHolder.defaultEntry, 10);
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!getNameBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, name_);
+    }
+    if (sequenceNumber_ != 0L) {
+      size += com.google.protobuf.CodedOutputStream.computeInt64Size(2, sequenceNumber_);
+    }
+    for (int i = 0; i < revokedCertificates_.size(); i++) {
+      size +=
+          com.google.protobuf.CodedOutputStream.computeMessageSize(3, revokedCertificates_.get(i));
+    }
+    if (!getPemCrlBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(4, pemCrl_);
+    }
+    if (!getAccessUrlBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(5, accessUrl_);
+    }
+    if (state_
+        != com.google.cloud.security.privateca.v1.CertificateRevocationList.State.STATE_UNSPECIFIED
+            .getNumber()) {
+      size += com.google.protobuf.CodedOutputStream.computeEnumSize(6, state_);
+    }
+    if (createTime_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(7, getCreateTime());
+    }
+    if (updateTime_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(8, getUpdateTime());
+    }
+    if (!getRevisionIdBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(9, revisionId_);
+    }
+    for (java.util.Map.Entry<java.lang.String, java.lang.String> entry :
+        internalGetLabels().getMap().entrySet()) {
+      com.google.protobuf.MapEntry<java.lang.String, java.lang.String> labels__ =
+          LabelsDefaultEntryHolder.defaultEntry
+              .newBuilderForType()
+              .setKey(entry.getKey())
+              .setValue(entry.getValue())
+              .build();
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(10, labels__);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.security.privateca.v1.CertificateRevocationList)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.CertificateRevocationList other =
+        (com.google.cloud.security.privateca.v1.CertificateRevocationList) obj;
+
+    if (!getName().equals(other.getName())) return false;
+    if (getSequenceNumber() != other.getSequenceNumber()) return false;
+    if (!getRevokedCertificatesList().equals(other.getRevokedCertificatesList())) return false;
+    if (!getPemCrl().equals(other.getPemCrl())) return false;
+    if (!getAccessUrl().equals(other.getAccessUrl())) return false;
+    if (state_ != other.state_) return false;
+    if (hasCreateTime() != other.hasCreateTime()) return false;
+    if (hasCreateTime()) {
+      if (!getCreateTime().equals(other.getCreateTime())) return false;
+    }
+    if (hasUpdateTime() != other.hasUpdateTime()) return false;
+    if (hasUpdateTime()) {
+      if (!getUpdateTime().equals(other.getUpdateTime())) return false;
+    }
+    if (!getRevisionId().equals(other.getRevisionId())) return false;
+    if (!internalGetLabels().equals(other.internalGetLabels())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + NAME_FIELD_NUMBER;
+    hash = (53 * hash) + getName().hashCode();
+    hash = (37 * hash) + SEQUENCE_NUMBER_FIELD_NUMBER;
+    hash = (53 * hash) + com.google.protobuf.Internal.hashLong(getSequenceNumber());
+    if (getRevokedCertificatesCount() > 0) {
+      hash = (37 * hash) + REVOKED_CERTIFICATES_FIELD_NUMBER;
+      hash = (53 * hash) + getRevokedCertificatesList().hashCode();
+    }
+    hash = (37 * hash) + PEM_CRL_FIELD_NUMBER;
+    hash = (53 * hash) + getPemCrl().hashCode();
+    hash = (37 * hash) + ACCESS_URL_FIELD_NUMBER;
+    hash = (53 * hash) + getAccessUrl().hashCode();
+    hash = (37 * hash) + STATE_FIELD_NUMBER;
+    hash = (53 * hash) + state_;
+    if (hasCreateTime()) {
+      hash = (37 * hash) + CREATE_TIME_FIELD_NUMBER;
+      hash = (53 * hash) + getCreateTime().hashCode();
+    }
+    if (hasUpdateTime()) {
+      hash = (37 * hash) + UPDATE_TIME_FIELD_NUMBER;
+      hash = (53 * hash) + getUpdateTime().hashCode();
+    }
+    hash = (37 * hash) + REVISION_ID_FIELD_NUMBER;
+    hash = (53 * hash) + getRevisionId().hashCode();
+    if (!internalGetLabels().getMap().isEmpty()) {
+      hash = (37 * hash) + LABELS_FIELD_NUMBER;
+      hash = (53 * hash) + internalGetLabels().hashCode();
+    }
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateRevocationList parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateRevocationList parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateRevocationList parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateRevocationList parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateRevocationList parseFrom(
+      byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateRevocationList parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateRevocationList parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateRevocationList parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateRevocationList parseDelimitedFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateRevocationList parseDelimitedFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateRevocationList parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateRevocationList parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.CertificateRevocationList prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * A [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] corresponds to a signed X.509 certificate
+   * Revocation List (CRL). A CRL contains the serial numbers of certificates that
+   * should no longer be trusted.
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.CertificateRevocationList}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.CertificateRevocationList)
+      com.google.cloud.security.privateca.v1.CertificateRevocationListOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CertificateRevocationList_descriptor;
+    }
+
+    @SuppressWarnings({"rawtypes"})
+    protected com.google.protobuf.MapField internalGetMapField(int number) {
+      switch (number) {
+        case 10:
+          return internalGetLabels();
+        default:
+          throw new RuntimeException("Invalid map field number: " + number);
+      }
+    }
+
+    @SuppressWarnings({"rawtypes"})
+    protected com.google.protobuf.MapField internalGetMutableMapField(int number) {
+      switch (number) {
+        case 10:
+          return internalGetMutableLabels();
+        default:
+          throw new RuntimeException("Invalid map field number: " + number);
+      }
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CertificateRevocationList_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.CertificateRevocationList.class,
+              com.google.cloud.security.privateca.v1.CertificateRevocationList.Builder.class);
+    }
+
+    // Construct using com.google.cloud.security.privateca.v1.CertificateRevocationList.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {
+        getRevokedCertificatesFieldBuilder();
+      }
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      name_ = "";
+
+      sequenceNumber_ = 0L;
+
+      if (revokedCertificatesBuilder_ == null) {
+        revokedCertificates_ = java.util.Collections.emptyList();
+        bitField0_ = (bitField0_ & ~0x00000001);
+      } else {
+        revokedCertificatesBuilder_.clear();
+      }
+      pemCrl_ = "";
+
+      accessUrl_ = "";
+
+      state_ = 0;
+
+      if (createTimeBuilder_ == null) {
+        createTime_ = null;
+      } else {
+        createTime_ = null;
+        createTimeBuilder_ = null;
+      }
+      if (updateTimeBuilder_ == null) {
+        updateTime_ = null;
+      } else {
+        updateTime_ = null;
+        updateTimeBuilder_ = null;
+      }
+      revisionId_ = "";
+
+      internalGetMutableLabels().clear();
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CertificateRevocationList_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CertificateRevocationList
+        getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.CertificateRevocationList.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CertificateRevocationList build() {
+      com.google.cloud.security.privateca.v1.CertificateRevocationList result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CertificateRevocationList buildPartial() {
+      com.google.cloud.security.privateca.v1.CertificateRevocationList result =
+          new com.google.cloud.security.privateca.v1.CertificateRevocationList(this);
+      int from_bitField0_ = bitField0_;
+      result.name_ = name_;
+      result.sequenceNumber_ = sequenceNumber_;
+      if (revokedCertificatesBuilder_ == null) {
+        if (((bitField0_ & 0x00000001) != 0)) {
+          revokedCertificates_ = java.util.Collections.unmodifiableList(revokedCertificates_);
+          bitField0_ = (bitField0_ & ~0x00000001);
+        }
+        result.revokedCertificates_ = revokedCertificates_;
+      } else {
+        result.revokedCertificates_ = revokedCertificatesBuilder_.build();
+      }
+      result.pemCrl_ = pemCrl_;
+      result.accessUrl_ = accessUrl_;
+      result.state_ = state_;
+      if (createTimeBuilder_ == null) {
+        result.createTime_ = createTime_;
+      } else {
+        result.createTime_ = createTimeBuilder_.build();
+      }
+      if (updateTimeBuilder_ == null) {
+        result.updateTime_ = updateTime_;
+      } else {
+        result.updateTime_ = updateTimeBuilder_.build();
+      }
+      result.revisionId_ = revisionId_;
+      result.labels_ = internalGetLabels();
+      result.labels_.makeImmutable();
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.security.privateca.v1.CertificateRevocationList) {
+        return mergeFrom((com.google.cloud.security.privateca.v1.CertificateRevocationList) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(
+        com.google.cloud.security.privateca.v1.CertificateRevocationList other) {
+      if (other
+          == com.google.cloud.security.privateca.v1.CertificateRevocationList.getDefaultInstance())
+        return this;
+      if (!other.getName().isEmpty()) {
+        name_ = other.name_;
+        onChanged();
+      }
+      if (other.getSequenceNumber() != 0L) {
+        setSequenceNumber(other.getSequenceNumber());
+      }
+      if (revokedCertificatesBuilder_ == null) {
+        if (!other.revokedCertificates_.isEmpty()) {
+          if (revokedCertificates_.isEmpty()) {
+            revokedCertificates_ = other.revokedCertificates_;
+            bitField0_ = (bitField0_ & ~0x00000001);
+          } else {
+            ensureRevokedCertificatesIsMutable();
+            revokedCertificates_.addAll(other.revokedCertificates_);
+          }
+          onChanged();
+        }
+      } else {
+        if (!other.revokedCertificates_.isEmpty()) {
+          if (revokedCertificatesBuilder_.isEmpty()) {
+            revokedCertificatesBuilder_.dispose();
+            revokedCertificatesBuilder_ = null;
+            revokedCertificates_ = other.revokedCertificates_;
+            bitField0_ = (bitField0_ & ~0x00000001);
+            revokedCertificatesBuilder_ =
+                com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders
+                    ? getRevokedCertificatesFieldBuilder()
+                    : null;
+          } else {
+            revokedCertificatesBuilder_.addAllMessages(other.revokedCertificates_);
+          }
+        }
+      }
+      if (!other.getPemCrl().isEmpty()) {
+        pemCrl_ = other.pemCrl_;
+        onChanged();
+      }
+      if (!other.getAccessUrl().isEmpty()) {
+        accessUrl_ = other.accessUrl_;
+        onChanged();
+      }
+      if (other.state_ != 0) {
+        setStateValue(other.getStateValue());
+      }
+      if (other.hasCreateTime()) {
+        mergeCreateTime(other.getCreateTime());
+      }
+      if (other.hasUpdateTime()) {
+        mergeUpdateTime(other.getUpdateTime());
+      }
+      if (!other.getRevisionId().isEmpty()) {
+        revisionId_ = other.revisionId_;
+        onChanged();
+      }
+      internalGetMutableLabels().mergeFrom(other.internalGetLabels());
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.CertificateRevocationList parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.CertificateRevocationList)
+                e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private int bitField0_;
+
+    private java.lang.Object name_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The resource name for this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] in
+     * the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;certificateAuthorities/&#42;&#47;
+     *    certificateRevocationLists/&#42;`.
+     * </pre>
+     *
+     * <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return The name.
+     */
+    public java.lang.String getName() {
+      java.lang.Object ref = name_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        name_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The resource name for this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] in
+     * the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;certificateAuthorities/&#42;&#47;
+     *    certificateRevocationLists/&#42;`.
+     * </pre>
+     *
+     * <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return The bytes for name.
+     */
+    public com.google.protobuf.ByteString getNameBytes() {
+      java.lang.Object ref = name_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        name_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The resource name for this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] in
+     * the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;certificateAuthorities/&#42;&#47;
+     *    certificateRevocationLists/&#42;`.
+     * </pre>
+     *
+     * <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @param value The name to set.
+     * @return This builder for chaining.
+     */
+    public Builder setName(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The resource name for this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] in
+     * the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;certificateAuthorities/&#42;&#47;
+     *    certificateRevocationLists/&#42;`.
+     * </pre>
+     *
+     * <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearName() {
+
+      name_ = getDefaultInstance().getName();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The resource name for this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] in
+     * the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;certificateAuthorities/&#42;&#47;
+     *    certificateRevocationLists/&#42;`.
+     * </pre>
+     *
+     * <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @param value The bytes for name to set.
+     * @return This builder for chaining.
+     */
+    public Builder setNameBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+
+    private long sequenceNumber_;
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The CRL sequence number that appears in pem_crl.
+     * </pre>
+     *
+     * <code>int64 sequence_number = 2 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return The sequenceNumber.
+     */
+    @java.lang.Override
+    public long getSequenceNumber() {
+      return sequenceNumber_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The CRL sequence number that appears in pem_crl.
+     * </pre>
+     *
+     * <code>int64 sequence_number = 2 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @param value The sequenceNumber to set.
+     * @return This builder for chaining.
+     */
+    public Builder setSequenceNumber(long value) {
+
+      sequenceNumber_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The CRL sequence number that appears in pem_crl.
+     * </pre>
+     *
+     * <code>int64 sequence_number = 2 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearSequenceNumber() {
+
+      sequenceNumber_ = 0L;
+      onChanged();
+      return this;
+    }
+
+    private java.util.List<
+            com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate>
+        revokedCertificates_ = java.util.Collections.emptyList();
+
+    private void ensureRevokedCertificatesIsMutable() {
+      if (!((bitField0_ & 0x00000001) != 0)) {
+        revokedCertificates_ =
+            new java.util.ArrayList<
+                com.google.cloud.security.privateca.v1.CertificateRevocationList
+                    .RevokedCertificate>(revokedCertificates_);
+        bitField0_ |= 0x00000001;
+      }
+    }
+
+    private com.google.protobuf.RepeatedFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate,
+            com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate
+                .Builder,
+            com.google.cloud.security.privateca.v1.CertificateRevocationList
+                .RevokedCertificateOrBuilder>
+        revokedCertificatesBuilder_;
+
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The revoked serial numbers that appear in pem_crl.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate revoked_certificates = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public java.util.List<
+            com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate>
+        getRevokedCertificatesList() {
+      if (revokedCertificatesBuilder_ == null) {
+        return java.util.Collections.unmodifiableList(revokedCertificates_);
+      } else {
+        return revokedCertificatesBuilder_.getMessageList();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The revoked serial numbers that appear in pem_crl.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate revoked_certificates = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public int getRevokedCertificatesCount() {
+      if (revokedCertificatesBuilder_ == null) {
+        return revokedCertificates_.size();
+      } else {
+        return revokedCertificatesBuilder_.getCount();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The revoked serial numbers that appear in pem_crl.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate revoked_certificates = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate
+        getRevokedCertificates(int index) {
+      if (revokedCertificatesBuilder_ == null) {
+        return revokedCertificates_.get(index);
+      } else {
+        return revokedCertificatesBuilder_.getMessage(index);
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The revoked serial numbers that appear in pem_crl.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate revoked_certificates = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder setRevokedCertificates(
+        int index,
+        com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate value) {
+      if (revokedCertificatesBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureRevokedCertificatesIsMutable();
+        revokedCertificates_.set(index, value);
+        onChanged();
+      } else {
+        revokedCertificatesBuilder_.setMessage(index, value);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The revoked serial numbers that appear in pem_crl.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate revoked_certificates = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder setRevokedCertificates(
+        int index,
+        com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate.Builder
+            builderForValue) {
+      if (revokedCertificatesBuilder_ == null) {
+        ensureRevokedCertificatesIsMutable();
+        revokedCertificates_.set(index, builderForValue.build());
+        onChanged();
+      } else {
+        revokedCertificatesBuilder_.setMessage(index, builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The revoked serial numbers that appear in pem_crl.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate revoked_certificates = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder addRevokedCertificates(
+        com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate value) {
+      if (revokedCertificatesBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureRevokedCertificatesIsMutable();
+        revokedCertificates_.add(value);
+        onChanged();
+      } else {
+        revokedCertificatesBuilder_.addMessage(value);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The revoked serial numbers that appear in pem_crl.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate revoked_certificates = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder addRevokedCertificates(
+        int index,
+        com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate value) {
+      if (revokedCertificatesBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureRevokedCertificatesIsMutable();
+        revokedCertificates_.add(index, value);
+        onChanged();
+      } else {
+        revokedCertificatesBuilder_.addMessage(index, value);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The revoked serial numbers that appear in pem_crl.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate revoked_certificates = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder addRevokedCertificates(
+        com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate.Builder
+            builderForValue) {
+      if (revokedCertificatesBuilder_ == null) {
+        ensureRevokedCertificatesIsMutable();
+        revokedCertificates_.add(builderForValue.build());
+        onChanged();
+      } else {
+        revokedCertificatesBuilder_.addMessage(builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The revoked serial numbers that appear in pem_crl.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate revoked_certificates = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder addRevokedCertificates(
+        int index,
+        com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate.Builder
+            builderForValue) {
+      if (revokedCertificatesBuilder_ == null) {
+        ensureRevokedCertificatesIsMutable();
+        revokedCertificates_.add(index, builderForValue.build());
+        onChanged();
+      } else {
+        revokedCertificatesBuilder_.addMessage(index, builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The revoked serial numbers that appear in pem_crl.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate revoked_certificates = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder addAllRevokedCertificates(
+        java.lang.Iterable<
+                ? extends
+                    com.google.cloud.security.privateca.v1.CertificateRevocationList
+                        .RevokedCertificate>
+            values) {
+      if (revokedCertificatesBuilder_ == null) {
+        ensureRevokedCertificatesIsMutable();
+        com.google.protobuf.AbstractMessageLite.Builder.addAll(values, revokedCertificates_);
+        onChanged();
+      } else {
+        revokedCertificatesBuilder_.addAllMessages(values);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The revoked serial numbers that appear in pem_crl.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate revoked_certificates = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder clearRevokedCertificates() {
+      if (revokedCertificatesBuilder_ == null) {
+        revokedCertificates_ = java.util.Collections.emptyList();
+        bitField0_ = (bitField0_ & ~0x00000001);
+        onChanged();
+      } else {
+        revokedCertificatesBuilder_.clear();
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The revoked serial numbers that appear in pem_crl.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate revoked_certificates = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder removeRevokedCertificates(int index) {
+      if (revokedCertificatesBuilder_ == null) {
+        ensureRevokedCertificatesIsMutable();
+        revokedCertificates_.remove(index);
+        onChanged();
+      } else {
+        revokedCertificatesBuilder_.remove(index);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The revoked serial numbers that appear in pem_crl.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate revoked_certificates = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate
+            .Builder
+        getRevokedCertificatesBuilder(int index) {
+      return getRevokedCertificatesFieldBuilder().getBuilder(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The revoked serial numbers that appear in pem_crl.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate revoked_certificates = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateRevocationList
+            .RevokedCertificateOrBuilder
+        getRevokedCertificatesOrBuilder(int index) {
+      if (revokedCertificatesBuilder_ == null) {
+        return revokedCertificates_.get(index);
+      } else {
+        return revokedCertificatesBuilder_.getMessageOrBuilder(index);
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The revoked serial numbers that appear in pem_crl.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate revoked_certificates = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public java.util.List<
+            ? extends
+                com.google.cloud.security.privateca.v1.CertificateRevocationList
+                    .RevokedCertificateOrBuilder>
+        getRevokedCertificatesOrBuilderList() {
+      if (revokedCertificatesBuilder_ != null) {
+        return revokedCertificatesBuilder_.getMessageOrBuilderList();
+      } else {
+        return java.util.Collections.unmodifiableList(revokedCertificates_);
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The revoked serial numbers that appear in pem_crl.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate revoked_certificates = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate
+            .Builder
+        addRevokedCertificatesBuilder() {
+      return getRevokedCertificatesFieldBuilder()
+          .addBuilder(
+              com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate
+                  .getDefaultInstance());
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The revoked serial numbers that appear in pem_crl.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate revoked_certificates = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate
+            .Builder
+        addRevokedCertificatesBuilder(int index) {
+      return getRevokedCertificatesFieldBuilder()
+          .addBuilder(
+              index,
+              com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate
+                  .getDefaultInstance());
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The revoked serial numbers that appear in pem_crl.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate revoked_certificates = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public java.util.List<
+            com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate
+                .Builder>
+        getRevokedCertificatesBuilderList() {
+      return getRevokedCertificatesFieldBuilder().getBuilderList();
+    }
+
+    private com.google.protobuf.RepeatedFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate,
+            com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate
+                .Builder,
+            com.google.cloud.security.privateca.v1.CertificateRevocationList
+                .RevokedCertificateOrBuilder>
+        getRevokedCertificatesFieldBuilder() {
+      if (revokedCertificatesBuilder_ == null) {
+        revokedCertificatesBuilder_ =
+            new com.google.protobuf.RepeatedFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate,
+                com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate
+                    .Builder,
+                com.google.cloud.security.privateca.v1.CertificateRevocationList
+                    .RevokedCertificateOrBuilder>(
+                revokedCertificates_,
+                ((bitField0_ & 0x00000001) != 0),
+                getParentForChildren(),
+                isClean());
+        revokedCertificates_ = null;
+      }
+      return revokedCertificatesBuilder_;
+    }
+
+    private java.lang.Object pemCrl_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The PEM-encoded X.509 CRL.
+     * </pre>
+     *
+     * <code>string pem_crl = 4 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return The pemCrl.
+     */
+    public java.lang.String getPemCrl() {
+      java.lang.Object ref = pemCrl_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        pemCrl_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The PEM-encoded X.509 CRL.
+     * </pre>
+     *
+     * <code>string pem_crl = 4 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return The bytes for pemCrl.
+     */
+    public com.google.protobuf.ByteString getPemCrlBytes() {
+      java.lang.Object ref = pemCrl_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        pemCrl_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The PEM-encoded X.509 CRL.
+     * </pre>
+     *
+     * <code>string pem_crl = 4 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @param value The pemCrl to set.
+     * @return This builder for chaining.
+     */
+    public Builder setPemCrl(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      pemCrl_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The PEM-encoded X.509 CRL.
+     * </pre>
+     *
+     * <code>string pem_crl = 4 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearPemCrl() {
+
+      pemCrl_ = getDefaultInstance().getPemCrl();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The PEM-encoded X.509 CRL.
+     * </pre>
+     *
+     * <code>string pem_crl = 4 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @param value The bytes for pemCrl to set.
+     * @return This builder for chaining.
+     */
+    public Builder setPemCrlBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      pemCrl_ = value;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object accessUrl_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The location where 'pem_crl' can be accessed.
+     * </pre>
+     *
+     * <code>string access_url = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return The accessUrl.
+     */
+    public java.lang.String getAccessUrl() {
+      java.lang.Object ref = accessUrl_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        accessUrl_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The location where 'pem_crl' can be accessed.
+     * </pre>
+     *
+     * <code>string access_url = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return The bytes for accessUrl.
+     */
+    public com.google.protobuf.ByteString getAccessUrlBytes() {
+      java.lang.Object ref = accessUrl_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        accessUrl_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The location where 'pem_crl' can be accessed.
+     * </pre>
+     *
+     * <code>string access_url = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @param value The accessUrl to set.
+     * @return This builder for chaining.
+     */
+    public Builder setAccessUrl(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      accessUrl_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The location where 'pem_crl' can be accessed.
+     * </pre>
+     *
+     * <code>string access_url = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearAccessUrl() {
+
+      accessUrl_ = getDefaultInstance().getAccessUrl();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The location where 'pem_crl' can be accessed.
+     * </pre>
+     *
+     * <code>string access_url = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @param value The bytes for accessUrl to set.
+     * @return This builder for chaining.
+     */
+    public Builder setAccessUrlBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      accessUrl_ = value;
+      onChanged();
+      return this;
+    }
+
+    private int state_ = 0;
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The [State][google.cloud.security.privateca.v1.CertificateRevocationList.State] for this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateRevocationList.State state = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return The enum numeric value on the wire for state.
+     */
+    @java.lang.Override
+    public int getStateValue() {
+      return state_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The [State][google.cloud.security.privateca.v1.CertificateRevocationList.State] for this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateRevocationList.State state = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @param value The enum numeric value on the wire for state to set.
+     * @return This builder for chaining.
+     */
+    public Builder setStateValue(int value) {
+
+      state_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The [State][google.cloud.security.privateca.v1.CertificateRevocationList.State] for this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateRevocationList.State state = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return The state.
+     */
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CertificateRevocationList.State getState() {
+      @SuppressWarnings("deprecation")
+      com.google.cloud.security.privateca.v1.CertificateRevocationList.State result =
+          com.google.cloud.security.privateca.v1.CertificateRevocationList.State.valueOf(state_);
+      return result == null
+          ? com.google.cloud.security.privateca.v1.CertificateRevocationList.State.UNRECOGNIZED
+          : result;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The [State][google.cloud.security.privateca.v1.CertificateRevocationList.State] for this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateRevocationList.State state = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @param value The state to set.
+     * @return This builder for chaining.
+     */
+    public Builder setState(
+        com.google.cloud.security.privateca.v1.CertificateRevocationList.State value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      state_ = value.getNumber();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The [State][google.cloud.security.privateca.v1.CertificateRevocationList.State] for this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateRevocationList.State state = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearState() {
+
+      state_ = 0;
+      onChanged();
+      return this;
+    }
+
+    private com.google.protobuf.Timestamp createTime_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.Timestamp,
+            com.google.protobuf.Timestamp.Builder,
+            com.google.protobuf.TimestampOrBuilder>
+        createTimeBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return Whether the createTime field is set.
+     */
+    public boolean hasCreateTime() {
+      return createTimeBuilder_ != null || createTime_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return The createTime.
+     */
+    public com.google.protobuf.Timestamp getCreateTime() {
+      if (createTimeBuilder_ == null) {
+        return createTime_ == null
+            ? com.google.protobuf.Timestamp.getDefaultInstance()
+            : createTime_;
+      } else {
+        return createTimeBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder setCreateTime(com.google.protobuf.Timestamp value) {
+      if (createTimeBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        createTime_ = value;
+        onChanged();
+      } else {
+        createTimeBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder setCreateTime(com.google.protobuf.Timestamp.Builder builderForValue) {
+      if (createTimeBuilder_ == null) {
+        createTime_ = builderForValue.build();
+        onChanged();
+      } else {
+        createTimeBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder mergeCreateTime(com.google.protobuf.Timestamp value) {
+      if (createTimeBuilder_ == null) {
+        if (createTime_ != null) {
+          createTime_ =
+              com.google.protobuf.Timestamp.newBuilder(createTime_).mergeFrom(value).buildPartial();
+        } else {
+          createTime_ = value;
+        }
+        onChanged();
+      } else {
+        createTimeBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder clearCreateTime() {
+      if (createTimeBuilder_ == null) {
+        createTime_ = null;
+        onChanged();
+      } else {
+        createTime_ = null;
+        createTimeBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.protobuf.Timestamp.Builder getCreateTimeBuilder() {
+
+      onChanged();
+      return getCreateTimeFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.protobuf.TimestampOrBuilder getCreateTimeOrBuilder() {
+      if (createTimeBuilder_ != null) {
+        return createTimeBuilder_.getMessageOrBuilder();
+      } else {
+        return createTime_ == null
+            ? com.google.protobuf.Timestamp.getDefaultInstance()
+            : createTime_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.Timestamp,
+            com.google.protobuf.Timestamp.Builder,
+            com.google.protobuf.TimestampOrBuilder>
+        getCreateTimeFieldBuilder() {
+      if (createTimeBuilder_ == null) {
+        createTimeBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.protobuf.Timestamp,
+                com.google.protobuf.Timestamp.Builder,
+                com.google.protobuf.TimestampOrBuilder>(
+                getCreateTime(), getParentForChildren(), isClean());
+        createTime_ = null;
+      }
+      return createTimeBuilder_;
+    }
+
+    private com.google.protobuf.Timestamp updateTime_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.Timestamp,
+            com.google.protobuf.Timestamp.Builder,
+            com.google.protobuf.TimestampOrBuilder>
+        updateTimeBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return Whether the updateTime field is set.
+     */
+    public boolean hasUpdateTime() {
+      return updateTimeBuilder_ != null || updateTime_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return The updateTime.
+     */
+    public com.google.protobuf.Timestamp getUpdateTime() {
+      if (updateTimeBuilder_ == null) {
+        return updateTime_ == null
+            ? com.google.protobuf.Timestamp.getDefaultInstance()
+            : updateTime_;
+      } else {
+        return updateTimeBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder setUpdateTime(com.google.protobuf.Timestamp value) {
+      if (updateTimeBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        updateTime_ = value;
+        onChanged();
+      } else {
+        updateTimeBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder setUpdateTime(com.google.protobuf.Timestamp.Builder builderForValue) {
+      if (updateTimeBuilder_ == null) {
+        updateTime_ = builderForValue.build();
+        onChanged();
+      } else {
+        updateTimeBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder mergeUpdateTime(com.google.protobuf.Timestamp value) {
+      if (updateTimeBuilder_ == null) {
+        if (updateTime_ != null) {
+          updateTime_ =
+              com.google.protobuf.Timestamp.newBuilder(updateTime_).mergeFrom(value).buildPartial();
+        } else {
+          updateTime_ = value;
+        }
+        onChanged();
+      } else {
+        updateTimeBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder clearUpdateTime() {
+      if (updateTimeBuilder_ == null) {
+        updateTime_ = null;
+        onChanged();
+      } else {
+        updateTime_ = null;
+        updateTimeBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.protobuf.Timestamp.Builder getUpdateTimeBuilder() {
+
+      onChanged();
+      return getUpdateTimeFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.protobuf.TimestampOrBuilder getUpdateTimeOrBuilder() {
+      if (updateTimeBuilder_ != null) {
+        return updateTimeBuilder_.getMessageOrBuilder();
+      } else {
+        return updateTime_ == null
+            ? com.google.protobuf.Timestamp.getDefaultInstance()
+            : updateTime_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.Timestamp,
+            com.google.protobuf.Timestamp.Builder,
+            com.google.protobuf.TimestampOrBuilder>
+        getUpdateTimeFieldBuilder() {
+      if (updateTimeBuilder_ == null) {
+        updateTimeBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.protobuf.Timestamp,
+                com.google.protobuf.Timestamp.Builder,
+                com.google.protobuf.TimestampOrBuilder>(
+                getUpdateTime(), getParentForChildren(), isClean());
+        updateTime_ = null;
+      }
+      return updateTimeBuilder_;
+    }
+
+    private java.lang.Object revisionId_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The revision ID of this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]. A new revision is
+     * committed whenever a new CRL is published. The format is an 8-character
+     * hexadecimal string.
+     * </pre>
+     *
+     * <code>string revision_id = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return The revisionId.
+     */
+    public java.lang.String getRevisionId() {
+      java.lang.Object ref = revisionId_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        revisionId_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The revision ID of this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]. A new revision is
+     * committed whenever a new CRL is published. The format is an 8-character
+     * hexadecimal string.
+     * </pre>
+     *
+     * <code>string revision_id = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return The bytes for revisionId.
+     */
+    public com.google.protobuf.ByteString getRevisionIdBytes() {
+      java.lang.Object ref = revisionId_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        revisionId_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The revision ID of this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]. A new revision is
+     * committed whenever a new CRL is published. The format is an 8-character
+     * hexadecimal string.
+     * </pre>
+     *
+     * <code>string revision_id = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @param value The revisionId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setRevisionId(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      revisionId_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The revision ID of this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]. A new revision is
+     * committed whenever a new CRL is published. The format is an 8-character
+     * hexadecimal string.
+     * </pre>
+     *
+     * <code>string revision_id = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearRevisionId() {
+
+      revisionId_ = getDefaultInstance().getRevisionId();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The revision ID of this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]. A new revision is
+     * committed whenever a new CRL is published. The format is an 8-character
+     * hexadecimal string.
+     * </pre>
+     *
+     * <code>string revision_id = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @param value The bytes for revisionId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setRevisionIdBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      revisionId_ = value;
+      onChanged();
+      return this;
+    }
+
+    private com.google.protobuf.MapField<java.lang.String, java.lang.String> labels_;
+
+    private com.google.protobuf.MapField<java.lang.String, java.lang.String> internalGetLabels() {
+      if (labels_ == null) {
+        return com.google.protobuf.MapField.emptyMapField(LabelsDefaultEntryHolder.defaultEntry);
+      }
+      return labels_;
+    }
+
+    private com.google.protobuf.MapField<java.lang.String, java.lang.String>
+        internalGetMutableLabels() {
+      onChanged();
+      ;
+      if (labels_ == null) {
+        labels_ = com.google.protobuf.MapField.newMapField(LabelsDefaultEntryHolder.defaultEntry);
+      }
+      if (!labels_.isMutable()) {
+        labels_ = labels_.copy();
+      }
+      return labels_;
+    }
+
+    public int getLabelsCount() {
+      return internalGetLabels().getMap().size();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Labels with user-defined metadata.
+     * </pre>
+     *
+     * <code>map&lt;string, string&gt; labels = 10 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    @java.lang.Override
+    public boolean containsLabels(java.lang.String key) {
+      if (key == null) {
+        throw new java.lang.NullPointerException();
+      }
+      return internalGetLabels().getMap().containsKey(key);
+    }
+    /** Use {@link #getLabelsMap()} instead. */
+    @java.lang.Override
+    @java.lang.Deprecated
+    public java.util.Map<java.lang.String, java.lang.String> getLabels() {
+      return getLabelsMap();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Labels with user-defined metadata.
+     * </pre>
+     *
+     * <code>map&lt;string, string&gt; labels = 10 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    @java.lang.Override
+    public java.util.Map<java.lang.String, java.lang.String> getLabelsMap() {
+      return internalGetLabels().getMap();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Labels with user-defined metadata.
+     * </pre>
+     *
+     * <code>map&lt;string, string&gt; labels = 10 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    @java.lang.Override
+    public java.lang.String getLabelsOrDefault(
+        java.lang.String key, java.lang.String defaultValue) {
+      if (key == null) {
+        throw new java.lang.NullPointerException();
+      }
+      java.util.Map<java.lang.String, java.lang.String> map = internalGetLabels().getMap();
+      return map.containsKey(key) ? map.get(key) : defaultValue;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Labels with user-defined metadata.
+     * </pre>
+     *
+     * <code>map&lt;string, string&gt; labels = 10 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    @java.lang.Override
+    public java.lang.String getLabelsOrThrow(java.lang.String key) {
+      if (key == null) {
+        throw new java.lang.NullPointerException();
+      }
+      java.util.Map<java.lang.String, java.lang.String> map = internalGetLabels().getMap();
+      if (!map.containsKey(key)) {
+        throw new java.lang.IllegalArgumentException();
+      }
+      return map.get(key);
+    }
+
+    public Builder clearLabels() {
+      internalGetMutableLabels().getMutableMap().clear();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Labels with user-defined metadata.
+     * </pre>
+     *
+     * <code>map&lt;string, string&gt; labels = 10 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    public Builder removeLabels(java.lang.String key) {
+      if (key == null) {
+        throw new java.lang.NullPointerException();
+      }
+      internalGetMutableLabels().getMutableMap().remove(key);
+      return this;
+    }
+    /** Use alternate mutation accessors instead. */
+    @java.lang.Deprecated
+    public java.util.Map<java.lang.String, java.lang.String> getMutableLabels() {
+      return internalGetMutableLabels().getMutableMap();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Labels with user-defined metadata.
+     * </pre>
+     *
+     * <code>map&lt;string, string&gt; labels = 10 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    public Builder putLabels(java.lang.String key, java.lang.String value) {
+      if (key == null) {
+        throw new java.lang.NullPointerException();
+      }
+      if (value == null) {
+        throw new java.lang.NullPointerException();
+      }
+      internalGetMutableLabels().getMutableMap().put(key, value);
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Labels with user-defined metadata.
+     * </pre>
+     *
+     * <code>map&lt;string, string&gt; labels = 10 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    public Builder putAllLabels(java.util.Map<java.lang.String, java.lang.String> values) {
+      internalGetMutableLabels().getMutableMap().putAll(values);
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.CertificateRevocationList)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.CertificateRevocationList)
+  private static final com.google.cloud.security.privateca.v1.CertificateRevocationList
+      DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.CertificateRevocationList();
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateRevocationList
+      getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<CertificateRevocationList> PARSER =
+      new com.google.protobuf.AbstractParser<CertificateRevocationList>() {
+        @java.lang.Override
+        public CertificateRevocationList parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new CertificateRevocationList(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<CertificateRevocationList> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<CertificateRevocationList> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateRevocationList
+      getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateRevocationListName.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateRevocationListName.java
new file mode 100644
index 00000000..f4615c00
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateRevocationListName.java
@@ -0,0 +1,309 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.cloud.security.privateca.v1;
+
+import com.google.api.pathtemplate.PathTemplate;
+import com.google.api.resourcenames.ResourceName;
+import com.google.common.base.Preconditions;
+import com.google.common.collect.ImmutableMap;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import javax.annotation.Generated;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS.
+@Generated("by gapic-generator-java")
+public class CertificateRevocationListName implements ResourceName {
+  private static final PathTemplate
+      PROJECT_LOCATION_CA_POOL_CERTIFICATE_AUTHORITY_CERTIFICATE_REVOCATION_LIST =
+          PathTemplate.createWithoutUrlEncoding(
+              "projects/{project}/locations/{location}/caPools/{ca_pool}/certificateAuthorities/{certificate_authority}/certificateRevocationLists/{certificate_revocation_list}");
+  private volatile Map<String, String> fieldValuesMap;
+  private final String project;
+  private final String location;
+  private final String caPool;
+  private final String certificateAuthority;
+  private final String certificateRevocationList;
+
+  @Deprecated
+  protected CertificateRevocationListName() {
+    project = null;
+    location = null;
+    caPool = null;
+    certificateAuthority = null;
+    certificateRevocationList = null;
+  }
+
+  private CertificateRevocationListName(Builder builder) {
+    project = Preconditions.checkNotNull(builder.getProject());
+    location = Preconditions.checkNotNull(builder.getLocation());
+    caPool = Preconditions.checkNotNull(builder.getCaPool());
+    certificateAuthority = Preconditions.checkNotNull(builder.getCertificateAuthority());
+    certificateRevocationList = Preconditions.checkNotNull(builder.getCertificateRevocationList());
+  }
+
+  public String getProject() {
+    return project;
+  }
+
+  public String getLocation() {
+    return location;
+  }
+
+  public String getCaPool() {
+    return caPool;
+  }
+
+  public String getCertificateAuthority() {
+    return certificateAuthority;
+  }
+
+  public String getCertificateRevocationList() {
+    return certificateRevocationList;
+  }
+
+  public static Builder newBuilder() {
+    return new Builder();
+  }
+
+  public Builder toBuilder() {
+    return new Builder(this);
+  }
+
+  public static CertificateRevocationListName of(
+      String project,
+      String location,
+      String caPool,
+      String certificateAuthority,
+      String certificateRevocationList) {
+    return newBuilder()
+        .setProject(project)
+        .setLocation(location)
+        .setCaPool(caPool)
+        .setCertificateAuthority(certificateAuthority)
+        .setCertificateRevocationList(certificateRevocationList)
+        .build();
+  }
+
+  public static String format(
+      String project,
+      String location,
+      String caPool,
+      String certificateAuthority,
+      String certificateRevocationList) {
+    return newBuilder()
+        .setProject(project)
+        .setLocation(location)
+        .setCaPool(caPool)
+        .setCertificateAuthority(certificateAuthority)
+        .setCertificateRevocationList(certificateRevocationList)
+        .build()
+        .toString();
+  }
+
+  public static CertificateRevocationListName parse(String formattedString) {
+    if (formattedString.isEmpty()) {
+      return null;
+    }
+    Map<String, String> matchMap =
+        PROJECT_LOCATION_CA_POOL_CERTIFICATE_AUTHORITY_CERTIFICATE_REVOCATION_LIST.validatedMatch(
+            formattedString,
+            "CertificateRevocationListName.parse: formattedString not in valid format");
+    return of(
+        matchMap.get("project"),
+        matchMap.get("location"),
+        matchMap.get("ca_pool"),
+        matchMap.get("certificate_authority"),
+        matchMap.get("certificate_revocation_list"));
+  }
+
+  public static List<CertificateRevocationListName> parseList(List<String> formattedStrings) {
+    List<CertificateRevocationListName> list = new ArrayList<>(formattedStrings.size());
+    for (String formattedString : formattedStrings) {
+      list.add(parse(formattedString));
+    }
+    return list;
+  }
+
+  public static List<String> toStringList(List<CertificateRevocationListName> values) {
+    List<String> list = new ArrayList<>(values.size());
+    for (CertificateRevocationListName value : values) {
+      if (value == null) {
+        list.add("");
+      } else {
+        list.add(value.toString());
+      }
+    }
+    return list;
+  }
+
+  public static boolean isParsableFrom(String formattedString) {
+    return PROJECT_LOCATION_CA_POOL_CERTIFICATE_AUTHORITY_CERTIFICATE_REVOCATION_LIST.matches(
+        formattedString);
+  }
+
+  @Override
+  public Map<String, String> getFieldValuesMap() {
+    if (fieldValuesMap == null) {
+      synchronized (this) {
+        if (fieldValuesMap == null) {
+          ImmutableMap.Builder<String, String> fieldMapBuilder = ImmutableMap.builder();
+          if (project != null) {
+            fieldMapBuilder.put("project", project);
+          }
+          if (location != null) {
+            fieldMapBuilder.put("location", location);
+          }
+          if (caPool != null) {
+            fieldMapBuilder.put("ca_pool", caPool);
+          }
+          if (certificateAuthority != null) {
+            fieldMapBuilder.put("certificate_authority", certificateAuthority);
+          }
+          if (certificateRevocationList != null) {
+            fieldMapBuilder.put("certificate_revocation_list", certificateRevocationList);
+          }
+          fieldValuesMap = fieldMapBuilder.build();
+        }
+      }
+    }
+    return fieldValuesMap;
+  }
+
+  public String getFieldValue(String fieldName) {
+    return getFieldValuesMap().get(fieldName);
+  }
+
+  @Override
+  public String toString() {
+    return PROJECT_LOCATION_CA_POOL_CERTIFICATE_AUTHORITY_CERTIFICATE_REVOCATION_LIST.instantiate(
+        "project",
+        project,
+        "location",
+        location,
+        "ca_pool",
+        caPool,
+        "certificate_authority",
+        certificateAuthority,
+        "certificate_revocation_list",
+        certificateRevocationList);
+  }
+
+  @Override
+  public boolean equals(Object o) {
+    if (o == this) {
+      return true;
+    }
+    if (o != null || getClass() == o.getClass()) {
+      CertificateRevocationListName that = ((CertificateRevocationListName) o);
+      return Objects.equals(this.project, that.project)
+          && Objects.equals(this.location, that.location)
+          && Objects.equals(this.caPool, that.caPool)
+          && Objects.equals(this.certificateAuthority, that.certificateAuthority)
+          && Objects.equals(this.certificateRevocationList, that.certificateRevocationList);
+    }
+    return false;
+  }
+
+  @Override
+  public int hashCode() {
+    int h = 1;
+    h *= 1000003;
+    h ^= Objects.hashCode(project);
+    h *= 1000003;
+    h ^= Objects.hashCode(location);
+    h *= 1000003;
+    h ^= Objects.hashCode(caPool);
+    h *= 1000003;
+    h ^= Objects.hashCode(certificateAuthority);
+    h *= 1000003;
+    h ^= Objects.hashCode(certificateRevocationList);
+    return h;
+  }
+
+  /**
+   * Builder for
+   * projects/{project}/locations/{location}/caPools/{ca_pool}/certificateAuthorities/{certificate_authority}/certificateRevocationLists/{certificate_revocation_list}.
+   */
+  public static class Builder {
+    private String project;
+    private String location;
+    private String caPool;
+    private String certificateAuthority;
+    private String certificateRevocationList;
+
+    protected Builder() {}
+
+    public String getProject() {
+      return project;
+    }
+
+    public String getLocation() {
+      return location;
+    }
+
+    public String getCaPool() {
+      return caPool;
+    }
+
+    public String getCertificateAuthority() {
+      return certificateAuthority;
+    }
+
+    public String getCertificateRevocationList() {
+      return certificateRevocationList;
+    }
+
+    public Builder setProject(String project) {
+      this.project = project;
+      return this;
+    }
+
+    public Builder setLocation(String location) {
+      this.location = location;
+      return this;
+    }
+
+    public Builder setCaPool(String caPool) {
+      this.caPool = caPool;
+      return this;
+    }
+
+    public Builder setCertificateAuthority(String certificateAuthority) {
+      this.certificateAuthority = certificateAuthority;
+      return this;
+    }
+
+    public Builder setCertificateRevocationList(String certificateRevocationList) {
+      this.certificateRevocationList = certificateRevocationList;
+      return this;
+    }
+
+    private Builder(CertificateRevocationListName certificateRevocationListName) {
+      project = certificateRevocationListName.project;
+      location = certificateRevocationListName.location;
+      caPool = certificateRevocationListName.caPool;
+      certificateAuthority = certificateRevocationListName.certificateAuthority;
+      certificateRevocationList = certificateRevocationListName.certificateRevocationList;
+    }
+
+    public CertificateRevocationListName build() {
+      return new CertificateRevocationListName(this);
+    }
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateRevocationListOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateRevocationListOrBuilder.java
new file mode 100644
index 00000000..944183cb
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateRevocationListOrBuilder.java
@@ -0,0 +1,376 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/resources.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface CertificateRevocationListOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.CertificateRevocationList)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The resource name for this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] in
+   * the format
+   * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;certificateAuthorities/&#42;&#47;
+   *    certificateRevocationLists/&#42;`.
+   * </pre>
+   *
+   * <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The name.
+   */
+  java.lang.String getName();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The resource name for this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] in
+   * the format
+   * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;certificateAuthorities/&#42;&#47;
+   *    certificateRevocationLists/&#42;`.
+   * </pre>
+   *
+   * <code>string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The bytes for name.
+   */
+  com.google.protobuf.ByteString getNameBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The CRL sequence number that appears in pem_crl.
+   * </pre>
+   *
+   * <code>int64 sequence_number = 2 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The sequenceNumber.
+   */
+  long getSequenceNumber();
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The revoked serial numbers that appear in pem_crl.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate revoked_certificates = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  java.util.List<
+          com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate>
+      getRevokedCertificatesList();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The revoked serial numbers that appear in pem_crl.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate revoked_certificates = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate
+      getRevokedCertificates(int index);
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The revoked serial numbers that appear in pem_crl.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate revoked_certificates = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  int getRevokedCertificatesCount();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The revoked serial numbers that appear in pem_crl.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate revoked_certificates = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  java.util.List<
+          ? extends
+              com.google.cloud.security.privateca.v1.CertificateRevocationList
+                  .RevokedCertificateOrBuilder>
+      getRevokedCertificatesOrBuilderList();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The revoked serial numbers that appear in pem_crl.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificate revoked_certificates = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.CertificateRevocationList.RevokedCertificateOrBuilder
+      getRevokedCertificatesOrBuilder(int index);
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The PEM-encoded X.509 CRL.
+   * </pre>
+   *
+   * <code>string pem_crl = 4 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The pemCrl.
+   */
+  java.lang.String getPemCrl();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The PEM-encoded X.509 CRL.
+   * </pre>
+   *
+   * <code>string pem_crl = 4 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The bytes for pemCrl.
+   */
+  com.google.protobuf.ByteString getPemCrlBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The location where 'pem_crl' can be accessed.
+   * </pre>
+   *
+   * <code>string access_url = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The accessUrl.
+   */
+  java.lang.String getAccessUrl();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The location where 'pem_crl' can be accessed.
+   * </pre>
+   *
+   * <code>string access_url = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The bytes for accessUrl.
+   */
+  com.google.protobuf.ByteString getAccessUrlBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The [State][google.cloud.security.privateca.v1.CertificateRevocationList.State] for this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateRevocationList.State state = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The enum numeric value on the wire for state.
+   */
+  int getStateValue();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The [State][google.cloud.security.privateca.v1.CertificateRevocationList.State] for this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateRevocationList.State state = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The state.
+   */
+  com.google.cloud.security.privateca.v1.CertificateRevocationList.State getState();
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was created.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp create_time = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return Whether the createTime field is set.
+   */
+  boolean hasCreateTime();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was created.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp create_time = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The createTime.
+   */
+  com.google.protobuf.Timestamp getCreateTime();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was created.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp create_time = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  com.google.protobuf.TimestampOrBuilder getCreateTimeOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was updated.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp update_time = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return Whether the updateTime field is set.
+   */
+  boolean hasUpdateTime();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was updated.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp update_time = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The updateTime.
+   */
+  com.google.protobuf.Timestamp getUpdateTime();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was updated.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp update_time = 8 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  com.google.protobuf.TimestampOrBuilder getUpdateTimeOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The revision ID of this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]. A new revision is
+   * committed whenever a new CRL is published. The format is an 8-character
+   * hexadecimal string.
+   * </pre>
+   *
+   * <code>string revision_id = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The revisionId.
+   */
+  java.lang.String getRevisionId();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The revision ID of this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]. A new revision is
+   * committed whenever a new CRL is published. The format is an 8-character
+   * hexadecimal string.
+   * </pre>
+   *
+   * <code>string revision_id = 9 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The bytes for revisionId.
+   */
+  com.google.protobuf.ByteString getRevisionIdBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 10 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  int getLabelsCount();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 10 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  boolean containsLabels(java.lang.String key);
+  /** Use {@link #getLabelsMap()} instead. */
+  @java.lang.Deprecated
+  java.util.Map<java.lang.String, java.lang.String> getLabels();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 10 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  java.util.Map<java.lang.String, java.lang.String> getLabelsMap();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 10 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  java.lang.String getLabelsOrDefault(java.lang.String key, java.lang.String defaultValue);
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 10 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  java.lang.String getLabelsOrThrow(java.lang.String key);
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateTemplate.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateTemplate.java
new file mode 100644
index 00000000..f51884e5
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateTemplate.java
@@ -0,0 +1,2899 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/resources.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * A [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] refers to a managed template for certificate
+ * issuance.
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.CertificateTemplate}
+ */
+public final class CertificateTemplate extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.CertificateTemplate)
+    CertificateTemplateOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use CertificateTemplate.newBuilder() to construct.
+  private CertificateTemplate(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private CertificateTemplate() {
+    name_ = "";
+    description_ = "";
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new CertificateTemplate();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private CertificateTemplate(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    int mutable_bitField0_ = 0;
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              name_ = s;
+              break;
+            }
+          case 18:
+            {
+              com.google.cloud.security.privateca.v1.X509Parameters.Builder subBuilder = null;
+              if (predefinedValues_ != null) {
+                subBuilder = predefinedValues_.toBuilder();
+              }
+              predefinedValues_ =
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.X509Parameters.parser(),
+                      extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(predefinedValues_);
+                predefinedValues_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 26:
+            {
+              com.google.cloud.security.privateca.v1.CertificateIdentityConstraints.Builder
+                  subBuilder = null;
+              if (identityConstraints_ != null) {
+                subBuilder = identityConstraints_.toBuilder();
+              }
+              identityConstraints_ =
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.CertificateIdentityConstraints
+                          .parser(),
+                      extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(identityConstraints_);
+                identityConstraints_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 34:
+            {
+              com.google.cloud.security.privateca.v1.CertificateExtensionConstraints.Builder
+                  subBuilder = null;
+              if (passthroughExtensions_ != null) {
+                subBuilder = passthroughExtensions_.toBuilder();
+              }
+              passthroughExtensions_ =
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+                          .parser(),
+                      extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(passthroughExtensions_);
+                passthroughExtensions_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 42:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              description_ = s;
+              break;
+            }
+          case 50:
+            {
+              com.google.protobuf.Timestamp.Builder subBuilder = null;
+              if (createTime_ != null) {
+                subBuilder = createTime_.toBuilder();
+              }
+              createTime_ =
+                  input.readMessage(com.google.protobuf.Timestamp.parser(), extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(createTime_);
+                createTime_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 58:
+            {
+              com.google.protobuf.Timestamp.Builder subBuilder = null;
+              if (updateTime_ != null) {
+                subBuilder = updateTime_.toBuilder();
+              }
+              updateTime_ =
+                  input.readMessage(com.google.protobuf.Timestamp.parser(), extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(updateTime_);
+                updateTime_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 66:
+            {
+              if (!((mutable_bitField0_ & 0x00000001) != 0)) {
+                labels_ =
+                    com.google.protobuf.MapField.newMapField(LabelsDefaultEntryHolder.defaultEntry);
+                mutable_bitField0_ |= 0x00000001;
+              }
+              com.google.protobuf.MapEntry<java.lang.String, java.lang.String> labels__ =
+                  input.readMessage(
+                      LabelsDefaultEntryHolder.defaultEntry.getParserForType(), extensionRegistry);
+              labels_.getMutableMap().put(labels__.getKey(), labels__.getValue());
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+        .internal_static_google_cloud_security_privateca_v1_CertificateTemplate_descriptor;
+  }
+
+  @SuppressWarnings({"rawtypes"})
+  @java.lang.Override
+  protected com.google.protobuf.MapField internalGetMapField(int number) {
+    switch (number) {
+      case 8:
+        return internalGetLabels();
+      default:
+        throw new RuntimeException("Invalid map field number: " + number);
+    }
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+        .internal_static_google_cloud_security_privateca_v1_CertificateTemplate_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.CertificateTemplate.class,
+            com.google.cloud.security.privateca.v1.CertificateTemplate.Builder.class);
+  }
+
+  public static final int NAME_FIELD_NUMBER = 1;
+  private volatile java.lang.Object name_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
+   * `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The name.
+   */
+  @java.lang.Override
+  public java.lang.String getName() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      name_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
+   * `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for name.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getNameBytes() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      name_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int PREDEFINED_VALUES_FIELD_NUMBER = 2;
+  private com.google.cloud.security.privateca.v1.X509Parameters predefinedValues_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. A set of X.509 values that will be applied to all issued certificates that
+   * use this template. If the certificate request includes conflicting values
+   * for the same properties, they will be overwritten by the values defined
+   * here. If the issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
+   * defines conflicting
+   * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] for the same
+   * properties, the certificate issuance request will fail.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.X509Parameters predefined_values = 2 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return Whether the predefinedValues field is set.
+   */
+  @java.lang.Override
+  public boolean hasPredefinedValues() {
+    return predefinedValues_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. A set of X.509 values that will be applied to all issued certificates that
+   * use this template. If the certificate request includes conflicting values
+   * for the same properties, they will be overwritten by the values defined
+   * here. If the issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
+   * defines conflicting
+   * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] for the same
+   * properties, the certificate issuance request will fail.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.X509Parameters predefined_values = 2 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return The predefinedValues.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.X509Parameters getPredefinedValues() {
+    return predefinedValues_ == null
+        ? com.google.cloud.security.privateca.v1.X509Parameters.getDefaultInstance()
+        : predefinedValues_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. A set of X.509 values that will be applied to all issued certificates that
+   * use this template. If the certificate request includes conflicting values
+   * for the same properties, they will be overwritten by the values defined
+   * here. If the issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
+   * defines conflicting
+   * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] for the same
+   * properties, the certificate issuance request will fail.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.X509Parameters predefined_values = 2 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.X509ParametersOrBuilder
+      getPredefinedValuesOrBuilder() {
+    return getPredefinedValues();
+  }
+
+  public static final int IDENTITY_CONSTRAINTS_FIELD_NUMBER = 3;
+  private com.google.cloud.security.privateca.v1.CertificateIdentityConstraints
+      identityConstraints_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes constraints on identities that may be appear in
+   * [Certificates][google.cloud.security.privateca.v1.Certificate] issued using this template. If this is omitted,
+   * then this template will not add restrictions on a certificate's identity.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateIdentityConstraints identity_constraints = 3 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return Whether the identityConstraints field is set.
+   */
+  @java.lang.Override
+  public boolean hasIdentityConstraints() {
+    return identityConstraints_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes constraints on identities that may be appear in
+   * [Certificates][google.cloud.security.privateca.v1.Certificate] issued using this template. If this is omitted,
+   * then this template will not add restrictions on a certificate's identity.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateIdentityConstraints identity_constraints = 3 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return The identityConstraints.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateIdentityConstraints
+      getIdentityConstraints() {
+    return identityConstraints_ == null
+        ? com.google.cloud.security.privateca.v1.CertificateIdentityConstraints.getDefaultInstance()
+        : identityConstraints_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes constraints on identities that may be appear in
+   * [Certificates][google.cloud.security.privateca.v1.Certificate] issued using this template. If this is omitted,
+   * then this template will not add restrictions on a certificate's identity.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateIdentityConstraints identity_constraints = 3 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateIdentityConstraintsOrBuilder
+      getIdentityConstraintsOrBuilder() {
+    return getIdentityConstraints();
+  }
+
+  public static final int PASSTHROUGH_EXTENSIONS_FIELD_NUMBER = 4;
+  private com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+      passthroughExtensions_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes the set of X.509 extensions that may appear in a
+   * [Certificate][google.cloud.security.privateca.v1.Certificate] issued using this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]. If a certificate
+   * request sets extensions that don't appear in the
+   * [passthrough_extensions][google.cloud.security.privateca.v1.CertificateTemplate.passthrough_extensions], those extensions will be dropped. If the
+   * issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] defines
+   * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] that don't appear
+   * here, the certificate issuance request will fail. If this is omitted, then
+   * this template will not add restrictions on a certificate's X.509
+   * extensions. These constraints do not apply to X.509 extensions set in this
+   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]'s [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values].
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateExtensionConstraints passthrough_extensions = 4 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return Whether the passthroughExtensions field is set.
+   */
+  @java.lang.Override
+  public boolean hasPassthroughExtensions() {
+    return passthroughExtensions_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes the set of X.509 extensions that may appear in a
+   * [Certificate][google.cloud.security.privateca.v1.Certificate] issued using this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]. If a certificate
+   * request sets extensions that don't appear in the
+   * [passthrough_extensions][google.cloud.security.privateca.v1.CertificateTemplate.passthrough_extensions], those extensions will be dropped. If the
+   * issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] defines
+   * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] that don't appear
+   * here, the certificate issuance request will fail. If this is omitted, then
+   * this template will not add restrictions on a certificate's X.509
+   * extensions. These constraints do not apply to X.509 extensions set in this
+   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]'s [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values].
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateExtensionConstraints passthrough_extensions = 4 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return The passthroughExtensions.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+      getPassthroughExtensions() {
+    return passthroughExtensions_ == null
+        ? com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+            .getDefaultInstance()
+        : passthroughExtensions_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes the set of X.509 extensions that may appear in a
+   * [Certificate][google.cloud.security.privateca.v1.Certificate] issued using this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]. If a certificate
+   * request sets extensions that don't appear in the
+   * [passthrough_extensions][google.cloud.security.privateca.v1.CertificateTemplate.passthrough_extensions], those extensions will be dropped. If the
+   * issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] defines
+   * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] that don't appear
+   * here, the certificate issuance request will fail. If this is omitted, then
+   * this template will not add restrictions on a certificate's X.509
+   * extensions. These constraints do not apply to X.509 extensions set in this
+   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]'s [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values].
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateExtensionConstraints passthrough_extensions = 4 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateExtensionConstraintsOrBuilder
+      getPassthroughExtensionsOrBuilder() {
+    return getPassthroughExtensions();
+  }
+
+  public static final int DESCRIPTION_FIELD_NUMBER = 5;
+  private volatile java.lang.Object description_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. A human-readable description of scenarios this template is intended for.
+   * </pre>
+   *
+   * <code>string description = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The description.
+   */
+  @java.lang.Override
+  public java.lang.String getDescription() {
+    java.lang.Object ref = description_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      description_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. A human-readable description of scenarios this template is intended for.
+   * </pre>
+   *
+   * <code>string description = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for description.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getDescriptionBytes() {
+    java.lang.Object ref = description_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      description_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int CREATE_TIME_FIELD_NUMBER = 6;
+  private com.google.protobuf.Timestamp createTime_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was created.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp create_time = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return Whether the createTime field is set.
+   */
+  @java.lang.Override
+  public boolean hasCreateTime() {
+    return createTime_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was created.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp create_time = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The createTime.
+   */
+  @java.lang.Override
+  public com.google.protobuf.Timestamp getCreateTime() {
+    return createTime_ == null ? com.google.protobuf.Timestamp.getDefaultInstance() : createTime_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was created.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp create_time = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.protobuf.TimestampOrBuilder getCreateTimeOrBuilder() {
+    return getCreateTime();
+  }
+
+  public static final int UPDATE_TIME_FIELD_NUMBER = 7;
+  private com.google.protobuf.Timestamp updateTime_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was updated.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp update_time = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return Whether the updateTime field is set.
+   */
+  @java.lang.Override
+  public boolean hasUpdateTime() {
+    return updateTime_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was updated.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp update_time = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The updateTime.
+   */
+  @java.lang.Override
+  public com.google.protobuf.Timestamp getUpdateTime() {
+    return updateTime_ == null ? com.google.protobuf.Timestamp.getDefaultInstance() : updateTime_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was updated.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp update_time = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.protobuf.TimestampOrBuilder getUpdateTimeOrBuilder() {
+    return getUpdateTime();
+  }
+
+  public static final int LABELS_FIELD_NUMBER = 8;
+
+  private static final class LabelsDefaultEntryHolder {
+    static final com.google.protobuf.MapEntry<java.lang.String, java.lang.String> defaultEntry =
+        com.google.protobuf.MapEntry.<java.lang.String, java.lang.String>newDefaultInstance(
+            com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+                .internal_static_google_cloud_security_privateca_v1_CertificateTemplate_LabelsEntry_descriptor,
+            com.google.protobuf.WireFormat.FieldType.STRING,
+            "",
+            com.google.protobuf.WireFormat.FieldType.STRING,
+            "");
+  }
+
+  private com.google.protobuf.MapField<java.lang.String, java.lang.String> labels_;
+
+  private com.google.protobuf.MapField<java.lang.String, java.lang.String> internalGetLabels() {
+    if (labels_ == null) {
+      return com.google.protobuf.MapField.emptyMapField(LabelsDefaultEntryHolder.defaultEntry);
+    }
+    return labels_;
+  }
+
+  public int getLabelsCount() {
+    return internalGetLabels().getMap().size();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 8 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  @java.lang.Override
+  public boolean containsLabels(java.lang.String key) {
+    if (key == null) {
+      throw new java.lang.NullPointerException();
+    }
+    return internalGetLabels().getMap().containsKey(key);
+  }
+  /** Use {@link #getLabelsMap()} instead. */
+  @java.lang.Override
+  @java.lang.Deprecated
+  public java.util.Map<java.lang.String, java.lang.String> getLabels() {
+    return getLabelsMap();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 8 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  @java.lang.Override
+  public java.util.Map<java.lang.String, java.lang.String> getLabelsMap() {
+    return internalGetLabels().getMap();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 8 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  @java.lang.Override
+  public java.lang.String getLabelsOrDefault(java.lang.String key, java.lang.String defaultValue) {
+    if (key == null) {
+      throw new java.lang.NullPointerException();
+    }
+    java.util.Map<java.lang.String, java.lang.String> map = internalGetLabels().getMap();
+    return map.containsKey(key) ? map.get(key) : defaultValue;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 8 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  @java.lang.Override
+  public java.lang.String getLabelsOrThrow(java.lang.String key) {
+    if (key == null) {
+      throw new java.lang.NullPointerException();
+    }
+    java.util.Map<java.lang.String, java.lang.String> map = internalGetLabels().getMap();
+    if (!map.containsKey(key)) {
+      throw new java.lang.IllegalArgumentException();
+    }
+    return map.get(key);
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!getNameBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, name_);
+    }
+    if (predefinedValues_ != null) {
+      output.writeMessage(2, getPredefinedValues());
+    }
+    if (identityConstraints_ != null) {
+      output.writeMessage(3, getIdentityConstraints());
+    }
+    if (passthroughExtensions_ != null) {
+      output.writeMessage(4, getPassthroughExtensions());
+    }
+    if (!getDescriptionBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 5, description_);
+    }
+    if (createTime_ != null) {
+      output.writeMessage(6, getCreateTime());
+    }
+    if (updateTime_ != null) {
+      output.writeMessage(7, getUpdateTime());
+    }
+    com.google.protobuf.GeneratedMessageV3.serializeStringMapTo(
+        output, internalGetLabels(), LabelsDefaultEntryHolder.defaultEntry, 8);
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!getNameBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, name_);
+    }
+    if (predefinedValues_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(2, getPredefinedValues());
+    }
+    if (identityConstraints_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(3, getIdentityConstraints());
+    }
+    if (passthroughExtensions_ != null) {
+      size +=
+          com.google.protobuf.CodedOutputStream.computeMessageSize(4, getPassthroughExtensions());
+    }
+    if (!getDescriptionBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(5, description_);
+    }
+    if (createTime_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(6, getCreateTime());
+    }
+    if (updateTime_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(7, getUpdateTime());
+    }
+    for (java.util.Map.Entry<java.lang.String, java.lang.String> entry :
+        internalGetLabels().getMap().entrySet()) {
+      com.google.protobuf.MapEntry<java.lang.String, java.lang.String> labels__ =
+          LabelsDefaultEntryHolder.defaultEntry
+              .newBuilderForType()
+              .setKey(entry.getKey())
+              .setValue(entry.getValue())
+              .build();
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(8, labels__);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.security.privateca.v1.CertificateTemplate)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.CertificateTemplate other =
+        (com.google.cloud.security.privateca.v1.CertificateTemplate) obj;
+
+    if (!getName().equals(other.getName())) return false;
+    if (hasPredefinedValues() != other.hasPredefinedValues()) return false;
+    if (hasPredefinedValues()) {
+      if (!getPredefinedValues().equals(other.getPredefinedValues())) return false;
+    }
+    if (hasIdentityConstraints() != other.hasIdentityConstraints()) return false;
+    if (hasIdentityConstraints()) {
+      if (!getIdentityConstraints().equals(other.getIdentityConstraints())) return false;
+    }
+    if (hasPassthroughExtensions() != other.hasPassthroughExtensions()) return false;
+    if (hasPassthroughExtensions()) {
+      if (!getPassthroughExtensions().equals(other.getPassthroughExtensions())) return false;
+    }
+    if (!getDescription().equals(other.getDescription())) return false;
+    if (hasCreateTime() != other.hasCreateTime()) return false;
+    if (hasCreateTime()) {
+      if (!getCreateTime().equals(other.getCreateTime())) return false;
+    }
+    if (hasUpdateTime() != other.hasUpdateTime()) return false;
+    if (hasUpdateTime()) {
+      if (!getUpdateTime().equals(other.getUpdateTime())) return false;
+    }
+    if (!internalGetLabels().equals(other.internalGetLabels())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + NAME_FIELD_NUMBER;
+    hash = (53 * hash) + getName().hashCode();
+    if (hasPredefinedValues()) {
+      hash = (37 * hash) + PREDEFINED_VALUES_FIELD_NUMBER;
+      hash = (53 * hash) + getPredefinedValues().hashCode();
+    }
+    if (hasIdentityConstraints()) {
+      hash = (37 * hash) + IDENTITY_CONSTRAINTS_FIELD_NUMBER;
+      hash = (53 * hash) + getIdentityConstraints().hashCode();
+    }
+    if (hasPassthroughExtensions()) {
+      hash = (37 * hash) + PASSTHROUGH_EXTENSIONS_FIELD_NUMBER;
+      hash = (53 * hash) + getPassthroughExtensions().hashCode();
+    }
+    hash = (37 * hash) + DESCRIPTION_FIELD_NUMBER;
+    hash = (53 * hash) + getDescription().hashCode();
+    if (hasCreateTime()) {
+      hash = (37 * hash) + CREATE_TIME_FIELD_NUMBER;
+      hash = (53 * hash) + getCreateTime().hashCode();
+    }
+    if (hasUpdateTime()) {
+      hash = (37 * hash) + UPDATE_TIME_FIELD_NUMBER;
+      hash = (53 * hash) + getUpdateTime().hashCode();
+    }
+    if (!internalGetLabels().getMap().isEmpty()) {
+      hash = (37 * hash) + LABELS_FIELD_NUMBER;
+      hash = (53 * hash) + internalGetLabels().hashCode();
+    }
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateTemplate parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateTemplate parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateTemplate parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateTemplate parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateTemplate parseFrom(byte[] data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateTemplate parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateTemplate parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateTemplate parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateTemplate parseDelimitedFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateTemplate parseDelimitedFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateTemplate parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateTemplate parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.CertificateTemplate prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * A [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] refers to a managed template for certificate
+   * issuance.
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.CertificateTemplate}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.CertificateTemplate)
+      com.google.cloud.security.privateca.v1.CertificateTemplateOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CertificateTemplate_descriptor;
+    }
+
+    @SuppressWarnings({"rawtypes"})
+    protected com.google.protobuf.MapField internalGetMapField(int number) {
+      switch (number) {
+        case 8:
+          return internalGetLabels();
+        default:
+          throw new RuntimeException("Invalid map field number: " + number);
+      }
+    }
+
+    @SuppressWarnings({"rawtypes"})
+    protected com.google.protobuf.MapField internalGetMutableMapField(int number) {
+      switch (number) {
+        case 8:
+          return internalGetMutableLabels();
+        default:
+          throw new RuntimeException("Invalid map field number: " + number);
+      }
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CertificateTemplate_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.CertificateTemplate.class,
+              com.google.cloud.security.privateca.v1.CertificateTemplate.Builder.class);
+    }
+
+    // Construct using com.google.cloud.security.privateca.v1.CertificateTemplate.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      name_ = "";
+
+      if (predefinedValuesBuilder_ == null) {
+        predefinedValues_ = null;
+      } else {
+        predefinedValues_ = null;
+        predefinedValuesBuilder_ = null;
+      }
+      if (identityConstraintsBuilder_ == null) {
+        identityConstraints_ = null;
+      } else {
+        identityConstraints_ = null;
+        identityConstraintsBuilder_ = null;
+      }
+      if (passthroughExtensionsBuilder_ == null) {
+        passthroughExtensions_ = null;
+      } else {
+        passthroughExtensions_ = null;
+        passthroughExtensionsBuilder_ = null;
+      }
+      description_ = "";
+
+      if (createTimeBuilder_ == null) {
+        createTime_ = null;
+      } else {
+        createTime_ = null;
+        createTimeBuilder_ = null;
+      }
+      if (updateTimeBuilder_ == null) {
+        updateTime_ = null;
+      } else {
+        updateTime_ = null;
+        updateTimeBuilder_ = null;
+      }
+      internalGetMutableLabels().clear();
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_CertificateTemplate_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CertificateTemplate getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.CertificateTemplate.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CertificateTemplate build() {
+      com.google.cloud.security.privateca.v1.CertificateTemplate result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CertificateTemplate buildPartial() {
+      com.google.cloud.security.privateca.v1.CertificateTemplate result =
+          new com.google.cloud.security.privateca.v1.CertificateTemplate(this);
+      int from_bitField0_ = bitField0_;
+      result.name_ = name_;
+      if (predefinedValuesBuilder_ == null) {
+        result.predefinedValues_ = predefinedValues_;
+      } else {
+        result.predefinedValues_ = predefinedValuesBuilder_.build();
+      }
+      if (identityConstraintsBuilder_ == null) {
+        result.identityConstraints_ = identityConstraints_;
+      } else {
+        result.identityConstraints_ = identityConstraintsBuilder_.build();
+      }
+      if (passthroughExtensionsBuilder_ == null) {
+        result.passthroughExtensions_ = passthroughExtensions_;
+      } else {
+        result.passthroughExtensions_ = passthroughExtensionsBuilder_.build();
+      }
+      result.description_ = description_;
+      if (createTimeBuilder_ == null) {
+        result.createTime_ = createTime_;
+      } else {
+        result.createTime_ = createTimeBuilder_.build();
+      }
+      if (updateTimeBuilder_ == null) {
+        result.updateTime_ = updateTime_;
+      } else {
+        result.updateTime_ = updateTimeBuilder_.build();
+      }
+      result.labels_ = internalGetLabels();
+      result.labels_.makeImmutable();
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.security.privateca.v1.CertificateTemplate) {
+        return mergeFrom((com.google.cloud.security.privateca.v1.CertificateTemplate) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(com.google.cloud.security.privateca.v1.CertificateTemplate other) {
+      if (other == com.google.cloud.security.privateca.v1.CertificateTemplate.getDefaultInstance())
+        return this;
+      if (!other.getName().isEmpty()) {
+        name_ = other.name_;
+        onChanged();
+      }
+      if (other.hasPredefinedValues()) {
+        mergePredefinedValues(other.getPredefinedValues());
+      }
+      if (other.hasIdentityConstraints()) {
+        mergeIdentityConstraints(other.getIdentityConstraints());
+      }
+      if (other.hasPassthroughExtensions()) {
+        mergePassthroughExtensions(other.getPassthroughExtensions());
+      }
+      if (!other.getDescription().isEmpty()) {
+        description_ = other.description_;
+        onChanged();
+      }
+      if (other.hasCreateTime()) {
+        mergeCreateTime(other.getCreateTime());
+      }
+      if (other.hasUpdateTime()) {
+        mergeUpdateTime(other.getUpdateTime());
+      }
+      internalGetMutableLabels().mergeFrom(other.internalGetLabels());
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.CertificateTemplate parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.CertificateTemplate) e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private int bitField0_;
+
+    private java.lang.Object name_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The name.
+     */
+    public java.lang.String getName() {
+      java.lang.Object ref = name_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        name_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for name.
+     */
+    public com.google.protobuf.ByteString getNameBytes() {
+      java.lang.Object ref = name_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        name_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The name to set.
+     * @return This builder for chaining.
+     */
+    public Builder setName(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearName() {
+
+      name_ = getDefaultInstance().getName();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The bytes for name to set.
+     * @return This builder for chaining.
+     */
+    public Builder setNameBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+
+    private com.google.cloud.security.privateca.v1.X509Parameters predefinedValues_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.X509Parameters,
+            com.google.cloud.security.privateca.v1.X509Parameters.Builder,
+            com.google.cloud.security.privateca.v1.X509ParametersOrBuilder>
+        predefinedValuesBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of X.509 values that will be applied to all issued certificates that
+     * use this template. If the certificate request includes conflicting values
+     * for the same properties, they will be overwritten by the values defined
+     * here. If the issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
+     * defines conflicting
+     * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] for the same
+     * properties, the certificate issuance request will fail.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.X509Parameters predefined_values = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return Whether the predefinedValues field is set.
+     */
+    public boolean hasPredefinedValues() {
+      return predefinedValuesBuilder_ != null || predefinedValues_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of X.509 values that will be applied to all issued certificates that
+     * use this template. If the certificate request includes conflicting values
+     * for the same properties, they will be overwritten by the values defined
+     * here. If the issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
+     * defines conflicting
+     * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] for the same
+     * properties, the certificate issuance request will fail.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.X509Parameters predefined_values = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return The predefinedValues.
+     */
+    public com.google.cloud.security.privateca.v1.X509Parameters getPredefinedValues() {
+      if (predefinedValuesBuilder_ == null) {
+        return predefinedValues_ == null
+            ? com.google.cloud.security.privateca.v1.X509Parameters.getDefaultInstance()
+            : predefinedValues_;
+      } else {
+        return predefinedValuesBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of X.509 values that will be applied to all issued certificates that
+     * use this template. If the certificate request includes conflicting values
+     * for the same properties, they will be overwritten by the values defined
+     * here. If the issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
+     * defines conflicting
+     * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] for the same
+     * properties, the certificate issuance request will fail.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.X509Parameters predefined_values = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder setPredefinedValues(
+        com.google.cloud.security.privateca.v1.X509Parameters value) {
+      if (predefinedValuesBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        predefinedValues_ = value;
+        onChanged();
+      } else {
+        predefinedValuesBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of X.509 values that will be applied to all issued certificates that
+     * use this template. If the certificate request includes conflicting values
+     * for the same properties, they will be overwritten by the values defined
+     * here. If the issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
+     * defines conflicting
+     * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] for the same
+     * properties, the certificate issuance request will fail.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.X509Parameters predefined_values = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder setPredefinedValues(
+        com.google.cloud.security.privateca.v1.X509Parameters.Builder builderForValue) {
+      if (predefinedValuesBuilder_ == null) {
+        predefinedValues_ = builderForValue.build();
+        onChanged();
+      } else {
+        predefinedValuesBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of X.509 values that will be applied to all issued certificates that
+     * use this template. If the certificate request includes conflicting values
+     * for the same properties, they will be overwritten by the values defined
+     * here. If the issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
+     * defines conflicting
+     * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] for the same
+     * properties, the certificate issuance request will fail.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.X509Parameters predefined_values = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder mergePredefinedValues(
+        com.google.cloud.security.privateca.v1.X509Parameters value) {
+      if (predefinedValuesBuilder_ == null) {
+        if (predefinedValues_ != null) {
+          predefinedValues_ =
+              com.google.cloud.security.privateca.v1.X509Parameters.newBuilder(predefinedValues_)
+                  .mergeFrom(value)
+                  .buildPartial();
+        } else {
+          predefinedValues_ = value;
+        }
+        onChanged();
+      } else {
+        predefinedValuesBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of X.509 values that will be applied to all issued certificates that
+     * use this template. If the certificate request includes conflicting values
+     * for the same properties, they will be overwritten by the values defined
+     * here. If the issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
+     * defines conflicting
+     * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] for the same
+     * properties, the certificate issuance request will fail.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.X509Parameters predefined_values = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder clearPredefinedValues() {
+      if (predefinedValuesBuilder_ == null) {
+        predefinedValues_ = null;
+        onChanged();
+      } else {
+        predefinedValues_ = null;
+        predefinedValuesBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of X.509 values that will be applied to all issued certificates that
+     * use this template. If the certificate request includes conflicting values
+     * for the same properties, they will be overwritten by the values defined
+     * here. If the issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
+     * defines conflicting
+     * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] for the same
+     * properties, the certificate issuance request will fail.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.X509Parameters predefined_values = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.X509Parameters.Builder
+        getPredefinedValuesBuilder() {
+
+      onChanged();
+      return getPredefinedValuesFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of X.509 values that will be applied to all issued certificates that
+     * use this template. If the certificate request includes conflicting values
+     * for the same properties, they will be overwritten by the values defined
+     * here. If the issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
+     * defines conflicting
+     * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] for the same
+     * properties, the certificate issuance request will fail.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.X509Parameters predefined_values = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.X509ParametersOrBuilder
+        getPredefinedValuesOrBuilder() {
+      if (predefinedValuesBuilder_ != null) {
+        return predefinedValuesBuilder_.getMessageOrBuilder();
+      } else {
+        return predefinedValues_ == null
+            ? com.google.cloud.security.privateca.v1.X509Parameters.getDefaultInstance()
+            : predefinedValues_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A set of X.509 values that will be applied to all issued certificates that
+     * use this template. If the certificate request includes conflicting values
+     * for the same properties, they will be overwritten by the values defined
+     * here. If the issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
+     * defines conflicting
+     * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] for the same
+     * properties, the certificate issuance request will fail.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.X509Parameters predefined_values = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.X509Parameters,
+            com.google.cloud.security.privateca.v1.X509Parameters.Builder,
+            com.google.cloud.security.privateca.v1.X509ParametersOrBuilder>
+        getPredefinedValuesFieldBuilder() {
+      if (predefinedValuesBuilder_ == null) {
+        predefinedValuesBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.X509Parameters,
+                com.google.cloud.security.privateca.v1.X509Parameters.Builder,
+                com.google.cloud.security.privateca.v1.X509ParametersOrBuilder>(
+                getPredefinedValues(), getParentForChildren(), isClean());
+        predefinedValues_ = null;
+      }
+      return predefinedValuesBuilder_;
+    }
+
+    private com.google.cloud.security.privateca.v1.CertificateIdentityConstraints
+        identityConstraints_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateIdentityConstraints,
+            com.google.cloud.security.privateca.v1.CertificateIdentityConstraints.Builder,
+            com.google.cloud.security.privateca.v1.CertificateIdentityConstraintsOrBuilder>
+        identityConstraintsBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes constraints on identities that may be appear in
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] issued using this template. If this is omitted,
+     * then this template will not add restrictions on a certificate's identity.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateIdentityConstraints identity_constraints = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return Whether the identityConstraints field is set.
+     */
+    public boolean hasIdentityConstraints() {
+      return identityConstraintsBuilder_ != null || identityConstraints_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes constraints on identities that may be appear in
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] issued using this template. If this is omitted,
+     * then this template will not add restrictions on a certificate's identity.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateIdentityConstraints identity_constraints = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return The identityConstraints.
+     */
+    public com.google.cloud.security.privateca.v1.CertificateIdentityConstraints
+        getIdentityConstraints() {
+      if (identityConstraintsBuilder_ == null) {
+        return identityConstraints_ == null
+            ? com.google.cloud.security.privateca.v1.CertificateIdentityConstraints
+                .getDefaultInstance()
+            : identityConstraints_;
+      } else {
+        return identityConstraintsBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes constraints on identities that may be appear in
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] issued using this template. If this is omitted,
+     * then this template will not add restrictions on a certificate's identity.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateIdentityConstraints identity_constraints = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder setIdentityConstraints(
+        com.google.cloud.security.privateca.v1.CertificateIdentityConstraints value) {
+      if (identityConstraintsBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        identityConstraints_ = value;
+        onChanged();
+      } else {
+        identityConstraintsBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes constraints on identities that may be appear in
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] issued using this template. If this is omitted,
+     * then this template will not add restrictions on a certificate's identity.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateIdentityConstraints identity_constraints = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder setIdentityConstraints(
+        com.google.cloud.security.privateca.v1.CertificateIdentityConstraints.Builder
+            builderForValue) {
+      if (identityConstraintsBuilder_ == null) {
+        identityConstraints_ = builderForValue.build();
+        onChanged();
+      } else {
+        identityConstraintsBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes constraints on identities that may be appear in
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] issued using this template. If this is omitted,
+     * then this template will not add restrictions on a certificate's identity.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateIdentityConstraints identity_constraints = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder mergeIdentityConstraints(
+        com.google.cloud.security.privateca.v1.CertificateIdentityConstraints value) {
+      if (identityConstraintsBuilder_ == null) {
+        if (identityConstraints_ != null) {
+          identityConstraints_ =
+              com.google.cloud.security.privateca.v1.CertificateIdentityConstraints.newBuilder(
+                      identityConstraints_)
+                  .mergeFrom(value)
+                  .buildPartial();
+        } else {
+          identityConstraints_ = value;
+        }
+        onChanged();
+      } else {
+        identityConstraintsBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes constraints on identities that may be appear in
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] issued using this template. If this is omitted,
+     * then this template will not add restrictions on a certificate's identity.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateIdentityConstraints identity_constraints = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder clearIdentityConstraints() {
+      if (identityConstraintsBuilder_ == null) {
+        identityConstraints_ = null;
+        onChanged();
+      } else {
+        identityConstraints_ = null;
+        identityConstraintsBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes constraints on identities that may be appear in
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] issued using this template. If this is omitted,
+     * then this template will not add restrictions on a certificate's identity.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateIdentityConstraints identity_constraints = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateIdentityConstraints.Builder
+        getIdentityConstraintsBuilder() {
+
+      onChanged();
+      return getIdentityConstraintsFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes constraints on identities that may be appear in
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] issued using this template. If this is omitted,
+     * then this template will not add restrictions on a certificate's identity.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateIdentityConstraints identity_constraints = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateIdentityConstraintsOrBuilder
+        getIdentityConstraintsOrBuilder() {
+      if (identityConstraintsBuilder_ != null) {
+        return identityConstraintsBuilder_.getMessageOrBuilder();
+      } else {
+        return identityConstraints_ == null
+            ? com.google.cloud.security.privateca.v1.CertificateIdentityConstraints
+                .getDefaultInstance()
+            : identityConstraints_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes constraints on identities that may be appear in
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] issued using this template. If this is omitted,
+     * then this template will not add restrictions on a certificate's identity.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateIdentityConstraints identity_constraints = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateIdentityConstraints,
+            com.google.cloud.security.privateca.v1.CertificateIdentityConstraints.Builder,
+            com.google.cloud.security.privateca.v1.CertificateIdentityConstraintsOrBuilder>
+        getIdentityConstraintsFieldBuilder() {
+      if (identityConstraintsBuilder_ == null) {
+        identityConstraintsBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.CertificateIdentityConstraints,
+                com.google.cloud.security.privateca.v1.CertificateIdentityConstraints.Builder,
+                com.google.cloud.security.privateca.v1.CertificateIdentityConstraintsOrBuilder>(
+                getIdentityConstraints(), getParentForChildren(), isClean());
+        identityConstraints_ = null;
+      }
+      return identityConstraintsBuilder_;
+    }
+
+    private com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+        passthroughExtensions_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateExtensionConstraints,
+            com.google.cloud.security.privateca.v1.CertificateExtensionConstraints.Builder,
+            com.google.cloud.security.privateca.v1.CertificateExtensionConstraintsOrBuilder>
+        passthroughExtensionsBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes the set of X.509 extensions that may appear in a
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] issued using this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]. If a certificate
+     * request sets extensions that don't appear in the
+     * [passthrough_extensions][google.cloud.security.privateca.v1.CertificateTemplate.passthrough_extensions], those extensions will be dropped. If the
+     * issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] defines
+     * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] that don't appear
+     * here, the certificate issuance request will fail. If this is omitted, then
+     * this template will not add restrictions on a certificate's X.509
+     * extensions. These constraints do not apply to X.509 extensions set in this
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]'s [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateExtensionConstraints passthrough_extensions = 4 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return Whether the passthroughExtensions field is set.
+     */
+    public boolean hasPassthroughExtensions() {
+      return passthroughExtensionsBuilder_ != null || passthroughExtensions_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes the set of X.509 extensions that may appear in a
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] issued using this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]. If a certificate
+     * request sets extensions that don't appear in the
+     * [passthrough_extensions][google.cloud.security.privateca.v1.CertificateTemplate.passthrough_extensions], those extensions will be dropped. If the
+     * issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] defines
+     * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] that don't appear
+     * here, the certificate issuance request will fail. If this is omitted, then
+     * this template will not add restrictions on a certificate's X.509
+     * extensions. These constraints do not apply to X.509 extensions set in this
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]'s [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateExtensionConstraints passthrough_extensions = 4 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return The passthroughExtensions.
+     */
+    public com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+        getPassthroughExtensions() {
+      if (passthroughExtensionsBuilder_ == null) {
+        return passthroughExtensions_ == null
+            ? com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+                .getDefaultInstance()
+            : passthroughExtensions_;
+      } else {
+        return passthroughExtensionsBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes the set of X.509 extensions that may appear in a
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] issued using this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]. If a certificate
+     * request sets extensions that don't appear in the
+     * [passthrough_extensions][google.cloud.security.privateca.v1.CertificateTemplate.passthrough_extensions], those extensions will be dropped. If the
+     * issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] defines
+     * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] that don't appear
+     * here, the certificate issuance request will fail. If this is omitted, then
+     * this template will not add restrictions on a certificate's X.509
+     * extensions. These constraints do not apply to X.509 extensions set in this
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]'s [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateExtensionConstraints passthrough_extensions = 4 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder setPassthroughExtensions(
+        com.google.cloud.security.privateca.v1.CertificateExtensionConstraints value) {
+      if (passthroughExtensionsBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        passthroughExtensions_ = value;
+        onChanged();
+      } else {
+        passthroughExtensionsBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes the set of X.509 extensions that may appear in a
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] issued using this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]. If a certificate
+     * request sets extensions that don't appear in the
+     * [passthrough_extensions][google.cloud.security.privateca.v1.CertificateTemplate.passthrough_extensions], those extensions will be dropped. If the
+     * issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] defines
+     * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] that don't appear
+     * here, the certificate issuance request will fail. If this is omitted, then
+     * this template will not add restrictions on a certificate's X.509
+     * extensions. These constraints do not apply to X.509 extensions set in this
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]'s [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateExtensionConstraints passthrough_extensions = 4 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder setPassthroughExtensions(
+        com.google.cloud.security.privateca.v1.CertificateExtensionConstraints.Builder
+            builderForValue) {
+      if (passthroughExtensionsBuilder_ == null) {
+        passthroughExtensions_ = builderForValue.build();
+        onChanged();
+      } else {
+        passthroughExtensionsBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes the set of X.509 extensions that may appear in a
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] issued using this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]. If a certificate
+     * request sets extensions that don't appear in the
+     * [passthrough_extensions][google.cloud.security.privateca.v1.CertificateTemplate.passthrough_extensions], those extensions will be dropped. If the
+     * issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] defines
+     * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] that don't appear
+     * here, the certificate issuance request will fail. If this is omitted, then
+     * this template will not add restrictions on a certificate's X.509
+     * extensions. These constraints do not apply to X.509 extensions set in this
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]'s [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateExtensionConstraints passthrough_extensions = 4 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder mergePassthroughExtensions(
+        com.google.cloud.security.privateca.v1.CertificateExtensionConstraints value) {
+      if (passthroughExtensionsBuilder_ == null) {
+        if (passthroughExtensions_ != null) {
+          passthroughExtensions_ =
+              com.google.cloud.security.privateca.v1.CertificateExtensionConstraints.newBuilder(
+                      passthroughExtensions_)
+                  .mergeFrom(value)
+                  .buildPartial();
+        } else {
+          passthroughExtensions_ = value;
+        }
+        onChanged();
+      } else {
+        passthroughExtensionsBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes the set of X.509 extensions that may appear in a
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] issued using this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]. If a certificate
+     * request sets extensions that don't appear in the
+     * [passthrough_extensions][google.cloud.security.privateca.v1.CertificateTemplate.passthrough_extensions], those extensions will be dropped. If the
+     * issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] defines
+     * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] that don't appear
+     * here, the certificate issuance request will fail. If this is omitted, then
+     * this template will not add restrictions on a certificate's X.509
+     * extensions. These constraints do not apply to X.509 extensions set in this
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]'s [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateExtensionConstraints passthrough_extensions = 4 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder clearPassthroughExtensions() {
+      if (passthroughExtensionsBuilder_ == null) {
+        passthroughExtensions_ = null;
+        onChanged();
+      } else {
+        passthroughExtensions_ = null;
+        passthroughExtensionsBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes the set of X.509 extensions that may appear in a
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] issued using this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]. If a certificate
+     * request sets extensions that don't appear in the
+     * [passthrough_extensions][google.cloud.security.privateca.v1.CertificateTemplate.passthrough_extensions], those extensions will be dropped. If the
+     * issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] defines
+     * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] that don't appear
+     * here, the certificate issuance request will fail. If this is omitted, then
+     * this template will not add restrictions on a certificate's X.509
+     * extensions. These constraints do not apply to X.509 extensions set in this
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]'s [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateExtensionConstraints passthrough_extensions = 4 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateExtensionConstraints.Builder
+        getPassthroughExtensionsBuilder() {
+
+      onChanged();
+      return getPassthroughExtensionsFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes the set of X.509 extensions that may appear in a
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] issued using this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]. If a certificate
+     * request sets extensions that don't appear in the
+     * [passthrough_extensions][google.cloud.security.privateca.v1.CertificateTemplate.passthrough_extensions], those extensions will be dropped. If the
+     * issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] defines
+     * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] that don't appear
+     * here, the certificate issuance request will fail. If this is omitted, then
+     * this template will not add restrictions on a certificate's X.509
+     * extensions. These constraints do not apply to X.509 extensions set in this
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]'s [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateExtensionConstraints passthrough_extensions = 4 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateExtensionConstraintsOrBuilder
+        getPassthroughExtensionsOrBuilder() {
+      if (passthroughExtensionsBuilder_ != null) {
+        return passthroughExtensionsBuilder_.getMessageOrBuilder();
+      } else {
+        return passthroughExtensions_ == null
+            ? com.google.cloud.security.privateca.v1.CertificateExtensionConstraints
+                .getDefaultInstance()
+            : passthroughExtensions_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes the set of X.509 extensions that may appear in a
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] issued using this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]. If a certificate
+     * request sets extensions that don't appear in the
+     * [passthrough_extensions][google.cloud.security.privateca.v1.CertificateTemplate.passthrough_extensions], those extensions will be dropped. If the
+     * issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] defines
+     * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] that don't appear
+     * here, the certificate issuance request will fail. If this is omitted, then
+     * this template will not add restrictions on a certificate's X.509
+     * extensions. These constraints do not apply to X.509 extensions set in this
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]'s [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values].
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateExtensionConstraints passthrough_extensions = 4 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateExtensionConstraints,
+            com.google.cloud.security.privateca.v1.CertificateExtensionConstraints.Builder,
+            com.google.cloud.security.privateca.v1.CertificateExtensionConstraintsOrBuilder>
+        getPassthroughExtensionsFieldBuilder() {
+      if (passthroughExtensionsBuilder_ == null) {
+        passthroughExtensionsBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.CertificateExtensionConstraints,
+                com.google.cloud.security.privateca.v1.CertificateExtensionConstraints.Builder,
+                com.google.cloud.security.privateca.v1.CertificateExtensionConstraintsOrBuilder>(
+                getPassthroughExtensions(), getParentForChildren(), isClean());
+        passthroughExtensions_ = null;
+      }
+      return passthroughExtensionsBuilder_;
+    }
+
+    private java.lang.Object description_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A human-readable description of scenarios this template is intended for.
+     * </pre>
+     *
+     * <code>string description = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The description.
+     */
+    public java.lang.String getDescription() {
+      java.lang.Object ref = description_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        description_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A human-readable description of scenarios this template is intended for.
+     * </pre>
+     *
+     * <code>string description = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for description.
+     */
+    public com.google.protobuf.ByteString getDescriptionBytes() {
+      java.lang.Object ref = description_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        description_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A human-readable description of scenarios this template is intended for.
+     * </pre>
+     *
+     * <code>string description = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The description to set.
+     * @return This builder for chaining.
+     */
+    public Builder setDescription(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      description_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A human-readable description of scenarios this template is intended for.
+     * </pre>
+     *
+     * <code>string description = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearDescription() {
+
+      description_ = getDefaultInstance().getDescription();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. A human-readable description of scenarios this template is intended for.
+     * </pre>
+     *
+     * <code>string description = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The bytes for description to set.
+     * @return This builder for chaining.
+     */
+    public Builder setDescriptionBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      description_ = value;
+      onChanged();
+      return this;
+    }
+
+    private com.google.protobuf.Timestamp createTime_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.Timestamp,
+            com.google.protobuf.Timestamp.Builder,
+            com.google.protobuf.TimestampOrBuilder>
+        createTimeBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return Whether the createTime field is set.
+     */
+    public boolean hasCreateTime() {
+      return createTimeBuilder_ != null || createTime_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return The createTime.
+     */
+    public com.google.protobuf.Timestamp getCreateTime() {
+      if (createTimeBuilder_ == null) {
+        return createTime_ == null
+            ? com.google.protobuf.Timestamp.getDefaultInstance()
+            : createTime_;
+      } else {
+        return createTimeBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder setCreateTime(com.google.protobuf.Timestamp value) {
+      if (createTimeBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        createTime_ = value;
+        onChanged();
+      } else {
+        createTimeBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder setCreateTime(com.google.protobuf.Timestamp.Builder builderForValue) {
+      if (createTimeBuilder_ == null) {
+        createTime_ = builderForValue.build();
+        onChanged();
+      } else {
+        createTimeBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder mergeCreateTime(com.google.protobuf.Timestamp value) {
+      if (createTimeBuilder_ == null) {
+        if (createTime_ != null) {
+          createTime_ =
+              com.google.protobuf.Timestamp.newBuilder(createTime_).mergeFrom(value).buildPartial();
+        } else {
+          createTime_ = value;
+        }
+        onChanged();
+      } else {
+        createTimeBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder clearCreateTime() {
+      if (createTimeBuilder_ == null) {
+        createTime_ = null;
+        onChanged();
+      } else {
+        createTime_ = null;
+        createTimeBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.protobuf.Timestamp.Builder getCreateTimeBuilder() {
+
+      onChanged();
+      return getCreateTimeFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.protobuf.TimestampOrBuilder getCreateTimeOrBuilder() {
+      if (createTimeBuilder_ != null) {
+        return createTimeBuilder_.getMessageOrBuilder();
+      } else {
+        return createTime_ == null
+            ? com.google.protobuf.Timestamp.getDefaultInstance()
+            : createTime_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.Timestamp,
+            com.google.protobuf.Timestamp.Builder,
+            com.google.protobuf.TimestampOrBuilder>
+        getCreateTimeFieldBuilder() {
+      if (createTimeBuilder_ == null) {
+        createTimeBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.protobuf.Timestamp,
+                com.google.protobuf.Timestamp.Builder,
+                com.google.protobuf.TimestampOrBuilder>(
+                getCreateTime(), getParentForChildren(), isClean());
+        createTime_ = null;
+      }
+      return createTimeBuilder_;
+    }
+
+    private com.google.protobuf.Timestamp updateTime_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.Timestamp,
+            com.google.protobuf.Timestamp.Builder,
+            com.google.protobuf.TimestampOrBuilder>
+        updateTimeBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return Whether the updateTime field is set.
+     */
+    public boolean hasUpdateTime() {
+      return updateTimeBuilder_ != null || updateTime_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return The updateTime.
+     */
+    public com.google.protobuf.Timestamp getUpdateTime() {
+      if (updateTimeBuilder_ == null) {
+        return updateTime_ == null
+            ? com.google.protobuf.Timestamp.getDefaultInstance()
+            : updateTime_;
+      } else {
+        return updateTimeBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder setUpdateTime(com.google.protobuf.Timestamp value) {
+      if (updateTimeBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        updateTime_ = value;
+        onChanged();
+      } else {
+        updateTimeBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder setUpdateTime(com.google.protobuf.Timestamp.Builder builderForValue) {
+      if (updateTimeBuilder_ == null) {
+        updateTime_ = builderForValue.build();
+        onChanged();
+      } else {
+        updateTimeBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder mergeUpdateTime(com.google.protobuf.Timestamp value) {
+      if (updateTimeBuilder_ == null) {
+        if (updateTime_ != null) {
+          updateTime_ =
+              com.google.protobuf.Timestamp.newBuilder(updateTime_).mergeFrom(value).buildPartial();
+        } else {
+          updateTime_ = value;
+        }
+        onChanged();
+      } else {
+        updateTimeBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder clearUpdateTime() {
+      if (updateTimeBuilder_ == null) {
+        updateTime_ = null;
+        onChanged();
+      } else {
+        updateTime_ = null;
+        updateTimeBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.protobuf.Timestamp.Builder getUpdateTimeBuilder() {
+
+      onChanged();
+      return getUpdateTimeFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.protobuf.TimestampOrBuilder getUpdateTimeOrBuilder() {
+      if (updateTimeBuilder_ != null) {
+        return updateTimeBuilder_.getMessageOrBuilder();
+      } else {
+        return updateTime_ == null
+            ? com.google.protobuf.Timestamp.getDefaultInstance()
+            : updateTime_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was updated.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp update_time = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.Timestamp,
+            com.google.protobuf.Timestamp.Builder,
+            com.google.protobuf.TimestampOrBuilder>
+        getUpdateTimeFieldBuilder() {
+      if (updateTimeBuilder_ == null) {
+        updateTimeBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.protobuf.Timestamp,
+                com.google.protobuf.Timestamp.Builder,
+                com.google.protobuf.TimestampOrBuilder>(
+                getUpdateTime(), getParentForChildren(), isClean());
+        updateTime_ = null;
+      }
+      return updateTimeBuilder_;
+    }
+
+    private com.google.protobuf.MapField<java.lang.String, java.lang.String> labels_;
+
+    private com.google.protobuf.MapField<java.lang.String, java.lang.String> internalGetLabels() {
+      if (labels_ == null) {
+        return com.google.protobuf.MapField.emptyMapField(LabelsDefaultEntryHolder.defaultEntry);
+      }
+      return labels_;
+    }
+
+    private com.google.protobuf.MapField<java.lang.String, java.lang.String>
+        internalGetMutableLabels() {
+      onChanged();
+      ;
+      if (labels_ == null) {
+        labels_ = com.google.protobuf.MapField.newMapField(LabelsDefaultEntryHolder.defaultEntry);
+      }
+      if (!labels_.isMutable()) {
+        labels_ = labels_.copy();
+      }
+      return labels_;
+    }
+
+    public int getLabelsCount() {
+      return internalGetLabels().getMap().size();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Labels with user-defined metadata.
+     * </pre>
+     *
+     * <code>map&lt;string, string&gt; labels = 8 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    @java.lang.Override
+    public boolean containsLabels(java.lang.String key) {
+      if (key == null) {
+        throw new java.lang.NullPointerException();
+      }
+      return internalGetLabels().getMap().containsKey(key);
+    }
+    /** Use {@link #getLabelsMap()} instead. */
+    @java.lang.Override
+    @java.lang.Deprecated
+    public java.util.Map<java.lang.String, java.lang.String> getLabels() {
+      return getLabelsMap();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Labels with user-defined metadata.
+     * </pre>
+     *
+     * <code>map&lt;string, string&gt; labels = 8 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    @java.lang.Override
+    public java.util.Map<java.lang.String, java.lang.String> getLabelsMap() {
+      return internalGetLabels().getMap();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Labels with user-defined metadata.
+     * </pre>
+     *
+     * <code>map&lt;string, string&gt; labels = 8 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    @java.lang.Override
+    public java.lang.String getLabelsOrDefault(
+        java.lang.String key, java.lang.String defaultValue) {
+      if (key == null) {
+        throw new java.lang.NullPointerException();
+      }
+      java.util.Map<java.lang.String, java.lang.String> map = internalGetLabels().getMap();
+      return map.containsKey(key) ? map.get(key) : defaultValue;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Labels with user-defined metadata.
+     * </pre>
+     *
+     * <code>map&lt;string, string&gt; labels = 8 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    @java.lang.Override
+    public java.lang.String getLabelsOrThrow(java.lang.String key) {
+      if (key == null) {
+        throw new java.lang.NullPointerException();
+      }
+      java.util.Map<java.lang.String, java.lang.String> map = internalGetLabels().getMap();
+      if (!map.containsKey(key)) {
+        throw new java.lang.IllegalArgumentException();
+      }
+      return map.get(key);
+    }
+
+    public Builder clearLabels() {
+      internalGetMutableLabels().getMutableMap().clear();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Labels with user-defined metadata.
+     * </pre>
+     *
+     * <code>map&lt;string, string&gt; labels = 8 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    public Builder removeLabels(java.lang.String key) {
+      if (key == null) {
+        throw new java.lang.NullPointerException();
+      }
+      internalGetMutableLabels().getMutableMap().remove(key);
+      return this;
+    }
+    /** Use alternate mutation accessors instead. */
+    @java.lang.Deprecated
+    public java.util.Map<java.lang.String, java.lang.String> getMutableLabels() {
+      return internalGetMutableLabels().getMutableMap();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Labels with user-defined metadata.
+     * </pre>
+     *
+     * <code>map&lt;string, string&gt; labels = 8 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    public Builder putLabels(java.lang.String key, java.lang.String value) {
+      if (key == null) {
+        throw new java.lang.NullPointerException();
+      }
+      if (value == null) {
+        throw new java.lang.NullPointerException();
+      }
+      internalGetMutableLabels().getMutableMap().put(key, value);
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Labels with user-defined metadata.
+     * </pre>
+     *
+     * <code>map&lt;string, string&gt; labels = 8 [(.google.api.field_behavior) = OPTIONAL];</code>
+     */
+    public Builder putAllLabels(java.util.Map<java.lang.String, java.lang.String> values) {
+      internalGetMutableLabels().getMutableMap().putAll(values);
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.CertificateTemplate)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.CertificateTemplate)
+  private static final com.google.cloud.security.privateca.v1.CertificateTemplate DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.CertificateTemplate();
+  }
+
+  public static com.google.cloud.security.privateca.v1.CertificateTemplate getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<CertificateTemplate> PARSER =
+      new com.google.protobuf.AbstractParser<CertificateTemplate>() {
+        @java.lang.Override
+        public CertificateTemplate parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new CertificateTemplate(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<CertificateTemplate> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<CertificateTemplate> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateTemplate getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateTemplateName.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateTemplateName.java
new file mode 100644
index 00000000..b5dbfad0
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateTemplateName.java
@@ -0,0 +1,232 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.cloud.security.privateca.v1;
+
+import com.google.api.pathtemplate.PathTemplate;
+import com.google.api.resourcenames.ResourceName;
+import com.google.common.base.Preconditions;
+import com.google.common.collect.ImmutableMap;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import javax.annotation.Generated;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS.
+@Generated("by gapic-generator-java")
+public class CertificateTemplateName implements ResourceName {
+  private static final PathTemplate PROJECT_LOCATION_CERTIFICATE_TEMPLATE =
+      PathTemplate.createWithoutUrlEncoding(
+          "projects/{project}/locations/{location}/certificateTemplates/{certificate_template}");
+  private volatile Map<String, String> fieldValuesMap;
+  private final String project;
+  private final String location;
+  private final String certificateTemplate;
+
+  @Deprecated
+  protected CertificateTemplateName() {
+    project = null;
+    location = null;
+    certificateTemplate = null;
+  }
+
+  private CertificateTemplateName(Builder builder) {
+    project = Preconditions.checkNotNull(builder.getProject());
+    location = Preconditions.checkNotNull(builder.getLocation());
+    certificateTemplate = Preconditions.checkNotNull(builder.getCertificateTemplate());
+  }
+
+  public String getProject() {
+    return project;
+  }
+
+  public String getLocation() {
+    return location;
+  }
+
+  public String getCertificateTemplate() {
+    return certificateTemplate;
+  }
+
+  public static Builder newBuilder() {
+    return new Builder();
+  }
+
+  public Builder toBuilder() {
+    return new Builder(this);
+  }
+
+  public static CertificateTemplateName of(
+      String project, String location, String certificateTemplate) {
+    return newBuilder()
+        .setProject(project)
+        .setLocation(location)
+        .setCertificateTemplate(certificateTemplate)
+        .build();
+  }
+
+  public static String format(String project, String location, String certificateTemplate) {
+    return newBuilder()
+        .setProject(project)
+        .setLocation(location)
+        .setCertificateTemplate(certificateTemplate)
+        .build()
+        .toString();
+  }
+
+  public static CertificateTemplateName parse(String formattedString) {
+    if (formattedString.isEmpty()) {
+      return null;
+    }
+    Map<String, String> matchMap =
+        PROJECT_LOCATION_CERTIFICATE_TEMPLATE.validatedMatch(
+            formattedString, "CertificateTemplateName.parse: formattedString not in valid format");
+    return of(
+        matchMap.get("project"), matchMap.get("location"), matchMap.get("certificate_template"));
+  }
+
+  public static List<CertificateTemplateName> parseList(List<String> formattedStrings) {
+    List<CertificateTemplateName> list = new ArrayList<>(formattedStrings.size());
+    for (String formattedString : formattedStrings) {
+      list.add(parse(formattedString));
+    }
+    return list;
+  }
+
+  public static List<String> toStringList(List<CertificateTemplateName> values) {
+    List<String> list = new ArrayList<>(values.size());
+    for (CertificateTemplateName value : values) {
+      if (value == null) {
+        list.add("");
+      } else {
+        list.add(value.toString());
+      }
+    }
+    return list;
+  }
+
+  public static boolean isParsableFrom(String formattedString) {
+    return PROJECT_LOCATION_CERTIFICATE_TEMPLATE.matches(formattedString);
+  }
+
+  @Override
+  public Map<String, String> getFieldValuesMap() {
+    if (fieldValuesMap == null) {
+      synchronized (this) {
+        if (fieldValuesMap == null) {
+          ImmutableMap.Builder<String, String> fieldMapBuilder = ImmutableMap.builder();
+          if (project != null) {
+            fieldMapBuilder.put("project", project);
+          }
+          if (location != null) {
+            fieldMapBuilder.put("location", location);
+          }
+          if (certificateTemplate != null) {
+            fieldMapBuilder.put("certificate_template", certificateTemplate);
+          }
+          fieldValuesMap = fieldMapBuilder.build();
+        }
+      }
+    }
+    return fieldValuesMap;
+  }
+
+  public String getFieldValue(String fieldName) {
+    return getFieldValuesMap().get(fieldName);
+  }
+
+  @Override
+  public String toString() {
+    return PROJECT_LOCATION_CERTIFICATE_TEMPLATE.instantiate(
+        "project", project, "location", location, "certificate_template", certificateTemplate);
+  }
+
+  @Override
+  public boolean equals(Object o) {
+    if (o == this) {
+      return true;
+    }
+    if (o != null || getClass() == o.getClass()) {
+      CertificateTemplateName that = ((CertificateTemplateName) o);
+      return Objects.equals(this.project, that.project)
+          && Objects.equals(this.location, that.location)
+          && Objects.equals(this.certificateTemplate, that.certificateTemplate);
+    }
+    return false;
+  }
+
+  @Override
+  public int hashCode() {
+    int h = 1;
+    h *= 1000003;
+    h ^= Objects.hashCode(project);
+    h *= 1000003;
+    h ^= Objects.hashCode(location);
+    h *= 1000003;
+    h ^= Objects.hashCode(certificateTemplate);
+    return h;
+  }
+
+  /**
+   * Builder for
+   * projects/{project}/locations/{location}/certificateTemplates/{certificate_template}.
+   */
+  public static class Builder {
+    private String project;
+    private String location;
+    private String certificateTemplate;
+
+    protected Builder() {}
+
+    public String getProject() {
+      return project;
+    }
+
+    public String getLocation() {
+      return location;
+    }
+
+    public String getCertificateTemplate() {
+      return certificateTemplate;
+    }
+
+    public Builder setProject(String project) {
+      this.project = project;
+      return this;
+    }
+
+    public Builder setLocation(String location) {
+      this.location = location;
+      return this;
+    }
+
+    public Builder setCertificateTemplate(String certificateTemplate) {
+      this.certificateTemplate = certificateTemplate;
+      return this;
+    }
+
+    private Builder(CertificateTemplateName certificateTemplateName) {
+      project = certificateTemplateName.project;
+      location = certificateTemplateName.location;
+      certificateTemplate = certificateTemplateName.certificateTemplate;
+    }
+
+    public CertificateTemplateName build() {
+      return new CertificateTemplateName(this);
+    }
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateTemplateOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateTemplateOrBuilder.java
new file mode 100644
index 00000000..aa096cc6
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CertificateTemplateOrBuilder.java
@@ -0,0 +1,387 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/resources.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface CertificateTemplateOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.CertificateTemplate)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
+   * `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The name.
+   */
+  java.lang.String getName();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
+   * `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for name.
+   */
+  com.google.protobuf.ByteString getNameBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. A set of X.509 values that will be applied to all issued certificates that
+   * use this template. If the certificate request includes conflicting values
+   * for the same properties, they will be overwritten by the values defined
+   * here. If the issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
+   * defines conflicting
+   * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] for the same
+   * properties, the certificate issuance request will fail.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.X509Parameters predefined_values = 2 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return Whether the predefinedValues field is set.
+   */
+  boolean hasPredefinedValues();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. A set of X.509 values that will be applied to all issued certificates that
+   * use this template. If the certificate request includes conflicting values
+   * for the same properties, they will be overwritten by the values defined
+   * here. If the issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
+   * defines conflicting
+   * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] for the same
+   * properties, the certificate issuance request will fail.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.X509Parameters predefined_values = 2 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return The predefinedValues.
+   */
+  com.google.cloud.security.privateca.v1.X509Parameters getPredefinedValues();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. A set of X.509 values that will be applied to all issued certificates that
+   * use this template. If the certificate request includes conflicting values
+   * for the same properties, they will be overwritten by the values defined
+   * here. If the issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
+   * defines conflicting
+   * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] for the same
+   * properties, the certificate issuance request will fail.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.X509Parameters predefined_values = 2 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.X509ParametersOrBuilder getPredefinedValuesOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes constraints on identities that may be appear in
+   * [Certificates][google.cloud.security.privateca.v1.Certificate] issued using this template. If this is omitted,
+   * then this template will not add restrictions on a certificate's identity.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateIdentityConstraints identity_constraints = 3 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return Whether the identityConstraints field is set.
+   */
+  boolean hasIdentityConstraints();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes constraints on identities that may be appear in
+   * [Certificates][google.cloud.security.privateca.v1.Certificate] issued using this template. If this is omitted,
+   * then this template will not add restrictions on a certificate's identity.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateIdentityConstraints identity_constraints = 3 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return The identityConstraints.
+   */
+  com.google.cloud.security.privateca.v1.CertificateIdentityConstraints getIdentityConstraints();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes constraints on identities that may be appear in
+   * [Certificates][google.cloud.security.privateca.v1.Certificate] issued using this template. If this is omitted,
+   * then this template will not add restrictions on a certificate's identity.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateIdentityConstraints identity_constraints = 3 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.CertificateIdentityConstraintsOrBuilder
+      getIdentityConstraintsOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes the set of X.509 extensions that may appear in a
+   * [Certificate][google.cloud.security.privateca.v1.Certificate] issued using this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]. If a certificate
+   * request sets extensions that don't appear in the
+   * [passthrough_extensions][google.cloud.security.privateca.v1.CertificateTemplate.passthrough_extensions], those extensions will be dropped. If the
+   * issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] defines
+   * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] that don't appear
+   * here, the certificate issuance request will fail. If this is omitted, then
+   * this template will not add restrictions on a certificate's X.509
+   * extensions. These constraints do not apply to X.509 extensions set in this
+   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]'s [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values].
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateExtensionConstraints passthrough_extensions = 4 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return Whether the passthroughExtensions field is set.
+   */
+  boolean hasPassthroughExtensions();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes the set of X.509 extensions that may appear in a
+   * [Certificate][google.cloud.security.privateca.v1.Certificate] issued using this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]. If a certificate
+   * request sets extensions that don't appear in the
+   * [passthrough_extensions][google.cloud.security.privateca.v1.CertificateTemplate.passthrough_extensions], those extensions will be dropped. If the
+   * issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] defines
+   * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] that don't appear
+   * here, the certificate issuance request will fail. If this is omitted, then
+   * this template will not add restrictions on a certificate's X.509
+   * extensions. These constraints do not apply to X.509 extensions set in this
+   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]'s [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values].
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateExtensionConstraints passthrough_extensions = 4 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return The passthroughExtensions.
+   */
+  com.google.cloud.security.privateca.v1.CertificateExtensionConstraints getPassthroughExtensions();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes the set of X.509 extensions that may appear in a
+   * [Certificate][google.cloud.security.privateca.v1.Certificate] issued using this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]. If a certificate
+   * request sets extensions that don't appear in the
+   * [passthrough_extensions][google.cloud.security.privateca.v1.CertificateTemplate.passthrough_extensions], those extensions will be dropped. If the
+   * issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] defines
+   * [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] that don't appear
+   * here, the certificate issuance request will fail. If this is omitted, then
+   * this template will not add restrictions on a certificate's X.509
+   * extensions. These constraints do not apply to X.509 extensions set in this
+   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]'s [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values].
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateExtensionConstraints passthrough_extensions = 4 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.CertificateExtensionConstraintsOrBuilder
+      getPassthroughExtensionsOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. A human-readable description of scenarios this template is intended for.
+   * </pre>
+   *
+   * <code>string description = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The description.
+   */
+  java.lang.String getDescription();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. A human-readable description of scenarios this template is intended for.
+   * </pre>
+   *
+   * <code>string description = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for description.
+   */
+  com.google.protobuf.ByteString getDescriptionBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was created.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp create_time = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return Whether the createTime field is set.
+   */
+  boolean hasCreateTime();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was created.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp create_time = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The createTime.
+   */
+  com.google.protobuf.Timestamp getCreateTime();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was created.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp create_time = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  com.google.protobuf.TimestampOrBuilder getCreateTimeOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was updated.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp update_time = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return Whether the updateTime field is set.
+   */
+  boolean hasUpdateTime();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was updated.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp update_time = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The updateTime.
+   */
+  com.google.protobuf.Timestamp getUpdateTime();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was updated.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp update_time = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  com.google.protobuf.TimestampOrBuilder getUpdateTimeOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 8 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  int getLabelsCount();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 8 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  boolean containsLabels(java.lang.String key);
+  /** Use {@link #getLabelsMap()} instead. */
+  @java.lang.Deprecated
+  java.util.Map<java.lang.String, java.lang.String> getLabels();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 8 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  java.util.Map<java.lang.String, java.lang.String> getLabelsMap();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 8 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  java.lang.String getLabelsOrDefault(java.lang.String key, java.lang.String defaultValue);
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Labels with user-defined metadata.
+   * </pre>
+   *
+   * <code>map&lt;string, string&gt; labels = 8 [(.google.api.field_behavior) = OPTIONAL];</code>
+   */
+  java.lang.String getLabelsOrThrow(java.lang.String key);
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCaPoolRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCaPoolRequest.java
new file mode 100644
index 00000000..5f7c9e97
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCaPoolRequest.java
@@ -0,0 +1,1416 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Request message for
+ * [CertificateAuthorityService.CreateCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCaPool].
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.CreateCaPoolRequest}
+ */
+public final class CreateCaPoolRequest extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.CreateCaPoolRequest)
+    CreateCaPoolRequestOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use CreateCaPoolRequest.newBuilder() to construct.
+  private CreateCaPoolRequest(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private CreateCaPoolRequest() {
+    parent_ = "";
+    caPoolId_ = "";
+    requestId_ = "";
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new CreateCaPoolRequest();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private CreateCaPoolRequest(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              parent_ = s;
+              break;
+            }
+          case 18:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              caPoolId_ = s;
+              break;
+            }
+          case 26:
+            {
+              com.google.cloud.security.privateca.v1.CaPool.Builder subBuilder = null;
+              if (caPool_ != null) {
+                subBuilder = caPool_.toBuilder();
+              }
+              caPool_ =
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.CaPool.parser(), extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(caPool_);
+                caPool_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 34:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              requestId_ = s;
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_CreateCaPoolRequest_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_CreateCaPoolRequest_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.CreateCaPoolRequest.class,
+            com.google.cloud.security.privateca.v1.CreateCaPoolRequest.Builder.class);
+  }
+
+  public static final int PARENT_FIELD_NUMBER = 1;
+  private volatile java.lang.Object parent_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name of the location associated with the
+   * [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
+   * `projects/&#42;&#47;locations/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The parent.
+   */
+  @java.lang.Override
+  public java.lang.String getParent() {
+    java.lang.Object ref = parent_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      parent_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name of the location associated with the
+   * [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
+   * `projects/&#42;&#47;locations/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for parent.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getParentBytes() {
+    java.lang.Object ref = parent_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      parent_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int CA_POOL_ID_FIELD_NUMBER = 2;
+  private volatile java.lang.Object caPoolId_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. It must be unique within a location and match the regular
+   * expression `[a-zA-Z0-9_-]{1,63}`
+   * </pre>
+   *
+   * <code>string ca_pool_id = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+   *
+   * @return The caPoolId.
+   */
+  @java.lang.Override
+  public java.lang.String getCaPoolId() {
+    java.lang.Object ref = caPoolId_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      caPoolId_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. It must be unique within a location and match the regular
+   * expression `[a-zA-Z0-9_-]{1,63}`
+   * </pre>
+   *
+   * <code>string ca_pool_id = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+   *
+   * @return The bytes for caPoolId.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getCaPoolIdBytes() {
+    java.lang.Object ref = caPoolId_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      caPoolId_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int CA_POOL_FIELD_NUMBER = 3;
+  private com.google.cloud.security.privateca.v1.CaPool caPool_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
+   * initial field values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CaPool ca_pool = 3 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return Whether the caPool field is set.
+   */
+  @java.lang.Override
+  public boolean hasCaPool() {
+    return caPool_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
+   * initial field values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CaPool ca_pool = 3 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The caPool.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CaPool getCaPool() {
+    return caPool_ == null
+        ? com.google.cloud.security.privateca.v1.CaPool.getDefaultInstance()
+        : caPool_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
+   * initial field values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CaPool ca_pool = 3 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CaPoolOrBuilder getCaPoolOrBuilder() {
+    return getCaPool();
+  }
+
+  public static final int REQUEST_ID_FIELD_NUMBER = 4;
+  private volatile java.lang.Object requestId_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The requestId.
+   */
+  @java.lang.Override
+  public java.lang.String getRequestId() {
+    java.lang.Object ref = requestId_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      requestId_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for requestId.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getRequestIdBytes() {
+    java.lang.Object ref = requestId_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      requestId_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!getParentBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, parent_);
+    }
+    if (!getCaPoolIdBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 2, caPoolId_);
+    }
+    if (caPool_ != null) {
+      output.writeMessage(3, getCaPool());
+    }
+    if (!getRequestIdBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 4, requestId_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!getParentBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, parent_);
+    }
+    if (!getCaPoolIdBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(2, caPoolId_);
+    }
+    if (caPool_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(3, getCaPool());
+    }
+    if (!getRequestIdBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(4, requestId_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.security.privateca.v1.CreateCaPoolRequest)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.CreateCaPoolRequest other =
+        (com.google.cloud.security.privateca.v1.CreateCaPoolRequest) obj;
+
+    if (!getParent().equals(other.getParent())) return false;
+    if (!getCaPoolId().equals(other.getCaPoolId())) return false;
+    if (hasCaPool() != other.hasCaPool()) return false;
+    if (hasCaPool()) {
+      if (!getCaPool().equals(other.getCaPool())) return false;
+    }
+    if (!getRequestId().equals(other.getRequestId())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + PARENT_FIELD_NUMBER;
+    hash = (53 * hash) + getParent().hashCode();
+    hash = (37 * hash) + CA_POOL_ID_FIELD_NUMBER;
+    hash = (53 * hash) + getCaPoolId().hashCode();
+    if (hasCaPool()) {
+      hash = (37 * hash) + CA_POOL_FIELD_NUMBER;
+      hash = (53 * hash) + getCaPool().hashCode();
+    }
+    hash = (37 * hash) + REQUEST_ID_FIELD_NUMBER;
+    hash = (53 * hash) + getRequestId().hashCode();
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCaPoolRequest parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCaPoolRequest parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCaPoolRequest parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCaPoolRequest parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCaPoolRequest parseFrom(byte[] data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCaPoolRequest parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCaPoolRequest parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCaPoolRequest parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCaPoolRequest parseDelimitedFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCaPoolRequest parseDelimitedFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCaPoolRequest parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCaPoolRequest parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.CreateCaPoolRequest prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Request message for
+   * [CertificateAuthorityService.CreateCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCaPool].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.CreateCaPoolRequest}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.CreateCaPoolRequest)
+      com.google.cloud.security.privateca.v1.CreateCaPoolRequestOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_CreateCaPoolRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_CreateCaPoolRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.CreateCaPoolRequest.class,
+              com.google.cloud.security.privateca.v1.CreateCaPoolRequest.Builder.class);
+    }
+
+    // Construct using com.google.cloud.security.privateca.v1.CreateCaPoolRequest.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      parent_ = "";
+
+      caPoolId_ = "";
+
+      if (caPoolBuilder_ == null) {
+        caPool_ = null;
+      } else {
+        caPool_ = null;
+        caPoolBuilder_ = null;
+      }
+      requestId_ = "";
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_CreateCaPoolRequest_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CreateCaPoolRequest getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.CreateCaPoolRequest.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CreateCaPoolRequest build() {
+      com.google.cloud.security.privateca.v1.CreateCaPoolRequest result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CreateCaPoolRequest buildPartial() {
+      com.google.cloud.security.privateca.v1.CreateCaPoolRequest result =
+          new com.google.cloud.security.privateca.v1.CreateCaPoolRequest(this);
+      result.parent_ = parent_;
+      result.caPoolId_ = caPoolId_;
+      if (caPoolBuilder_ == null) {
+        result.caPool_ = caPool_;
+      } else {
+        result.caPool_ = caPoolBuilder_.build();
+      }
+      result.requestId_ = requestId_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.security.privateca.v1.CreateCaPoolRequest) {
+        return mergeFrom((com.google.cloud.security.privateca.v1.CreateCaPoolRequest) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(com.google.cloud.security.privateca.v1.CreateCaPoolRequest other) {
+      if (other == com.google.cloud.security.privateca.v1.CreateCaPoolRequest.getDefaultInstance())
+        return this;
+      if (!other.getParent().isEmpty()) {
+        parent_ = other.parent_;
+        onChanged();
+      }
+      if (!other.getCaPoolId().isEmpty()) {
+        caPoolId_ = other.caPoolId_;
+        onChanged();
+      }
+      if (other.hasCaPool()) {
+        mergeCaPool(other.getCaPool());
+      }
+      if (!other.getRequestId().isEmpty()) {
+        requestId_ = other.requestId_;
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.CreateCaPoolRequest parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.CreateCaPoolRequest) e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private java.lang.Object parent_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the location associated with the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
+     * `projects/&#42;&#47;locations/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The parent.
+     */
+    public java.lang.String getParent() {
+      java.lang.Object ref = parent_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        parent_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the location associated with the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
+     * `projects/&#42;&#47;locations/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for parent.
+     */
+    public com.google.protobuf.ByteString getParentBytes() {
+      java.lang.Object ref = parent_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        parent_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the location associated with the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
+     * `projects/&#42;&#47;locations/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The parent to set.
+     * @return This builder for chaining.
+     */
+    public Builder setParent(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      parent_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the location associated with the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
+     * `projects/&#42;&#47;locations/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearParent() {
+
+      parent_ = getDefaultInstance().getParent();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the location associated with the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
+     * `projects/&#42;&#47;locations/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The bytes for parent to set.
+     * @return This builder for chaining.
+     */
+    public Builder setParentBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      parent_ = value;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object caPoolId_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Required. It must be unique within a location and match the regular
+     * expression `[a-zA-Z0-9_-]{1,63}`
+     * </pre>
+     *
+     * <code>string ca_pool_id = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The caPoolId.
+     */
+    public java.lang.String getCaPoolId() {
+      java.lang.Object ref = caPoolId_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        caPoolId_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. It must be unique within a location and match the regular
+     * expression `[a-zA-Z0-9_-]{1,63}`
+     * </pre>
+     *
+     * <code>string ca_pool_id = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The bytes for caPoolId.
+     */
+    public com.google.protobuf.ByteString getCaPoolIdBytes() {
+      java.lang.Object ref = caPoolId_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        caPoolId_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. It must be unique within a location and match the regular
+     * expression `[a-zA-Z0-9_-]{1,63}`
+     * </pre>
+     *
+     * <code>string ca_pool_id = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @param value The caPoolId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setCaPoolId(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      caPoolId_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. It must be unique within a location and match the regular
+     * expression `[a-zA-Z0-9_-]{1,63}`
+     * </pre>
+     *
+     * <code>string ca_pool_id = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearCaPoolId() {
+
+      caPoolId_ = getDefaultInstance().getCaPoolId();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. It must be unique within a location and match the regular
+     * expression `[a-zA-Z0-9_-]{1,63}`
+     * </pre>
+     *
+     * <code>string ca_pool_id = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @param value The bytes for caPoolId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setCaPoolIdBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      caPoolId_ = value;
+      onChanged();
+      return this;
+    }
+
+    private com.google.cloud.security.privateca.v1.CaPool caPool_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CaPool,
+            com.google.cloud.security.privateca.v1.CaPool.Builder,
+            com.google.cloud.security.privateca.v1.CaPoolOrBuilder>
+        caPoolBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
+     * initial field values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool ca_pool = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return Whether the caPool field is set.
+     */
+    public boolean hasCaPool() {
+      return caPoolBuilder_ != null || caPool_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
+     * initial field values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool ca_pool = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The caPool.
+     */
+    public com.google.cloud.security.privateca.v1.CaPool getCaPool() {
+      if (caPoolBuilder_ == null) {
+        return caPool_ == null
+            ? com.google.cloud.security.privateca.v1.CaPool.getDefaultInstance()
+            : caPool_;
+      } else {
+        return caPoolBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
+     * initial field values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool ca_pool = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setCaPool(com.google.cloud.security.privateca.v1.CaPool value) {
+      if (caPoolBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        caPool_ = value;
+        onChanged();
+      } else {
+        caPoolBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
+     * initial field values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool ca_pool = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setCaPool(
+        com.google.cloud.security.privateca.v1.CaPool.Builder builderForValue) {
+      if (caPoolBuilder_ == null) {
+        caPool_ = builderForValue.build();
+        onChanged();
+      } else {
+        caPoolBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
+     * initial field values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool ca_pool = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder mergeCaPool(com.google.cloud.security.privateca.v1.CaPool value) {
+      if (caPoolBuilder_ == null) {
+        if (caPool_ != null) {
+          caPool_ =
+              com.google.cloud.security.privateca.v1.CaPool.newBuilder(caPool_)
+                  .mergeFrom(value)
+                  .buildPartial();
+        } else {
+          caPool_ = value;
+        }
+        onChanged();
+      } else {
+        caPoolBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
+     * initial field values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool ca_pool = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder clearCaPool() {
+      if (caPoolBuilder_ == null) {
+        caPool_ = null;
+        onChanged();
+      } else {
+        caPool_ = null;
+        caPoolBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
+     * initial field values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool ca_pool = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CaPool.Builder getCaPoolBuilder() {
+
+      onChanged();
+      return getCaPoolFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
+     * initial field values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool ca_pool = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CaPoolOrBuilder getCaPoolOrBuilder() {
+      if (caPoolBuilder_ != null) {
+        return caPoolBuilder_.getMessageOrBuilder();
+      } else {
+        return caPool_ == null
+            ? com.google.cloud.security.privateca.v1.CaPool.getDefaultInstance()
+            : caPool_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
+     * initial field values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool ca_pool = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CaPool,
+            com.google.cloud.security.privateca.v1.CaPool.Builder,
+            com.google.cloud.security.privateca.v1.CaPoolOrBuilder>
+        getCaPoolFieldBuilder() {
+      if (caPoolBuilder_ == null) {
+        caPoolBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.CaPool,
+                com.google.cloud.security.privateca.v1.CaPool.Builder,
+                com.google.cloud.security.privateca.v1.CaPoolOrBuilder>(
+                getCaPool(), getParentForChildren(), isClean());
+        caPool_ = null;
+      }
+      return caPoolBuilder_;
+    }
+
+    private java.lang.Object requestId_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The requestId.
+     */
+    public java.lang.String getRequestId() {
+      java.lang.Object ref = requestId_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        requestId_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for requestId.
+     */
+    public com.google.protobuf.ByteString getRequestIdBytes() {
+      java.lang.Object ref = requestId_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        requestId_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The requestId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setRequestId(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      requestId_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearRequestId() {
+
+      requestId_ = getDefaultInstance().getRequestId();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The bytes for requestId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setRequestIdBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      requestId_ = value;
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.CreateCaPoolRequest)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.CreateCaPoolRequest)
+  private static final com.google.cloud.security.privateca.v1.CreateCaPoolRequest DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.CreateCaPoolRequest();
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCaPoolRequest getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<CreateCaPoolRequest> PARSER =
+      new com.google.protobuf.AbstractParser<CreateCaPoolRequest>() {
+        @java.lang.Override
+        public CreateCaPoolRequest parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new CreateCaPoolRequest(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<CreateCaPoolRequest> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<CreateCaPoolRequest> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CreateCaPoolRequest getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCaPoolRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCaPoolRequestOrBuilder.java
new file mode 100644
index 00000000..eaad9d83
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCaPoolRequestOrBuilder.java
@@ -0,0 +1,174 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface CreateCaPoolRequestOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.CreateCaPoolRequest)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name of the location associated with the
+   * [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
+   * `projects/&#42;&#47;locations/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The parent.
+   */
+  java.lang.String getParent();
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name of the location associated with the
+   * [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
+   * `projects/&#42;&#47;locations/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for parent.
+   */
+  com.google.protobuf.ByteString getParentBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. It must be unique within a location and match the regular
+   * expression `[a-zA-Z0-9_-]{1,63}`
+   * </pre>
+   *
+   * <code>string ca_pool_id = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+   *
+   * @return The caPoolId.
+   */
+  java.lang.String getCaPoolId();
+  /**
+   *
+   *
+   * <pre>
+   * Required. It must be unique within a location and match the regular
+   * expression `[a-zA-Z0-9_-]{1,63}`
+   * </pre>
+   *
+   * <code>string ca_pool_id = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+   *
+   * @return The bytes for caPoolId.
+   */
+  com.google.protobuf.ByteString getCaPoolIdBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
+   * initial field values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CaPool ca_pool = 3 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return Whether the caPool field is set.
+   */
+  boolean hasCaPool();
+  /**
+   *
+   *
+   * <pre>
+   * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
+   * initial field values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CaPool ca_pool = 3 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The caPool.
+   */
+  com.google.cloud.security.privateca.v1.CaPool getCaPool();
+  /**
+   *
+   *
+   * <pre>
+   * Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
+   * initial field values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CaPool ca_pool = 3 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.CaPoolOrBuilder getCaPoolOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The requestId.
+   */
+  java.lang.String getRequestId();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for requestId.
+   */
+  com.google.protobuf.ByteString getRequestIdBytes();
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateAuthorityRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateAuthorityRequest.java
new file mode 100644
index 00000000..2236cfd9
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateAuthorityRequest.java
@@ -0,0 +1,1460 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Request message for
+ * [CertificateAuthorityService.CreateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificateAuthority].
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest}
+ */
+public final class CreateCertificateAuthorityRequest extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest)
+    CreateCertificateAuthorityRequestOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use CreateCertificateAuthorityRequest.newBuilder() to construct.
+  private CreateCertificateAuthorityRequest(
+      com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private CreateCertificateAuthorityRequest() {
+    parent_ = "";
+    certificateAuthorityId_ = "";
+    requestId_ = "";
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new CreateCertificateAuthorityRequest();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private CreateCertificateAuthorityRequest(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              parent_ = s;
+              break;
+            }
+          case 18:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              certificateAuthorityId_ = s;
+              break;
+            }
+          case 26:
+            {
+              com.google.cloud.security.privateca.v1.CertificateAuthority.Builder subBuilder = null;
+              if (certificateAuthority_ != null) {
+                subBuilder = certificateAuthority_.toBuilder();
+              }
+              certificateAuthority_ =
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.CertificateAuthority.parser(),
+                      extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(certificateAuthority_);
+                certificateAuthority_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 34:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              requestId_ = s;
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_CreateCertificateAuthorityRequest_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_CreateCertificateAuthorityRequest_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest.class,
+            com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest.Builder.class);
+  }
+
+  public static final int PARENT_FIELD_NUMBER = 1;
+  private volatile java.lang.Object parent_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name of the
+   * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The parent.
+   */
+  @java.lang.Override
+  public java.lang.String getParent() {
+    java.lang.Object ref = parent_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      parent_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name of the
+   * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for parent.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getParentBytes() {
+    java.lang.Object ref = parent_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      parent_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int CERTIFICATE_AUTHORITY_ID_FIELD_NUMBER = 2;
+  private volatile java.lang.Object certificateAuthorityId_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. It must be unique within a location and match the regular
+   * expression `[a-zA-Z0-9_-]{1,63}`
+   * </pre>
+   *
+   * <code>string certificate_authority_id = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+   *
+   * @return The certificateAuthorityId.
+   */
+  @java.lang.Override
+  public java.lang.String getCertificateAuthorityId() {
+    java.lang.Object ref = certificateAuthorityId_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      certificateAuthorityId_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. It must be unique within a location and match the regular
+   * expression `[a-zA-Z0-9_-]{1,63}`
+   * </pre>
+   *
+   * <code>string certificate_authority_id = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+   *
+   * @return The bytes for certificateAuthorityId.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getCertificateAuthorityIdBytes() {
+    java.lang.Object ref = certificateAuthorityId_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      certificateAuthorityId_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int CERTIFICATE_AUTHORITY_FIELD_NUMBER = 3;
+  private com.google.cloud.security.privateca.v1.CertificateAuthority certificateAuthority_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. A
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * with initial field values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateAuthority certificate_authority = 3 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return Whether the certificateAuthority field is set.
+   */
+  @java.lang.Override
+  public boolean hasCertificateAuthority() {
+    return certificateAuthority_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. A
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * with initial field values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateAuthority certificate_authority = 3 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The certificateAuthority.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateAuthority getCertificateAuthority() {
+    return certificateAuthority_ == null
+        ? com.google.cloud.security.privateca.v1.CertificateAuthority.getDefaultInstance()
+        : certificateAuthority_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. A
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * with initial field values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateAuthority certificate_authority = 3 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateAuthorityOrBuilder
+      getCertificateAuthorityOrBuilder() {
+    return getCertificateAuthority();
+  }
+
+  public static final int REQUEST_ID_FIELD_NUMBER = 4;
+  private volatile java.lang.Object requestId_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The requestId.
+   */
+  @java.lang.Override
+  public java.lang.String getRequestId() {
+    java.lang.Object ref = requestId_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      requestId_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for requestId.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getRequestIdBytes() {
+    java.lang.Object ref = requestId_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      requestId_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!getParentBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, parent_);
+    }
+    if (!getCertificateAuthorityIdBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 2, certificateAuthorityId_);
+    }
+    if (certificateAuthority_ != null) {
+      output.writeMessage(3, getCertificateAuthority());
+    }
+    if (!getRequestIdBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 4, requestId_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!getParentBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, parent_);
+    }
+    if (!getCertificateAuthorityIdBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(2, certificateAuthorityId_);
+    }
+    if (certificateAuthority_ != null) {
+      size +=
+          com.google.protobuf.CodedOutputStream.computeMessageSize(3, getCertificateAuthority());
+    }
+    if (!getRequestIdBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(4, requestId_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj
+        instanceof com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest other =
+        (com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest) obj;
+
+    if (!getParent().equals(other.getParent())) return false;
+    if (!getCertificateAuthorityId().equals(other.getCertificateAuthorityId())) return false;
+    if (hasCertificateAuthority() != other.hasCertificateAuthority()) return false;
+    if (hasCertificateAuthority()) {
+      if (!getCertificateAuthority().equals(other.getCertificateAuthority())) return false;
+    }
+    if (!getRequestId().equals(other.getRequestId())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + PARENT_FIELD_NUMBER;
+    hash = (53 * hash) + getParent().hashCode();
+    hash = (37 * hash) + CERTIFICATE_AUTHORITY_ID_FIELD_NUMBER;
+    hash = (53 * hash) + getCertificateAuthorityId().hashCode();
+    if (hasCertificateAuthority()) {
+      hash = (37 * hash) + CERTIFICATE_AUTHORITY_FIELD_NUMBER;
+      hash = (53 * hash) + getCertificateAuthority().hashCode();
+    }
+    hash = (37 * hash) + REQUEST_ID_FIELD_NUMBER;
+    hash = (53 * hash) + getRequestId().hashCode();
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest parseFrom(
+      byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest
+      parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest
+      parseDelimitedFrom(
+          java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Request message for
+   * [CertificateAuthorityService.CreateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificateAuthority].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest)
+      com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequestOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_CreateCertificateAuthorityRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_CreateCertificateAuthorityRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest.class,
+              com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest.Builder
+                  .class);
+    }
+
+    // Construct using
+    // com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      parent_ = "";
+
+      certificateAuthorityId_ = "";
+
+      if (certificateAuthorityBuilder_ == null) {
+        certificateAuthority_ = null;
+      } else {
+        certificateAuthority_ = null;
+        certificateAuthorityBuilder_ = null;
+      }
+      requestId_ = "";
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_CreateCertificateAuthorityRequest_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest
+        getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest
+          .getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest build() {
+      com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest result =
+          buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest buildPartial() {
+      com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest result =
+          new com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest(this);
+      result.parent_ = parent_;
+      result.certificateAuthorityId_ = certificateAuthorityId_;
+      if (certificateAuthorityBuilder_ == null) {
+        result.certificateAuthority_ = certificateAuthority_;
+      } else {
+        result.certificateAuthority_ = certificateAuthorityBuilder_.build();
+      }
+      result.requestId_ = requestId_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other
+          instanceof com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest) {
+        return mergeFrom(
+            (com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(
+        com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest other) {
+      if (other
+          == com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest
+              .getDefaultInstance()) return this;
+      if (!other.getParent().isEmpty()) {
+        parent_ = other.parent_;
+        onChanged();
+      }
+      if (!other.getCertificateAuthorityId().isEmpty()) {
+        certificateAuthorityId_ = other.certificateAuthorityId_;
+        onChanged();
+      }
+      if (other.hasCertificateAuthority()) {
+        mergeCertificateAuthority(other.getCertificateAuthority());
+      }
+      if (!other.getRequestId().isEmpty()) {
+        requestId_ = other.requestId_;
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest)
+                e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private java.lang.Object parent_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The parent.
+     */
+    public java.lang.String getParent() {
+      java.lang.Object ref = parent_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        parent_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for parent.
+     */
+    public com.google.protobuf.ByteString getParentBytes() {
+      java.lang.Object ref = parent_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        parent_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The parent to set.
+     * @return This builder for chaining.
+     */
+    public Builder setParent(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      parent_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearParent() {
+
+      parent_ = getDefaultInstance().getParent();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The bytes for parent to set.
+     * @return This builder for chaining.
+     */
+    public Builder setParentBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      parent_ = value;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object certificateAuthorityId_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Required. It must be unique within a location and match the regular
+     * expression `[a-zA-Z0-9_-]{1,63}`
+     * </pre>
+     *
+     * <code>string certificate_authority_id = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The certificateAuthorityId.
+     */
+    public java.lang.String getCertificateAuthorityId() {
+      java.lang.Object ref = certificateAuthorityId_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        certificateAuthorityId_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. It must be unique within a location and match the regular
+     * expression `[a-zA-Z0-9_-]{1,63}`
+     * </pre>
+     *
+     * <code>string certificate_authority_id = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The bytes for certificateAuthorityId.
+     */
+    public com.google.protobuf.ByteString getCertificateAuthorityIdBytes() {
+      java.lang.Object ref = certificateAuthorityId_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        certificateAuthorityId_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. It must be unique within a location and match the regular
+     * expression `[a-zA-Z0-9_-]{1,63}`
+     * </pre>
+     *
+     * <code>string certificate_authority_id = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @param value The certificateAuthorityId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setCertificateAuthorityId(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      certificateAuthorityId_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. It must be unique within a location and match the regular
+     * expression `[a-zA-Z0-9_-]{1,63}`
+     * </pre>
+     *
+     * <code>string certificate_authority_id = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearCertificateAuthorityId() {
+
+      certificateAuthorityId_ = getDefaultInstance().getCertificateAuthorityId();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. It must be unique within a location and match the regular
+     * expression `[a-zA-Z0-9_-]{1,63}`
+     * </pre>
+     *
+     * <code>string certificate_authority_id = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @param value The bytes for certificateAuthorityId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setCertificateAuthorityIdBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      certificateAuthorityId_ = value;
+      onChanged();
+      return this;
+    }
+
+    private com.google.cloud.security.privateca.v1.CertificateAuthority certificateAuthority_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateAuthority,
+            com.google.cloud.security.privateca.v1.CertificateAuthority.Builder,
+            com.google.cloud.security.privateca.v1.CertificateAuthorityOrBuilder>
+        certificateAuthorityBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. A
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * with initial field values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority certificate_authority = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return Whether the certificateAuthority field is set.
+     */
+    public boolean hasCertificateAuthority() {
+      return certificateAuthorityBuilder_ != null || certificateAuthority_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * with initial field values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority certificate_authority = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The certificateAuthority.
+     */
+    public com.google.cloud.security.privateca.v1.CertificateAuthority getCertificateAuthority() {
+      if (certificateAuthorityBuilder_ == null) {
+        return certificateAuthority_ == null
+            ? com.google.cloud.security.privateca.v1.CertificateAuthority.getDefaultInstance()
+            : certificateAuthority_;
+      } else {
+        return certificateAuthorityBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * with initial field values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority certificate_authority = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setCertificateAuthority(
+        com.google.cloud.security.privateca.v1.CertificateAuthority value) {
+      if (certificateAuthorityBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        certificateAuthority_ = value;
+        onChanged();
+      } else {
+        certificateAuthorityBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * with initial field values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority certificate_authority = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setCertificateAuthority(
+        com.google.cloud.security.privateca.v1.CertificateAuthority.Builder builderForValue) {
+      if (certificateAuthorityBuilder_ == null) {
+        certificateAuthority_ = builderForValue.build();
+        onChanged();
+      } else {
+        certificateAuthorityBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * with initial field values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority certificate_authority = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder mergeCertificateAuthority(
+        com.google.cloud.security.privateca.v1.CertificateAuthority value) {
+      if (certificateAuthorityBuilder_ == null) {
+        if (certificateAuthority_ != null) {
+          certificateAuthority_ =
+              com.google.cloud.security.privateca.v1.CertificateAuthority.newBuilder(
+                      certificateAuthority_)
+                  .mergeFrom(value)
+                  .buildPartial();
+        } else {
+          certificateAuthority_ = value;
+        }
+        onChanged();
+      } else {
+        certificateAuthorityBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * with initial field values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority certificate_authority = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder clearCertificateAuthority() {
+      if (certificateAuthorityBuilder_ == null) {
+        certificateAuthority_ = null;
+        onChanged();
+      } else {
+        certificateAuthority_ = null;
+        certificateAuthorityBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * with initial field values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority certificate_authority = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateAuthority.Builder
+        getCertificateAuthorityBuilder() {
+
+      onChanged();
+      return getCertificateAuthorityFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * with initial field values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority certificate_authority = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateAuthorityOrBuilder
+        getCertificateAuthorityOrBuilder() {
+      if (certificateAuthorityBuilder_ != null) {
+        return certificateAuthorityBuilder_.getMessageOrBuilder();
+      } else {
+        return certificateAuthority_ == null
+            ? com.google.cloud.security.privateca.v1.CertificateAuthority.getDefaultInstance()
+            : certificateAuthority_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * with initial field values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority certificate_authority = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateAuthority,
+            com.google.cloud.security.privateca.v1.CertificateAuthority.Builder,
+            com.google.cloud.security.privateca.v1.CertificateAuthorityOrBuilder>
+        getCertificateAuthorityFieldBuilder() {
+      if (certificateAuthorityBuilder_ == null) {
+        certificateAuthorityBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.CertificateAuthority,
+                com.google.cloud.security.privateca.v1.CertificateAuthority.Builder,
+                com.google.cloud.security.privateca.v1.CertificateAuthorityOrBuilder>(
+                getCertificateAuthority(), getParentForChildren(), isClean());
+        certificateAuthority_ = null;
+      }
+      return certificateAuthorityBuilder_;
+    }
+
+    private java.lang.Object requestId_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The requestId.
+     */
+    public java.lang.String getRequestId() {
+      java.lang.Object ref = requestId_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        requestId_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for requestId.
+     */
+    public com.google.protobuf.ByteString getRequestIdBytes() {
+      java.lang.Object ref = requestId_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        requestId_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The requestId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setRequestId(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      requestId_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearRequestId() {
+
+      requestId_ = getDefaultInstance().getRequestId();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The bytes for requestId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setRequestIdBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      requestId_ = value;
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest)
+  private static final com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest
+      DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE =
+        new com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest();
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest
+      getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<CreateCertificateAuthorityRequest> PARSER =
+      new com.google.protobuf.AbstractParser<CreateCertificateAuthorityRequest>() {
+        @java.lang.Override
+        public CreateCertificateAuthorityRequest parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new CreateCertificateAuthorityRequest(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<CreateCertificateAuthorityRequest> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<CreateCertificateAuthorityRequest> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest
+      getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateAuthorityRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateAuthorityRequestOrBuilder.java
new file mode 100644
index 00000000..822bfe0c
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateAuthorityRequestOrBuilder.java
@@ -0,0 +1,180 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface CreateCertificateAuthorityRequestOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name of the
+   * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The parent.
+   */
+  java.lang.String getParent();
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name of the
+   * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for parent.
+   */
+  com.google.protobuf.ByteString getParentBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. It must be unique within a location and match the regular
+   * expression `[a-zA-Z0-9_-]{1,63}`
+   * </pre>
+   *
+   * <code>string certificate_authority_id = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+   *
+   * @return The certificateAuthorityId.
+   */
+  java.lang.String getCertificateAuthorityId();
+  /**
+   *
+   *
+   * <pre>
+   * Required. It must be unique within a location and match the regular
+   * expression `[a-zA-Z0-9_-]{1,63}`
+   * </pre>
+   *
+   * <code>string certificate_authority_id = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+   *
+   * @return The bytes for certificateAuthorityId.
+   */
+  com.google.protobuf.ByteString getCertificateAuthorityIdBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. A
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * with initial field values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateAuthority certificate_authority = 3 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return Whether the certificateAuthority field is set.
+   */
+  boolean hasCertificateAuthority();
+  /**
+   *
+   *
+   * <pre>
+   * Required. A
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * with initial field values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateAuthority certificate_authority = 3 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The certificateAuthority.
+   */
+  com.google.cloud.security.privateca.v1.CertificateAuthority getCertificateAuthority();
+  /**
+   *
+   *
+   * <pre>
+   * Required. A
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * with initial field values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateAuthority certificate_authority = 3 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.CertificateAuthorityOrBuilder
+      getCertificateAuthorityOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The requestId.
+   */
+  java.lang.String getRequestId();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for requestId.
+   */
+  com.google.protobuf.ByteString getRequestIdBytes();
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateRequest.java
new file mode 100644
index 00000000..32e7dc73
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateRequest.java
@@ -0,0 +1,1889 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Request message for
+ * [CertificateAuthorityService.CreateCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificate].
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.CreateCertificateRequest}
+ */
+public final class CreateCertificateRequest extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.CreateCertificateRequest)
+    CreateCertificateRequestOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use CreateCertificateRequest.newBuilder() to construct.
+  private CreateCertificateRequest(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private CreateCertificateRequest() {
+    parent_ = "";
+    certificateId_ = "";
+    requestId_ = "";
+    issuingCertificateAuthorityId_ = "";
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new CreateCertificateRequest();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private CreateCertificateRequest(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              parent_ = s;
+              break;
+            }
+          case 18:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              certificateId_ = s;
+              break;
+            }
+          case 26:
+            {
+              com.google.cloud.security.privateca.v1.Certificate.Builder subBuilder = null;
+              if (certificate_ != null) {
+                subBuilder = certificate_.toBuilder();
+              }
+              certificate_ =
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.Certificate.parser(),
+                      extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(certificate_);
+                certificate_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 34:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              requestId_ = s;
+              break;
+            }
+          case 40:
+            {
+              validateOnly_ = input.readBool();
+              break;
+            }
+          case 50:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              issuingCertificateAuthorityId_ = s;
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_CreateCertificateRequest_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_CreateCertificateRequest_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.CreateCertificateRequest.class,
+            com.google.cloud.security.privateca.v1.CreateCertificateRequest.Builder.class);
+  }
+
+  public static final int PARENT_FIELD_NUMBER = 1;
+  private volatile java.lang.Object parent_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name of the
+   * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+   * [Certificate][google.cloud.security.privateca.v1.Certificate], in the
+   * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The parent.
+   */
+  @java.lang.Override
+  public java.lang.String getParent() {
+    java.lang.Object ref = parent_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      parent_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name of the
+   * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+   * [Certificate][google.cloud.security.privateca.v1.Certificate], in the
+   * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for parent.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getParentBytes() {
+    java.lang.Object ref = parent_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      parent_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int CERTIFICATE_ID_FIELD_NUMBER = 2;
+  private volatile java.lang.Object certificateId_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. It must be unique within a location and match the regular
+   * expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * in the Enterprise
+   * [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier], but is
+   * optional and its value is ignored otherwise.
+   * </pre>
+   *
+   * <code>string certificate_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The certificateId.
+   */
+  @java.lang.Override
+  public java.lang.String getCertificateId() {
+    java.lang.Object ref = certificateId_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      certificateId_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. It must be unique within a location and match the regular
+   * expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * in the Enterprise
+   * [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier], but is
+   * optional and its value is ignored otherwise.
+   * </pre>
+   *
+   * <code>string certificate_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for certificateId.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getCertificateIdBytes() {
+    java.lang.Object ref = certificateId_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      certificateId_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int CERTIFICATE_FIELD_NUMBER = 3;
+  private com.google.cloud.security.privateca.v1.Certificate certificate_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
+   * with initial field values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.Certificate certificate = 3 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return Whether the certificate field is set.
+   */
+  @java.lang.Override
+  public boolean hasCertificate() {
+    return certificate_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
+   * with initial field values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.Certificate certificate = 3 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The certificate.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.Certificate getCertificate() {
+    return certificate_ == null
+        ? com.google.cloud.security.privateca.v1.Certificate.getDefaultInstance()
+        : certificate_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
+   * with initial field values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.Certificate certificate = 3 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateOrBuilder getCertificateOrBuilder() {
+    return getCertificate();
+  }
+
+  public static final int REQUEST_ID_FIELD_NUMBER = 4;
+  private volatile java.lang.Object requestId_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The requestId.
+   */
+  @java.lang.Override
+  public java.lang.String getRequestId() {
+    java.lang.Object ref = requestId_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      requestId_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for requestId.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getRequestIdBytes() {
+    java.lang.Object ref = requestId_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      requestId_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int VALIDATE_ONLY_FIELD_NUMBER = 5;
+  private boolean validateOnly_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. If this is true, no
+   * [Certificate][google.cloud.security.privateca.v1.Certificate] resource will
+   * be persisted regardless of the
+   * [CaPool][google.cloud.security.privateca.v1.CaPool]'s
+   * [tier][google.cloud.security.privateca.v1.CaPool.tier], and the returned
+   * [Certificate][google.cloud.security.privateca.v1.Certificate] will not
+   * contain the
+   * [pem_certificate][google.cloud.security.privateca.v1.Certificate.pem_certificate]
+   * field.
+   * </pre>
+   *
+   * <code>bool validate_only = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The validateOnly.
+   */
+  @java.lang.Override
+  public boolean getValidateOnly() {
+    return validateOnly_;
+  }
+
+  public static final int ISSUING_CERTIFICATE_AUTHORITY_ID_FIELD_NUMBER = 6;
+  private volatile java.lang.Object issuingCertificateAuthorityId_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. The resource ID of the
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * that should issue the certificate.  This optional field will ignore the
+   * load-balancing scheme of the Pool and directly issue the certificate from
+   * the CA with the specified ID, contained in the same
+   * [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`.
+   * Per-CA quota rules apply. If left empty, a
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * will be chosen from the [CaPool][google.cloud.security.privateca.v1.CaPool]
+   * by the service. For example, to issue a
+   * [Certificate][google.cloud.security.privateca.v1.Certificate] from a
+   * Certificate Authority with resource name
+   * "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca",
+   * you can set the
+   * [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent]
+   * to "projects/my-project/locations/us-central1/caPools/my-pool" and the
+   * [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id]
+   * to "my-ca".
+   * </pre>
+   *
+   * <code>string issuing_certificate_authority_id = 6 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return The issuingCertificateAuthorityId.
+   */
+  @java.lang.Override
+  public java.lang.String getIssuingCertificateAuthorityId() {
+    java.lang.Object ref = issuingCertificateAuthorityId_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      issuingCertificateAuthorityId_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. The resource ID of the
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * that should issue the certificate.  This optional field will ignore the
+   * load-balancing scheme of the Pool and directly issue the certificate from
+   * the CA with the specified ID, contained in the same
+   * [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`.
+   * Per-CA quota rules apply. If left empty, a
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * will be chosen from the [CaPool][google.cloud.security.privateca.v1.CaPool]
+   * by the service. For example, to issue a
+   * [Certificate][google.cloud.security.privateca.v1.Certificate] from a
+   * Certificate Authority with resource name
+   * "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca",
+   * you can set the
+   * [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent]
+   * to "projects/my-project/locations/us-central1/caPools/my-pool" and the
+   * [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id]
+   * to "my-ca".
+   * </pre>
+   *
+   * <code>string issuing_certificate_authority_id = 6 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return The bytes for issuingCertificateAuthorityId.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getIssuingCertificateAuthorityIdBytes() {
+    java.lang.Object ref = issuingCertificateAuthorityId_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      issuingCertificateAuthorityId_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!getParentBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, parent_);
+    }
+    if (!getCertificateIdBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 2, certificateId_);
+    }
+    if (certificate_ != null) {
+      output.writeMessage(3, getCertificate());
+    }
+    if (!getRequestIdBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 4, requestId_);
+    }
+    if (validateOnly_ != false) {
+      output.writeBool(5, validateOnly_);
+    }
+    if (!getIssuingCertificateAuthorityIdBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 6, issuingCertificateAuthorityId_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!getParentBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, parent_);
+    }
+    if (!getCertificateIdBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(2, certificateId_);
+    }
+    if (certificate_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(3, getCertificate());
+    }
+    if (!getRequestIdBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(4, requestId_);
+    }
+    if (validateOnly_ != false) {
+      size += com.google.protobuf.CodedOutputStream.computeBoolSize(5, validateOnly_);
+    }
+    if (!getIssuingCertificateAuthorityIdBytes().isEmpty()) {
+      size +=
+          com.google.protobuf.GeneratedMessageV3.computeStringSize(
+              6, issuingCertificateAuthorityId_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.security.privateca.v1.CreateCertificateRequest)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.CreateCertificateRequest other =
+        (com.google.cloud.security.privateca.v1.CreateCertificateRequest) obj;
+
+    if (!getParent().equals(other.getParent())) return false;
+    if (!getCertificateId().equals(other.getCertificateId())) return false;
+    if (hasCertificate() != other.hasCertificate()) return false;
+    if (hasCertificate()) {
+      if (!getCertificate().equals(other.getCertificate())) return false;
+    }
+    if (!getRequestId().equals(other.getRequestId())) return false;
+    if (getValidateOnly() != other.getValidateOnly()) return false;
+    if (!getIssuingCertificateAuthorityId().equals(other.getIssuingCertificateAuthorityId()))
+      return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + PARENT_FIELD_NUMBER;
+    hash = (53 * hash) + getParent().hashCode();
+    hash = (37 * hash) + CERTIFICATE_ID_FIELD_NUMBER;
+    hash = (53 * hash) + getCertificateId().hashCode();
+    if (hasCertificate()) {
+      hash = (37 * hash) + CERTIFICATE_FIELD_NUMBER;
+      hash = (53 * hash) + getCertificate().hashCode();
+    }
+    hash = (37 * hash) + REQUEST_ID_FIELD_NUMBER;
+    hash = (53 * hash) + getRequestId().hashCode();
+    hash = (37 * hash) + VALIDATE_ONLY_FIELD_NUMBER;
+    hash = (53 * hash) + com.google.protobuf.Internal.hashBoolean(getValidateOnly());
+    hash = (37 * hash) + ISSUING_CERTIFICATE_AUTHORITY_ID_FIELD_NUMBER;
+    hash = (53 * hash) + getIssuingCertificateAuthorityId().hashCode();
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCertificateRequest parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCertificateRequest parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCertificateRequest parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCertificateRequest parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCertificateRequest parseFrom(
+      byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCertificateRequest parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCertificateRequest parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCertificateRequest parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCertificateRequest parseDelimitedFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCertificateRequest parseDelimitedFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCertificateRequest parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCertificateRequest parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.CreateCertificateRequest prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Request message for
+   * [CertificateAuthorityService.CreateCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificate].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.CreateCertificateRequest}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.CreateCertificateRequest)
+      com.google.cloud.security.privateca.v1.CreateCertificateRequestOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_CreateCertificateRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_CreateCertificateRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.CreateCertificateRequest.class,
+              com.google.cloud.security.privateca.v1.CreateCertificateRequest.Builder.class);
+    }
+
+    // Construct using com.google.cloud.security.privateca.v1.CreateCertificateRequest.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      parent_ = "";
+
+      certificateId_ = "";
+
+      if (certificateBuilder_ == null) {
+        certificate_ = null;
+      } else {
+        certificate_ = null;
+        certificateBuilder_ = null;
+      }
+      requestId_ = "";
+
+      validateOnly_ = false;
+
+      issuingCertificateAuthorityId_ = "";
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_CreateCertificateRequest_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CreateCertificateRequest
+        getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.CreateCertificateRequest.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CreateCertificateRequest build() {
+      com.google.cloud.security.privateca.v1.CreateCertificateRequest result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CreateCertificateRequest buildPartial() {
+      com.google.cloud.security.privateca.v1.CreateCertificateRequest result =
+          new com.google.cloud.security.privateca.v1.CreateCertificateRequest(this);
+      result.parent_ = parent_;
+      result.certificateId_ = certificateId_;
+      if (certificateBuilder_ == null) {
+        result.certificate_ = certificate_;
+      } else {
+        result.certificate_ = certificateBuilder_.build();
+      }
+      result.requestId_ = requestId_;
+      result.validateOnly_ = validateOnly_;
+      result.issuingCertificateAuthorityId_ = issuingCertificateAuthorityId_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.security.privateca.v1.CreateCertificateRequest) {
+        return mergeFrom((com.google.cloud.security.privateca.v1.CreateCertificateRequest) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(
+        com.google.cloud.security.privateca.v1.CreateCertificateRequest other) {
+      if (other
+          == com.google.cloud.security.privateca.v1.CreateCertificateRequest.getDefaultInstance())
+        return this;
+      if (!other.getParent().isEmpty()) {
+        parent_ = other.parent_;
+        onChanged();
+      }
+      if (!other.getCertificateId().isEmpty()) {
+        certificateId_ = other.certificateId_;
+        onChanged();
+      }
+      if (other.hasCertificate()) {
+        mergeCertificate(other.getCertificate());
+      }
+      if (!other.getRequestId().isEmpty()) {
+        requestId_ = other.requestId_;
+        onChanged();
+      }
+      if (other.getValidateOnly() != false) {
+        setValidateOnly(other.getValidateOnly());
+      }
+      if (!other.getIssuingCertificateAuthorityId().isEmpty()) {
+        issuingCertificateAuthorityId_ = other.issuingCertificateAuthorityId_;
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.CreateCertificateRequest parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.CreateCertificateRequest)
+                e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private java.lang.Object parent_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     * [Certificate][google.cloud.security.privateca.v1.Certificate], in the
+     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The parent.
+     */
+    public java.lang.String getParent() {
+      java.lang.Object ref = parent_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        parent_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     * [Certificate][google.cloud.security.privateca.v1.Certificate], in the
+     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for parent.
+     */
+    public com.google.protobuf.ByteString getParentBytes() {
+      java.lang.Object ref = parent_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        parent_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     * [Certificate][google.cloud.security.privateca.v1.Certificate], in the
+     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The parent to set.
+     * @return This builder for chaining.
+     */
+    public Builder setParent(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      parent_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     * [Certificate][google.cloud.security.privateca.v1.Certificate], in the
+     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearParent() {
+
+      parent_ = getDefaultInstance().getParent();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     * [Certificate][google.cloud.security.privateca.v1.Certificate], in the
+     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The bytes for parent to set.
+     * @return This builder for chaining.
+     */
+    public Builder setParentBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      parent_ = value;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object certificateId_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Optional. It must be unique within a location and match the regular
+     * expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the Enterprise
+     * [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier], but is
+     * optional and its value is ignored otherwise.
+     * </pre>
+     *
+     * <code>string certificate_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The certificateId.
+     */
+    public java.lang.String getCertificateId() {
+      java.lang.Object ref = certificateId_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        certificateId_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. It must be unique within a location and match the regular
+     * expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the Enterprise
+     * [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier], but is
+     * optional and its value is ignored otherwise.
+     * </pre>
+     *
+     * <code>string certificate_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for certificateId.
+     */
+    public com.google.protobuf.ByteString getCertificateIdBytes() {
+      java.lang.Object ref = certificateId_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        certificateId_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. It must be unique within a location and match the regular
+     * expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the Enterprise
+     * [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier], but is
+     * optional and its value is ignored otherwise.
+     * </pre>
+     *
+     * <code>string certificate_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The certificateId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setCertificateId(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      certificateId_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. It must be unique within a location and match the regular
+     * expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the Enterprise
+     * [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier], but is
+     * optional and its value is ignored otherwise.
+     * </pre>
+     *
+     * <code>string certificate_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearCertificateId() {
+
+      certificateId_ = getDefaultInstance().getCertificateId();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. It must be unique within a location and match the regular
+     * expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the Enterprise
+     * [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier], but is
+     * optional and its value is ignored otherwise.
+     * </pre>
+     *
+     * <code>string certificate_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The bytes for certificateId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setCertificateIdBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      certificateId_ = value;
+      onChanged();
+      return this;
+    }
+
+    private com.google.cloud.security.privateca.v1.Certificate certificate_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.Certificate,
+            com.google.cloud.security.privateca.v1.Certificate.Builder,
+            com.google.cloud.security.privateca.v1.CertificateOrBuilder>
+        certificateBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
+     * with initial field values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.Certificate certificate = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return Whether the certificate field is set.
+     */
+    public boolean hasCertificate() {
+      return certificateBuilder_ != null || certificate_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
+     * with initial field values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.Certificate certificate = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The certificate.
+     */
+    public com.google.cloud.security.privateca.v1.Certificate getCertificate() {
+      if (certificateBuilder_ == null) {
+        return certificate_ == null
+            ? com.google.cloud.security.privateca.v1.Certificate.getDefaultInstance()
+            : certificate_;
+      } else {
+        return certificateBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
+     * with initial field values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.Certificate certificate = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setCertificate(com.google.cloud.security.privateca.v1.Certificate value) {
+      if (certificateBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        certificate_ = value;
+        onChanged();
+      } else {
+        certificateBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
+     * with initial field values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.Certificate certificate = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setCertificate(
+        com.google.cloud.security.privateca.v1.Certificate.Builder builderForValue) {
+      if (certificateBuilder_ == null) {
+        certificate_ = builderForValue.build();
+        onChanged();
+      } else {
+        certificateBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
+     * with initial field values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.Certificate certificate = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder mergeCertificate(com.google.cloud.security.privateca.v1.Certificate value) {
+      if (certificateBuilder_ == null) {
+        if (certificate_ != null) {
+          certificate_ =
+              com.google.cloud.security.privateca.v1.Certificate.newBuilder(certificate_)
+                  .mergeFrom(value)
+                  .buildPartial();
+        } else {
+          certificate_ = value;
+        }
+        onChanged();
+      } else {
+        certificateBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
+     * with initial field values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.Certificate certificate = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder clearCertificate() {
+      if (certificateBuilder_ == null) {
+        certificate_ = null;
+        onChanged();
+      } else {
+        certificate_ = null;
+        certificateBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
+     * with initial field values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.Certificate certificate = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.Certificate.Builder getCertificateBuilder() {
+
+      onChanged();
+      return getCertificateFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
+     * with initial field values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.Certificate certificate = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateOrBuilder getCertificateOrBuilder() {
+      if (certificateBuilder_ != null) {
+        return certificateBuilder_.getMessageOrBuilder();
+      } else {
+        return certificate_ == null
+            ? com.google.cloud.security.privateca.v1.Certificate.getDefaultInstance()
+            : certificate_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
+     * with initial field values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.Certificate certificate = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.Certificate,
+            com.google.cloud.security.privateca.v1.Certificate.Builder,
+            com.google.cloud.security.privateca.v1.CertificateOrBuilder>
+        getCertificateFieldBuilder() {
+      if (certificateBuilder_ == null) {
+        certificateBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.Certificate,
+                com.google.cloud.security.privateca.v1.Certificate.Builder,
+                com.google.cloud.security.privateca.v1.CertificateOrBuilder>(
+                getCertificate(), getParentForChildren(), isClean());
+        certificate_ = null;
+      }
+      return certificateBuilder_;
+    }
+
+    private java.lang.Object requestId_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The requestId.
+     */
+    public java.lang.String getRequestId() {
+      java.lang.Object ref = requestId_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        requestId_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for requestId.
+     */
+    public com.google.protobuf.ByteString getRequestIdBytes() {
+      java.lang.Object ref = requestId_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        requestId_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The requestId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setRequestId(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      requestId_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearRequestId() {
+
+      requestId_ = getDefaultInstance().getRequestId();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The bytes for requestId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setRequestIdBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      requestId_ = value;
+      onChanged();
+      return this;
+    }
+
+    private boolean validateOnly_;
+    /**
+     *
+     *
+     * <pre>
+     * Optional. If this is true, no
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] resource will
+     * be persisted regardless of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool]'s
+     * [tier][google.cloud.security.privateca.v1.CaPool.tier], and the returned
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] will not
+     * contain the
+     * [pem_certificate][google.cloud.security.privateca.v1.Certificate.pem_certificate]
+     * field.
+     * </pre>
+     *
+     * <code>bool validate_only = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The validateOnly.
+     */
+    @java.lang.Override
+    public boolean getValidateOnly() {
+      return validateOnly_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. If this is true, no
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] resource will
+     * be persisted regardless of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool]'s
+     * [tier][google.cloud.security.privateca.v1.CaPool.tier], and the returned
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] will not
+     * contain the
+     * [pem_certificate][google.cloud.security.privateca.v1.Certificate.pem_certificate]
+     * field.
+     * </pre>
+     *
+     * <code>bool validate_only = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The validateOnly to set.
+     * @return This builder for chaining.
+     */
+    public Builder setValidateOnly(boolean value) {
+
+      validateOnly_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. If this is true, no
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] resource will
+     * be persisted regardless of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool]'s
+     * [tier][google.cloud.security.privateca.v1.CaPool.tier], and the returned
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] will not
+     * contain the
+     * [pem_certificate][google.cloud.security.privateca.v1.Certificate.pem_certificate]
+     * field.
+     * </pre>
+     *
+     * <code>bool validate_only = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearValidateOnly() {
+
+      validateOnly_ = false;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object issuingCertificateAuthorityId_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The resource ID of the
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * that should issue the certificate.  This optional field will ignore the
+     * load-balancing scheme of the Pool and directly issue the certificate from
+     * the CA with the specified ID, contained in the same
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`.
+     * Per-CA quota rules apply. If left empty, a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * will be chosen from the [CaPool][google.cloud.security.privateca.v1.CaPool]
+     * by the service. For example, to issue a
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] from a
+     * Certificate Authority with resource name
+     * "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca",
+     * you can set the
+     * [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent]
+     * to "projects/my-project/locations/us-central1/caPools/my-pool" and the
+     * [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id]
+     * to "my-ca".
+     * </pre>
+     *
+     * <code>string issuing_certificate_authority_id = 6 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return The issuingCertificateAuthorityId.
+     */
+    public java.lang.String getIssuingCertificateAuthorityId() {
+      java.lang.Object ref = issuingCertificateAuthorityId_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        issuingCertificateAuthorityId_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The resource ID of the
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * that should issue the certificate.  This optional field will ignore the
+     * load-balancing scheme of the Pool and directly issue the certificate from
+     * the CA with the specified ID, contained in the same
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`.
+     * Per-CA quota rules apply. If left empty, a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * will be chosen from the [CaPool][google.cloud.security.privateca.v1.CaPool]
+     * by the service. For example, to issue a
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] from a
+     * Certificate Authority with resource name
+     * "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca",
+     * you can set the
+     * [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent]
+     * to "projects/my-project/locations/us-central1/caPools/my-pool" and the
+     * [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id]
+     * to "my-ca".
+     * </pre>
+     *
+     * <code>string issuing_certificate_authority_id = 6 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return The bytes for issuingCertificateAuthorityId.
+     */
+    public com.google.protobuf.ByteString getIssuingCertificateAuthorityIdBytes() {
+      java.lang.Object ref = issuingCertificateAuthorityId_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        issuingCertificateAuthorityId_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The resource ID of the
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * that should issue the certificate.  This optional field will ignore the
+     * load-balancing scheme of the Pool and directly issue the certificate from
+     * the CA with the specified ID, contained in the same
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`.
+     * Per-CA quota rules apply. If left empty, a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * will be chosen from the [CaPool][google.cloud.security.privateca.v1.CaPool]
+     * by the service. For example, to issue a
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] from a
+     * Certificate Authority with resource name
+     * "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca",
+     * you can set the
+     * [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent]
+     * to "projects/my-project/locations/us-central1/caPools/my-pool" and the
+     * [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id]
+     * to "my-ca".
+     * </pre>
+     *
+     * <code>string issuing_certificate_authority_id = 6 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @param value The issuingCertificateAuthorityId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setIssuingCertificateAuthorityId(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      issuingCertificateAuthorityId_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The resource ID of the
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * that should issue the certificate.  This optional field will ignore the
+     * load-balancing scheme of the Pool and directly issue the certificate from
+     * the CA with the specified ID, contained in the same
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`.
+     * Per-CA quota rules apply. If left empty, a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * will be chosen from the [CaPool][google.cloud.security.privateca.v1.CaPool]
+     * by the service. For example, to issue a
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] from a
+     * Certificate Authority with resource name
+     * "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca",
+     * you can set the
+     * [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent]
+     * to "projects/my-project/locations/us-central1/caPools/my-pool" and the
+     * [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id]
+     * to "my-ca".
+     * </pre>
+     *
+     * <code>string issuing_certificate_authority_id = 6 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearIssuingCertificateAuthorityId() {
+
+      issuingCertificateAuthorityId_ = getDefaultInstance().getIssuingCertificateAuthorityId();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The resource ID of the
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * that should issue the certificate.  This optional field will ignore the
+     * load-balancing scheme of the Pool and directly issue the certificate from
+     * the CA with the specified ID, contained in the same
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`.
+     * Per-CA quota rules apply. If left empty, a
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * will be chosen from the [CaPool][google.cloud.security.privateca.v1.CaPool]
+     * by the service. For example, to issue a
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] from a
+     * Certificate Authority with resource name
+     * "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca",
+     * you can set the
+     * [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent]
+     * to "projects/my-project/locations/us-central1/caPools/my-pool" and the
+     * [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id]
+     * to "my-ca".
+     * </pre>
+     *
+     * <code>string issuing_certificate_authority_id = 6 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @param value The bytes for issuingCertificateAuthorityId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setIssuingCertificateAuthorityIdBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      issuingCertificateAuthorityId_ = value;
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.CreateCertificateRequest)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.CreateCertificateRequest)
+  private static final com.google.cloud.security.privateca.v1.CreateCertificateRequest
+      DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.CreateCertificateRequest();
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCertificateRequest
+      getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<CreateCertificateRequest> PARSER =
+      new com.google.protobuf.AbstractParser<CreateCertificateRequest>() {
+        @java.lang.Override
+        public CreateCertificateRequest parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new CreateCertificateRequest(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<CreateCertificateRequest> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<CreateCertificateRequest> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CreateCertificateRequest
+      getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateRequestOrBuilder.java
new file mode 100644
index 00000000..759ac96c
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateRequestOrBuilder.java
@@ -0,0 +1,266 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface CreateCertificateRequestOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.CreateCertificateRequest)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name of the
+   * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+   * [Certificate][google.cloud.security.privateca.v1.Certificate], in the
+   * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The parent.
+   */
+  java.lang.String getParent();
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name of the
+   * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+   * [Certificate][google.cloud.security.privateca.v1.Certificate], in the
+   * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for parent.
+   */
+  com.google.protobuf.ByteString getParentBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. It must be unique within a location and match the regular
+   * expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * in the Enterprise
+   * [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier], but is
+   * optional and its value is ignored otherwise.
+   * </pre>
+   *
+   * <code>string certificate_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The certificateId.
+   */
+  java.lang.String getCertificateId();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. It must be unique within a location and match the regular
+   * expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * in the Enterprise
+   * [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier], but is
+   * optional and its value is ignored otherwise.
+   * </pre>
+   *
+   * <code>string certificate_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for certificateId.
+   */
+  com.google.protobuf.ByteString getCertificateIdBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
+   * with initial field values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.Certificate certificate = 3 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return Whether the certificate field is set.
+   */
+  boolean hasCertificate();
+  /**
+   *
+   *
+   * <pre>
+   * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
+   * with initial field values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.Certificate certificate = 3 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The certificate.
+   */
+  com.google.cloud.security.privateca.v1.Certificate getCertificate();
+  /**
+   *
+   *
+   * <pre>
+   * Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
+   * with initial field values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.Certificate certificate = 3 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.CertificateOrBuilder getCertificateOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The requestId.
+   */
+  java.lang.String getRequestId();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for requestId.
+   */
+  com.google.protobuf.ByteString getRequestIdBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. If this is true, no
+   * [Certificate][google.cloud.security.privateca.v1.Certificate] resource will
+   * be persisted regardless of the
+   * [CaPool][google.cloud.security.privateca.v1.CaPool]'s
+   * [tier][google.cloud.security.privateca.v1.CaPool.tier], and the returned
+   * [Certificate][google.cloud.security.privateca.v1.Certificate] will not
+   * contain the
+   * [pem_certificate][google.cloud.security.privateca.v1.Certificate.pem_certificate]
+   * field.
+   * </pre>
+   *
+   * <code>bool validate_only = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The validateOnly.
+   */
+  boolean getValidateOnly();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. The resource ID of the
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * that should issue the certificate.  This optional field will ignore the
+   * load-balancing scheme of the Pool and directly issue the certificate from
+   * the CA with the specified ID, contained in the same
+   * [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`.
+   * Per-CA quota rules apply. If left empty, a
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * will be chosen from the [CaPool][google.cloud.security.privateca.v1.CaPool]
+   * by the service. For example, to issue a
+   * [Certificate][google.cloud.security.privateca.v1.Certificate] from a
+   * Certificate Authority with resource name
+   * "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca",
+   * you can set the
+   * [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent]
+   * to "projects/my-project/locations/us-central1/caPools/my-pool" and the
+   * [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id]
+   * to "my-ca".
+   * </pre>
+   *
+   * <code>string issuing_certificate_authority_id = 6 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return The issuingCertificateAuthorityId.
+   */
+  java.lang.String getIssuingCertificateAuthorityId();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. The resource ID of the
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * that should issue the certificate.  This optional field will ignore the
+   * load-balancing scheme of the Pool and directly issue the certificate from
+   * the CA with the specified ID, contained in the same
+   * [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`.
+   * Per-CA quota rules apply. If left empty, a
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * will be chosen from the [CaPool][google.cloud.security.privateca.v1.CaPool]
+   * by the service. For example, to issue a
+   * [Certificate][google.cloud.security.privateca.v1.Certificate] from a
+   * Certificate Authority with resource name
+   * "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca",
+   * you can set the
+   * [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent]
+   * to "projects/my-project/locations/us-central1/caPools/my-pool" and the
+   * [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id]
+   * to "my-ca".
+   * </pre>
+   *
+   * <code>string issuing_certificate_authority_id = 6 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return The bytes for issuingCertificateAuthorityId.
+   */
+  com.google.protobuf.ByteString getIssuingCertificateAuthorityIdBytes();
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateTemplateRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateTemplateRequest.java
new file mode 100644
index 00000000..84bf6f3f
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateTemplateRequest.java
@@ -0,0 +1,1451 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Request message for
+ * [CertificateAuthorityService.CreateCertificateTemplate][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificateTemplate].
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.CreateCertificateTemplateRequest}
+ */
+public final class CreateCertificateTemplateRequest extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.CreateCertificateTemplateRequest)
+    CreateCertificateTemplateRequestOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use CreateCertificateTemplateRequest.newBuilder() to construct.
+  private CreateCertificateTemplateRequest(
+      com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private CreateCertificateTemplateRequest() {
+    parent_ = "";
+    certificateTemplateId_ = "";
+    requestId_ = "";
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new CreateCertificateTemplateRequest();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private CreateCertificateTemplateRequest(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              parent_ = s;
+              break;
+            }
+          case 18:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              certificateTemplateId_ = s;
+              break;
+            }
+          case 26:
+            {
+              com.google.cloud.security.privateca.v1.CertificateTemplate.Builder subBuilder = null;
+              if (certificateTemplate_ != null) {
+                subBuilder = certificateTemplate_.toBuilder();
+              }
+              certificateTemplate_ =
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.CertificateTemplate.parser(),
+                      extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(certificateTemplate_);
+                certificateTemplate_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 34:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              requestId_ = s;
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_CreateCertificateTemplateRequest_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_CreateCertificateTemplateRequest_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest.class,
+            com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest.Builder.class);
+  }
+
+  public static final int PARENT_FIELD_NUMBER = 1;
+  private volatile java.lang.Object parent_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name of the location associated with the
+   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate],
+   * in the format `projects/&#42;&#47;locations/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The parent.
+   */
+  @java.lang.Override
+  public java.lang.String getParent() {
+    java.lang.Object ref = parent_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      parent_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name of the location associated with the
+   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate],
+   * in the format `projects/&#42;&#47;locations/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for parent.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getParentBytes() {
+    java.lang.Object ref = parent_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      parent_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int CERTIFICATE_TEMPLATE_ID_FIELD_NUMBER = 2;
+  private volatile java.lang.Object certificateTemplateId_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. It must be unique within a location and match the regular
+   * expression `[a-zA-Z0-9_-]{1,63}`
+   * </pre>
+   *
+   * <code>string certificate_template_id = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+   *
+   * @return The certificateTemplateId.
+   */
+  @java.lang.Override
+  public java.lang.String getCertificateTemplateId() {
+    java.lang.Object ref = certificateTemplateId_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      certificateTemplateId_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. It must be unique within a location and match the regular
+   * expression `[a-zA-Z0-9_-]{1,63}`
+   * </pre>
+   *
+   * <code>string certificate_template_id = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+   *
+   * @return The bytes for certificateTemplateId.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getCertificateTemplateIdBytes() {
+    java.lang.Object ref = certificateTemplateId_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      certificateTemplateId_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int CERTIFICATE_TEMPLATE_FIELD_NUMBER = 3;
+  private com.google.cloud.security.privateca.v1.CertificateTemplate certificateTemplate_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. A
+   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+   * with initial field values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateTemplate certificate_template = 3 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return Whether the certificateTemplate field is set.
+   */
+  @java.lang.Override
+  public boolean hasCertificateTemplate() {
+    return certificateTemplate_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. A
+   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+   * with initial field values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateTemplate certificate_template = 3 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The certificateTemplate.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateTemplate getCertificateTemplate() {
+    return certificateTemplate_ == null
+        ? com.google.cloud.security.privateca.v1.CertificateTemplate.getDefaultInstance()
+        : certificateTemplate_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. A
+   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+   * with initial field values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateTemplate certificate_template = 3 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateTemplateOrBuilder
+      getCertificateTemplateOrBuilder() {
+    return getCertificateTemplate();
+  }
+
+  public static final int REQUEST_ID_FIELD_NUMBER = 4;
+  private volatile java.lang.Object requestId_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The requestId.
+   */
+  @java.lang.Override
+  public java.lang.String getRequestId() {
+    java.lang.Object ref = requestId_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      requestId_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for requestId.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getRequestIdBytes() {
+    java.lang.Object ref = requestId_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      requestId_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!getParentBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, parent_);
+    }
+    if (!getCertificateTemplateIdBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 2, certificateTemplateId_);
+    }
+    if (certificateTemplate_ != null) {
+      output.writeMessage(3, getCertificateTemplate());
+    }
+    if (!getRequestIdBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 4, requestId_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!getParentBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, parent_);
+    }
+    if (!getCertificateTemplateIdBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(2, certificateTemplateId_);
+    }
+    if (certificateTemplate_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(3, getCertificateTemplate());
+    }
+    if (!getRequestIdBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(4, requestId_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest other =
+        (com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest) obj;
+
+    if (!getParent().equals(other.getParent())) return false;
+    if (!getCertificateTemplateId().equals(other.getCertificateTemplateId())) return false;
+    if (hasCertificateTemplate() != other.hasCertificateTemplate()) return false;
+    if (hasCertificateTemplate()) {
+      if (!getCertificateTemplate().equals(other.getCertificateTemplate())) return false;
+    }
+    if (!getRequestId().equals(other.getRequestId())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + PARENT_FIELD_NUMBER;
+    hash = (53 * hash) + getParent().hashCode();
+    hash = (37 * hash) + CERTIFICATE_TEMPLATE_ID_FIELD_NUMBER;
+    hash = (53 * hash) + getCertificateTemplateId().hashCode();
+    if (hasCertificateTemplate()) {
+      hash = (37 * hash) + CERTIFICATE_TEMPLATE_FIELD_NUMBER;
+      hash = (53 * hash) + getCertificateTemplate().hashCode();
+    }
+    hash = (37 * hash) + REQUEST_ID_FIELD_NUMBER;
+    hash = (53 * hash) + getRequestId().hashCode();
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest parseFrom(
+      byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest
+      parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest
+      parseDelimitedFrom(
+          java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Request message for
+   * [CertificateAuthorityService.CreateCertificateTemplate][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificateTemplate].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.CreateCertificateTemplateRequest}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.CreateCertificateTemplateRequest)
+      com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequestOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_CreateCertificateTemplateRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_CreateCertificateTemplateRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest.class,
+              com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest.Builder
+                  .class);
+    }
+
+    // Construct using
+    // com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      parent_ = "";
+
+      certificateTemplateId_ = "";
+
+      if (certificateTemplateBuilder_ == null) {
+        certificateTemplate_ = null;
+      } else {
+        certificateTemplate_ = null;
+        certificateTemplateBuilder_ = null;
+      }
+      requestId_ = "";
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_CreateCertificateTemplateRequest_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest
+        getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest
+          .getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest build() {
+      com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest result =
+          buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest buildPartial() {
+      com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest result =
+          new com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest(this);
+      result.parent_ = parent_;
+      result.certificateTemplateId_ = certificateTemplateId_;
+      if (certificateTemplateBuilder_ == null) {
+        result.certificateTemplate_ = certificateTemplate_;
+      } else {
+        result.certificateTemplate_ = certificateTemplateBuilder_.build();
+      }
+      result.requestId_ = requestId_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other
+          instanceof com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest) {
+        return mergeFrom(
+            (com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(
+        com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest other) {
+      if (other
+          == com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest
+              .getDefaultInstance()) return this;
+      if (!other.getParent().isEmpty()) {
+        parent_ = other.parent_;
+        onChanged();
+      }
+      if (!other.getCertificateTemplateId().isEmpty()) {
+        certificateTemplateId_ = other.certificateTemplateId_;
+        onChanged();
+      }
+      if (other.hasCertificateTemplate()) {
+        mergeCertificateTemplate(other.getCertificateTemplate());
+      }
+      if (!other.getRequestId().isEmpty()) {
+        requestId_ = other.requestId_;
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest)
+                e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private java.lang.Object parent_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the location associated with the
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate],
+     * in the format `projects/&#42;&#47;locations/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The parent.
+     */
+    public java.lang.String getParent() {
+      java.lang.Object ref = parent_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        parent_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the location associated with the
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate],
+     * in the format `projects/&#42;&#47;locations/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for parent.
+     */
+    public com.google.protobuf.ByteString getParentBytes() {
+      java.lang.Object ref = parent_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        parent_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the location associated with the
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate],
+     * in the format `projects/&#42;&#47;locations/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The parent to set.
+     * @return This builder for chaining.
+     */
+    public Builder setParent(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      parent_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the location associated with the
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate],
+     * in the format `projects/&#42;&#47;locations/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearParent() {
+
+      parent_ = getDefaultInstance().getParent();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the location associated with the
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate],
+     * in the format `projects/&#42;&#47;locations/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The bytes for parent to set.
+     * @return This builder for chaining.
+     */
+    public Builder setParentBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      parent_ = value;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object certificateTemplateId_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Required. It must be unique within a location and match the regular
+     * expression `[a-zA-Z0-9_-]{1,63}`
+     * </pre>
+     *
+     * <code>string certificate_template_id = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The certificateTemplateId.
+     */
+    public java.lang.String getCertificateTemplateId() {
+      java.lang.Object ref = certificateTemplateId_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        certificateTemplateId_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. It must be unique within a location and match the regular
+     * expression `[a-zA-Z0-9_-]{1,63}`
+     * </pre>
+     *
+     * <code>string certificate_template_id = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The bytes for certificateTemplateId.
+     */
+    public com.google.protobuf.ByteString getCertificateTemplateIdBytes() {
+      java.lang.Object ref = certificateTemplateId_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        certificateTemplateId_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. It must be unique within a location and match the regular
+     * expression `[a-zA-Z0-9_-]{1,63}`
+     * </pre>
+     *
+     * <code>string certificate_template_id = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @param value The certificateTemplateId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setCertificateTemplateId(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      certificateTemplateId_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. It must be unique within a location and match the regular
+     * expression `[a-zA-Z0-9_-]{1,63}`
+     * </pre>
+     *
+     * <code>string certificate_template_id = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearCertificateTemplateId() {
+
+      certificateTemplateId_ = getDefaultInstance().getCertificateTemplateId();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. It must be unique within a location and match the regular
+     * expression `[a-zA-Z0-9_-]{1,63}`
+     * </pre>
+     *
+     * <code>string certificate_template_id = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @param value The bytes for certificateTemplateId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setCertificateTemplateIdBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      certificateTemplateId_ = value;
+      onChanged();
+      return this;
+    }
+
+    private com.google.cloud.security.privateca.v1.CertificateTemplate certificateTemplate_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateTemplate,
+            com.google.cloud.security.privateca.v1.CertificateTemplate.Builder,
+            com.google.cloud.security.privateca.v1.CertificateTemplateOrBuilder>
+        certificateTemplateBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. A
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * with initial field values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateTemplate certificate_template = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return Whether the certificateTemplate field is set.
+     */
+    public boolean hasCertificateTemplate() {
+      return certificateTemplateBuilder_ != null || certificateTemplate_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * with initial field values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateTemplate certificate_template = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The certificateTemplate.
+     */
+    public com.google.cloud.security.privateca.v1.CertificateTemplate getCertificateTemplate() {
+      if (certificateTemplateBuilder_ == null) {
+        return certificateTemplate_ == null
+            ? com.google.cloud.security.privateca.v1.CertificateTemplate.getDefaultInstance()
+            : certificateTemplate_;
+      } else {
+        return certificateTemplateBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * with initial field values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateTemplate certificate_template = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setCertificateTemplate(
+        com.google.cloud.security.privateca.v1.CertificateTemplate value) {
+      if (certificateTemplateBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        certificateTemplate_ = value;
+        onChanged();
+      } else {
+        certificateTemplateBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * with initial field values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateTemplate certificate_template = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setCertificateTemplate(
+        com.google.cloud.security.privateca.v1.CertificateTemplate.Builder builderForValue) {
+      if (certificateTemplateBuilder_ == null) {
+        certificateTemplate_ = builderForValue.build();
+        onChanged();
+      } else {
+        certificateTemplateBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * with initial field values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateTemplate certificate_template = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder mergeCertificateTemplate(
+        com.google.cloud.security.privateca.v1.CertificateTemplate value) {
+      if (certificateTemplateBuilder_ == null) {
+        if (certificateTemplate_ != null) {
+          certificateTemplate_ =
+              com.google.cloud.security.privateca.v1.CertificateTemplate.newBuilder(
+                      certificateTemplate_)
+                  .mergeFrom(value)
+                  .buildPartial();
+        } else {
+          certificateTemplate_ = value;
+        }
+        onChanged();
+      } else {
+        certificateTemplateBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * with initial field values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateTemplate certificate_template = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder clearCertificateTemplate() {
+      if (certificateTemplateBuilder_ == null) {
+        certificateTemplate_ = null;
+        onChanged();
+      } else {
+        certificateTemplate_ = null;
+        certificateTemplateBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * with initial field values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateTemplate certificate_template = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateTemplate.Builder
+        getCertificateTemplateBuilder() {
+
+      onChanged();
+      return getCertificateTemplateFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * with initial field values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateTemplate certificate_template = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateTemplateOrBuilder
+        getCertificateTemplateOrBuilder() {
+      if (certificateTemplateBuilder_ != null) {
+        return certificateTemplateBuilder_.getMessageOrBuilder();
+      } else {
+        return certificateTemplate_ == null
+            ? com.google.cloud.security.privateca.v1.CertificateTemplate.getDefaultInstance()
+            : certificateTemplate_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * with initial field values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateTemplate certificate_template = 3 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateTemplate,
+            com.google.cloud.security.privateca.v1.CertificateTemplate.Builder,
+            com.google.cloud.security.privateca.v1.CertificateTemplateOrBuilder>
+        getCertificateTemplateFieldBuilder() {
+      if (certificateTemplateBuilder_ == null) {
+        certificateTemplateBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.CertificateTemplate,
+                com.google.cloud.security.privateca.v1.CertificateTemplate.Builder,
+                com.google.cloud.security.privateca.v1.CertificateTemplateOrBuilder>(
+                getCertificateTemplate(), getParentForChildren(), isClean());
+        certificateTemplate_ = null;
+      }
+      return certificateTemplateBuilder_;
+    }
+
+    private java.lang.Object requestId_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The requestId.
+     */
+    public java.lang.String getRequestId() {
+      java.lang.Object ref = requestId_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        requestId_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for requestId.
+     */
+    public com.google.protobuf.ByteString getRequestIdBytes() {
+      java.lang.Object ref = requestId_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        requestId_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The requestId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setRequestId(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      requestId_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearRequestId() {
+
+      requestId_ = getDefaultInstance().getRequestId();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The bytes for requestId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setRequestIdBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      requestId_ = value;
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.CreateCertificateTemplateRequest)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.CreateCertificateTemplateRequest)
+  private static final com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest
+      DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE =
+        new com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest();
+  }
+
+  public static com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest
+      getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<CreateCertificateTemplateRequest> PARSER =
+      new com.google.protobuf.AbstractParser<CreateCertificateTemplateRequest>() {
+        @java.lang.Override
+        public CreateCertificateTemplateRequest parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new CreateCertificateTemplateRequest(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<CreateCertificateTemplateRequest> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<CreateCertificateTemplateRequest> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest
+      getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateTemplateRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateTemplateRequestOrBuilder.java
new file mode 100644
index 00000000..a4d1a643
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/CreateCertificateTemplateRequestOrBuilder.java
@@ -0,0 +1,178 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface CreateCertificateTemplateRequestOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.CreateCertificateTemplateRequest)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name of the location associated with the
+   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate],
+   * in the format `projects/&#42;&#47;locations/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The parent.
+   */
+  java.lang.String getParent();
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name of the location associated with the
+   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate],
+   * in the format `projects/&#42;&#47;locations/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for parent.
+   */
+  com.google.protobuf.ByteString getParentBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. It must be unique within a location and match the regular
+   * expression `[a-zA-Z0-9_-]{1,63}`
+   * </pre>
+   *
+   * <code>string certificate_template_id = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+   *
+   * @return The certificateTemplateId.
+   */
+  java.lang.String getCertificateTemplateId();
+  /**
+   *
+   *
+   * <pre>
+   * Required. It must be unique within a location and match the regular
+   * expression `[a-zA-Z0-9_-]{1,63}`
+   * </pre>
+   *
+   * <code>string certificate_template_id = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+   *
+   * @return The bytes for certificateTemplateId.
+   */
+  com.google.protobuf.ByteString getCertificateTemplateIdBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. A
+   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+   * with initial field values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateTemplate certificate_template = 3 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return Whether the certificateTemplate field is set.
+   */
+  boolean hasCertificateTemplate();
+  /**
+   *
+   *
+   * <pre>
+   * Required. A
+   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+   * with initial field values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateTemplate certificate_template = 3 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The certificateTemplate.
+   */
+  com.google.cloud.security.privateca.v1.CertificateTemplate getCertificateTemplate();
+  /**
+   *
+   *
+   * <pre>
+   * Required. A
+   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+   * with initial field values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateTemplate certificate_template = 3 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.CertificateTemplateOrBuilder
+      getCertificateTemplateOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The requestId.
+   */
+  java.lang.String getRequestId();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for requestId.
+   */
+  com.google.protobuf.ByteString getRequestIdBytes();
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCaPoolRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCaPoolRequest.java
new file mode 100644
index 00000000..d089abb4
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCaPoolRequest.java
@@ -0,0 +1,916 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Request message for
+ * [CertificateAuthorityService.DeleteCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.DeleteCaPool].
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.DeleteCaPoolRequest}
+ */
+public final class DeleteCaPoolRequest extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.DeleteCaPoolRequest)
+    DeleteCaPoolRequestOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use DeleteCaPoolRequest.newBuilder() to construct.
+  private DeleteCaPoolRequest(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private DeleteCaPoolRequest() {
+    name_ = "";
+    requestId_ = "";
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new DeleteCaPoolRequest();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private DeleteCaPoolRequest(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              name_ = s;
+              break;
+            }
+          case 18:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              requestId_ = s;
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_DeleteCaPoolRequest_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_DeleteCaPoolRequest_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.DeleteCaPoolRequest.class,
+            com.google.cloud.security.privateca.v1.DeleteCaPoolRequest.Builder.class);
+  }
+
+  public static final int NAME_FIELD_NUMBER = 1;
+  private volatile java.lang.Object name_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for this
+   * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+   * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The name.
+   */
+  @java.lang.Override
+  public java.lang.String getName() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      name_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for this
+   * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+   * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for name.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getNameBytes() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      name_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int REQUEST_ID_FIELD_NUMBER = 2;
+  private volatile java.lang.Object requestId_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The requestId.
+   */
+  @java.lang.Override
+  public java.lang.String getRequestId() {
+    java.lang.Object ref = requestId_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      requestId_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for requestId.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getRequestIdBytes() {
+    java.lang.Object ref = requestId_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      requestId_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!getNameBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, name_);
+    }
+    if (!getRequestIdBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 2, requestId_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!getNameBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, name_);
+    }
+    if (!getRequestIdBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(2, requestId_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.security.privateca.v1.DeleteCaPoolRequest)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.DeleteCaPoolRequest other =
+        (com.google.cloud.security.privateca.v1.DeleteCaPoolRequest) obj;
+
+    if (!getName().equals(other.getName())) return false;
+    if (!getRequestId().equals(other.getRequestId())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + NAME_FIELD_NUMBER;
+    hash = (53 * hash) + getName().hashCode();
+    hash = (37 * hash) + REQUEST_ID_FIELD_NUMBER;
+    hash = (53 * hash) + getRequestId().hashCode();
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.DeleteCaPoolRequest parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DeleteCaPoolRequest parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DeleteCaPoolRequest parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DeleteCaPoolRequest parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DeleteCaPoolRequest parseFrom(byte[] data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DeleteCaPoolRequest parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DeleteCaPoolRequest parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DeleteCaPoolRequest parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DeleteCaPoolRequest parseDelimitedFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DeleteCaPoolRequest parseDelimitedFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DeleteCaPoolRequest parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DeleteCaPoolRequest parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.DeleteCaPoolRequest prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Request message for
+   * [CertificateAuthorityService.DeleteCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.DeleteCaPool].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.DeleteCaPoolRequest}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.DeleteCaPoolRequest)
+      com.google.cloud.security.privateca.v1.DeleteCaPoolRequestOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_DeleteCaPoolRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_DeleteCaPoolRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.DeleteCaPoolRequest.class,
+              com.google.cloud.security.privateca.v1.DeleteCaPoolRequest.Builder.class);
+    }
+
+    // Construct using com.google.cloud.security.privateca.v1.DeleteCaPoolRequest.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      name_ = "";
+
+      requestId_ = "";
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_DeleteCaPoolRequest_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.DeleteCaPoolRequest getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.DeleteCaPoolRequest.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.DeleteCaPoolRequest build() {
+      com.google.cloud.security.privateca.v1.DeleteCaPoolRequest result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.DeleteCaPoolRequest buildPartial() {
+      com.google.cloud.security.privateca.v1.DeleteCaPoolRequest result =
+          new com.google.cloud.security.privateca.v1.DeleteCaPoolRequest(this);
+      result.name_ = name_;
+      result.requestId_ = requestId_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.security.privateca.v1.DeleteCaPoolRequest) {
+        return mergeFrom((com.google.cloud.security.privateca.v1.DeleteCaPoolRequest) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(com.google.cloud.security.privateca.v1.DeleteCaPoolRequest other) {
+      if (other == com.google.cloud.security.privateca.v1.DeleteCaPoolRequest.getDefaultInstance())
+        return this;
+      if (!other.getName().isEmpty()) {
+        name_ = other.name_;
+        onChanged();
+      }
+      if (!other.getRequestId().isEmpty()) {
+        requestId_ = other.requestId_;
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.DeleteCaPoolRequest parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.DeleteCaPoolRequest) e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private java.lang.Object name_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The name.
+     */
+    public java.lang.String getName() {
+      java.lang.Object ref = name_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        name_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for name.
+     */
+    public com.google.protobuf.ByteString getNameBytes() {
+      java.lang.Object ref = name_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        name_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The name to set.
+     * @return This builder for chaining.
+     */
+    public Builder setName(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearName() {
+
+      name_ = getDefaultInstance().getName();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The bytes for name to set.
+     * @return This builder for chaining.
+     */
+    public Builder setNameBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object requestId_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The requestId.
+     */
+    public java.lang.String getRequestId() {
+      java.lang.Object ref = requestId_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        requestId_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for requestId.
+     */
+    public com.google.protobuf.ByteString getRequestIdBytes() {
+      java.lang.Object ref = requestId_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        requestId_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The requestId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setRequestId(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      requestId_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearRequestId() {
+
+      requestId_ = getDefaultInstance().getRequestId();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The bytes for requestId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setRequestIdBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      requestId_ = value;
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.DeleteCaPoolRequest)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.DeleteCaPoolRequest)
+  private static final com.google.cloud.security.privateca.v1.DeleteCaPoolRequest DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.DeleteCaPoolRequest();
+  }
+
+  public static com.google.cloud.security.privateca.v1.DeleteCaPoolRequest getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<DeleteCaPoolRequest> PARSER =
+      new com.google.protobuf.AbstractParser<DeleteCaPoolRequest>() {
+        @java.lang.Override
+        public DeleteCaPoolRequest parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new DeleteCaPoolRequest(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<DeleteCaPoolRequest> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<DeleteCaPoolRequest> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.DeleteCaPoolRequest getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCaPoolRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCaPoolRequestOrBuilder.java
new file mode 100644
index 00000000..6157b837
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCaPoolRequestOrBuilder.java
@@ -0,0 +1,103 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface DeleteCaPoolRequestOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.DeleteCaPoolRequest)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for this
+   * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+   * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The name.
+   */
+  java.lang.String getName();
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for this
+   * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+   * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for name.
+   */
+  com.google.protobuf.ByteString getNameBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The requestId.
+   */
+  java.lang.String getRequestId();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for requestId.
+   */
+  com.google.protobuf.ByteString getRequestIdBytes();
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCertificateAuthorityRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCertificateAuthorityRequest.java
new file mode 100644
index 00000000..1f0ff7c8
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCertificateAuthorityRequest.java
@@ -0,0 +1,1027 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Request message for
+ * [CertificateAuthorityService.DeleteCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.DeleteCertificateAuthority].
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest}
+ */
+public final class DeleteCertificateAuthorityRequest extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest)
+    DeleteCertificateAuthorityRequestOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use DeleteCertificateAuthorityRequest.newBuilder() to construct.
+  private DeleteCertificateAuthorityRequest(
+      com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private DeleteCertificateAuthorityRequest() {
+    name_ = "";
+    requestId_ = "";
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new DeleteCertificateAuthorityRequest();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private DeleteCertificateAuthorityRequest(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              name_ = s;
+              break;
+            }
+          case 18:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              requestId_ = s;
+              break;
+            }
+          case 32:
+            {
+              ignoreActiveCertificates_ = input.readBool();
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_DeleteCertificateAuthorityRequest_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_DeleteCertificateAuthorityRequest_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest.class,
+            com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest.Builder.class);
+  }
+
+  public static final int NAME_FIELD_NUMBER = 1;
+  private volatile java.lang.Object name_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The name.
+   */
+  @java.lang.Override
+  public java.lang.String getName() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      name_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for name.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getNameBytes() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      name_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int REQUEST_ID_FIELD_NUMBER = 2;
+  private volatile java.lang.Object requestId_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The requestId.
+   */
+  @java.lang.Override
+  public java.lang.String getRequestId() {
+    java.lang.Object ref = requestId_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      requestId_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for requestId.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getRequestIdBytes() {
+    java.lang.Object ref = requestId_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      requestId_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int IGNORE_ACTIVE_CERTIFICATES_FIELD_NUMBER = 4;
+  private boolean ignoreActiveCertificates_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. This field allows the CA to be deleted even if the CA has
+   * active certs. Active certs include both unrevoked and unexpired certs.
+   * </pre>
+   *
+   * <code>bool ignore_active_certificates = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The ignoreActiveCertificates.
+   */
+  @java.lang.Override
+  public boolean getIgnoreActiveCertificates() {
+    return ignoreActiveCertificates_;
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!getNameBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, name_);
+    }
+    if (!getRequestIdBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 2, requestId_);
+    }
+    if (ignoreActiveCertificates_ != false) {
+      output.writeBool(4, ignoreActiveCertificates_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!getNameBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, name_);
+    }
+    if (!getRequestIdBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(2, requestId_);
+    }
+    if (ignoreActiveCertificates_ != false) {
+      size += com.google.protobuf.CodedOutputStream.computeBoolSize(4, ignoreActiveCertificates_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj
+        instanceof com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest other =
+        (com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest) obj;
+
+    if (!getName().equals(other.getName())) return false;
+    if (!getRequestId().equals(other.getRequestId())) return false;
+    if (getIgnoreActiveCertificates() != other.getIgnoreActiveCertificates()) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + NAME_FIELD_NUMBER;
+    hash = (53 * hash) + getName().hashCode();
+    hash = (37 * hash) + REQUEST_ID_FIELD_NUMBER;
+    hash = (53 * hash) + getRequestId().hashCode();
+    hash = (37 * hash) + IGNORE_ACTIVE_CERTIFICATES_FIELD_NUMBER;
+    hash = (53 * hash) + com.google.protobuf.Internal.hashBoolean(getIgnoreActiveCertificates());
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest parseFrom(
+      byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest
+      parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest
+      parseDelimitedFrom(
+          java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Request message for
+   * [CertificateAuthorityService.DeleteCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.DeleteCertificateAuthority].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest)
+      com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequestOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_DeleteCertificateAuthorityRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_DeleteCertificateAuthorityRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest.class,
+              com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest.Builder
+                  .class);
+    }
+
+    // Construct using
+    // com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      name_ = "";
+
+      requestId_ = "";
+
+      ignoreActiveCertificates_ = false;
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_DeleteCertificateAuthorityRequest_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest
+        getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest
+          .getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest build() {
+      com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest result =
+          buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest buildPartial() {
+      com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest result =
+          new com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest(this);
+      result.name_ = name_;
+      result.requestId_ = requestId_;
+      result.ignoreActiveCertificates_ = ignoreActiveCertificates_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other
+          instanceof com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest) {
+        return mergeFrom(
+            (com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(
+        com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest other) {
+      if (other
+          == com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest
+              .getDefaultInstance()) return this;
+      if (!other.getName().isEmpty()) {
+        name_ = other.name_;
+        onChanged();
+      }
+      if (!other.getRequestId().isEmpty()) {
+        requestId_ = other.requestId_;
+        onChanged();
+      }
+      if (other.getIgnoreActiveCertificates() != false) {
+        setIgnoreActiveCertificates(other.getIgnoreActiveCertificates());
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest)
+                e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private java.lang.Object name_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The name.
+     */
+    public java.lang.String getName() {
+      java.lang.Object ref = name_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        name_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for name.
+     */
+    public com.google.protobuf.ByteString getNameBytes() {
+      java.lang.Object ref = name_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        name_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The name to set.
+     * @return This builder for chaining.
+     */
+    public Builder setName(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearName() {
+
+      name_ = getDefaultInstance().getName();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The bytes for name to set.
+     * @return This builder for chaining.
+     */
+    public Builder setNameBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object requestId_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The requestId.
+     */
+    public java.lang.String getRequestId() {
+      java.lang.Object ref = requestId_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        requestId_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for requestId.
+     */
+    public com.google.protobuf.ByteString getRequestIdBytes() {
+      java.lang.Object ref = requestId_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        requestId_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The requestId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setRequestId(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      requestId_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearRequestId() {
+
+      requestId_ = getDefaultInstance().getRequestId();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The bytes for requestId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setRequestIdBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      requestId_ = value;
+      onChanged();
+      return this;
+    }
+
+    private boolean ignoreActiveCertificates_;
+    /**
+     *
+     *
+     * <pre>
+     * Optional. This field allows the CA to be deleted even if the CA has
+     * active certs. Active certs include both unrevoked and unexpired certs.
+     * </pre>
+     *
+     * <code>bool ignore_active_certificates = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The ignoreActiveCertificates.
+     */
+    @java.lang.Override
+    public boolean getIgnoreActiveCertificates() {
+      return ignoreActiveCertificates_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. This field allows the CA to be deleted even if the CA has
+     * active certs. Active certs include both unrevoked and unexpired certs.
+     * </pre>
+     *
+     * <code>bool ignore_active_certificates = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The ignoreActiveCertificates to set.
+     * @return This builder for chaining.
+     */
+    public Builder setIgnoreActiveCertificates(boolean value) {
+
+      ignoreActiveCertificates_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. This field allows the CA to be deleted even if the CA has
+     * active certs. Active certs include both unrevoked and unexpired certs.
+     * </pre>
+     *
+     * <code>bool ignore_active_certificates = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearIgnoreActiveCertificates() {
+
+      ignoreActiveCertificates_ = false;
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest)
+  private static final com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest
+      DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE =
+        new com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest();
+  }
+
+  public static com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest
+      getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<DeleteCertificateAuthorityRequest> PARSER =
+      new com.google.protobuf.AbstractParser<DeleteCertificateAuthorityRequest>() {
+        @java.lang.Override
+        public DeleteCertificateAuthorityRequest parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new DeleteCertificateAuthorityRequest(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<DeleteCertificateAuthorityRequest> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<DeleteCertificateAuthorityRequest> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest
+      getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCertificateAuthorityRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCertificateAuthorityRequestOrBuilder.java
new file mode 100644
index 00000000..5fe86cde
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCertificateAuthorityRequestOrBuilder.java
@@ -0,0 +1,117 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface DeleteCertificateAuthorityRequestOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The name.
+   */
+  java.lang.String getName();
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for name.
+   */
+  com.google.protobuf.ByteString getNameBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The requestId.
+   */
+  java.lang.String getRequestId();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for requestId.
+   */
+  com.google.protobuf.ByteString getRequestIdBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. This field allows the CA to be deleted even if the CA has
+   * active certs. Active certs include both unrevoked and unexpired certs.
+   * </pre>
+   *
+   * <code>bool ignore_active_certificates = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The ignoreActiveCertificates.
+   */
+  boolean getIgnoreActiveCertificates();
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCertificateTemplateRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCertificateTemplateRequest.java
new file mode 100644
index 00000000..0c75e4cc
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCertificateTemplateRequest.java
@@ -0,0 +1,932 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Request message for
+ * [CertificateAuthorityService.DeleteCertificateTemplate][google.cloud.security.privateca.v1.CertificateAuthorityService.DeleteCertificateTemplate].
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest}
+ */
+public final class DeleteCertificateTemplateRequest extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest)
+    DeleteCertificateTemplateRequestOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use DeleteCertificateTemplateRequest.newBuilder() to construct.
+  private DeleteCertificateTemplateRequest(
+      com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private DeleteCertificateTemplateRequest() {
+    name_ = "";
+    requestId_ = "";
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new DeleteCertificateTemplateRequest();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private DeleteCertificateTemplateRequest(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              name_ = s;
+              break;
+            }
+          case 18:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              requestId_ = s;
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_DeleteCertificateTemplateRequest_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_DeleteCertificateTemplateRequest_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest.class,
+            com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest.Builder.class);
+  }
+
+  public static final int NAME_FIELD_NUMBER = 1;
+  private volatile java.lang.Object name_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for this
+   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The name.
+   */
+  @java.lang.Override
+  public java.lang.String getName() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      name_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for this
+   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for name.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getNameBytes() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      name_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int REQUEST_ID_FIELD_NUMBER = 2;
+  private volatile java.lang.Object requestId_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The requestId.
+   */
+  @java.lang.Override
+  public java.lang.String getRequestId() {
+    java.lang.Object ref = requestId_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      requestId_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for requestId.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getRequestIdBytes() {
+    java.lang.Object ref = requestId_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      requestId_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!getNameBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, name_);
+    }
+    if (!getRequestIdBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 2, requestId_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!getNameBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, name_);
+    }
+    if (!getRequestIdBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(2, requestId_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest other =
+        (com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest) obj;
+
+    if (!getName().equals(other.getName())) return false;
+    if (!getRequestId().equals(other.getRequestId())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + NAME_FIELD_NUMBER;
+    hash = (53 * hash) + getName().hashCode();
+    hash = (37 * hash) + REQUEST_ID_FIELD_NUMBER;
+    hash = (53 * hash) + getRequestId().hashCode();
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest parseFrom(
+      byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest
+      parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest
+      parseDelimitedFrom(
+          java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Request message for
+   * [CertificateAuthorityService.DeleteCertificateTemplate][google.cloud.security.privateca.v1.CertificateAuthorityService.DeleteCertificateTemplate].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest)
+      com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequestOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_DeleteCertificateTemplateRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_DeleteCertificateTemplateRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest.class,
+              com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest.Builder
+                  .class);
+    }
+
+    // Construct using
+    // com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      name_ = "";
+
+      requestId_ = "";
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_DeleteCertificateTemplateRequest_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest
+        getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest
+          .getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest build() {
+      com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest result =
+          buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest buildPartial() {
+      com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest result =
+          new com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest(this);
+      result.name_ = name_;
+      result.requestId_ = requestId_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other
+          instanceof com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest) {
+        return mergeFrom(
+            (com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(
+        com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest other) {
+      if (other
+          == com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest
+              .getDefaultInstance()) return this;
+      if (!other.getName().isEmpty()) {
+        name_ = other.name_;
+        onChanged();
+      }
+      if (!other.getRequestId().isEmpty()) {
+        requestId_ = other.requestId_;
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest)
+                e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private java.lang.Object name_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The name.
+     */
+    public java.lang.String getName() {
+      java.lang.Object ref = name_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        name_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for name.
+     */
+    public com.google.protobuf.ByteString getNameBytes() {
+      java.lang.Object ref = name_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        name_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The name to set.
+     * @return This builder for chaining.
+     */
+    public Builder setName(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearName() {
+
+      name_ = getDefaultInstance().getName();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The bytes for name to set.
+     * @return This builder for chaining.
+     */
+    public Builder setNameBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object requestId_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The requestId.
+     */
+    public java.lang.String getRequestId() {
+      java.lang.Object ref = requestId_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        requestId_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for requestId.
+     */
+    public com.google.protobuf.ByteString getRequestIdBytes() {
+      java.lang.Object ref = requestId_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        requestId_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The requestId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setRequestId(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      requestId_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearRequestId() {
+
+      requestId_ = getDefaultInstance().getRequestId();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The bytes for requestId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setRequestIdBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      requestId_ = value;
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest)
+  private static final com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest
+      DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE =
+        new com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest();
+  }
+
+  public static com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest
+      getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<DeleteCertificateTemplateRequest> PARSER =
+      new com.google.protobuf.AbstractParser<DeleteCertificateTemplateRequest>() {
+        @java.lang.Override
+        public DeleteCertificateTemplateRequest parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new DeleteCertificateTemplateRequest(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<DeleteCertificateTemplateRequest> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<DeleteCertificateTemplateRequest> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest
+      getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCertificateTemplateRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCertificateTemplateRequestOrBuilder.java
new file mode 100644
index 00000000..1db60286
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DeleteCertificateTemplateRequestOrBuilder.java
@@ -0,0 +1,103 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface DeleteCertificateTemplateRequestOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for this
+   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The name.
+   */
+  java.lang.String getName();
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for this
+   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;certificateTemplates/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for name.
+   */
+  com.google.protobuf.ByteString getNameBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The requestId.
+   */
+  java.lang.String getRequestId();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for requestId.
+   */
+  com.google.protobuf.ByteString getRequestIdBytes();
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DisableCertificateAuthorityRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DisableCertificateAuthorityRequest.java
new file mode 100644
index 00000000..46420f80
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DisableCertificateAuthorityRequest.java
@@ -0,0 +1,936 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Request message for
+ * [CertificateAuthorityService.DisableCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.DisableCertificateAuthority].
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest}
+ */
+public final class DisableCertificateAuthorityRequest extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest)
+    DisableCertificateAuthorityRequestOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use DisableCertificateAuthorityRequest.newBuilder() to construct.
+  private DisableCertificateAuthorityRequest(
+      com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private DisableCertificateAuthorityRequest() {
+    name_ = "";
+    requestId_ = "";
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new DisableCertificateAuthorityRequest();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private DisableCertificateAuthorityRequest(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              name_ = s;
+              break;
+            }
+          case 18:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              requestId_ = s;
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_DisableCertificateAuthorityRequest_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_DisableCertificateAuthorityRequest_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest.class,
+            com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest.Builder
+                .class);
+  }
+
+  public static final int NAME_FIELD_NUMBER = 1;
+  private volatile java.lang.Object name_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The name.
+   */
+  @java.lang.Override
+  public java.lang.String getName() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      name_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for name.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getNameBytes() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      name_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int REQUEST_ID_FIELD_NUMBER = 2;
+  private volatile java.lang.Object requestId_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The requestId.
+   */
+  @java.lang.Override
+  public java.lang.String getRequestId() {
+    java.lang.Object ref = requestId_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      requestId_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for requestId.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getRequestIdBytes() {
+    java.lang.Object ref = requestId_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      requestId_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!getNameBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, name_);
+    }
+    if (!getRequestIdBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 2, requestId_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!getNameBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, name_);
+    }
+    if (!getRequestIdBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(2, requestId_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj
+        instanceof com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest other =
+        (com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest) obj;
+
+    if (!getName().equals(other.getName())) return false;
+    if (!getRequestId().equals(other.getRequestId())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + NAME_FIELD_NUMBER;
+    hash = (53 * hash) + getName().hashCode();
+    hash = (37 * hash) + REQUEST_ID_FIELD_NUMBER;
+    hash = (53 * hash) + getRequestId().hashCode();
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest parseFrom(
+      byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest
+      parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest
+      parseDelimitedFrom(
+          java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Request message for
+   * [CertificateAuthorityService.DisableCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.DisableCertificateAuthority].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest)
+      com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequestOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_DisableCertificateAuthorityRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_DisableCertificateAuthorityRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest.class,
+              com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest.Builder
+                  .class);
+    }
+
+    // Construct using
+    // com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      name_ = "";
+
+      requestId_ = "";
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_DisableCertificateAuthorityRequest_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest
+        getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest
+          .getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest build() {
+      com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest result =
+          buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest
+        buildPartial() {
+      com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest result =
+          new com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest(this);
+      result.name_ = name_;
+      result.requestId_ = requestId_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other
+          instanceof com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest) {
+        return mergeFrom(
+            (com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(
+        com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest other) {
+      if (other
+          == com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest
+              .getDefaultInstance()) return this;
+      if (!other.getName().isEmpty()) {
+        name_ = other.name_;
+        onChanged();
+      }
+      if (!other.getRequestId().isEmpty()) {
+        requestId_ = other.requestId_;
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest parsedMessage =
+          null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest)
+                e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private java.lang.Object name_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The name.
+     */
+    public java.lang.String getName() {
+      java.lang.Object ref = name_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        name_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for name.
+     */
+    public com.google.protobuf.ByteString getNameBytes() {
+      java.lang.Object ref = name_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        name_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The name to set.
+     * @return This builder for chaining.
+     */
+    public Builder setName(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearName() {
+
+      name_ = getDefaultInstance().getName();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The bytes for name to set.
+     * @return This builder for chaining.
+     */
+    public Builder setNameBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object requestId_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The requestId.
+     */
+    public java.lang.String getRequestId() {
+      java.lang.Object ref = requestId_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        requestId_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for requestId.
+     */
+    public com.google.protobuf.ByteString getRequestIdBytes() {
+      java.lang.Object ref = requestId_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        requestId_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The requestId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setRequestId(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      requestId_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearRequestId() {
+
+      requestId_ = getDefaultInstance().getRequestId();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The bytes for requestId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setRequestIdBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      requestId_ = value;
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest)
+  private static final com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest
+      DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE =
+        new com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest();
+  }
+
+  public static com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest
+      getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<DisableCertificateAuthorityRequest> PARSER =
+      new com.google.protobuf.AbstractParser<DisableCertificateAuthorityRequest>() {
+        @java.lang.Override
+        public DisableCertificateAuthorityRequest parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new DisableCertificateAuthorityRequest(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<DisableCertificateAuthorityRequest> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<DisableCertificateAuthorityRequest> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest
+      getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DisableCertificateAuthorityRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DisableCertificateAuthorityRequestOrBuilder.java
new file mode 100644
index 00000000..c58cfaff
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/DisableCertificateAuthorityRequestOrBuilder.java
@@ -0,0 +1,103 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface DisableCertificateAuthorityRequestOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The name.
+   */
+  java.lang.String getName();
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for name.
+   */
+  com.google.protobuf.ByteString getNameBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The requestId.
+   */
+  java.lang.String getRequestId();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for requestId.
+   */
+  com.google.protobuf.ByteString getRequestIdBytes();
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/EnableCertificateAuthorityRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/EnableCertificateAuthorityRequest.java
new file mode 100644
index 00000000..2018a94c
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/EnableCertificateAuthorityRequest.java
@@ -0,0 +1,933 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Request message for
+ * [CertificateAuthorityService.EnableCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.EnableCertificateAuthority].
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest}
+ */
+public final class EnableCertificateAuthorityRequest extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest)
+    EnableCertificateAuthorityRequestOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use EnableCertificateAuthorityRequest.newBuilder() to construct.
+  private EnableCertificateAuthorityRequest(
+      com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private EnableCertificateAuthorityRequest() {
+    name_ = "";
+    requestId_ = "";
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new EnableCertificateAuthorityRequest();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private EnableCertificateAuthorityRequest(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              name_ = s;
+              break;
+            }
+          case 18:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              requestId_ = s;
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_EnableCertificateAuthorityRequest_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_EnableCertificateAuthorityRequest_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest.class,
+            com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest.Builder.class);
+  }
+
+  public static final int NAME_FIELD_NUMBER = 1;
+  private volatile java.lang.Object name_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The name.
+   */
+  @java.lang.Override
+  public java.lang.String getName() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      name_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for name.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getNameBytes() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      name_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int REQUEST_ID_FIELD_NUMBER = 2;
+  private volatile java.lang.Object requestId_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The requestId.
+   */
+  @java.lang.Override
+  public java.lang.String getRequestId() {
+    java.lang.Object ref = requestId_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      requestId_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for requestId.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getRequestIdBytes() {
+    java.lang.Object ref = requestId_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      requestId_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!getNameBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, name_);
+    }
+    if (!getRequestIdBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 2, requestId_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!getNameBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, name_);
+    }
+    if (!getRequestIdBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(2, requestId_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj
+        instanceof com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest other =
+        (com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest) obj;
+
+    if (!getName().equals(other.getName())) return false;
+    if (!getRequestId().equals(other.getRequestId())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + NAME_FIELD_NUMBER;
+    hash = (53 * hash) + getName().hashCode();
+    hash = (37 * hash) + REQUEST_ID_FIELD_NUMBER;
+    hash = (53 * hash) + getRequestId().hashCode();
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest parseFrom(
+      byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest
+      parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest
+      parseDelimitedFrom(
+          java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Request message for
+   * [CertificateAuthorityService.EnableCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.EnableCertificateAuthority].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest)
+      com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequestOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_EnableCertificateAuthorityRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_EnableCertificateAuthorityRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest.class,
+              com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest.Builder
+                  .class);
+    }
+
+    // Construct using
+    // com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      name_ = "";
+
+      requestId_ = "";
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_EnableCertificateAuthorityRequest_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest
+        getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest
+          .getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest build() {
+      com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest result =
+          buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest buildPartial() {
+      com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest result =
+          new com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest(this);
+      result.name_ = name_;
+      result.requestId_ = requestId_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other
+          instanceof com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest) {
+        return mergeFrom(
+            (com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(
+        com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest other) {
+      if (other
+          == com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest
+              .getDefaultInstance()) return this;
+      if (!other.getName().isEmpty()) {
+        name_ = other.name_;
+        onChanged();
+      }
+      if (!other.getRequestId().isEmpty()) {
+        requestId_ = other.requestId_;
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest)
+                e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private java.lang.Object name_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The name.
+     */
+    public java.lang.String getName() {
+      java.lang.Object ref = name_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        name_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for name.
+     */
+    public com.google.protobuf.ByteString getNameBytes() {
+      java.lang.Object ref = name_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        name_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The name to set.
+     * @return This builder for chaining.
+     */
+    public Builder setName(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearName() {
+
+      name_ = getDefaultInstance().getName();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The bytes for name to set.
+     * @return This builder for chaining.
+     */
+    public Builder setNameBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object requestId_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The requestId.
+     */
+    public java.lang.String getRequestId() {
+      java.lang.Object ref = requestId_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        requestId_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for requestId.
+     */
+    public com.google.protobuf.ByteString getRequestIdBytes() {
+      java.lang.Object ref = requestId_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        requestId_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The requestId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setRequestId(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      requestId_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearRequestId() {
+
+      requestId_ = getDefaultInstance().getRequestId();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The bytes for requestId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setRequestIdBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      requestId_ = value;
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest)
+  private static final com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest
+      DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE =
+        new com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest();
+  }
+
+  public static com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest
+      getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<EnableCertificateAuthorityRequest> PARSER =
+      new com.google.protobuf.AbstractParser<EnableCertificateAuthorityRequest>() {
+        @java.lang.Override
+        public EnableCertificateAuthorityRequest parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new EnableCertificateAuthorityRequest(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<EnableCertificateAuthorityRequest> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<EnableCertificateAuthorityRequest> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest
+      getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/EnableCertificateAuthorityRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/EnableCertificateAuthorityRequestOrBuilder.java
new file mode 100644
index 00000000..f818e098
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/EnableCertificateAuthorityRequestOrBuilder.java
@@ -0,0 +1,103 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface EnableCertificateAuthorityRequestOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The name.
+   */
+  java.lang.String getName();
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for name.
+   */
+  com.google.protobuf.ByteString getNameBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The requestId.
+   */
+  java.lang.String getRequestId();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for requestId.
+   */
+  com.google.protobuf.ByteString getRequestIdBytes();
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCaCertsRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCaCertsRequest.java
new file mode 100644
index 00000000..12692112
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCaCertsRequest.java
@@ -0,0 +1,916 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Request message for
+ * [CertificateAuthorityService.FetchCaCerts][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCaCerts].
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.FetchCaCertsRequest}
+ */
+public final class FetchCaCertsRequest extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.FetchCaCertsRequest)
+    FetchCaCertsRequestOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use FetchCaCertsRequest.newBuilder() to construct.
+  private FetchCaCertsRequest(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private FetchCaCertsRequest() {
+    caPool_ = "";
+    requestId_ = "";
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new FetchCaCertsRequest();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private FetchCaCertsRequest(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              caPool_ = s;
+              break;
+            }
+          case 18:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              requestId_ = s;
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_FetchCaCertsRequest_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_FetchCaCertsRequest_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.FetchCaCertsRequest.class,
+            com.google.cloud.security.privateca.v1.FetchCaCertsRequest.Builder.class);
+  }
+
+  public static final int CA_POOL_FIELD_NUMBER = 1;
+  private volatile java.lang.Object caPool_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for the
+   * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+   * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string ca_pool = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The caPool.
+   */
+  @java.lang.Override
+  public java.lang.String getCaPool() {
+    java.lang.Object ref = caPool_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      caPool_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for the
+   * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+   * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string ca_pool = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for caPool.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getCaPoolBytes() {
+    java.lang.Object ref = caPool_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      caPool_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int REQUEST_ID_FIELD_NUMBER = 2;
+  private volatile java.lang.Object requestId_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The requestId.
+   */
+  @java.lang.Override
+  public java.lang.String getRequestId() {
+    java.lang.Object ref = requestId_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      requestId_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for requestId.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getRequestIdBytes() {
+    java.lang.Object ref = requestId_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      requestId_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!getCaPoolBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, caPool_);
+    }
+    if (!getRequestIdBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 2, requestId_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!getCaPoolBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, caPool_);
+    }
+    if (!getRequestIdBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(2, requestId_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.security.privateca.v1.FetchCaCertsRequest)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.FetchCaCertsRequest other =
+        (com.google.cloud.security.privateca.v1.FetchCaCertsRequest) obj;
+
+    if (!getCaPool().equals(other.getCaPool())) return false;
+    if (!getRequestId().equals(other.getRequestId())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + CA_POOL_FIELD_NUMBER;
+    hash = (53 * hash) + getCaPool().hashCode();
+    hash = (37 * hash) + REQUEST_ID_FIELD_NUMBER;
+    hash = (53 * hash) + getRequestId().hashCode();
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCaCertsRequest parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCaCertsRequest parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCaCertsRequest parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCaCertsRequest parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCaCertsRequest parseFrom(byte[] data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCaCertsRequest parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCaCertsRequest parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCaCertsRequest parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCaCertsRequest parseDelimitedFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCaCertsRequest parseDelimitedFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCaCertsRequest parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCaCertsRequest parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.FetchCaCertsRequest prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Request message for
+   * [CertificateAuthorityService.FetchCaCerts][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCaCerts].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.FetchCaCertsRequest}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.FetchCaCertsRequest)
+      com.google.cloud.security.privateca.v1.FetchCaCertsRequestOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_FetchCaCertsRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_FetchCaCertsRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.FetchCaCertsRequest.class,
+              com.google.cloud.security.privateca.v1.FetchCaCertsRequest.Builder.class);
+    }
+
+    // Construct using com.google.cloud.security.privateca.v1.FetchCaCertsRequest.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      caPool_ = "";
+
+      requestId_ = "";
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_FetchCaCertsRequest_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.FetchCaCertsRequest getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.FetchCaCertsRequest.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.FetchCaCertsRequest build() {
+      com.google.cloud.security.privateca.v1.FetchCaCertsRequest result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.FetchCaCertsRequest buildPartial() {
+      com.google.cloud.security.privateca.v1.FetchCaCertsRequest result =
+          new com.google.cloud.security.privateca.v1.FetchCaCertsRequest(this);
+      result.caPool_ = caPool_;
+      result.requestId_ = requestId_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.security.privateca.v1.FetchCaCertsRequest) {
+        return mergeFrom((com.google.cloud.security.privateca.v1.FetchCaCertsRequest) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(com.google.cloud.security.privateca.v1.FetchCaCertsRequest other) {
+      if (other == com.google.cloud.security.privateca.v1.FetchCaCertsRequest.getDefaultInstance())
+        return this;
+      if (!other.getCaPool().isEmpty()) {
+        caPool_ = other.caPool_;
+        onChanged();
+      }
+      if (!other.getRequestId().isEmpty()) {
+        requestId_ = other.requestId_;
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.FetchCaCertsRequest parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.FetchCaCertsRequest) e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private java.lang.Object caPool_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string ca_pool = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The caPool.
+     */
+    public java.lang.String getCaPool() {
+      java.lang.Object ref = caPool_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        caPool_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string ca_pool = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for caPool.
+     */
+    public com.google.protobuf.ByteString getCaPoolBytes() {
+      java.lang.Object ref = caPool_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        caPool_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string ca_pool = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The caPool to set.
+     * @return This builder for chaining.
+     */
+    public Builder setCaPool(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      caPool_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string ca_pool = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearCaPool() {
+
+      caPool_ = getDefaultInstance().getCaPool();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string ca_pool = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The bytes for caPool to set.
+     * @return This builder for chaining.
+     */
+    public Builder setCaPoolBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      caPool_ = value;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object requestId_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The requestId.
+     */
+    public java.lang.String getRequestId() {
+      java.lang.Object ref = requestId_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        requestId_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for requestId.
+     */
+    public com.google.protobuf.ByteString getRequestIdBytes() {
+      java.lang.Object ref = requestId_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        requestId_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The requestId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setRequestId(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      requestId_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearRequestId() {
+
+      requestId_ = getDefaultInstance().getRequestId();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The bytes for requestId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setRequestIdBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      requestId_ = value;
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.FetchCaCertsRequest)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.FetchCaCertsRequest)
+  private static final com.google.cloud.security.privateca.v1.FetchCaCertsRequest DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.FetchCaCertsRequest();
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCaCertsRequest getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<FetchCaCertsRequest> PARSER =
+      new com.google.protobuf.AbstractParser<FetchCaCertsRequest>() {
+        @java.lang.Override
+        public FetchCaCertsRequest parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new FetchCaCertsRequest(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<FetchCaCertsRequest> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<FetchCaCertsRequest> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.FetchCaCertsRequest getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCaCertsRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCaCertsRequestOrBuilder.java
new file mode 100644
index 00000000..f66fc399
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCaCertsRequestOrBuilder.java
@@ -0,0 +1,103 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface FetchCaCertsRequestOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.FetchCaCertsRequest)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for the
+   * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+   * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string ca_pool = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The caPool.
+   */
+  java.lang.String getCaPool();
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for the
+   * [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+   * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string ca_pool = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for caPool.
+   */
+  com.google.protobuf.ByteString getCaPoolBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The requestId.
+   */
+  java.lang.String getRequestId();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for requestId.
+   */
+  com.google.protobuf.ByteString getRequestIdBytes();
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCaCertsResponse.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCaCertsResponse.java
new file mode 100644
index 00000000..118c2d82
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCaCertsResponse.java
@@ -0,0 +1,1877 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Response message for
+ * [CertificateAuthorityService.FetchCaCerts][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCaCerts].
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.FetchCaCertsResponse}
+ */
+public final class FetchCaCertsResponse extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.FetchCaCertsResponse)
+    FetchCaCertsResponseOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use FetchCaCertsResponse.newBuilder() to construct.
+  private FetchCaCertsResponse(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private FetchCaCertsResponse() {
+    caCerts_ = java.util.Collections.emptyList();
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new FetchCaCertsResponse();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private FetchCaCertsResponse(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    int mutable_bitField0_ = 0;
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              if (!((mutable_bitField0_ & 0x00000001) != 0)) {
+                caCerts_ =
+                    new java.util.ArrayList<
+                        com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain>();
+                mutable_bitField0_ |= 0x00000001;
+              }
+              caCerts_.add(
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain
+                          .parser(),
+                      extensionRegistry));
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      if (((mutable_bitField0_ & 0x00000001) != 0)) {
+        caCerts_ = java.util.Collections.unmodifiableList(caCerts_);
+      }
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_FetchCaCertsResponse_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_FetchCaCertsResponse_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.FetchCaCertsResponse.class,
+            com.google.cloud.security.privateca.v1.FetchCaCertsResponse.Builder.class);
+  }
+
+  public interface CertChainOrBuilder
+      extends
+      // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain)
+      com.google.protobuf.MessageOrBuilder {
+
+    /**
+     *
+     *
+     * <pre>
+     * The certificates that form the CA chain, from leaf to root order.
+     * </pre>
+     *
+     * <code>repeated string certificates = 1;</code>
+     *
+     * @return A list containing the certificates.
+     */
+    java.util.List<java.lang.String> getCertificatesList();
+    /**
+     *
+     *
+     * <pre>
+     * The certificates that form the CA chain, from leaf to root order.
+     * </pre>
+     *
+     * <code>repeated string certificates = 1;</code>
+     *
+     * @return The count of certificates.
+     */
+    int getCertificatesCount();
+    /**
+     *
+     *
+     * <pre>
+     * The certificates that form the CA chain, from leaf to root order.
+     * </pre>
+     *
+     * <code>repeated string certificates = 1;</code>
+     *
+     * @param index The index of the element to return.
+     * @return The certificates at the given index.
+     */
+    java.lang.String getCertificates(int index);
+    /**
+     *
+     *
+     * <pre>
+     * The certificates that form the CA chain, from leaf to root order.
+     * </pre>
+     *
+     * <code>repeated string certificates = 1;</code>
+     *
+     * @param index The index of the value to return.
+     * @return The bytes of the certificates at the given index.
+     */
+    com.google.protobuf.ByteString getCertificatesBytes(int index);
+  }
+  /** Protobuf type {@code google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain} */
+  public static final class CertChain extends com.google.protobuf.GeneratedMessageV3
+      implements
+      // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain)
+      CertChainOrBuilder {
+    private static final long serialVersionUID = 0L;
+    // Use CertChain.newBuilder() to construct.
+    private CertChain(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+      super(builder);
+    }
+
+    private CertChain() {
+      certificates_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+    }
+
+    @java.lang.Override
+    @SuppressWarnings({"unused"})
+    protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+      return new CertChain();
+    }
+
+    @java.lang.Override
+    public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+      return this.unknownFields;
+    }
+
+    private CertChain(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      this();
+      if (extensionRegistry == null) {
+        throw new java.lang.NullPointerException();
+      }
+      int mutable_bitField0_ = 0;
+      com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+          com.google.protobuf.UnknownFieldSet.newBuilder();
+      try {
+        boolean done = false;
+        while (!done) {
+          int tag = input.readTag();
+          switch (tag) {
+            case 0:
+              done = true;
+              break;
+            case 10:
+              {
+                java.lang.String s = input.readStringRequireUtf8();
+                if (!((mutable_bitField0_ & 0x00000001) != 0)) {
+                  certificates_ = new com.google.protobuf.LazyStringArrayList();
+                  mutable_bitField0_ |= 0x00000001;
+                }
+                certificates_.add(s);
+                break;
+              }
+            default:
+              {
+                if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                  done = true;
+                }
+                break;
+              }
+          }
+        }
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        throw e.setUnfinishedMessage(this);
+      } catch (java.io.IOException e) {
+        throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+      } finally {
+        if (((mutable_bitField0_ & 0x00000001) != 0)) {
+          certificates_ = certificates_.getUnmodifiableView();
+        }
+        this.unknownFields = unknownFields.build();
+        makeExtensionsImmutable();
+      }
+    }
+
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_FetchCaCertsResponse_CertChain_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_FetchCaCertsResponse_CertChain_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain.class,
+              com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain.Builder.class);
+    }
+
+    public static final int CERTIFICATES_FIELD_NUMBER = 1;
+    private com.google.protobuf.LazyStringList certificates_;
+    /**
+     *
+     *
+     * <pre>
+     * The certificates that form the CA chain, from leaf to root order.
+     * </pre>
+     *
+     * <code>repeated string certificates = 1;</code>
+     *
+     * @return A list containing the certificates.
+     */
+    public com.google.protobuf.ProtocolStringList getCertificatesList() {
+      return certificates_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The certificates that form the CA chain, from leaf to root order.
+     * </pre>
+     *
+     * <code>repeated string certificates = 1;</code>
+     *
+     * @return The count of certificates.
+     */
+    public int getCertificatesCount() {
+      return certificates_.size();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The certificates that form the CA chain, from leaf to root order.
+     * </pre>
+     *
+     * <code>repeated string certificates = 1;</code>
+     *
+     * @param index The index of the element to return.
+     * @return The certificates at the given index.
+     */
+    public java.lang.String getCertificates(int index) {
+      return certificates_.get(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The certificates that form the CA chain, from leaf to root order.
+     * </pre>
+     *
+     * <code>repeated string certificates = 1;</code>
+     *
+     * @param index The index of the value to return.
+     * @return The bytes of the certificates at the given index.
+     */
+    public com.google.protobuf.ByteString getCertificatesBytes(int index) {
+      return certificates_.getByteString(index);
+    }
+
+    private byte memoizedIsInitialized = -1;
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      byte isInitialized = memoizedIsInitialized;
+      if (isInitialized == 1) return true;
+      if (isInitialized == 0) return false;
+
+      memoizedIsInitialized = 1;
+      return true;
+    }
+
+    @java.lang.Override
+    public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+      for (int i = 0; i < certificates_.size(); i++) {
+        com.google.protobuf.GeneratedMessageV3.writeString(output, 1, certificates_.getRaw(i));
+      }
+      unknownFields.writeTo(output);
+    }
+
+    @java.lang.Override
+    public int getSerializedSize() {
+      int size = memoizedSize;
+      if (size != -1) return size;
+
+      size = 0;
+      {
+        int dataSize = 0;
+        for (int i = 0; i < certificates_.size(); i++) {
+          dataSize += computeStringSizeNoTag(certificates_.getRaw(i));
+        }
+        size += dataSize;
+        size += 1 * getCertificatesList().size();
+      }
+      size += unknownFields.getSerializedSize();
+      memoizedSize = size;
+      return size;
+    }
+
+    @java.lang.Override
+    public boolean equals(final java.lang.Object obj) {
+      if (obj == this) {
+        return true;
+      }
+      if (!(obj instanceof com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain)) {
+        return super.equals(obj);
+      }
+      com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain other =
+          (com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain) obj;
+
+      if (!getCertificatesList().equals(other.getCertificatesList())) return false;
+      if (!unknownFields.equals(other.unknownFields)) return false;
+      return true;
+    }
+
+    @java.lang.Override
+    public int hashCode() {
+      if (memoizedHashCode != 0) {
+        return memoizedHashCode;
+      }
+      int hash = 41;
+      hash = (19 * hash) + getDescriptor().hashCode();
+      if (getCertificatesCount() > 0) {
+        hash = (37 * hash) + CERTIFICATES_FIELD_NUMBER;
+        hash = (53 * hash) + getCertificatesList().hashCode();
+      }
+      hash = (29 * hash) + unknownFields.hashCode();
+      memoizedHashCode = hash;
+      return hash;
+    }
+
+    public static com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain parseFrom(
+        java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain parseFrom(
+        java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain parseFrom(
+        com.google.protobuf.ByteString data)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain parseFrom(
+        com.google.protobuf.ByteString data,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain parseFrom(
+        byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain parseFrom(
+        byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain parseFrom(
+        java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain parseFrom(
+        java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain
+        parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain
+        parseDelimitedFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain parseFrom(
+        com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain parseFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    @java.lang.Override
+    public Builder newBuilderForType() {
+      return newBuilder();
+    }
+
+    public static Builder newBuilder() {
+      return DEFAULT_INSTANCE.toBuilder();
+    }
+
+    public static Builder newBuilder(
+        com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain prototype) {
+      return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+    }
+
+    @java.lang.Override
+    public Builder toBuilder() {
+      return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+    }
+
+    @java.lang.Override
+    protected Builder newBuilderForType(
+        com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      Builder builder = new Builder(parent);
+      return builder;
+    }
+    /** Protobuf type {@code google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain} */
+    public static final class Builder
+        extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+        implements
+        // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain)
+        com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChainOrBuilder {
+      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+        return com.google.cloud.security.privateca.v1.PrivateCaProto
+            .internal_static_google_cloud_security_privateca_v1_FetchCaCertsResponse_CertChain_descriptor;
+      }
+
+      @java.lang.Override
+      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+          internalGetFieldAccessorTable() {
+        return com.google.cloud.security.privateca.v1.PrivateCaProto
+            .internal_static_google_cloud_security_privateca_v1_FetchCaCertsResponse_CertChain_fieldAccessorTable
+            .ensureFieldAccessorsInitialized(
+                com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain.class,
+                com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain.Builder
+                    .class);
+      }
+
+      // Construct using
+      // com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain.newBuilder()
+      private Builder() {
+        maybeForceBuilderInitialization();
+      }
+
+      private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+        super(parent);
+        maybeForceBuilderInitialization();
+      }
+
+      private void maybeForceBuilderInitialization() {
+        if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+      }
+
+      @java.lang.Override
+      public Builder clear() {
+        super.clear();
+        certificates_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+        bitField0_ = (bitField0_ & ~0x00000001);
+        return this;
+      }
+
+      @java.lang.Override
+      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+        return com.google.cloud.security.privateca.v1.PrivateCaProto
+            .internal_static_google_cloud_security_privateca_v1_FetchCaCertsResponse_CertChain_descriptor;
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain
+          getDefaultInstanceForType() {
+        return com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain
+            .getDefaultInstance();
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain build() {
+        com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain result =
+            buildPartial();
+        if (!result.isInitialized()) {
+          throw newUninitializedMessageException(result);
+        }
+        return result;
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain buildPartial() {
+        com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain result =
+            new com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain(this);
+        int from_bitField0_ = bitField0_;
+        if (((bitField0_ & 0x00000001) != 0)) {
+          certificates_ = certificates_.getUnmodifiableView();
+          bitField0_ = (bitField0_ & ~0x00000001);
+        }
+        result.certificates_ = certificates_;
+        onBuilt();
+        return result;
+      }
+
+      @java.lang.Override
+      public Builder clone() {
+        return super.clone();
+      }
+
+      @java.lang.Override
+      public Builder setField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.setField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+        return super.clearField(field);
+      }
+
+      @java.lang.Override
+      public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+        return super.clearOneof(oneof);
+      }
+
+      @java.lang.Override
+      public Builder setRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field,
+          int index,
+          java.lang.Object value) {
+        return super.setRepeatedField(field, index, value);
+      }
+
+      @java.lang.Override
+      public Builder addRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.addRepeatedField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(com.google.protobuf.Message other) {
+        if (other
+            instanceof com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain) {
+          return mergeFrom(
+              (com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain) other);
+        } else {
+          super.mergeFrom(other);
+          return this;
+        }
+      }
+
+      public Builder mergeFrom(
+          com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain other) {
+        if (other
+            == com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain
+                .getDefaultInstance()) return this;
+        if (!other.certificates_.isEmpty()) {
+          if (certificates_.isEmpty()) {
+            certificates_ = other.certificates_;
+            bitField0_ = (bitField0_ & ~0x00000001);
+          } else {
+            ensureCertificatesIsMutable();
+            certificates_.addAll(other.certificates_);
+          }
+          onChanged();
+        }
+        this.mergeUnknownFields(other.unknownFields);
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final boolean isInitialized() {
+        return true;
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+        com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain parsedMessage = null;
+        try {
+          parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+        } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+          parsedMessage =
+              (com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain)
+                  e.getUnfinishedMessage();
+          throw e.unwrapIOException();
+        } finally {
+          if (parsedMessage != null) {
+            mergeFrom(parsedMessage);
+          }
+        }
+        return this;
+      }
+
+      private int bitField0_;
+
+      private com.google.protobuf.LazyStringList certificates_ =
+          com.google.protobuf.LazyStringArrayList.EMPTY;
+
+      private void ensureCertificatesIsMutable() {
+        if (!((bitField0_ & 0x00000001) != 0)) {
+          certificates_ = new com.google.protobuf.LazyStringArrayList(certificates_);
+          bitField0_ |= 0x00000001;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The certificates that form the CA chain, from leaf to root order.
+       * </pre>
+       *
+       * <code>repeated string certificates = 1;</code>
+       *
+       * @return A list containing the certificates.
+       */
+      public com.google.protobuf.ProtocolStringList getCertificatesList() {
+        return certificates_.getUnmodifiableView();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The certificates that form the CA chain, from leaf to root order.
+       * </pre>
+       *
+       * <code>repeated string certificates = 1;</code>
+       *
+       * @return The count of certificates.
+       */
+      public int getCertificatesCount() {
+        return certificates_.size();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The certificates that form the CA chain, from leaf to root order.
+       * </pre>
+       *
+       * <code>repeated string certificates = 1;</code>
+       *
+       * @param index The index of the element to return.
+       * @return The certificates at the given index.
+       */
+      public java.lang.String getCertificates(int index) {
+        return certificates_.get(index);
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The certificates that form the CA chain, from leaf to root order.
+       * </pre>
+       *
+       * <code>repeated string certificates = 1;</code>
+       *
+       * @param index The index of the value to return.
+       * @return The bytes of the certificates at the given index.
+       */
+      public com.google.protobuf.ByteString getCertificatesBytes(int index) {
+        return certificates_.getByteString(index);
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The certificates that form the CA chain, from leaf to root order.
+       * </pre>
+       *
+       * <code>repeated string certificates = 1;</code>
+       *
+       * @param index The index to set the value at.
+       * @param value The certificates to set.
+       * @return This builder for chaining.
+       */
+      public Builder setCertificates(int index, java.lang.String value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureCertificatesIsMutable();
+        certificates_.set(index, value);
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The certificates that form the CA chain, from leaf to root order.
+       * </pre>
+       *
+       * <code>repeated string certificates = 1;</code>
+       *
+       * @param value The certificates to add.
+       * @return This builder for chaining.
+       */
+      public Builder addCertificates(java.lang.String value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureCertificatesIsMutable();
+        certificates_.add(value);
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The certificates that form the CA chain, from leaf to root order.
+       * </pre>
+       *
+       * <code>repeated string certificates = 1;</code>
+       *
+       * @param values The certificates to add.
+       * @return This builder for chaining.
+       */
+      public Builder addAllCertificates(java.lang.Iterable<java.lang.String> values) {
+        ensureCertificatesIsMutable();
+        com.google.protobuf.AbstractMessageLite.Builder.addAll(values, certificates_);
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The certificates that form the CA chain, from leaf to root order.
+       * </pre>
+       *
+       * <code>repeated string certificates = 1;</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearCertificates() {
+        certificates_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+        bitField0_ = (bitField0_ & ~0x00000001);
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The certificates that form the CA chain, from leaf to root order.
+       * </pre>
+       *
+       * <code>repeated string certificates = 1;</code>
+       *
+       * @param value The bytes of the certificates to add.
+       * @return This builder for chaining.
+       */
+      public Builder addCertificatesBytes(com.google.protobuf.ByteString value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        checkByteStringIsUtf8(value);
+        ensureCertificatesIsMutable();
+        certificates_.add(value);
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final Builder setUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.setUnknownFields(unknownFields);
+      }
+
+      @java.lang.Override
+      public final Builder mergeUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.mergeUnknownFields(unknownFields);
+      }
+
+      // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain)
+    }
+
+    // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain)
+    private static final com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain
+        DEFAULT_INSTANCE;
+
+    static {
+      DEFAULT_INSTANCE =
+          new com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain();
+    }
+
+    public static com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain
+        getDefaultInstance() {
+      return DEFAULT_INSTANCE;
+    }
+
+    private static final com.google.protobuf.Parser<CertChain> PARSER =
+        new com.google.protobuf.AbstractParser<CertChain>() {
+          @java.lang.Override
+          public CertChain parsePartialFrom(
+              com.google.protobuf.CodedInputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+            return new CertChain(input, extensionRegistry);
+          }
+        };
+
+    public static com.google.protobuf.Parser<CertChain> parser() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Parser<CertChain> getParserForType() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain
+        getDefaultInstanceForType() {
+      return DEFAULT_INSTANCE;
+    }
+  }
+
+  public static final int CA_CERTS_FIELD_NUMBER = 1;
+  private java.util.List<com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain>
+      caCerts_;
+  /**
+   *
+   *
+   * <pre>
+   * The PEM encoded CA certificate chains of all
+   * [ACTIVE][CertificateAuthority.State.ACTIVE]
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain ca_certs = 1;
+   * </code>
+   */
+  @java.lang.Override
+  public java.util.List<com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain>
+      getCaCertsList() {
+    return caCerts_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The PEM encoded CA certificate chains of all
+   * [ACTIVE][CertificateAuthority.State.ACTIVE]
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain ca_certs = 1;
+   * </code>
+   */
+  @java.lang.Override
+  public java.util.List<
+          ? extends com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChainOrBuilder>
+      getCaCertsOrBuilderList() {
+    return caCerts_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The PEM encoded CA certificate chains of all
+   * [ACTIVE][CertificateAuthority.State.ACTIVE]
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain ca_certs = 1;
+   * </code>
+   */
+  @java.lang.Override
+  public int getCaCertsCount() {
+    return caCerts_.size();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The PEM encoded CA certificate chains of all
+   * [ACTIVE][CertificateAuthority.State.ACTIVE]
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain ca_certs = 1;
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain getCaCerts(
+      int index) {
+    return caCerts_.get(index);
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The PEM encoded CA certificate chains of all
+   * [ACTIVE][CertificateAuthority.State.ACTIVE]
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain ca_certs = 1;
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChainOrBuilder
+      getCaCertsOrBuilder(int index) {
+    return caCerts_.get(index);
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    for (int i = 0; i < caCerts_.size(); i++) {
+      output.writeMessage(1, caCerts_.get(i));
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    for (int i = 0; i < caCerts_.size(); i++) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(1, caCerts_.get(i));
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.security.privateca.v1.FetchCaCertsResponse)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.FetchCaCertsResponse other =
+        (com.google.cloud.security.privateca.v1.FetchCaCertsResponse) obj;
+
+    if (!getCaCertsList().equals(other.getCaCertsList())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    if (getCaCertsCount() > 0) {
+      hash = (37 * hash) + CA_CERTS_FIELD_NUMBER;
+      hash = (53 * hash) + getCaCertsList().hashCode();
+    }
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCaCertsResponse parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCaCertsResponse parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCaCertsResponse parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCaCertsResponse parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCaCertsResponse parseFrom(byte[] data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCaCertsResponse parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCaCertsResponse parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCaCertsResponse parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCaCertsResponse parseDelimitedFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCaCertsResponse parseDelimitedFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCaCertsResponse parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCaCertsResponse parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.FetchCaCertsResponse prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Response message for
+   * [CertificateAuthorityService.FetchCaCerts][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCaCerts].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.FetchCaCertsResponse}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.FetchCaCertsResponse)
+      com.google.cloud.security.privateca.v1.FetchCaCertsResponseOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_FetchCaCertsResponse_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_FetchCaCertsResponse_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.FetchCaCertsResponse.class,
+              com.google.cloud.security.privateca.v1.FetchCaCertsResponse.Builder.class);
+    }
+
+    // Construct using com.google.cloud.security.privateca.v1.FetchCaCertsResponse.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {
+        getCaCertsFieldBuilder();
+      }
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      if (caCertsBuilder_ == null) {
+        caCerts_ = java.util.Collections.emptyList();
+        bitField0_ = (bitField0_ & ~0x00000001);
+      } else {
+        caCertsBuilder_.clear();
+      }
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_FetchCaCertsResponse_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.FetchCaCertsResponse getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.FetchCaCertsResponse.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.FetchCaCertsResponse build() {
+      com.google.cloud.security.privateca.v1.FetchCaCertsResponse result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.FetchCaCertsResponse buildPartial() {
+      com.google.cloud.security.privateca.v1.FetchCaCertsResponse result =
+          new com.google.cloud.security.privateca.v1.FetchCaCertsResponse(this);
+      int from_bitField0_ = bitField0_;
+      if (caCertsBuilder_ == null) {
+        if (((bitField0_ & 0x00000001) != 0)) {
+          caCerts_ = java.util.Collections.unmodifiableList(caCerts_);
+          bitField0_ = (bitField0_ & ~0x00000001);
+        }
+        result.caCerts_ = caCerts_;
+      } else {
+        result.caCerts_ = caCertsBuilder_.build();
+      }
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.security.privateca.v1.FetchCaCertsResponse) {
+        return mergeFrom((com.google.cloud.security.privateca.v1.FetchCaCertsResponse) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(com.google.cloud.security.privateca.v1.FetchCaCertsResponse other) {
+      if (other == com.google.cloud.security.privateca.v1.FetchCaCertsResponse.getDefaultInstance())
+        return this;
+      if (caCertsBuilder_ == null) {
+        if (!other.caCerts_.isEmpty()) {
+          if (caCerts_.isEmpty()) {
+            caCerts_ = other.caCerts_;
+            bitField0_ = (bitField0_ & ~0x00000001);
+          } else {
+            ensureCaCertsIsMutable();
+            caCerts_.addAll(other.caCerts_);
+          }
+          onChanged();
+        }
+      } else {
+        if (!other.caCerts_.isEmpty()) {
+          if (caCertsBuilder_.isEmpty()) {
+            caCertsBuilder_.dispose();
+            caCertsBuilder_ = null;
+            caCerts_ = other.caCerts_;
+            bitField0_ = (bitField0_ & ~0x00000001);
+            caCertsBuilder_ =
+                com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders
+                    ? getCaCertsFieldBuilder()
+                    : null;
+          } else {
+            caCertsBuilder_.addAllMessages(other.caCerts_);
+          }
+        }
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.FetchCaCertsResponse parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.FetchCaCertsResponse) e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private int bitField0_;
+
+    private java.util.List<com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain>
+        caCerts_ = java.util.Collections.emptyList();
+
+    private void ensureCaCertsIsMutable() {
+      if (!((bitField0_ & 0x00000001) != 0)) {
+        caCerts_ =
+            new java.util.ArrayList<
+                com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain>(caCerts_);
+        bitField0_ |= 0x00000001;
+      }
+    }
+
+    private com.google.protobuf.RepeatedFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain,
+            com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain.Builder,
+            com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChainOrBuilder>
+        caCertsBuilder_;
+
+    /**
+     *
+     *
+     * <pre>
+     * The PEM encoded CA certificate chains of all
+     * [ACTIVE][CertificateAuthority.State.ACTIVE]
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain ca_certs = 1;
+     * </code>
+     */
+    public java.util.List<com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain>
+        getCaCertsList() {
+      if (caCertsBuilder_ == null) {
+        return java.util.Collections.unmodifiableList(caCerts_);
+      } else {
+        return caCertsBuilder_.getMessageList();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The PEM encoded CA certificate chains of all
+     * [ACTIVE][CertificateAuthority.State.ACTIVE]
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain ca_certs = 1;
+     * </code>
+     */
+    public int getCaCertsCount() {
+      if (caCertsBuilder_ == null) {
+        return caCerts_.size();
+      } else {
+        return caCertsBuilder_.getCount();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The PEM encoded CA certificate chains of all
+     * [ACTIVE][CertificateAuthority.State.ACTIVE]
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain ca_certs = 1;
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain getCaCerts(
+        int index) {
+      if (caCertsBuilder_ == null) {
+        return caCerts_.get(index);
+      } else {
+        return caCertsBuilder_.getMessage(index);
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The PEM encoded CA certificate chains of all
+     * [ACTIVE][CertificateAuthority.State.ACTIVE]
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain ca_certs = 1;
+     * </code>
+     */
+    public Builder setCaCerts(
+        int index, com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain value) {
+      if (caCertsBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureCaCertsIsMutable();
+        caCerts_.set(index, value);
+        onChanged();
+      } else {
+        caCertsBuilder_.setMessage(index, value);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The PEM encoded CA certificate chains of all
+     * [ACTIVE][CertificateAuthority.State.ACTIVE]
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain ca_certs = 1;
+     * </code>
+     */
+    public Builder setCaCerts(
+        int index,
+        com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain.Builder
+            builderForValue) {
+      if (caCertsBuilder_ == null) {
+        ensureCaCertsIsMutable();
+        caCerts_.set(index, builderForValue.build());
+        onChanged();
+      } else {
+        caCertsBuilder_.setMessage(index, builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The PEM encoded CA certificate chains of all
+     * [ACTIVE][CertificateAuthority.State.ACTIVE]
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain ca_certs = 1;
+     * </code>
+     */
+    public Builder addCaCerts(
+        com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain value) {
+      if (caCertsBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureCaCertsIsMutable();
+        caCerts_.add(value);
+        onChanged();
+      } else {
+        caCertsBuilder_.addMessage(value);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The PEM encoded CA certificate chains of all
+     * [ACTIVE][CertificateAuthority.State.ACTIVE]
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain ca_certs = 1;
+     * </code>
+     */
+    public Builder addCaCerts(
+        int index, com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain value) {
+      if (caCertsBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureCaCertsIsMutable();
+        caCerts_.add(index, value);
+        onChanged();
+      } else {
+        caCertsBuilder_.addMessage(index, value);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The PEM encoded CA certificate chains of all
+     * [ACTIVE][CertificateAuthority.State.ACTIVE]
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain ca_certs = 1;
+     * </code>
+     */
+    public Builder addCaCerts(
+        com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain.Builder
+            builderForValue) {
+      if (caCertsBuilder_ == null) {
+        ensureCaCertsIsMutable();
+        caCerts_.add(builderForValue.build());
+        onChanged();
+      } else {
+        caCertsBuilder_.addMessage(builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The PEM encoded CA certificate chains of all
+     * [ACTIVE][CertificateAuthority.State.ACTIVE]
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain ca_certs = 1;
+     * </code>
+     */
+    public Builder addCaCerts(
+        int index,
+        com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain.Builder
+            builderForValue) {
+      if (caCertsBuilder_ == null) {
+        ensureCaCertsIsMutable();
+        caCerts_.add(index, builderForValue.build());
+        onChanged();
+      } else {
+        caCertsBuilder_.addMessage(index, builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The PEM encoded CA certificate chains of all
+     * [ACTIVE][CertificateAuthority.State.ACTIVE]
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain ca_certs = 1;
+     * </code>
+     */
+    public Builder addAllCaCerts(
+        java.lang.Iterable<
+                ? extends com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain>
+            values) {
+      if (caCertsBuilder_ == null) {
+        ensureCaCertsIsMutable();
+        com.google.protobuf.AbstractMessageLite.Builder.addAll(values, caCerts_);
+        onChanged();
+      } else {
+        caCertsBuilder_.addAllMessages(values);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The PEM encoded CA certificate chains of all
+     * [ACTIVE][CertificateAuthority.State.ACTIVE]
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain ca_certs = 1;
+     * </code>
+     */
+    public Builder clearCaCerts() {
+      if (caCertsBuilder_ == null) {
+        caCerts_ = java.util.Collections.emptyList();
+        bitField0_ = (bitField0_ & ~0x00000001);
+        onChanged();
+      } else {
+        caCertsBuilder_.clear();
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The PEM encoded CA certificate chains of all
+     * [ACTIVE][CertificateAuthority.State.ACTIVE]
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain ca_certs = 1;
+     * </code>
+     */
+    public Builder removeCaCerts(int index) {
+      if (caCertsBuilder_ == null) {
+        ensureCaCertsIsMutable();
+        caCerts_.remove(index);
+        onChanged();
+      } else {
+        caCertsBuilder_.remove(index);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The PEM encoded CA certificate chains of all
+     * [ACTIVE][CertificateAuthority.State.ACTIVE]
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain ca_certs = 1;
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain.Builder
+        getCaCertsBuilder(int index) {
+      return getCaCertsFieldBuilder().getBuilder(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The PEM encoded CA certificate chains of all
+     * [ACTIVE][CertificateAuthority.State.ACTIVE]
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain ca_certs = 1;
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChainOrBuilder
+        getCaCertsOrBuilder(int index) {
+      if (caCertsBuilder_ == null) {
+        return caCerts_.get(index);
+      } else {
+        return caCertsBuilder_.getMessageOrBuilder(index);
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The PEM encoded CA certificate chains of all
+     * [ACTIVE][CertificateAuthority.State.ACTIVE]
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain ca_certs = 1;
+     * </code>
+     */
+    public java.util.List<
+            ? extends
+                com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChainOrBuilder>
+        getCaCertsOrBuilderList() {
+      if (caCertsBuilder_ != null) {
+        return caCertsBuilder_.getMessageOrBuilderList();
+      } else {
+        return java.util.Collections.unmodifiableList(caCerts_);
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The PEM encoded CA certificate chains of all
+     * [ACTIVE][CertificateAuthority.State.ACTIVE]
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain ca_certs = 1;
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain.Builder
+        addCaCertsBuilder() {
+      return getCaCertsFieldBuilder()
+          .addBuilder(
+              com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain
+                  .getDefaultInstance());
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The PEM encoded CA certificate chains of all
+     * [ACTIVE][CertificateAuthority.State.ACTIVE]
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain ca_certs = 1;
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain.Builder
+        addCaCertsBuilder(int index) {
+      return getCaCertsFieldBuilder()
+          .addBuilder(
+              index,
+              com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain
+                  .getDefaultInstance());
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The PEM encoded CA certificate chains of all
+     * [ACTIVE][CertificateAuthority.State.ACTIVE]
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain ca_certs = 1;
+     * </code>
+     */
+    public java.util.List<
+            com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain.Builder>
+        getCaCertsBuilderList() {
+      return getCaCertsFieldBuilder().getBuilderList();
+    }
+
+    private com.google.protobuf.RepeatedFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain,
+            com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain.Builder,
+            com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChainOrBuilder>
+        getCaCertsFieldBuilder() {
+      if (caCertsBuilder_ == null) {
+        caCertsBuilder_ =
+            new com.google.protobuf.RepeatedFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain,
+                com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain.Builder,
+                com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChainOrBuilder>(
+                caCerts_, ((bitField0_ & 0x00000001) != 0), getParentForChildren(), isClean());
+        caCerts_ = null;
+      }
+      return caCertsBuilder_;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.FetchCaCertsResponse)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.FetchCaCertsResponse)
+  private static final com.google.cloud.security.privateca.v1.FetchCaCertsResponse DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.FetchCaCertsResponse();
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCaCertsResponse getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<FetchCaCertsResponse> PARSER =
+      new com.google.protobuf.AbstractParser<FetchCaCertsResponse>() {
+        @java.lang.Override
+        public FetchCaCertsResponse parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new FetchCaCertsResponse(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<FetchCaCertsResponse> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<FetchCaCertsResponse> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.FetchCaCertsResponse getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCaCertsResponseOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCaCertsResponseOrBuilder.java
new file mode 100644
index 00000000..4a08352b
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCaCertsResponseOrBuilder.java
@@ -0,0 +1,100 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface FetchCaCertsResponseOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.FetchCaCertsResponse)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * The PEM encoded CA certificate chains of all
+   * [ACTIVE][CertificateAuthority.State.ACTIVE]
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain ca_certs = 1;
+   * </code>
+   */
+  java.util.List<com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain>
+      getCaCertsList();
+  /**
+   *
+   *
+   * <pre>
+   * The PEM encoded CA certificate chains of all
+   * [ACTIVE][CertificateAuthority.State.ACTIVE]
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain ca_certs = 1;
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain getCaCerts(int index);
+  /**
+   *
+   *
+   * <pre>
+   * The PEM encoded CA certificate chains of all
+   * [ACTIVE][CertificateAuthority.State.ACTIVE]
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain ca_certs = 1;
+   * </code>
+   */
+  int getCaCertsCount();
+  /**
+   *
+   *
+   * <pre>
+   * The PEM encoded CA certificate chains of all
+   * [ACTIVE][CertificateAuthority.State.ACTIVE]
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain ca_certs = 1;
+   * </code>
+   */
+  java.util.List<
+          ? extends com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChainOrBuilder>
+      getCaCertsOrBuilderList();
+  /**
+   *
+   *
+   * <pre>
+   * The PEM encoded CA certificate chains of all
+   * [ACTIVE][CertificateAuthority.State.ACTIVE]
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChain ca_certs = 1;
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.FetchCaCertsResponse.CertChainOrBuilder
+      getCaCertsOrBuilder(int index);
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCertificateAuthorityCsrRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCertificateAuthorityCsrRequest.java
new file mode 100644
index 00000000..952c7e1b
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCertificateAuthorityCsrRequest.java
@@ -0,0 +1,693 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Request message for
+ * [CertificateAuthorityService.FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr].
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest}
+ */
+public final class FetchCertificateAuthorityCsrRequest
+    extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest)
+    FetchCertificateAuthorityCsrRequestOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use FetchCertificateAuthorityCsrRequest.newBuilder() to construct.
+  private FetchCertificateAuthorityCsrRequest(
+      com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private FetchCertificateAuthorityCsrRequest() {
+    name_ = "";
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new FetchCertificateAuthorityCsrRequest();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private FetchCertificateAuthorityCsrRequest(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              name_ = s;
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_FetchCertificateAuthorityCsrRequest_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_FetchCertificateAuthorityCsrRequest_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest.class,
+            com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest.Builder
+                .class);
+  }
+
+  public static final int NAME_FIELD_NUMBER = 1;
+  private volatile java.lang.Object name_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The name.
+   */
+  @java.lang.Override
+  public java.lang.String getName() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      name_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for name.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getNameBytes() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      name_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!getNameBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, name_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!getNameBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, name_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj
+        instanceof com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest other =
+        (com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest) obj;
+
+    if (!getName().equals(other.getName())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + NAME_FIELD_NUMBER;
+    hash = (53 * hash) + getName().hashCode();
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest
+      parseFrom(java.nio.ByteBuffer data)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest
+      parseFrom(
+          java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest
+      parseFrom(com.google.protobuf.ByteString data)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest
+      parseFrom(
+          com.google.protobuf.ByteString data,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest
+      parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest
+      parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest
+      parseFrom(java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest
+      parseFrom(
+          java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest
+      parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest
+      parseDelimitedFrom(
+          java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest
+      parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest
+      parseFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Request message for
+   * [CertificateAuthorityService.FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest)
+      com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequestOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_FetchCertificateAuthorityCsrRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_FetchCertificateAuthorityCsrRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest.class,
+              com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest.Builder
+                  .class);
+    }
+
+    // Construct using
+    // com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      name_ = "";
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_FetchCertificateAuthorityCsrRequest_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest
+        getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest
+          .getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest build() {
+      com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest result =
+          buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest
+        buildPartial() {
+      com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest result =
+          new com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest(this);
+      result.name_ = name_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other
+          instanceof com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest) {
+        return mergeFrom(
+            (com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(
+        com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest other) {
+      if (other
+          == com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest
+              .getDefaultInstance()) return this;
+      if (!other.getName().isEmpty()) {
+        name_ = other.name_;
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest parsedMessage =
+          null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest)
+                e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private java.lang.Object name_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The name.
+     */
+    public java.lang.String getName() {
+      java.lang.Object ref = name_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        name_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for name.
+     */
+    public com.google.protobuf.ByteString getNameBytes() {
+      java.lang.Object ref = name_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        name_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The name to set.
+     * @return This builder for chaining.
+     */
+    public Builder setName(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearName() {
+
+      name_ = getDefaultInstance().getName();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The bytes for name to set.
+     * @return This builder for chaining.
+     */
+    public Builder setNameBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest)
+  private static final com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest
+      DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE =
+        new com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest();
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest
+      getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<FetchCertificateAuthorityCsrRequest> PARSER =
+      new com.google.protobuf.AbstractParser<FetchCertificateAuthorityCsrRequest>() {
+        @java.lang.Override
+        public FetchCertificateAuthorityCsrRequest parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new FetchCertificateAuthorityCsrRequest(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<FetchCertificateAuthorityCsrRequest> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<FetchCertificateAuthorityCsrRequest> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest
+      getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCertificateAuthorityCsrRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCertificateAuthorityCsrRequestOrBuilder.java
new file mode 100644
index 00000000..feb2578d
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCertificateAuthorityCsrRequestOrBuilder.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface FetchCertificateAuthorityCsrRequestOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrRequest)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The name.
+   */
+  java.lang.String getName();
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for name.
+   */
+  com.google.protobuf.ByteString getNameBytes();
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCertificateAuthorityCsrResponse.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCertificateAuthorityCsrResponse.java
new file mode 100644
index 00000000..84b05b2d
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCertificateAuthorityCsrResponse.java
@@ -0,0 +1,665 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Response message for
+ * [CertificateAuthorityService.FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr].
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse}
+ */
+public final class FetchCertificateAuthorityCsrResponse
+    extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse)
+    FetchCertificateAuthorityCsrResponseOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use FetchCertificateAuthorityCsrResponse.newBuilder() to construct.
+  private FetchCertificateAuthorityCsrResponse(
+      com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private FetchCertificateAuthorityCsrResponse() {
+    pemCsr_ = "";
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new FetchCertificateAuthorityCsrResponse();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private FetchCertificateAuthorityCsrResponse(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              pemCsr_ = s;
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_FetchCertificateAuthorityCsrResponse_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_FetchCertificateAuthorityCsrResponse_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse.class,
+            com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse.Builder
+                .class);
+  }
+
+  public static final int PEM_CSR_FIELD_NUMBER = 1;
+  private volatile java.lang.Object pemCsr_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The PEM-encoded signed certificate signing request (CSR).
+   * </pre>
+   *
+   * <code>string pem_csr = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The pemCsr.
+   */
+  @java.lang.Override
+  public java.lang.String getPemCsr() {
+    java.lang.Object ref = pemCsr_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      pemCsr_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The PEM-encoded signed certificate signing request (CSR).
+   * </pre>
+   *
+   * <code>string pem_csr = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The bytes for pemCsr.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getPemCsrBytes() {
+    java.lang.Object ref = pemCsr_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      pemCsr_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!getPemCsrBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, pemCsr_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!getPemCsrBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, pemCsr_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj
+        instanceof com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse other =
+        (com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse) obj;
+
+    if (!getPemCsr().equals(other.getPemCsr())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + PEM_CSR_FIELD_NUMBER;
+    hash = (53 * hash) + getPemCsr().hashCode();
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse
+      parseFrom(java.nio.ByteBuffer data)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse
+      parseFrom(
+          java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse
+      parseFrom(com.google.protobuf.ByteString data)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse
+      parseFrom(
+          com.google.protobuf.ByteString data,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse
+      parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse
+      parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse
+      parseFrom(java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse
+      parseFrom(
+          java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse
+      parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse
+      parseDelimitedFrom(
+          java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse
+      parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse
+      parseFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Response message for
+   * [CertificateAuthorityService.FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse)
+      com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponseOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_FetchCertificateAuthorityCsrResponse_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_FetchCertificateAuthorityCsrResponse_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse.class,
+              com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse.Builder
+                  .class);
+    }
+
+    // Construct using
+    // com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      pemCsr_ = "";
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_FetchCertificateAuthorityCsrResponse_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse
+        getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse
+          .getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse build() {
+      com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse result =
+          buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse
+        buildPartial() {
+      com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse result =
+          new com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse(this);
+      result.pemCsr_ = pemCsr_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other
+          instanceof com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse) {
+        return mergeFrom(
+            (com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(
+        com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse other) {
+      if (other
+          == com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse
+              .getDefaultInstance()) return this;
+      if (!other.getPemCsr().isEmpty()) {
+        pemCsr_ = other.pemCsr_;
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse parsedMessage =
+          null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse)
+                e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private java.lang.Object pemCsr_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The PEM-encoded signed certificate signing request (CSR).
+     * </pre>
+     *
+     * <code>string pem_csr = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return The pemCsr.
+     */
+    public java.lang.String getPemCsr() {
+      java.lang.Object ref = pemCsr_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        pemCsr_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The PEM-encoded signed certificate signing request (CSR).
+     * </pre>
+     *
+     * <code>string pem_csr = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return The bytes for pemCsr.
+     */
+    public com.google.protobuf.ByteString getPemCsrBytes() {
+      java.lang.Object ref = pemCsr_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        pemCsr_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The PEM-encoded signed certificate signing request (CSR).
+     * </pre>
+     *
+     * <code>string pem_csr = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @param value The pemCsr to set.
+     * @return This builder for chaining.
+     */
+    public Builder setPemCsr(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      pemCsr_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The PEM-encoded signed certificate signing request (CSR).
+     * </pre>
+     *
+     * <code>string pem_csr = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearPemCsr() {
+
+      pemCsr_ = getDefaultInstance().getPemCsr();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The PEM-encoded signed certificate signing request (CSR).
+     * </pre>
+     *
+     * <code>string pem_csr = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @param value The bytes for pemCsr to set.
+     * @return This builder for chaining.
+     */
+    public Builder setPemCsrBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      pemCsr_ = value;
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse)
+  private static final com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse
+      DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE =
+        new com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse();
+  }
+
+  public static com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse
+      getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<FetchCertificateAuthorityCsrResponse> PARSER =
+      new com.google.protobuf.AbstractParser<FetchCertificateAuthorityCsrResponse>() {
+        @java.lang.Override
+        public FetchCertificateAuthorityCsrResponse parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new FetchCertificateAuthorityCsrResponse(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<FetchCertificateAuthorityCsrResponse> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<FetchCertificateAuthorityCsrResponse> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse
+      getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCertificateAuthorityCsrResponseOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCertificateAuthorityCsrResponseOrBuilder.java
new file mode 100644
index 00000000..fc17d310
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/FetchCertificateAuthorityCsrResponseOrBuilder.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface FetchCertificateAuthorityCsrResponseOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The PEM-encoded signed certificate signing request (CSR).
+   * </pre>
+   *
+   * <code>string pem_csr = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The pemCsr.
+   */
+  java.lang.String getPemCsr();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The PEM-encoded signed certificate signing request (CSR).
+   * </pre>
+   *
+   * <code>string pem_csr = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The bytes for pemCsr.
+   */
+  com.google.protobuf.ByteString getPemCsrBytes();
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCaPoolRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCaPoolRequest.java
new file mode 100644
index 00000000..6b76ab67
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCaPoolRequest.java
@@ -0,0 +1,660 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Request message for
+ * [CertificateAuthorityService.GetCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCaPool].
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.GetCaPoolRequest}
+ */
+public final class GetCaPoolRequest extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.GetCaPoolRequest)
+    GetCaPoolRequestOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use GetCaPoolRequest.newBuilder() to construct.
+  private GetCaPoolRequest(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private GetCaPoolRequest() {
+    name_ = "";
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new GetCaPoolRequest();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private GetCaPoolRequest(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              name_ = s;
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_GetCaPoolRequest_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_GetCaPoolRequest_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.GetCaPoolRequest.class,
+            com.google.cloud.security.privateca.v1.GetCaPoolRequest.Builder.class);
+  }
+
+  public static final int NAME_FIELD_NUMBER = 1;
+  private volatile java.lang.Object name_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the
+   * [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The name.
+   */
+  @java.lang.Override
+  public java.lang.String getName() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      name_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the
+   * [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for name.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getNameBytes() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      name_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!getNameBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, name_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!getNameBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, name_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.security.privateca.v1.GetCaPoolRequest)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.GetCaPoolRequest other =
+        (com.google.cloud.security.privateca.v1.GetCaPoolRequest) obj;
+
+    if (!getName().equals(other.getName())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + NAME_FIELD_NUMBER;
+    hash = (53 * hash) + getName().hashCode();
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCaPoolRequest parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCaPoolRequest parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCaPoolRequest parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCaPoolRequest parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCaPoolRequest parseFrom(byte[] data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCaPoolRequest parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCaPoolRequest parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCaPoolRequest parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCaPoolRequest parseDelimitedFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCaPoolRequest parseDelimitedFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCaPoolRequest parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCaPoolRequest parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.GetCaPoolRequest prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Request message for
+   * [CertificateAuthorityService.GetCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCaPool].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.GetCaPoolRequest}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.GetCaPoolRequest)
+      com.google.cloud.security.privateca.v1.GetCaPoolRequestOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_GetCaPoolRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_GetCaPoolRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.GetCaPoolRequest.class,
+              com.google.cloud.security.privateca.v1.GetCaPoolRequest.Builder.class);
+    }
+
+    // Construct using com.google.cloud.security.privateca.v1.GetCaPoolRequest.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      name_ = "";
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_GetCaPoolRequest_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.GetCaPoolRequest getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.GetCaPoolRequest.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.GetCaPoolRequest build() {
+      com.google.cloud.security.privateca.v1.GetCaPoolRequest result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.GetCaPoolRequest buildPartial() {
+      com.google.cloud.security.privateca.v1.GetCaPoolRequest result =
+          new com.google.cloud.security.privateca.v1.GetCaPoolRequest(this);
+      result.name_ = name_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.security.privateca.v1.GetCaPoolRequest) {
+        return mergeFrom((com.google.cloud.security.privateca.v1.GetCaPoolRequest) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(com.google.cloud.security.privateca.v1.GetCaPoolRequest other) {
+      if (other == com.google.cloud.security.privateca.v1.GetCaPoolRequest.getDefaultInstance())
+        return this;
+      if (!other.getName().isEmpty()) {
+        name_ = other.name_;
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.GetCaPoolRequest parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.GetCaPoolRequest) e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private java.lang.Object name_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The name.
+     */
+    public java.lang.String getName() {
+      java.lang.Object ref = name_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        name_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for name.
+     */
+    public com.google.protobuf.ByteString getNameBytes() {
+      java.lang.Object ref = name_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        name_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The name to set.
+     * @return This builder for chaining.
+     */
+    public Builder setName(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearName() {
+
+      name_ = getDefaultInstance().getName();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The bytes for name to set.
+     * @return This builder for chaining.
+     */
+    public Builder setNameBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.GetCaPoolRequest)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.GetCaPoolRequest)
+  private static final com.google.cloud.security.privateca.v1.GetCaPoolRequest DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.GetCaPoolRequest();
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCaPoolRequest getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<GetCaPoolRequest> PARSER =
+      new com.google.protobuf.AbstractParser<GetCaPoolRequest>() {
+        @java.lang.Override
+        public GetCaPoolRequest parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new GetCaPoolRequest(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<GetCaPoolRequest> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<GetCaPoolRequest> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.GetCaPoolRequest getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCaPoolRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCaPoolRequestOrBuilder.java
new file mode 100644
index 00000000..c0fa79d7
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCaPoolRequestOrBuilder.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface GetCaPoolRequestOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.GetCaPoolRequest)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the
+   * [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The name.
+   */
+  java.lang.String getName();
+  /**
+   *
+   *
+   * <pre>
+   * Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the
+   * [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for name.
+   */
+  com.google.protobuf.ByteString getNameBytes();
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateAuthorityRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateAuthorityRequest.java
new file mode 100644
index 00000000..bbadb47d
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateAuthorityRequest.java
@@ -0,0 +1,686 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Request message for
+ * [CertificateAuthorityService.GetCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateAuthority].
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.GetCertificateAuthorityRequest}
+ */
+public final class GetCertificateAuthorityRequest extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.GetCertificateAuthorityRequest)
+    GetCertificateAuthorityRequestOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use GetCertificateAuthorityRequest.newBuilder() to construct.
+  private GetCertificateAuthorityRequest(
+      com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private GetCertificateAuthorityRequest() {
+    name_ = "";
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new GetCertificateAuthorityRequest();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private GetCertificateAuthorityRequest(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              name_ = s;
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_GetCertificateAuthorityRequest_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_GetCertificateAuthorityRequest_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest.class,
+            com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest.Builder.class);
+  }
+
+  public static final int NAME_FIELD_NUMBER = 1;
+  private volatile java.lang.Object name_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. The
+   * [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * to get.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The name.
+   */
+  @java.lang.Override
+  public java.lang.String getName() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      name_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. The
+   * [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * to get.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for name.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getNameBytes() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      name_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!getNameBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, name_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!getNameBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, name_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest other =
+        (com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest) obj;
+
+    if (!getName().equals(other.getName())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + NAME_FIELD_NUMBER;
+    hash = (53 * hash) + getName().hashCode();
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest parseFrom(
+      byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest
+      parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest
+      parseDelimitedFrom(
+          java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Request message for
+   * [CertificateAuthorityService.GetCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateAuthority].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.GetCertificateAuthorityRequest}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.GetCertificateAuthorityRequest)
+      com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequestOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_GetCertificateAuthorityRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_GetCertificateAuthorityRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest.class,
+              com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest.Builder.class);
+    }
+
+    // Construct using
+    // com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      name_ = "";
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_GetCertificateAuthorityRequest_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest
+        getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest
+          .getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest build() {
+      com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest buildPartial() {
+      com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest result =
+          new com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest(this);
+      result.name_ = name_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest) {
+        return mergeFrom(
+            (com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(
+        com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest other) {
+      if (other
+          == com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest
+              .getDefaultInstance()) return this;
+      if (!other.getName().isEmpty()) {
+        name_ = other.name_;
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest)
+                e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private java.lang.Object name_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Required. The
+     * [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * to get.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The name.
+     */
+    public java.lang.String getName() {
+      java.lang.Object ref = name_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        name_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The
+     * [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * to get.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for name.
+     */
+    public com.google.protobuf.ByteString getNameBytes() {
+      java.lang.Object ref = name_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        name_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The
+     * [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * to get.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The name to set.
+     * @return This builder for chaining.
+     */
+    public Builder setName(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The
+     * [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * to get.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearName() {
+
+      name_ = getDefaultInstance().getName();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The
+     * [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * to get.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The bytes for name to set.
+     * @return This builder for chaining.
+     */
+    public Builder setNameBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.GetCertificateAuthorityRequest)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.GetCertificateAuthorityRequest)
+  private static final com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest
+      DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest();
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest
+      getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<GetCertificateAuthorityRequest> PARSER =
+      new com.google.protobuf.AbstractParser<GetCertificateAuthorityRequest>() {
+        @java.lang.Override
+        public GetCertificateAuthorityRequest parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new GetCertificateAuthorityRequest(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<GetCertificateAuthorityRequest> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<GetCertificateAuthorityRequest> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.GetCertificateAuthorityRequest
+      getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateAuthorityRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateAuthorityRequestOrBuilder.java
new file mode 100644
index 00000000..f3c91dec
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateAuthorityRequestOrBuilder.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface GetCertificateAuthorityRequestOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.GetCertificateAuthorityRequest)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. The
+   * [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * to get.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The name.
+   */
+  java.lang.String getName();
+  /**
+   *
+   *
+   * <pre>
+   * Required. The
+   * [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * to get.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for name.
+   */
+  com.google.protobuf.ByteString getNameBytes();
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateRequest.java
new file mode 100644
index 00000000..f0f52e05
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateRequest.java
@@ -0,0 +1,670 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Request message for
+ * [CertificateAuthorityService.GetCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificate].
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.GetCertificateRequest}
+ */
+public final class GetCertificateRequest extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.GetCertificateRequest)
+    GetCertificateRequestOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use GetCertificateRequest.newBuilder() to construct.
+  private GetCertificateRequest(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private GetCertificateRequest() {
+    name_ = "";
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new GetCertificateRequest();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private GetCertificateRequest(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              name_ = s;
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_GetCertificateRequest_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_GetCertificateRequest_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.GetCertificateRequest.class,
+            com.google.cloud.security.privateca.v1.GetCertificateRequest.Builder.class);
+  }
+
+  public static final int NAME_FIELD_NUMBER = 1;
+  private volatile java.lang.Object name_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. The [name][google.cloud.security.privateca.v1.Certificate.name]
+   * of the [Certificate][google.cloud.security.privateca.v1.Certificate] to
+   * get.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The name.
+   */
+  @java.lang.Override
+  public java.lang.String getName() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      name_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. The [name][google.cloud.security.privateca.v1.Certificate.name]
+   * of the [Certificate][google.cloud.security.privateca.v1.Certificate] to
+   * get.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for name.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getNameBytes() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      name_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!getNameBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, name_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!getNameBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, name_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.security.privateca.v1.GetCertificateRequest)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.GetCertificateRequest other =
+        (com.google.cloud.security.privateca.v1.GetCertificateRequest) obj;
+
+    if (!getName().equals(other.getName())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + NAME_FIELD_NUMBER;
+    hash = (53 * hash) + getName().hashCode();
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateRequest parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateRequest parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateRequest parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateRequest parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateRequest parseFrom(byte[] data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateRequest parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateRequest parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateRequest parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateRequest parseDelimitedFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateRequest parseDelimitedFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateRequest parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateRequest parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.GetCertificateRequest prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Request message for
+   * [CertificateAuthorityService.GetCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificate].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.GetCertificateRequest}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.GetCertificateRequest)
+      com.google.cloud.security.privateca.v1.GetCertificateRequestOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_GetCertificateRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_GetCertificateRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.GetCertificateRequest.class,
+              com.google.cloud.security.privateca.v1.GetCertificateRequest.Builder.class);
+    }
+
+    // Construct using com.google.cloud.security.privateca.v1.GetCertificateRequest.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      name_ = "";
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_GetCertificateRequest_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.GetCertificateRequest
+        getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.GetCertificateRequest.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.GetCertificateRequest build() {
+      com.google.cloud.security.privateca.v1.GetCertificateRequest result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.GetCertificateRequest buildPartial() {
+      com.google.cloud.security.privateca.v1.GetCertificateRequest result =
+          new com.google.cloud.security.privateca.v1.GetCertificateRequest(this);
+      result.name_ = name_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.security.privateca.v1.GetCertificateRequest) {
+        return mergeFrom((com.google.cloud.security.privateca.v1.GetCertificateRequest) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(com.google.cloud.security.privateca.v1.GetCertificateRequest other) {
+      if (other
+          == com.google.cloud.security.privateca.v1.GetCertificateRequest.getDefaultInstance())
+        return this;
+      if (!other.getName().isEmpty()) {
+        name_ = other.name_;
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.GetCertificateRequest parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.GetCertificateRequest) e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private java.lang.Object name_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Required. The [name][google.cloud.security.privateca.v1.Certificate.name]
+     * of the [Certificate][google.cloud.security.privateca.v1.Certificate] to
+     * get.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The name.
+     */
+    public java.lang.String getName() {
+      java.lang.Object ref = name_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        name_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The [name][google.cloud.security.privateca.v1.Certificate.name]
+     * of the [Certificate][google.cloud.security.privateca.v1.Certificate] to
+     * get.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for name.
+     */
+    public com.google.protobuf.ByteString getNameBytes() {
+      java.lang.Object ref = name_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        name_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The [name][google.cloud.security.privateca.v1.Certificate.name]
+     * of the [Certificate][google.cloud.security.privateca.v1.Certificate] to
+     * get.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The name to set.
+     * @return This builder for chaining.
+     */
+    public Builder setName(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The [name][google.cloud.security.privateca.v1.Certificate.name]
+     * of the [Certificate][google.cloud.security.privateca.v1.Certificate] to
+     * get.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearName() {
+
+      name_ = getDefaultInstance().getName();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The [name][google.cloud.security.privateca.v1.Certificate.name]
+     * of the [Certificate][google.cloud.security.privateca.v1.Certificate] to
+     * get.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The bytes for name to set.
+     * @return This builder for chaining.
+     */
+    public Builder setNameBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.GetCertificateRequest)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.GetCertificateRequest)
+  private static final com.google.cloud.security.privateca.v1.GetCertificateRequest
+      DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.GetCertificateRequest();
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateRequest getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<GetCertificateRequest> PARSER =
+      new com.google.protobuf.AbstractParser<GetCertificateRequest>() {
+        @java.lang.Override
+        public GetCertificateRequest parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new GetCertificateRequest(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<GetCertificateRequest> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<GetCertificateRequest> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.GetCertificateRequest getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateRequestOrBuilder.java
new file mode 100644
index 00000000..60e00320
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateRequestOrBuilder.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface GetCertificateRequestOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.GetCertificateRequest)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. The [name][google.cloud.security.privateca.v1.Certificate.name]
+   * of the [Certificate][google.cloud.security.privateca.v1.Certificate] to
+   * get.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The name.
+   */
+  java.lang.String getName();
+  /**
+   *
+   *
+   * <pre>
+   * Required. The [name][google.cloud.security.privateca.v1.Certificate.name]
+   * of the [Certificate][google.cloud.security.privateca.v1.Certificate] to
+   * get.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for name.
+   */
+  com.google.protobuf.ByteString getNameBytes();
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateRevocationListRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateRevocationListRequest.java
new file mode 100644
index 00000000..ce53bf33
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateRevocationListRequest.java
@@ -0,0 +1,707 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Request message for
+ * [CertificateAuthorityService.GetCertificateRevocationList][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateRevocationList].
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.GetCertificateRevocationListRequest}
+ */
+public final class GetCertificateRevocationListRequest
+    extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.GetCertificateRevocationListRequest)
+    GetCertificateRevocationListRequestOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use GetCertificateRevocationListRequest.newBuilder() to construct.
+  private GetCertificateRevocationListRequest(
+      com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private GetCertificateRevocationListRequest() {
+    name_ = "";
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new GetCertificateRevocationListRequest();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private GetCertificateRevocationListRequest(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              name_ = s;
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_GetCertificateRevocationListRequest_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_GetCertificateRevocationListRequest_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest.class,
+            com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest.Builder
+                .class);
+  }
+
+  public static final int NAME_FIELD_NUMBER = 1;
+  private volatile java.lang.Object name_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. The
+   * [name][google.cloud.security.privateca.v1.CertificateRevocationList.name]
+   * of the
+   * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+   * to get.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The name.
+   */
+  @java.lang.Override
+  public java.lang.String getName() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      name_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. The
+   * [name][google.cloud.security.privateca.v1.CertificateRevocationList.name]
+   * of the
+   * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+   * to get.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for name.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getNameBytes() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      name_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!getNameBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, name_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!getNameBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, name_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj
+        instanceof com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest other =
+        (com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest) obj;
+
+    if (!getName().equals(other.getName())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + NAME_FIELD_NUMBER;
+    hash = (53 * hash) + getName().hashCode();
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest
+      parseFrom(java.nio.ByteBuffer data)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest
+      parseFrom(
+          java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest
+      parseFrom(com.google.protobuf.ByteString data)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest
+      parseFrom(
+          com.google.protobuf.ByteString data,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest
+      parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest
+      parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest
+      parseFrom(java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest
+      parseFrom(
+          java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest
+      parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest
+      parseDelimitedFrom(
+          java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest
+      parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest
+      parseFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Request message for
+   * [CertificateAuthorityService.GetCertificateRevocationList][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateRevocationList].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.GetCertificateRevocationListRequest}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.GetCertificateRevocationListRequest)
+      com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequestOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_GetCertificateRevocationListRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_GetCertificateRevocationListRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest.class,
+              com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest.Builder
+                  .class);
+    }
+
+    // Construct using
+    // com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      name_ = "";
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_GetCertificateRevocationListRequest_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest
+        getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest
+          .getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest build() {
+      com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest result =
+          buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest
+        buildPartial() {
+      com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest result =
+          new com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest(this);
+      result.name_ = name_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other
+          instanceof com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest) {
+        return mergeFrom(
+            (com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(
+        com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest other) {
+      if (other
+          == com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest
+              .getDefaultInstance()) return this;
+      if (!other.getName().isEmpty()) {
+        name_ = other.name_;
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest parsedMessage =
+          null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest)
+                e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private java.lang.Object name_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Required. The
+     * [name][google.cloud.security.privateca.v1.CertificateRevocationList.name]
+     * of the
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * to get.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The name.
+     */
+    public java.lang.String getName() {
+      java.lang.Object ref = name_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        name_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The
+     * [name][google.cloud.security.privateca.v1.CertificateRevocationList.name]
+     * of the
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * to get.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for name.
+     */
+    public com.google.protobuf.ByteString getNameBytes() {
+      java.lang.Object ref = name_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        name_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The
+     * [name][google.cloud.security.privateca.v1.CertificateRevocationList.name]
+     * of the
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * to get.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The name to set.
+     * @return This builder for chaining.
+     */
+    public Builder setName(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The
+     * [name][google.cloud.security.privateca.v1.CertificateRevocationList.name]
+     * of the
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * to get.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearName() {
+
+      name_ = getDefaultInstance().getName();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The
+     * [name][google.cloud.security.privateca.v1.CertificateRevocationList.name]
+     * of the
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * to get.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The bytes for name to set.
+     * @return This builder for chaining.
+     */
+    public Builder setNameBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.GetCertificateRevocationListRequest)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.GetCertificateRevocationListRequest)
+  private static final com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest
+      DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE =
+        new com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest();
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest
+      getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<GetCertificateRevocationListRequest> PARSER =
+      new com.google.protobuf.AbstractParser<GetCertificateRevocationListRequest>() {
+        @java.lang.Override
+        public GetCertificateRevocationListRequest parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new GetCertificateRevocationListRequest(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<GetCertificateRevocationListRequest> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<GetCertificateRevocationListRequest> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.GetCertificateRevocationListRequest
+      getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateRevocationListRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateRevocationListRequestOrBuilder.java
new file mode 100644
index 00000000..e900a451
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateRevocationListRequestOrBuilder.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface GetCertificateRevocationListRequestOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.GetCertificateRevocationListRequest)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. The
+   * [name][google.cloud.security.privateca.v1.CertificateRevocationList.name]
+   * of the
+   * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+   * to get.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The name.
+   */
+  java.lang.String getName();
+  /**
+   *
+   *
+   * <pre>
+   * Required. The
+   * [name][google.cloud.security.privateca.v1.CertificateRevocationList.name]
+   * of the
+   * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+   * to get.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for name.
+   */
+  com.google.protobuf.ByteString getNameBytes();
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateTemplateRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateTemplateRequest.java
new file mode 100644
index 00000000..4288c1d5
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateTemplateRequest.java
@@ -0,0 +1,685 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Request message for
+ * [CertificateAuthorityService.GetCertificateTemplate][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateTemplate].
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.GetCertificateTemplateRequest}
+ */
+public final class GetCertificateTemplateRequest extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.GetCertificateTemplateRequest)
+    GetCertificateTemplateRequestOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use GetCertificateTemplateRequest.newBuilder() to construct.
+  private GetCertificateTemplateRequest(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private GetCertificateTemplateRequest() {
+    name_ = "";
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new GetCertificateTemplateRequest();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private GetCertificateTemplateRequest(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              name_ = s;
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_GetCertificateTemplateRequest_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_GetCertificateTemplateRequest_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest.class,
+            com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest.Builder.class);
+  }
+
+  public static final int NAME_FIELD_NUMBER = 1;
+  private volatile java.lang.Object name_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. The
+   * [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the
+   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+   * to get.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The name.
+   */
+  @java.lang.Override
+  public java.lang.String getName() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      name_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. The
+   * [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the
+   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+   * to get.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for name.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getNameBytes() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      name_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!getNameBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, name_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!getNameBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, name_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest other =
+        (com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest) obj;
+
+    if (!getName().equals(other.getName())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + NAME_FIELD_NUMBER;
+    hash = (53 * hash) + getName().hashCode();
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest parseFrom(
+      byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest
+      parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest
+      parseDelimitedFrom(
+          java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Request message for
+   * [CertificateAuthorityService.GetCertificateTemplate][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateTemplate].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.GetCertificateTemplateRequest}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.GetCertificateTemplateRequest)
+      com.google.cloud.security.privateca.v1.GetCertificateTemplateRequestOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_GetCertificateTemplateRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_GetCertificateTemplateRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest.class,
+              com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest.Builder.class);
+    }
+
+    // Construct using
+    // com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      name_ = "";
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_GetCertificateTemplateRequest_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest
+        getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest
+          .getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest build() {
+      com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest buildPartial() {
+      com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest result =
+          new com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest(this);
+      result.name_ = name_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest) {
+        return mergeFrom(
+            (com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(
+        com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest other) {
+      if (other
+          == com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest
+              .getDefaultInstance()) return this;
+      if (!other.getName().isEmpty()) {
+        name_ = other.name_;
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest)
+                e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private java.lang.Object name_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Required. The
+     * [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * to get.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The name.
+     */
+    public java.lang.String getName() {
+      java.lang.Object ref = name_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        name_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The
+     * [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * to get.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for name.
+     */
+    public com.google.protobuf.ByteString getNameBytes() {
+      java.lang.Object ref = name_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        name_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The
+     * [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * to get.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The name to set.
+     * @return This builder for chaining.
+     */
+    public Builder setName(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The
+     * [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * to get.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearName() {
+
+      name_ = getDefaultInstance().getName();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The
+     * [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * to get.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The bytes for name to set.
+     * @return This builder for chaining.
+     */
+    public Builder setNameBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.GetCertificateTemplateRequest)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.GetCertificateTemplateRequest)
+  private static final com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest
+      DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest();
+  }
+
+  public static com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest
+      getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<GetCertificateTemplateRequest> PARSER =
+      new com.google.protobuf.AbstractParser<GetCertificateTemplateRequest>() {
+        @java.lang.Override
+        public GetCertificateTemplateRequest parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new GetCertificateTemplateRequest(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<GetCertificateTemplateRequest> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<GetCertificateTemplateRequest> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.GetCertificateTemplateRequest
+      getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateTemplateRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateTemplateRequestOrBuilder.java
new file mode 100644
index 00000000..c3d7f178
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/GetCertificateTemplateRequestOrBuilder.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface GetCertificateTemplateRequestOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.GetCertificateTemplateRequest)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. The
+   * [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the
+   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+   * to get.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The name.
+   */
+  java.lang.String getName();
+  /**
+   *
+   *
+   * <pre>
+   * Required. The
+   * [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the
+   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+   * to get.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for name.
+   */
+  com.google.protobuf.ByteString getNameBytes();
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/KeyUsage.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/KeyUsage.java
new file mode 100644
index 00000000..3d57dcc1
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/KeyUsage.java
@@ -0,0 +1,4130 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/resources.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * A [KeyUsage][google.cloud.security.privateca.v1.KeyUsage] describes key usage values that may appear in an X.509
+ * certificate.
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.KeyUsage}
+ */
+public final class KeyUsage extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.KeyUsage)
+    KeyUsageOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use KeyUsage.newBuilder() to construct.
+  private KeyUsage(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private KeyUsage() {
+    unknownExtendedKeyUsages_ = java.util.Collections.emptyList();
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new KeyUsage();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private KeyUsage(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    int mutable_bitField0_ = 0;
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions.Builder subBuilder =
+                  null;
+              if (baseKeyUsage_ != null) {
+                subBuilder = baseKeyUsage_.toBuilder();
+              }
+              baseKeyUsage_ =
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions.parser(),
+                      extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(baseKeyUsage_);
+                baseKeyUsage_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 18:
+            {
+              com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions.Builder
+                  subBuilder = null;
+              if (extendedKeyUsage_ != null) {
+                subBuilder = extendedKeyUsage_.toBuilder();
+              }
+              extendedKeyUsage_ =
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions
+                          .parser(),
+                      extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(extendedKeyUsage_);
+                extendedKeyUsage_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 26:
+            {
+              if (!((mutable_bitField0_ & 0x00000001) != 0)) {
+                unknownExtendedKeyUsages_ =
+                    new java.util.ArrayList<com.google.cloud.security.privateca.v1.ObjectId>();
+                mutable_bitField0_ |= 0x00000001;
+              }
+              unknownExtendedKeyUsages_.add(
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.ObjectId.parser(), extensionRegistry));
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      if (((mutable_bitField0_ & 0x00000001) != 0)) {
+        unknownExtendedKeyUsages_ =
+            java.util.Collections.unmodifiableList(unknownExtendedKeyUsages_);
+      }
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+        .internal_static_google_cloud_security_privateca_v1_KeyUsage_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+        .internal_static_google_cloud_security_privateca_v1_KeyUsage_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.KeyUsage.class,
+            com.google.cloud.security.privateca.v1.KeyUsage.Builder.class);
+  }
+
+  public interface KeyUsageOptionsOrBuilder
+      extends
+      // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions)
+      com.google.protobuf.MessageOrBuilder {
+
+    /**
+     *
+     *
+     * <pre>
+     * The key may be used for digital signatures.
+     * </pre>
+     *
+     * <code>bool digital_signature = 1;</code>
+     *
+     * @return The digitalSignature.
+     */
+    boolean getDigitalSignature();
+
+    /**
+     *
+     *
+     * <pre>
+     * The key may be used for cryptographic commitments. Note that this may
+     * also be referred to as "non-repudiation".
+     * </pre>
+     *
+     * <code>bool content_commitment = 2;</code>
+     *
+     * @return The contentCommitment.
+     */
+    boolean getContentCommitment();
+
+    /**
+     *
+     *
+     * <pre>
+     * The key may be used to encipher other keys.
+     * </pre>
+     *
+     * <code>bool key_encipherment = 3;</code>
+     *
+     * @return The keyEncipherment.
+     */
+    boolean getKeyEncipherment();
+
+    /**
+     *
+     *
+     * <pre>
+     * The key may be used to encipher data.
+     * </pre>
+     *
+     * <code>bool data_encipherment = 4;</code>
+     *
+     * @return The dataEncipherment.
+     */
+    boolean getDataEncipherment();
+
+    /**
+     *
+     *
+     * <pre>
+     * The key may be used in a key agreement protocol.
+     * </pre>
+     *
+     * <code>bool key_agreement = 5;</code>
+     *
+     * @return The keyAgreement.
+     */
+    boolean getKeyAgreement();
+
+    /**
+     *
+     *
+     * <pre>
+     * The key may be used to sign certificates.
+     * </pre>
+     *
+     * <code>bool cert_sign = 6;</code>
+     *
+     * @return The certSign.
+     */
+    boolean getCertSign();
+
+    /**
+     *
+     *
+     * <pre>
+     * The key may be used sign certificate revocation lists.
+     * </pre>
+     *
+     * <code>bool crl_sign = 7;</code>
+     *
+     * @return The crlSign.
+     */
+    boolean getCrlSign();
+
+    /**
+     *
+     *
+     * <pre>
+     * The key may be used to encipher only.
+     * </pre>
+     *
+     * <code>bool encipher_only = 8;</code>
+     *
+     * @return The encipherOnly.
+     */
+    boolean getEncipherOnly();
+
+    /**
+     *
+     *
+     * <pre>
+     * The key may be used to decipher only.
+     * </pre>
+     *
+     * <code>bool decipher_only = 9;</code>
+     *
+     * @return The decipherOnly.
+     */
+    boolean getDecipherOnly();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * [KeyUsage.KeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions] corresponds to the key usage values
+   * described in https://tools.ietf.org/html/rfc5280#section-4.2.1.3.
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions}
+   */
+  public static final class KeyUsageOptions extends com.google.protobuf.GeneratedMessageV3
+      implements
+      // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions)
+      KeyUsageOptionsOrBuilder {
+    private static final long serialVersionUID = 0L;
+    // Use KeyUsageOptions.newBuilder() to construct.
+    private KeyUsageOptions(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+      super(builder);
+    }
+
+    private KeyUsageOptions() {}
+
+    @java.lang.Override
+    @SuppressWarnings({"unused"})
+    protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+      return new KeyUsageOptions();
+    }
+
+    @java.lang.Override
+    public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+      return this.unknownFields;
+    }
+
+    private KeyUsageOptions(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      this();
+      if (extensionRegistry == null) {
+        throw new java.lang.NullPointerException();
+      }
+      com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+          com.google.protobuf.UnknownFieldSet.newBuilder();
+      try {
+        boolean done = false;
+        while (!done) {
+          int tag = input.readTag();
+          switch (tag) {
+            case 0:
+              done = true;
+              break;
+            case 8:
+              {
+                digitalSignature_ = input.readBool();
+                break;
+              }
+            case 16:
+              {
+                contentCommitment_ = input.readBool();
+                break;
+              }
+            case 24:
+              {
+                keyEncipherment_ = input.readBool();
+                break;
+              }
+            case 32:
+              {
+                dataEncipherment_ = input.readBool();
+                break;
+              }
+            case 40:
+              {
+                keyAgreement_ = input.readBool();
+                break;
+              }
+            case 48:
+              {
+                certSign_ = input.readBool();
+                break;
+              }
+            case 56:
+              {
+                crlSign_ = input.readBool();
+                break;
+              }
+            case 64:
+              {
+                encipherOnly_ = input.readBool();
+                break;
+              }
+            case 72:
+              {
+                decipherOnly_ = input.readBool();
+                break;
+              }
+            default:
+              {
+                if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                  done = true;
+                }
+                break;
+              }
+          }
+        }
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        throw e.setUnfinishedMessage(this);
+      } catch (java.io.IOException e) {
+        throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+      } finally {
+        this.unknownFields = unknownFields.build();
+        makeExtensionsImmutable();
+      }
+    }
+
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_KeyUsage_KeyUsageOptions_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_KeyUsage_KeyUsageOptions_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions.class,
+              com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions.Builder.class);
+    }
+
+    public static final int DIGITAL_SIGNATURE_FIELD_NUMBER = 1;
+    private boolean digitalSignature_;
+    /**
+     *
+     *
+     * <pre>
+     * The key may be used for digital signatures.
+     * </pre>
+     *
+     * <code>bool digital_signature = 1;</code>
+     *
+     * @return The digitalSignature.
+     */
+    @java.lang.Override
+    public boolean getDigitalSignature() {
+      return digitalSignature_;
+    }
+
+    public static final int CONTENT_COMMITMENT_FIELD_NUMBER = 2;
+    private boolean contentCommitment_;
+    /**
+     *
+     *
+     * <pre>
+     * The key may be used for cryptographic commitments. Note that this may
+     * also be referred to as "non-repudiation".
+     * </pre>
+     *
+     * <code>bool content_commitment = 2;</code>
+     *
+     * @return The contentCommitment.
+     */
+    @java.lang.Override
+    public boolean getContentCommitment() {
+      return contentCommitment_;
+    }
+
+    public static final int KEY_ENCIPHERMENT_FIELD_NUMBER = 3;
+    private boolean keyEncipherment_;
+    /**
+     *
+     *
+     * <pre>
+     * The key may be used to encipher other keys.
+     * </pre>
+     *
+     * <code>bool key_encipherment = 3;</code>
+     *
+     * @return The keyEncipherment.
+     */
+    @java.lang.Override
+    public boolean getKeyEncipherment() {
+      return keyEncipherment_;
+    }
+
+    public static final int DATA_ENCIPHERMENT_FIELD_NUMBER = 4;
+    private boolean dataEncipherment_;
+    /**
+     *
+     *
+     * <pre>
+     * The key may be used to encipher data.
+     * </pre>
+     *
+     * <code>bool data_encipherment = 4;</code>
+     *
+     * @return The dataEncipherment.
+     */
+    @java.lang.Override
+    public boolean getDataEncipherment() {
+      return dataEncipherment_;
+    }
+
+    public static final int KEY_AGREEMENT_FIELD_NUMBER = 5;
+    private boolean keyAgreement_;
+    /**
+     *
+     *
+     * <pre>
+     * The key may be used in a key agreement protocol.
+     * </pre>
+     *
+     * <code>bool key_agreement = 5;</code>
+     *
+     * @return The keyAgreement.
+     */
+    @java.lang.Override
+    public boolean getKeyAgreement() {
+      return keyAgreement_;
+    }
+
+    public static final int CERT_SIGN_FIELD_NUMBER = 6;
+    private boolean certSign_;
+    /**
+     *
+     *
+     * <pre>
+     * The key may be used to sign certificates.
+     * </pre>
+     *
+     * <code>bool cert_sign = 6;</code>
+     *
+     * @return The certSign.
+     */
+    @java.lang.Override
+    public boolean getCertSign() {
+      return certSign_;
+    }
+
+    public static final int CRL_SIGN_FIELD_NUMBER = 7;
+    private boolean crlSign_;
+    /**
+     *
+     *
+     * <pre>
+     * The key may be used sign certificate revocation lists.
+     * </pre>
+     *
+     * <code>bool crl_sign = 7;</code>
+     *
+     * @return The crlSign.
+     */
+    @java.lang.Override
+    public boolean getCrlSign() {
+      return crlSign_;
+    }
+
+    public static final int ENCIPHER_ONLY_FIELD_NUMBER = 8;
+    private boolean encipherOnly_;
+    /**
+     *
+     *
+     * <pre>
+     * The key may be used to encipher only.
+     * </pre>
+     *
+     * <code>bool encipher_only = 8;</code>
+     *
+     * @return The encipherOnly.
+     */
+    @java.lang.Override
+    public boolean getEncipherOnly() {
+      return encipherOnly_;
+    }
+
+    public static final int DECIPHER_ONLY_FIELD_NUMBER = 9;
+    private boolean decipherOnly_;
+    /**
+     *
+     *
+     * <pre>
+     * The key may be used to decipher only.
+     * </pre>
+     *
+     * <code>bool decipher_only = 9;</code>
+     *
+     * @return The decipherOnly.
+     */
+    @java.lang.Override
+    public boolean getDecipherOnly() {
+      return decipherOnly_;
+    }
+
+    private byte memoizedIsInitialized = -1;
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      byte isInitialized = memoizedIsInitialized;
+      if (isInitialized == 1) return true;
+      if (isInitialized == 0) return false;
+
+      memoizedIsInitialized = 1;
+      return true;
+    }
+
+    @java.lang.Override
+    public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+      if (digitalSignature_ != false) {
+        output.writeBool(1, digitalSignature_);
+      }
+      if (contentCommitment_ != false) {
+        output.writeBool(2, contentCommitment_);
+      }
+      if (keyEncipherment_ != false) {
+        output.writeBool(3, keyEncipherment_);
+      }
+      if (dataEncipherment_ != false) {
+        output.writeBool(4, dataEncipherment_);
+      }
+      if (keyAgreement_ != false) {
+        output.writeBool(5, keyAgreement_);
+      }
+      if (certSign_ != false) {
+        output.writeBool(6, certSign_);
+      }
+      if (crlSign_ != false) {
+        output.writeBool(7, crlSign_);
+      }
+      if (encipherOnly_ != false) {
+        output.writeBool(8, encipherOnly_);
+      }
+      if (decipherOnly_ != false) {
+        output.writeBool(9, decipherOnly_);
+      }
+      unknownFields.writeTo(output);
+    }
+
+    @java.lang.Override
+    public int getSerializedSize() {
+      int size = memoizedSize;
+      if (size != -1) return size;
+
+      size = 0;
+      if (digitalSignature_ != false) {
+        size += com.google.protobuf.CodedOutputStream.computeBoolSize(1, digitalSignature_);
+      }
+      if (contentCommitment_ != false) {
+        size += com.google.protobuf.CodedOutputStream.computeBoolSize(2, contentCommitment_);
+      }
+      if (keyEncipherment_ != false) {
+        size += com.google.protobuf.CodedOutputStream.computeBoolSize(3, keyEncipherment_);
+      }
+      if (dataEncipherment_ != false) {
+        size += com.google.protobuf.CodedOutputStream.computeBoolSize(4, dataEncipherment_);
+      }
+      if (keyAgreement_ != false) {
+        size += com.google.protobuf.CodedOutputStream.computeBoolSize(5, keyAgreement_);
+      }
+      if (certSign_ != false) {
+        size += com.google.protobuf.CodedOutputStream.computeBoolSize(6, certSign_);
+      }
+      if (crlSign_ != false) {
+        size += com.google.protobuf.CodedOutputStream.computeBoolSize(7, crlSign_);
+      }
+      if (encipherOnly_ != false) {
+        size += com.google.protobuf.CodedOutputStream.computeBoolSize(8, encipherOnly_);
+      }
+      if (decipherOnly_ != false) {
+        size += com.google.protobuf.CodedOutputStream.computeBoolSize(9, decipherOnly_);
+      }
+      size += unknownFields.getSerializedSize();
+      memoizedSize = size;
+      return size;
+    }
+
+    @java.lang.Override
+    public boolean equals(final java.lang.Object obj) {
+      if (obj == this) {
+        return true;
+      }
+      if (!(obj instanceof com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions)) {
+        return super.equals(obj);
+      }
+      com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions other =
+          (com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions) obj;
+
+      if (getDigitalSignature() != other.getDigitalSignature()) return false;
+      if (getContentCommitment() != other.getContentCommitment()) return false;
+      if (getKeyEncipherment() != other.getKeyEncipherment()) return false;
+      if (getDataEncipherment() != other.getDataEncipherment()) return false;
+      if (getKeyAgreement() != other.getKeyAgreement()) return false;
+      if (getCertSign() != other.getCertSign()) return false;
+      if (getCrlSign() != other.getCrlSign()) return false;
+      if (getEncipherOnly() != other.getEncipherOnly()) return false;
+      if (getDecipherOnly() != other.getDecipherOnly()) return false;
+      if (!unknownFields.equals(other.unknownFields)) return false;
+      return true;
+    }
+
+    @java.lang.Override
+    public int hashCode() {
+      if (memoizedHashCode != 0) {
+        return memoizedHashCode;
+      }
+      int hash = 41;
+      hash = (19 * hash) + getDescriptor().hashCode();
+      hash = (37 * hash) + DIGITAL_SIGNATURE_FIELD_NUMBER;
+      hash = (53 * hash) + com.google.protobuf.Internal.hashBoolean(getDigitalSignature());
+      hash = (37 * hash) + CONTENT_COMMITMENT_FIELD_NUMBER;
+      hash = (53 * hash) + com.google.protobuf.Internal.hashBoolean(getContentCommitment());
+      hash = (37 * hash) + KEY_ENCIPHERMENT_FIELD_NUMBER;
+      hash = (53 * hash) + com.google.protobuf.Internal.hashBoolean(getKeyEncipherment());
+      hash = (37 * hash) + DATA_ENCIPHERMENT_FIELD_NUMBER;
+      hash = (53 * hash) + com.google.protobuf.Internal.hashBoolean(getDataEncipherment());
+      hash = (37 * hash) + KEY_AGREEMENT_FIELD_NUMBER;
+      hash = (53 * hash) + com.google.protobuf.Internal.hashBoolean(getKeyAgreement());
+      hash = (37 * hash) + CERT_SIGN_FIELD_NUMBER;
+      hash = (53 * hash) + com.google.protobuf.Internal.hashBoolean(getCertSign());
+      hash = (37 * hash) + CRL_SIGN_FIELD_NUMBER;
+      hash = (53 * hash) + com.google.protobuf.Internal.hashBoolean(getCrlSign());
+      hash = (37 * hash) + ENCIPHER_ONLY_FIELD_NUMBER;
+      hash = (53 * hash) + com.google.protobuf.Internal.hashBoolean(getEncipherOnly());
+      hash = (37 * hash) + DECIPHER_ONLY_FIELD_NUMBER;
+      hash = (53 * hash) + com.google.protobuf.Internal.hashBoolean(getDecipherOnly());
+      hash = (29 * hash) + unknownFields.hashCode();
+      memoizedHashCode = hash;
+      return hash;
+    }
+
+    public static com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions parseFrom(
+        java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions parseFrom(
+        java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions parseFrom(
+        com.google.protobuf.ByteString data)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions parseFrom(
+        com.google.protobuf.ByteString data,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions parseFrom(
+        byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions parseFrom(
+        byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions parseFrom(
+        java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions parseFrom(
+        java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions
+        parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions
+        parseDelimitedFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions parseFrom(
+        com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions parseFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    @java.lang.Override
+    public Builder newBuilderForType() {
+      return newBuilder();
+    }
+
+    public static Builder newBuilder() {
+      return DEFAULT_INSTANCE.toBuilder();
+    }
+
+    public static Builder newBuilder(
+        com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions prototype) {
+      return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+    }
+
+    @java.lang.Override
+    public Builder toBuilder() {
+      return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+    }
+
+    @java.lang.Override
+    protected Builder newBuilderForType(
+        com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      Builder builder = new Builder(parent);
+      return builder;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * [KeyUsage.KeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions] corresponds to the key usage values
+     * described in https://tools.ietf.org/html/rfc5280#section-4.2.1.3.
+     * </pre>
+     *
+     * Protobuf type {@code google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions}
+     */
+    public static final class Builder
+        extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+        implements
+        // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions)
+        com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptionsOrBuilder {
+      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_KeyUsage_KeyUsageOptions_descriptor;
+      }
+
+      @java.lang.Override
+      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+          internalGetFieldAccessorTable() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_KeyUsage_KeyUsageOptions_fieldAccessorTable
+            .ensureFieldAccessorsInitialized(
+                com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions.class,
+                com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions.Builder.class);
+      }
+
+      // Construct using
+      // com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions.newBuilder()
+      private Builder() {
+        maybeForceBuilderInitialization();
+      }
+
+      private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+        super(parent);
+        maybeForceBuilderInitialization();
+      }
+
+      private void maybeForceBuilderInitialization() {
+        if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+      }
+
+      @java.lang.Override
+      public Builder clear() {
+        super.clear();
+        digitalSignature_ = false;
+
+        contentCommitment_ = false;
+
+        keyEncipherment_ = false;
+
+        dataEncipherment_ = false;
+
+        keyAgreement_ = false;
+
+        certSign_ = false;
+
+        crlSign_ = false;
+
+        encipherOnly_ = false;
+
+        decipherOnly_ = false;
+
+        return this;
+      }
+
+      @java.lang.Override
+      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_KeyUsage_KeyUsageOptions_descriptor;
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions
+          getDefaultInstanceForType() {
+        return com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions.getDefaultInstance();
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions build() {
+        com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions result = buildPartial();
+        if (!result.isInitialized()) {
+          throw newUninitializedMessageException(result);
+        }
+        return result;
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions buildPartial() {
+        com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions result =
+            new com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions(this);
+        result.digitalSignature_ = digitalSignature_;
+        result.contentCommitment_ = contentCommitment_;
+        result.keyEncipherment_ = keyEncipherment_;
+        result.dataEncipherment_ = dataEncipherment_;
+        result.keyAgreement_ = keyAgreement_;
+        result.certSign_ = certSign_;
+        result.crlSign_ = crlSign_;
+        result.encipherOnly_ = encipherOnly_;
+        result.decipherOnly_ = decipherOnly_;
+        onBuilt();
+        return result;
+      }
+
+      @java.lang.Override
+      public Builder clone() {
+        return super.clone();
+      }
+
+      @java.lang.Override
+      public Builder setField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.setField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+        return super.clearField(field);
+      }
+
+      @java.lang.Override
+      public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+        return super.clearOneof(oneof);
+      }
+
+      @java.lang.Override
+      public Builder setRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field,
+          int index,
+          java.lang.Object value) {
+        return super.setRepeatedField(field, index, value);
+      }
+
+      @java.lang.Override
+      public Builder addRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.addRepeatedField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(com.google.protobuf.Message other) {
+        if (other instanceof com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions) {
+          return mergeFrom((com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions) other);
+        } else {
+          super.mergeFrom(other);
+          return this;
+        }
+      }
+
+      public Builder mergeFrom(
+          com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions other) {
+        if (other
+            == com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions.getDefaultInstance())
+          return this;
+        if (other.getDigitalSignature() != false) {
+          setDigitalSignature(other.getDigitalSignature());
+        }
+        if (other.getContentCommitment() != false) {
+          setContentCommitment(other.getContentCommitment());
+        }
+        if (other.getKeyEncipherment() != false) {
+          setKeyEncipherment(other.getKeyEncipherment());
+        }
+        if (other.getDataEncipherment() != false) {
+          setDataEncipherment(other.getDataEncipherment());
+        }
+        if (other.getKeyAgreement() != false) {
+          setKeyAgreement(other.getKeyAgreement());
+        }
+        if (other.getCertSign() != false) {
+          setCertSign(other.getCertSign());
+        }
+        if (other.getCrlSign() != false) {
+          setCrlSign(other.getCrlSign());
+        }
+        if (other.getEncipherOnly() != false) {
+          setEncipherOnly(other.getEncipherOnly());
+        }
+        if (other.getDecipherOnly() != false) {
+          setDecipherOnly(other.getDecipherOnly());
+        }
+        this.mergeUnknownFields(other.unknownFields);
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final boolean isInitialized() {
+        return true;
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+        com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions parsedMessage = null;
+        try {
+          parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+        } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+          parsedMessage =
+              (com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions)
+                  e.getUnfinishedMessage();
+          throw e.unwrapIOException();
+        } finally {
+          if (parsedMessage != null) {
+            mergeFrom(parsedMessage);
+          }
+        }
+        return this;
+      }
+
+      private boolean digitalSignature_;
+      /**
+       *
+       *
+       * <pre>
+       * The key may be used for digital signatures.
+       * </pre>
+       *
+       * <code>bool digital_signature = 1;</code>
+       *
+       * @return The digitalSignature.
+       */
+      @java.lang.Override
+      public boolean getDigitalSignature() {
+        return digitalSignature_;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The key may be used for digital signatures.
+       * </pre>
+       *
+       * <code>bool digital_signature = 1;</code>
+       *
+       * @param value The digitalSignature to set.
+       * @return This builder for chaining.
+       */
+      public Builder setDigitalSignature(boolean value) {
+
+        digitalSignature_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The key may be used for digital signatures.
+       * </pre>
+       *
+       * <code>bool digital_signature = 1;</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearDigitalSignature() {
+
+        digitalSignature_ = false;
+        onChanged();
+        return this;
+      }
+
+      private boolean contentCommitment_;
+      /**
+       *
+       *
+       * <pre>
+       * The key may be used for cryptographic commitments. Note that this may
+       * also be referred to as "non-repudiation".
+       * </pre>
+       *
+       * <code>bool content_commitment = 2;</code>
+       *
+       * @return The contentCommitment.
+       */
+      @java.lang.Override
+      public boolean getContentCommitment() {
+        return contentCommitment_;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The key may be used for cryptographic commitments. Note that this may
+       * also be referred to as "non-repudiation".
+       * </pre>
+       *
+       * <code>bool content_commitment = 2;</code>
+       *
+       * @param value The contentCommitment to set.
+       * @return This builder for chaining.
+       */
+      public Builder setContentCommitment(boolean value) {
+
+        contentCommitment_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The key may be used for cryptographic commitments. Note that this may
+       * also be referred to as "non-repudiation".
+       * </pre>
+       *
+       * <code>bool content_commitment = 2;</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearContentCommitment() {
+
+        contentCommitment_ = false;
+        onChanged();
+        return this;
+      }
+
+      private boolean keyEncipherment_;
+      /**
+       *
+       *
+       * <pre>
+       * The key may be used to encipher other keys.
+       * </pre>
+       *
+       * <code>bool key_encipherment = 3;</code>
+       *
+       * @return The keyEncipherment.
+       */
+      @java.lang.Override
+      public boolean getKeyEncipherment() {
+        return keyEncipherment_;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The key may be used to encipher other keys.
+       * </pre>
+       *
+       * <code>bool key_encipherment = 3;</code>
+       *
+       * @param value The keyEncipherment to set.
+       * @return This builder for chaining.
+       */
+      public Builder setKeyEncipherment(boolean value) {
+
+        keyEncipherment_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The key may be used to encipher other keys.
+       * </pre>
+       *
+       * <code>bool key_encipherment = 3;</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearKeyEncipherment() {
+
+        keyEncipherment_ = false;
+        onChanged();
+        return this;
+      }
+
+      private boolean dataEncipherment_;
+      /**
+       *
+       *
+       * <pre>
+       * The key may be used to encipher data.
+       * </pre>
+       *
+       * <code>bool data_encipherment = 4;</code>
+       *
+       * @return The dataEncipherment.
+       */
+      @java.lang.Override
+      public boolean getDataEncipherment() {
+        return dataEncipherment_;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The key may be used to encipher data.
+       * </pre>
+       *
+       * <code>bool data_encipherment = 4;</code>
+       *
+       * @param value The dataEncipherment to set.
+       * @return This builder for chaining.
+       */
+      public Builder setDataEncipherment(boolean value) {
+
+        dataEncipherment_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The key may be used to encipher data.
+       * </pre>
+       *
+       * <code>bool data_encipherment = 4;</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearDataEncipherment() {
+
+        dataEncipherment_ = false;
+        onChanged();
+        return this;
+      }
+
+      private boolean keyAgreement_;
+      /**
+       *
+       *
+       * <pre>
+       * The key may be used in a key agreement protocol.
+       * </pre>
+       *
+       * <code>bool key_agreement = 5;</code>
+       *
+       * @return The keyAgreement.
+       */
+      @java.lang.Override
+      public boolean getKeyAgreement() {
+        return keyAgreement_;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The key may be used in a key agreement protocol.
+       * </pre>
+       *
+       * <code>bool key_agreement = 5;</code>
+       *
+       * @param value The keyAgreement to set.
+       * @return This builder for chaining.
+       */
+      public Builder setKeyAgreement(boolean value) {
+
+        keyAgreement_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The key may be used in a key agreement protocol.
+       * </pre>
+       *
+       * <code>bool key_agreement = 5;</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearKeyAgreement() {
+
+        keyAgreement_ = false;
+        onChanged();
+        return this;
+      }
+
+      private boolean certSign_;
+      /**
+       *
+       *
+       * <pre>
+       * The key may be used to sign certificates.
+       * </pre>
+       *
+       * <code>bool cert_sign = 6;</code>
+       *
+       * @return The certSign.
+       */
+      @java.lang.Override
+      public boolean getCertSign() {
+        return certSign_;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The key may be used to sign certificates.
+       * </pre>
+       *
+       * <code>bool cert_sign = 6;</code>
+       *
+       * @param value The certSign to set.
+       * @return This builder for chaining.
+       */
+      public Builder setCertSign(boolean value) {
+
+        certSign_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The key may be used to sign certificates.
+       * </pre>
+       *
+       * <code>bool cert_sign = 6;</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearCertSign() {
+
+        certSign_ = false;
+        onChanged();
+        return this;
+      }
+
+      private boolean crlSign_;
+      /**
+       *
+       *
+       * <pre>
+       * The key may be used sign certificate revocation lists.
+       * </pre>
+       *
+       * <code>bool crl_sign = 7;</code>
+       *
+       * @return The crlSign.
+       */
+      @java.lang.Override
+      public boolean getCrlSign() {
+        return crlSign_;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The key may be used sign certificate revocation lists.
+       * </pre>
+       *
+       * <code>bool crl_sign = 7;</code>
+       *
+       * @param value The crlSign to set.
+       * @return This builder for chaining.
+       */
+      public Builder setCrlSign(boolean value) {
+
+        crlSign_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The key may be used sign certificate revocation lists.
+       * </pre>
+       *
+       * <code>bool crl_sign = 7;</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearCrlSign() {
+
+        crlSign_ = false;
+        onChanged();
+        return this;
+      }
+
+      private boolean encipherOnly_;
+      /**
+       *
+       *
+       * <pre>
+       * The key may be used to encipher only.
+       * </pre>
+       *
+       * <code>bool encipher_only = 8;</code>
+       *
+       * @return The encipherOnly.
+       */
+      @java.lang.Override
+      public boolean getEncipherOnly() {
+        return encipherOnly_;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The key may be used to encipher only.
+       * </pre>
+       *
+       * <code>bool encipher_only = 8;</code>
+       *
+       * @param value The encipherOnly to set.
+       * @return This builder for chaining.
+       */
+      public Builder setEncipherOnly(boolean value) {
+
+        encipherOnly_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The key may be used to encipher only.
+       * </pre>
+       *
+       * <code>bool encipher_only = 8;</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearEncipherOnly() {
+
+        encipherOnly_ = false;
+        onChanged();
+        return this;
+      }
+
+      private boolean decipherOnly_;
+      /**
+       *
+       *
+       * <pre>
+       * The key may be used to decipher only.
+       * </pre>
+       *
+       * <code>bool decipher_only = 9;</code>
+       *
+       * @return The decipherOnly.
+       */
+      @java.lang.Override
+      public boolean getDecipherOnly() {
+        return decipherOnly_;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The key may be used to decipher only.
+       * </pre>
+       *
+       * <code>bool decipher_only = 9;</code>
+       *
+       * @param value The decipherOnly to set.
+       * @return This builder for chaining.
+       */
+      public Builder setDecipherOnly(boolean value) {
+
+        decipherOnly_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * The key may be used to decipher only.
+       * </pre>
+       *
+       * <code>bool decipher_only = 9;</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearDecipherOnly() {
+
+        decipherOnly_ = false;
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final Builder setUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.setUnknownFields(unknownFields);
+      }
+
+      @java.lang.Override
+      public final Builder mergeUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.mergeUnknownFields(unknownFields);
+      }
+
+      // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions)
+    }
+
+    // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions)
+    private static final com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions
+        DEFAULT_INSTANCE;
+
+    static {
+      DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions();
+    }
+
+    public static com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions
+        getDefaultInstance() {
+      return DEFAULT_INSTANCE;
+    }
+
+    private static final com.google.protobuf.Parser<KeyUsageOptions> PARSER =
+        new com.google.protobuf.AbstractParser<KeyUsageOptions>() {
+          @java.lang.Override
+          public KeyUsageOptions parsePartialFrom(
+              com.google.protobuf.CodedInputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+            return new KeyUsageOptions(input, extensionRegistry);
+          }
+        };
+
+    public static com.google.protobuf.Parser<KeyUsageOptions> parser() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Parser<KeyUsageOptions> getParserForType() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions
+        getDefaultInstanceForType() {
+      return DEFAULT_INSTANCE;
+    }
+  }
+
+  public interface ExtendedKeyUsageOptionsOrBuilder
+      extends
+      // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions)
+      com.google.protobuf.MessageOrBuilder {
+
+    /**
+     *
+     *
+     * <pre>
+     * Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW
+     * server authentication", though regularly used for non-WWW TLS.
+     * </pre>
+     *
+     * <code>bool server_auth = 1;</code>
+     *
+     * @return The serverAuth.
+     */
+    boolean getServerAuth();
+
+    /**
+     *
+     *
+     * <pre>
+     * Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW
+     * client authentication", though regularly used for non-WWW TLS.
+     * </pre>
+     *
+     * <code>bool client_auth = 2;</code>
+     *
+     * @return The clientAuth.
+     */
+    boolean getClientAuth();
+
+    /**
+     *
+     *
+     * <pre>
+     * Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of
+     * downloadable executable code client authentication".
+     * </pre>
+     *
+     * <code>bool code_signing = 3;</code>
+     *
+     * @return The codeSigning.
+     */
+    boolean getCodeSigning();
+
+    /**
+     *
+     *
+     * <pre>
+     * Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email
+     * protection".
+     * </pre>
+     *
+     * <code>bool email_protection = 4;</code>
+     *
+     * @return The emailProtection.
+     */
+    boolean getEmailProtection();
+
+    /**
+     *
+     *
+     * <pre>
+     * Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding
+     * the hash of an object to a time".
+     * </pre>
+     *
+     * <code>bool time_stamping = 5;</code>
+     *
+     * @return The timeStamping.
+     */
+    boolean getTimeStamping();
+
+    /**
+     *
+     *
+     * <pre>
+     * Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing
+     * OCSP responses".
+     * </pre>
+     *
+     * <code>bool ocsp_signing = 6;</code>
+     *
+     * @return The ocspSigning.
+     */
+    boolean getOcspSigning();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] has fields that correspond to
+   * certain common OIDs that could be specified as an extended key usage value.
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions}
+   */
+  public static final class ExtendedKeyUsageOptions extends com.google.protobuf.GeneratedMessageV3
+      implements
+      // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions)
+      ExtendedKeyUsageOptionsOrBuilder {
+    private static final long serialVersionUID = 0L;
+    // Use ExtendedKeyUsageOptions.newBuilder() to construct.
+    private ExtendedKeyUsageOptions(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+      super(builder);
+    }
+
+    private ExtendedKeyUsageOptions() {}
+
+    @java.lang.Override
+    @SuppressWarnings({"unused"})
+    protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+      return new ExtendedKeyUsageOptions();
+    }
+
+    @java.lang.Override
+    public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+      return this.unknownFields;
+    }
+
+    private ExtendedKeyUsageOptions(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      this();
+      if (extensionRegistry == null) {
+        throw new java.lang.NullPointerException();
+      }
+      com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+          com.google.protobuf.UnknownFieldSet.newBuilder();
+      try {
+        boolean done = false;
+        while (!done) {
+          int tag = input.readTag();
+          switch (tag) {
+            case 0:
+              done = true;
+              break;
+            case 8:
+              {
+                serverAuth_ = input.readBool();
+                break;
+              }
+            case 16:
+              {
+                clientAuth_ = input.readBool();
+                break;
+              }
+            case 24:
+              {
+                codeSigning_ = input.readBool();
+                break;
+              }
+            case 32:
+              {
+                emailProtection_ = input.readBool();
+                break;
+              }
+            case 40:
+              {
+                timeStamping_ = input.readBool();
+                break;
+              }
+            case 48:
+              {
+                ocspSigning_ = input.readBool();
+                break;
+              }
+            default:
+              {
+                if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                  done = true;
+                }
+                break;
+              }
+          }
+        }
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        throw e.setUnfinishedMessage(this);
+      } catch (java.io.IOException e) {
+        throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+      } finally {
+        this.unknownFields = unknownFields.build();
+        makeExtensionsImmutable();
+      }
+    }
+
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_KeyUsage_ExtendedKeyUsageOptions_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_KeyUsage_ExtendedKeyUsageOptions_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions.class,
+              com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions.Builder
+                  .class);
+    }
+
+    public static final int SERVER_AUTH_FIELD_NUMBER = 1;
+    private boolean serverAuth_;
+    /**
+     *
+     *
+     * <pre>
+     * Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW
+     * server authentication", though regularly used for non-WWW TLS.
+     * </pre>
+     *
+     * <code>bool server_auth = 1;</code>
+     *
+     * @return The serverAuth.
+     */
+    @java.lang.Override
+    public boolean getServerAuth() {
+      return serverAuth_;
+    }
+
+    public static final int CLIENT_AUTH_FIELD_NUMBER = 2;
+    private boolean clientAuth_;
+    /**
+     *
+     *
+     * <pre>
+     * Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW
+     * client authentication", though regularly used for non-WWW TLS.
+     * </pre>
+     *
+     * <code>bool client_auth = 2;</code>
+     *
+     * @return The clientAuth.
+     */
+    @java.lang.Override
+    public boolean getClientAuth() {
+      return clientAuth_;
+    }
+
+    public static final int CODE_SIGNING_FIELD_NUMBER = 3;
+    private boolean codeSigning_;
+    /**
+     *
+     *
+     * <pre>
+     * Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of
+     * downloadable executable code client authentication".
+     * </pre>
+     *
+     * <code>bool code_signing = 3;</code>
+     *
+     * @return The codeSigning.
+     */
+    @java.lang.Override
+    public boolean getCodeSigning() {
+      return codeSigning_;
+    }
+
+    public static final int EMAIL_PROTECTION_FIELD_NUMBER = 4;
+    private boolean emailProtection_;
+    /**
+     *
+     *
+     * <pre>
+     * Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email
+     * protection".
+     * </pre>
+     *
+     * <code>bool email_protection = 4;</code>
+     *
+     * @return The emailProtection.
+     */
+    @java.lang.Override
+    public boolean getEmailProtection() {
+      return emailProtection_;
+    }
+
+    public static final int TIME_STAMPING_FIELD_NUMBER = 5;
+    private boolean timeStamping_;
+    /**
+     *
+     *
+     * <pre>
+     * Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding
+     * the hash of an object to a time".
+     * </pre>
+     *
+     * <code>bool time_stamping = 5;</code>
+     *
+     * @return The timeStamping.
+     */
+    @java.lang.Override
+    public boolean getTimeStamping() {
+      return timeStamping_;
+    }
+
+    public static final int OCSP_SIGNING_FIELD_NUMBER = 6;
+    private boolean ocspSigning_;
+    /**
+     *
+     *
+     * <pre>
+     * Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing
+     * OCSP responses".
+     * </pre>
+     *
+     * <code>bool ocsp_signing = 6;</code>
+     *
+     * @return The ocspSigning.
+     */
+    @java.lang.Override
+    public boolean getOcspSigning() {
+      return ocspSigning_;
+    }
+
+    private byte memoizedIsInitialized = -1;
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      byte isInitialized = memoizedIsInitialized;
+      if (isInitialized == 1) return true;
+      if (isInitialized == 0) return false;
+
+      memoizedIsInitialized = 1;
+      return true;
+    }
+
+    @java.lang.Override
+    public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+      if (serverAuth_ != false) {
+        output.writeBool(1, serverAuth_);
+      }
+      if (clientAuth_ != false) {
+        output.writeBool(2, clientAuth_);
+      }
+      if (codeSigning_ != false) {
+        output.writeBool(3, codeSigning_);
+      }
+      if (emailProtection_ != false) {
+        output.writeBool(4, emailProtection_);
+      }
+      if (timeStamping_ != false) {
+        output.writeBool(5, timeStamping_);
+      }
+      if (ocspSigning_ != false) {
+        output.writeBool(6, ocspSigning_);
+      }
+      unknownFields.writeTo(output);
+    }
+
+    @java.lang.Override
+    public int getSerializedSize() {
+      int size = memoizedSize;
+      if (size != -1) return size;
+
+      size = 0;
+      if (serverAuth_ != false) {
+        size += com.google.protobuf.CodedOutputStream.computeBoolSize(1, serverAuth_);
+      }
+      if (clientAuth_ != false) {
+        size += com.google.protobuf.CodedOutputStream.computeBoolSize(2, clientAuth_);
+      }
+      if (codeSigning_ != false) {
+        size += com.google.protobuf.CodedOutputStream.computeBoolSize(3, codeSigning_);
+      }
+      if (emailProtection_ != false) {
+        size += com.google.protobuf.CodedOutputStream.computeBoolSize(4, emailProtection_);
+      }
+      if (timeStamping_ != false) {
+        size += com.google.protobuf.CodedOutputStream.computeBoolSize(5, timeStamping_);
+      }
+      if (ocspSigning_ != false) {
+        size += com.google.protobuf.CodedOutputStream.computeBoolSize(6, ocspSigning_);
+      }
+      size += unknownFields.getSerializedSize();
+      memoizedSize = size;
+      return size;
+    }
+
+    @java.lang.Override
+    public boolean equals(final java.lang.Object obj) {
+      if (obj == this) {
+        return true;
+      }
+      if (!(obj
+          instanceof com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions)) {
+        return super.equals(obj);
+      }
+      com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions other =
+          (com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions) obj;
+
+      if (getServerAuth() != other.getServerAuth()) return false;
+      if (getClientAuth() != other.getClientAuth()) return false;
+      if (getCodeSigning() != other.getCodeSigning()) return false;
+      if (getEmailProtection() != other.getEmailProtection()) return false;
+      if (getTimeStamping() != other.getTimeStamping()) return false;
+      if (getOcspSigning() != other.getOcspSigning()) return false;
+      if (!unknownFields.equals(other.unknownFields)) return false;
+      return true;
+    }
+
+    @java.lang.Override
+    public int hashCode() {
+      if (memoizedHashCode != 0) {
+        return memoizedHashCode;
+      }
+      int hash = 41;
+      hash = (19 * hash) + getDescriptor().hashCode();
+      hash = (37 * hash) + SERVER_AUTH_FIELD_NUMBER;
+      hash = (53 * hash) + com.google.protobuf.Internal.hashBoolean(getServerAuth());
+      hash = (37 * hash) + CLIENT_AUTH_FIELD_NUMBER;
+      hash = (53 * hash) + com.google.protobuf.Internal.hashBoolean(getClientAuth());
+      hash = (37 * hash) + CODE_SIGNING_FIELD_NUMBER;
+      hash = (53 * hash) + com.google.protobuf.Internal.hashBoolean(getCodeSigning());
+      hash = (37 * hash) + EMAIL_PROTECTION_FIELD_NUMBER;
+      hash = (53 * hash) + com.google.protobuf.Internal.hashBoolean(getEmailProtection());
+      hash = (37 * hash) + TIME_STAMPING_FIELD_NUMBER;
+      hash = (53 * hash) + com.google.protobuf.Internal.hashBoolean(getTimeStamping());
+      hash = (37 * hash) + OCSP_SIGNING_FIELD_NUMBER;
+      hash = (53 * hash) + com.google.protobuf.Internal.hashBoolean(getOcspSigning());
+      hash = (29 * hash) + unknownFields.hashCode();
+      memoizedHashCode = hash;
+      return hash;
+    }
+
+    public static com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions parseFrom(
+        java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions parseFrom(
+        java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions parseFrom(
+        com.google.protobuf.ByteString data)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions parseFrom(
+        com.google.protobuf.ByteString data,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions parseFrom(
+        byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions parseFrom(
+        byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions parseFrom(
+        java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions parseFrom(
+        java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions
+        parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions
+        parseDelimitedFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions parseFrom(
+        com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions parseFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    @java.lang.Override
+    public Builder newBuilderForType() {
+      return newBuilder();
+    }
+
+    public static Builder newBuilder() {
+      return DEFAULT_INSTANCE.toBuilder();
+    }
+
+    public static Builder newBuilder(
+        com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions prototype) {
+      return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+    }
+
+    @java.lang.Override
+    public Builder toBuilder() {
+      return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+    }
+
+    @java.lang.Override
+    protected Builder newBuilderForType(
+        com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      Builder builder = new Builder(parent);
+      return builder;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] has fields that correspond to
+     * certain common OIDs that could be specified as an extended key usage value.
+     * </pre>
+     *
+     * Protobuf type {@code google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions}
+     */
+    public static final class Builder
+        extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+        implements
+        // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions)
+        com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptionsOrBuilder {
+      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_KeyUsage_ExtendedKeyUsageOptions_descriptor;
+      }
+
+      @java.lang.Override
+      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+          internalGetFieldAccessorTable() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_KeyUsage_ExtendedKeyUsageOptions_fieldAccessorTable
+            .ensureFieldAccessorsInitialized(
+                com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions.class,
+                com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions.Builder
+                    .class);
+      }
+
+      // Construct using
+      // com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions.newBuilder()
+      private Builder() {
+        maybeForceBuilderInitialization();
+      }
+
+      private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+        super(parent);
+        maybeForceBuilderInitialization();
+      }
+
+      private void maybeForceBuilderInitialization() {
+        if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+      }
+
+      @java.lang.Override
+      public Builder clear() {
+        super.clear();
+        serverAuth_ = false;
+
+        clientAuth_ = false;
+
+        codeSigning_ = false;
+
+        emailProtection_ = false;
+
+        timeStamping_ = false;
+
+        ocspSigning_ = false;
+
+        return this;
+      }
+
+      @java.lang.Override
+      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_KeyUsage_ExtendedKeyUsageOptions_descriptor;
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions
+          getDefaultInstanceForType() {
+        return com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions
+            .getDefaultInstance();
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions build() {
+        com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions result =
+            buildPartial();
+        if (!result.isInitialized()) {
+          throw newUninitializedMessageException(result);
+        }
+        return result;
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions
+          buildPartial() {
+        com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions result =
+            new com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions(this);
+        result.serverAuth_ = serverAuth_;
+        result.clientAuth_ = clientAuth_;
+        result.codeSigning_ = codeSigning_;
+        result.emailProtection_ = emailProtection_;
+        result.timeStamping_ = timeStamping_;
+        result.ocspSigning_ = ocspSigning_;
+        onBuilt();
+        return result;
+      }
+
+      @java.lang.Override
+      public Builder clone() {
+        return super.clone();
+      }
+
+      @java.lang.Override
+      public Builder setField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.setField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+        return super.clearField(field);
+      }
+
+      @java.lang.Override
+      public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+        return super.clearOneof(oneof);
+      }
+
+      @java.lang.Override
+      public Builder setRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field,
+          int index,
+          java.lang.Object value) {
+        return super.setRepeatedField(field, index, value);
+      }
+
+      @java.lang.Override
+      public Builder addRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.addRepeatedField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(com.google.protobuf.Message other) {
+        if (other
+            instanceof com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions) {
+          return mergeFrom(
+              (com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions) other);
+        } else {
+          super.mergeFrom(other);
+          return this;
+        }
+      }
+
+      public Builder mergeFrom(
+          com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions other) {
+        if (other
+            == com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions
+                .getDefaultInstance()) return this;
+        if (other.getServerAuth() != false) {
+          setServerAuth(other.getServerAuth());
+        }
+        if (other.getClientAuth() != false) {
+          setClientAuth(other.getClientAuth());
+        }
+        if (other.getCodeSigning() != false) {
+          setCodeSigning(other.getCodeSigning());
+        }
+        if (other.getEmailProtection() != false) {
+          setEmailProtection(other.getEmailProtection());
+        }
+        if (other.getTimeStamping() != false) {
+          setTimeStamping(other.getTimeStamping());
+        }
+        if (other.getOcspSigning() != false) {
+          setOcspSigning(other.getOcspSigning());
+        }
+        this.mergeUnknownFields(other.unknownFields);
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final boolean isInitialized() {
+        return true;
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+        com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions parsedMessage =
+            null;
+        try {
+          parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+        } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+          parsedMessage =
+              (com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions)
+                  e.getUnfinishedMessage();
+          throw e.unwrapIOException();
+        } finally {
+          if (parsedMessage != null) {
+            mergeFrom(parsedMessage);
+          }
+        }
+        return this;
+      }
+
+      private boolean serverAuth_;
+      /**
+       *
+       *
+       * <pre>
+       * Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW
+       * server authentication", though regularly used for non-WWW TLS.
+       * </pre>
+       *
+       * <code>bool server_auth = 1;</code>
+       *
+       * @return The serverAuth.
+       */
+      @java.lang.Override
+      public boolean getServerAuth() {
+        return serverAuth_;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW
+       * server authentication", though regularly used for non-WWW TLS.
+       * </pre>
+       *
+       * <code>bool server_auth = 1;</code>
+       *
+       * @param value The serverAuth to set.
+       * @return This builder for chaining.
+       */
+      public Builder setServerAuth(boolean value) {
+
+        serverAuth_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW
+       * server authentication", though regularly used for non-WWW TLS.
+       * </pre>
+       *
+       * <code>bool server_auth = 1;</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearServerAuth() {
+
+        serverAuth_ = false;
+        onChanged();
+        return this;
+      }
+
+      private boolean clientAuth_;
+      /**
+       *
+       *
+       * <pre>
+       * Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW
+       * client authentication", though regularly used for non-WWW TLS.
+       * </pre>
+       *
+       * <code>bool client_auth = 2;</code>
+       *
+       * @return The clientAuth.
+       */
+      @java.lang.Override
+      public boolean getClientAuth() {
+        return clientAuth_;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW
+       * client authentication", though regularly used for non-WWW TLS.
+       * </pre>
+       *
+       * <code>bool client_auth = 2;</code>
+       *
+       * @param value The clientAuth to set.
+       * @return This builder for chaining.
+       */
+      public Builder setClientAuth(boolean value) {
+
+        clientAuth_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW
+       * client authentication", though regularly used for non-WWW TLS.
+       * </pre>
+       *
+       * <code>bool client_auth = 2;</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearClientAuth() {
+
+        clientAuth_ = false;
+        onChanged();
+        return this;
+      }
+
+      private boolean codeSigning_;
+      /**
+       *
+       *
+       * <pre>
+       * Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of
+       * downloadable executable code client authentication".
+       * </pre>
+       *
+       * <code>bool code_signing = 3;</code>
+       *
+       * @return The codeSigning.
+       */
+      @java.lang.Override
+      public boolean getCodeSigning() {
+        return codeSigning_;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of
+       * downloadable executable code client authentication".
+       * </pre>
+       *
+       * <code>bool code_signing = 3;</code>
+       *
+       * @param value The codeSigning to set.
+       * @return This builder for chaining.
+       */
+      public Builder setCodeSigning(boolean value) {
+
+        codeSigning_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of
+       * downloadable executable code client authentication".
+       * </pre>
+       *
+       * <code>bool code_signing = 3;</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearCodeSigning() {
+
+        codeSigning_ = false;
+        onChanged();
+        return this;
+      }
+
+      private boolean emailProtection_;
+      /**
+       *
+       *
+       * <pre>
+       * Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email
+       * protection".
+       * </pre>
+       *
+       * <code>bool email_protection = 4;</code>
+       *
+       * @return The emailProtection.
+       */
+      @java.lang.Override
+      public boolean getEmailProtection() {
+        return emailProtection_;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email
+       * protection".
+       * </pre>
+       *
+       * <code>bool email_protection = 4;</code>
+       *
+       * @param value The emailProtection to set.
+       * @return This builder for chaining.
+       */
+      public Builder setEmailProtection(boolean value) {
+
+        emailProtection_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email
+       * protection".
+       * </pre>
+       *
+       * <code>bool email_protection = 4;</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearEmailProtection() {
+
+        emailProtection_ = false;
+        onChanged();
+        return this;
+      }
+
+      private boolean timeStamping_;
+      /**
+       *
+       *
+       * <pre>
+       * Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding
+       * the hash of an object to a time".
+       * </pre>
+       *
+       * <code>bool time_stamping = 5;</code>
+       *
+       * @return The timeStamping.
+       */
+      @java.lang.Override
+      public boolean getTimeStamping() {
+        return timeStamping_;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding
+       * the hash of an object to a time".
+       * </pre>
+       *
+       * <code>bool time_stamping = 5;</code>
+       *
+       * @param value The timeStamping to set.
+       * @return This builder for chaining.
+       */
+      public Builder setTimeStamping(boolean value) {
+
+        timeStamping_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding
+       * the hash of an object to a time".
+       * </pre>
+       *
+       * <code>bool time_stamping = 5;</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearTimeStamping() {
+
+        timeStamping_ = false;
+        onChanged();
+        return this;
+      }
+
+      private boolean ocspSigning_;
+      /**
+       *
+       *
+       * <pre>
+       * Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing
+       * OCSP responses".
+       * </pre>
+       *
+       * <code>bool ocsp_signing = 6;</code>
+       *
+       * @return The ocspSigning.
+       */
+      @java.lang.Override
+      public boolean getOcspSigning() {
+        return ocspSigning_;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing
+       * OCSP responses".
+       * </pre>
+       *
+       * <code>bool ocsp_signing = 6;</code>
+       *
+       * @param value The ocspSigning to set.
+       * @return This builder for chaining.
+       */
+      public Builder setOcspSigning(boolean value) {
+
+        ocspSigning_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing
+       * OCSP responses".
+       * </pre>
+       *
+       * <code>bool ocsp_signing = 6;</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearOcspSigning() {
+
+        ocspSigning_ = false;
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final Builder setUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.setUnknownFields(unknownFields);
+      }
+
+      @java.lang.Override
+      public final Builder mergeUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.mergeUnknownFields(unknownFields);
+      }
+
+      // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions)
+    }
+
+    // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions)
+    private static final com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions
+        DEFAULT_INSTANCE;
+
+    static {
+      DEFAULT_INSTANCE =
+          new com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions();
+    }
+
+    public static com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions
+        getDefaultInstance() {
+      return DEFAULT_INSTANCE;
+    }
+
+    private static final com.google.protobuf.Parser<ExtendedKeyUsageOptions> PARSER =
+        new com.google.protobuf.AbstractParser<ExtendedKeyUsageOptions>() {
+          @java.lang.Override
+          public ExtendedKeyUsageOptions parsePartialFrom(
+              com.google.protobuf.CodedInputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+            return new ExtendedKeyUsageOptions(input, extensionRegistry);
+          }
+        };
+
+    public static com.google.protobuf.Parser<ExtendedKeyUsageOptions> parser() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Parser<ExtendedKeyUsageOptions> getParserForType() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions
+        getDefaultInstanceForType() {
+      return DEFAULT_INSTANCE;
+    }
+  }
+
+  public static final int BASE_KEY_USAGE_FIELD_NUMBER = 1;
+  private com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions baseKeyUsage_;
+  /**
+   *
+   *
+   * <pre>
+   * Describes high-level ways in which a key may be used.
+   * </pre>
+   *
+   * <code>.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions base_key_usage = 1;</code>
+   *
+   * @return Whether the baseKeyUsage field is set.
+   */
+  @java.lang.Override
+  public boolean hasBaseKeyUsage() {
+    return baseKeyUsage_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Describes high-level ways in which a key may be used.
+   * </pre>
+   *
+   * <code>.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions base_key_usage = 1;</code>
+   *
+   * @return The baseKeyUsage.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions getBaseKeyUsage() {
+    return baseKeyUsage_ == null
+        ? com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions.getDefaultInstance()
+        : baseKeyUsage_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Describes high-level ways in which a key may be used.
+   * </pre>
+   *
+   * <code>.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions base_key_usage = 1;</code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptionsOrBuilder
+      getBaseKeyUsageOrBuilder() {
+    return getBaseKeyUsage();
+  }
+
+  public static final int EXTENDED_KEY_USAGE_FIELD_NUMBER = 2;
+  private com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions extendedKeyUsage_;
+  /**
+   *
+   *
+   * <pre>
+   * Detailed scenarios in which a key may be used.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions extended_key_usage = 2;
+   * </code>
+   *
+   * @return Whether the extendedKeyUsage field is set.
+   */
+  @java.lang.Override
+  public boolean hasExtendedKeyUsage() {
+    return extendedKeyUsage_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Detailed scenarios in which a key may be used.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions extended_key_usage = 2;
+   * </code>
+   *
+   * @return The extendedKeyUsage.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions
+      getExtendedKeyUsage() {
+    return extendedKeyUsage_ == null
+        ? com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions
+            .getDefaultInstance()
+        : extendedKeyUsage_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Detailed scenarios in which a key may be used.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions extended_key_usage = 2;
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptionsOrBuilder
+      getExtendedKeyUsageOrBuilder() {
+    return getExtendedKeyUsage();
+  }
+
+  public static final int UNKNOWN_EXTENDED_KEY_USAGES_FIELD_NUMBER = 3;
+  private java.util.List<com.google.cloud.security.privateca.v1.ObjectId> unknownExtendedKeyUsages_;
+  /**
+   *
+   *
+   * <pre>
+   * Used to describe extended key usages that are not listed in the
+   * [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] message.
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.ObjectId unknown_extended_key_usages = 3;
+   * </code>
+   */
+  @java.lang.Override
+  public java.util.List<com.google.cloud.security.privateca.v1.ObjectId>
+      getUnknownExtendedKeyUsagesList() {
+    return unknownExtendedKeyUsages_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Used to describe extended key usages that are not listed in the
+   * [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] message.
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.ObjectId unknown_extended_key_usages = 3;
+   * </code>
+   */
+  @java.lang.Override
+  public java.util.List<? extends com.google.cloud.security.privateca.v1.ObjectIdOrBuilder>
+      getUnknownExtendedKeyUsagesOrBuilderList() {
+    return unknownExtendedKeyUsages_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Used to describe extended key usages that are not listed in the
+   * [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] message.
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.ObjectId unknown_extended_key_usages = 3;
+   * </code>
+   */
+  @java.lang.Override
+  public int getUnknownExtendedKeyUsagesCount() {
+    return unknownExtendedKeyUsages_.size();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Used to describe extended key usages that are not listed in the
+   * [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] message.
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.ObjectId unknown_extended_key_usages = 3;
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.ObjectId getUnknownExtendedKeyUsages(int index) {
+    return unknownExtendedKeyUsages_.get(index);
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Used to describe extended key usages that are not listed in the
+   * [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] message.
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.ObjectId unknown_extended_key_usages = 3;
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.ObjectIdOrBuilder
+      getUnknownExtendedKeyUsagesOrBuilder(int index) {
+    return unknownExtendedKeyUsages_.get(index);
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (baseKeyUsage_ != null) {
+      output.writeMessage(1, getBaseKeyUsage());
+    }
+    if (extendedKeyUsage_ != null) {
+      output.writeMessage(2, getExtendedKeyUsage());
+    }
+    for (int i = 0; i < unknownExtendedKeyUsages_.size(); i++) {
+      output.writeMessage(3, unknownExtendedKeyUsages_.get(i));
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (baseKeyUsage_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(1, getBaseKeyUsage());
+    }
+    if (extendedKeyUsage_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(2, getExtendedKeyUsage());
+    }
+    for (int i = 0; i < unknownExtendedKeyUsages_.size(); i++) {
+      size +=
+          com.google.protobuf.CodedOutputStream.computeMessageSize(
+              3, unknownExtendedKeyUsages_.get(i));
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.security.privateca.v1.KeyUsage)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.KeyUsage other =
+        (com.google.cloud.security.privateca.v1.KeyUsage) obj;
+
+    if (hasBaseKeyUsage() != other.hasBaseKeyUsage()) return false;
+    if (hasBaseKeyUsage()) {
+      if (!getBaseKeyUsage().equals(other.getBaseKeyUsage())) return false;
+    }
+    if (hasExtendedKeyUsage() != other.hasExtendedKeyUsage()) return false;
+    if (hasExtendedKeyUsage()) {
+      if (!getExtendedKeyUsage().equals(other.getExtendedKeyUsage())) return false;
+    }
+    if (!getUnknownExtendedKeyUsagesList().equals(other.getUnknownExtendedKeyUsagesList()))
+      return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    if (hasBaseKeyUsage()) {
+      hash = (37 * hash) + BASE_KEY_USAGE_FIELD_NUMBER;
+      hash = (53 * hash) + getBaseKeyUsage().hashCode();
+    }
+    if (hasExtendedKeyUsage()) {
+      hash = (37 * hash) + EXTENDED_KEY_USAGE_FIELD_NUMBER;
+      hash = (53 * hash) + getExtendedKeyUsage().hashCode();
+    }
+    if (getUnknownExtendedKeyUsagesCount() > 0) {
+      hash = (37 * hash) + UNKNOWN_EXTENDED_KEY_USAGES_FIELD_NUMBER;
+      hash = (53 * hash) + getUnknownExtendedKeyUsagesList().hashCode();
+    }
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.KeyUsage parseFrom(java.nio.ByteBuffer data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.KeyUsage parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.KeyUsage parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.KeyUsage parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.KeyUsage parseFrom(byte[] data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.KeyUsage parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.KeyUsage parseFrom(java.io.InputStream input)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.KeyUsage parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.KeyUsage parseDelimitedFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.KeyUsage parseDelimitedFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.KeyUsage parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.KeyUsage parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(com.google.cloud.security.privateca.v1.KeyUsage prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * A [KeyUsage][google.cloud.security.privateca.v1.KeyUsage] describes key usage values that may appear in an X.509
+   * certificate.
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.KeyUsage}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.KeyUsage)
+      com.google.cloud.security.privateca.v1.KeyUsageOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_KeyUsage_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_KeyUsage_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.KeyUsage.class,
+              com.google.cloud.security.privateca.v1.KeyUsage.Builder.class);
+    }
+
+    // Construct using com.google.cloud.security.privateca.v1.KeyUsage.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {
+        getUnknownExtendedKeyUsagesFieldBuilder();
+      }
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      if (baseKeyUsageBuilder_ == null) {
+        baseKeyUsage_ = null;
+      } else {
+        baseKeyUsage_ = null;
+        baseKeyUsageBuilder_ = null;
+      }
+      if (extendedKeyUsageBuilder_ == null) {
+        extendedKeyUsage_ = null;
+      } else {
+        extendedKeyUsage_ = null;
+        extendedKeyUsageBuilder_ = null;
+      }
+      if (unknownExtendedKeyUsagesBuilder_ == null) {
+        unknownExtendedKeyUsages_ = java.util.Collections.emptyList();
+        bitField0_ = (bitField0_ & ~0x00000001);
+      } else {
+        unknownExtendedKeyUsagesBuilder_.clear();
+      }
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_KeyUsage_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.KeyUsage getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.KeyUsage.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.KeyUsage build() {
+      com.google.cloud.security.privateca.v1.KeyUsage result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.KeyUsage buildPartial() {
+      com.google.cloud.security.privateca.v1.KeyUsage result =
+          new com.google.cloud.security.privateca.v1.KeyUsage(this);
+      int from_bitField0_ = bitField0_;
+      if (baseKeyUsageBuilder_ == null) {
+        result.baseKeyUsage_ = baseKeyUsage_;
+      } else {
+        result.baseKeyUsage_ = baseKeyUsageBuilder_.build();
+      }
+      if (extendedKeyUsageBuilder_ == null) {
+        result.extendedKeyUsage_ = extendedKeyUsage_;
+      } else {
+        result.extendedKeyUsage_ = extendedKeyUsageBuilder_.build();
+      }
+      if (unknownExtendedKeyUsagesBuilder_ == null) {
+        if (((bitField0_ & 0x00000001) != 0)) {
+          unknownExtendedKeyUsages_ =
+              java.util.Collections.unmodifiableList(unknownExtendedKeyUsages_);
+          bitField0_ = (bitField0_ & ~0x00000001);
+        }
+        result.unknownExtendedKeyUsages_ = unknownExtendedKeyUsages_;
+      } else {
+        result.unknownExtendedKeyUsages_ = unknownExtendedKeyUsagesBuilder_.build();
+      }
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.security.privateca.v1.KeyUsage) {
+        return mergeFrom((com.google.cloud.security.privateca.v1.KeyUsage) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(com.google.cloud.security.privateca.v1.KeyUsage other) {
+      if (other == com.google.cloud.security.privateca.v1.KeyUsage.getDefaultInstance())
+        return this;
+      if (other.hasBaseKeyUsage()) {
+        mergeBaseKeyUsage(other.getBaseKeyUsage());
+      }
+      if (other.hasExtendedKeyUsage()) {
+        mergeExtendedKeyUsage(other.getExtendedKeyUsage());
+      }
+      if (unknownExtendedKeyUsagesBuilder_ == null) {
+        if (!other.unknownExtendedKeyUsages_.isEmpty()) {
+          if (unknownExtendedKeyUsages_.isEmpty()) {
+            unknownExtendedKeyUsages_ = other.unknownExtendedKeyUsages_;
+            bitField0_ = (bitField0_ & ~0x00000001);
+          } else {
+            ensureUnknownExtendedKeyUsagesIsMutable();
+            unknownExtendedKeyUsages_.addAll(other.unknownExtendedKeyUsages_);
+          }
+          onChanged();
+        }
+      } else {
+        if (!other.unknownExtendedKeyUsages_.isEmpty()) {
+          if (unknownExtendedKeyUsagesBuilder_.isEmpty()) {
+            unknownExtendedKeyUsagesBuilder_.dispose();
+            unknownExtendedKeyUsagesBuilder_ = null;
+            unknownExtendedKeyUsages_ = other.unknownExtendedKeyUsages_;
+            bitField0_ = (bitField0_ & ~0x00000001);
+            unknownExtendedKeyUsagesBuilder_ =
+                com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders
+                    ? getUnknownExtendedKeyUsagesFieldBuilder()
+                    : null;
+          } else {
+            unknownExtendedKeyUsagesBuilder_.addAllMessages(other.unknownExtendedKeyUsages_);
+          }
+        }
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.KeyUsage parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage = (com.google.cloud.security.privateca.v1.KeyUsage) e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private int bitField0_;
+
+    private com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions baseKeyUsage_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions,
+            com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions.Builder,
+            com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptionsOrBuilder>
+        baseKeyUsageBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Describes high-level ways in which a key may be used.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions base_key_usage = 1;</code>
+     *
+     * @return Whether the baseKeyUsage field is set.
+     */
+    public boolean hasBaseKeyUsage() {
+      return baseKeyUsageBuilder_ != null || baseKeyUsage_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes high-level ways in which a key may be used.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions base_key_usage = 1;</code>
+     *
+     * @return The baseKeyUsage.
+     */
+    public com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions getBaseKeyUsage() {
+      if (baseKeyUsageBuilder_ == null) {
+        return baseKeyUsage_ == null
+            ? com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions.getDefaultInstance()
+            : baseKeyUsage_;
+      } else {
+        return baseKeyUsageBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes high-level ways in which a key may be used.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions base_key_usage = 1;</code>
+     */
+    public Builder setBaseKeyUsage(
+        com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions value) {
+      if (baseKeyUsageBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        baseKeyUsage_ = value;
+        onChanged();
+      } else {
+        baseKeyUsageBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes high-level ways in which a key may be used.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions base_key_usage = 1;</code>
+     */
+    public Builder setBaseKeyUsage(
+        com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions.Builder builderForValue) {
+      if (baseKeyUsageBuilder_ == null) {
+        baseKeyUsage_ = builderForValue.build();
+        onChanged();
+      } else {
+        baseKeyUsageBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes high-level ways in which a key may be used.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions base_key_usage = 1;</code>
+     */
+    public Builder mergeBaseKeyUsage(
+        com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions value) {
+      if (baseKeyUsageBuilder_ == null) {
+        if (baseKeyUsage_ != null) {
+          baseKeyUsage_ =
+              com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions.newBuilder(
+                      baseKeyUsage_)
+                  .mergeFrom(value)
+                  .buildPartial();
+        } else {
+          baseKeyUsage_ = value;
+        }
+        onChanged();
+      } else {
+        baseKeyUsageBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes high-level ways in which a key may be used.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions base_key_usage = 1;</code>
+     */
+    public Builder clearBaseKeyUsage() {
+      if (baseKeyUsageBuilder_ == null) {
+        baseKeyUsage_ = null;
+        onChanged();
+      } else {
+        baseKeyUsage_ = null;
+        baseKeyUsageBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes high-level ways in which a key may be used.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions base_key_usage = 1;</code>
+     */
+    public com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions.Builder
+        getBaseKeyUsageBuilder() {
+
+      onChanged();
+      return getBaseKeyUsageFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes high-level ways in which a key may be used.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions base_key_usage = 1;</code>
+     */
+    public com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptionsOrBuilder
+        getBaseKeyUsageOrBuilder() {
+      if (baseKeyUsageBuilder_ != null) {
+        return baseKeyUsageBuilder_.getMessageOrBuilder();
+      } else {
+        return baseKeyUsage_ == null
+            ? com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions.getDefaultInstance()
+            : baseKeyUsage_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes high-level ways in which a key may be used.
+     * </pre>
+     *
+     * <code>.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions base_key_usage = 1;</code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions,
+            com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions.Builder,
+            com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptionsOrBuilder>
+        getBaseKeyUsageFieldBuilder() {
+      if (baseKeyUsageBuilder_ == null) {
+        baseKeyUsageBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions,
+                com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions.Builder,
+                com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptionsOrBuilder>(
+                getBaseKeyUsage(), getParentForChildren(), isClean());
+        baseKeyUsage_ = null;
+      }
+      return baseKeyUsageBuilder_;
+    }
+
+    private com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions
+        extendedKeyUsage_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions,
+            com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions.Builder,
+            com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptionsOrBuilder>
+        extendedKeyUsageBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Detailed scenarios in which a key may be used.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions extended_key_usage = 2;
+     * </code>
+     *
+     * @return Whether the extendedKeyUsage field is set.
+     */
+    public boolean hasExtendedKeyUsage() {
+      return extendedKeyUsageBuilder_ != null || extendedKeyUsage_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Detailed scenarios in which a key may be used.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions extended_key_usage = 2;
+     * </code>
+     *
+     * @return The extendedKeyUsage.
+     */
+    public com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions
+        getExtendedKeyUsage() {
+      if (extendedKeyUsageBuilder_ == null) {
+        return extendedKeyUsage_ == null
+            ? com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions
+                .getDefaultInstance()
+            : extendedKeyUsage_;
+      } else {
+        return extendedKeyUsageBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Detailed scenarios in which a key may be used.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions extended_key_usage = 2;
+     * </code>
+     */
+    public Builder setExtendedKeyUsage(
+        com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions value) {
+      if (extendedKeyUsageBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        extendedKeyUsage_ = value;
+        onChanged();
+      } else {
+        extendedKeyUsageBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Detailed scenarios in which a key may be used.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions extended_key_usage = 2;
+     * </code>
+     */
+    public Builder setExtendedKeyUsage(
+        com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions.Builder
+            builderForValue) {
+      if (extendedKeyUsageBuilder_ == null) {
+        extendedKeyUsage_ = builderForValue.build();
+        onChanged();
+      } else {
+        extendedKeyUsageBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Detailed scenarios in which a key may be used.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions extended_key_usage = 2;
+     * </code>
+     */
+    public Builder mergeExtendedKeyUsage(
+        com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions value) {
+      if (extendedKeyUsageBuilder_ == null) {
+        if (extendedKeyUsage_ != null) {
+          extendedKeyUsage_ =
+              com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions.newBuilder(
+                      extendedKeyUsage_)
+                  .mergeFrom(value)
+                  .buildPartial();
+        } else {
+          extendedKeyUsage_ = value;
+        }
+        onChanged();
+      } else {
+        extendedKeyUsageBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Detailed scenarios in which a key may be used.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions extended_key_usage = 2;
+     * </code>
+     */
+    public Builder clearExtendedKeyUsage() {
+      if (extendedKeyUsageBuilder_ == null) {
+        extendedKeyUsage_ = null;
+        onChanged();
+      } else {
+        extendedKeyUsage_ = null;
+        extendedKeyUsageBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Detailed scenarios in which a key may be used.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions extended_key_usage = 2;
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions.Builder
+        getExtendedKeyUsageBuilder() {
+
+      onChanged();
+      return getExtendedKeyUsageFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Detailed scenarios in which a key may be used.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions extended_key_usage = 2;
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptionsOrBuilder
+        getExtendedKeyUsageOrBuilder() {
+      if (extendedKeyUsageBuilder_ != null) {
+        return extendedKeyUsageBuilder_.getMessageOrBuilder();
+      } else {
+        return extendedKeyUsage_ == null
+            ? com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions
+                .getDefaultInstance()
+            : extendedKeyUsage_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Detailed scenarios in which a key may be used.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions extended_key_usage = 2;
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions,
+            com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions.Builder,
+            com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptionsOrBuilder>
+        getExtendedKeyUsageFieldBuilder() {
+      if (extendedKeyUsageBuilder_ == null) {
+        extendedKeyUsageBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions,
+                com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions.Builder,
+                com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptionsOrBuilder>(
+                getExtendedKeyUsage(), getParentForChildren(), isClean());
+        extendedKeyUsage_ = null;
+      }
+      return extendedKeyUsageBuilder_;
+    }
+
+    private java.util.List<com.google.cloud.security.privateca.v1.ObjectId>
+        unknownExtendedKeyUsages_ = java.util.Collections.emptyList();
+
+    private void ensureUnknownExtendedKeyUsagesIsMutable() {
+      if (!((bitField0_ & 0x00000001) != 0)) {
+        unknownExtendedKeyUsages_ =
+            new java.util.ArrayList<com.google.cloud.security.privateca.v1.ObjectId>(
+                unknownExtendedKeyUsages_);
+        bitField0_ |= 0x00000001;
+      }
+    }
+
+    private com.google.protobuf.RepeatedFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.ObjectId,
+            com.google.cloud.security.privateca.v1.ObjectId.Builder,
+            com.google.cloud.security.privateca.v1.ObjectIdOrBuilder>
+        unknownExtendedKeyUsagesBuilder_;
+
+    /**
+     *
+     *
+     * <pre>
+     * Used to describe extended key usages that are not listed in the
+     * [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] message.
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.ObjectId unknown_extended_key_usages = 3;
+     * </code>
+     */
+    public java.util.List<com.google.cloud.security.privateca.v1.ObjectId>
+        getUnknownExtendedKeyUsagesList() {
+      if (unknownExtendedKeyUsagesBuilder_ == null) {
+        return java.util.Collections.unmodifiableList(unknownExtendedKeyUsages_);
+      } else {
+        return unknownExtendedKeyUsagesBuilder_.getMessageList();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Used to describe extended key usages that are not listed in the
+     * [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] message.
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.ObjectId unknown_extended_key_usages = 3;
+     * </code>
+     */
+    public int getUnknownExtendedKeyUsagesCount() {
+      if (unknownExtendedKeyUsagesBuilder_ == null) {
+        return unknownExtendedKeyUsages_.size();
+      } else {
+        return unknownExtendedKeyUsagesBuilder_.getCount();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Used to describe extended key usages that are not listed in the
+     * [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] message.
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.ObjectId unknown_extended_key_usages = 3;
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.ObjectId getUnknownExtendedKeyUsages(int index) {
+      if (unknownExtendedKeyUsagesBuilder_ == null) {
+        return unknownExtendedKeyUsages_.get(index);
+      } else {
+        return unknownExtendedKeyUsagesBuilder_.getMessage(index);
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Used to describe extended key usages that are not listed in the
+     * [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] message.
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.ObjectId unknown_extended_key_usages = 3;
+     * </code>
+     */
+    public Builder setUnknownExtendedKeyUsages(
+        int index, com.google.cloud.security.privateca.v1.ObjectId value) {
+      if (unknownExtendedKeyUsagesBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureUnknownExtendedKeyUsagesIsMutable();
+        unknownExtendedKeyUsages_.set(index, value);
+        onChanged();
+      } else {
+        unknownExtendedKeyUsagesBuilder_.setMessage(index, value);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Used to describe extended key usages that are not listed in the
+     * [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] message.
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.ObjectId unknown_extended_key_usages = 3;
+     * </code>
+     */
+    public Builder setUnknownExtendedKeyUsages(
+        int index, com.google.cloud.security.privateca.v1.ObjectId.Builder builderForValue) {
+      if (unknownExtendedKeyUsagesBuilder_ == null) {
+        ensureUnknownExtendedKeyUsagesIsMutable();
+        unknownExtendedKeyUsages_.set(index, builderForValue.build());
+        onChanged();
+      } else {
+        unknownExtendedKeyUsagesBuilder_.setMessage(index, builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Used to describe extended key usages that are not listed in the
+     * [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] message.
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.ObjectId unknown_extended_key_usages = 3;
+     * </code>
+     */
+    public Builder addUnknownExtendedKeyUsages(
+        com.google.cloud.security.privateca.v1.ObjectId value) {
+      if (unknownExtendedKeyUsagesBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureUnknownExtendedKeyUsagesIsMutable();
+        unknownExtendedKeyUsages_.add(value);
+        onChanged();
+      } else {
+        unknownExtendedKeyUsagesBuilder_.addMessage(value);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Used to describe extended key usages that are not listed in the
+     * [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] message.
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.ObjectId unknown_extended_key_usages = 3;
+     * </code>
+     */
+    public Builder addUnknownExtendedKeyUsages(
+        int index, com.google.cloud.security.privateca.v1.ObjectId value) {
+      if (unknownExtendedKeyUsagesBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureUnknownExtendedKeyUsagesIsMutable();
+        unknownExtendedKeyUsages_.add(index, value);
+        onChanged();
+      } else {
+        unknownExtendedKeyUsagesBuilder_.addMessage(index, value);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Used to describe extended key usages that are not listed in the
+     * [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] message.
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.ObjectId unknown_extended_key_usages = 3;
+     * </code>
+     */
+    public Builder addUnknownExtendedKeyUsages(
+        com.google.cloud.security.privateca.v1.ObjectId.Builder builderForValue) {
+      if (unknownExtendedKeyUsagesBuilder_ == null) {
+        ensureUnknownExtendedKeyUsagesIsMutable();
+        unknownExtendedKeyUsages_.add(builderForValue.build());
+        onChanged();
+      } else {
+        unknownExtendedKeyUsagesBuilder_.addMessage(builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Used to describe extended key usages that are not listed in the
+     * [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] message.
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.ObjectId unknown_extended_key_usages = 3;
+     * </code>
+     */
+    public Builder addUnknownExtendedKeyUsages(
+        int index, com.google.cloud.security.privateca.v1.ObjectId.Builder builderForValue) {
+      if (unknownExtendedKeyUsagesBuilder_ == null) {
+        ensureUnknownExtendedKeyUsagesIsMutable();
+        unknownExtendedKeyUsages_.add(index, builderForValue.build());
+        onChanged();
+      } else {
+        unknownExtendedKeyUsagesBuilder_.addMessage(index, builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Used to describe extended key usages that are not listed in the
+     * [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] message.
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.ObjectId unknown_extended_key_usages = 3;
+     * </code>
+     */
+    public Builder addAllUnknownExtendedKeyUsages(
+        java.lang.Iterable<? extends com.google.cloud.security.privateca.v1.ObjectId> values) {
+      if (unknownExtendedKeyUsagesBuilder_ == null) {
+        ensureUnknownExtendedKeyUsagesIsMutable();
+        com.google.protobuf.AbstractMessageLite.Builder.addAll(values, unknownExtendedKeyUsages_);
+        onChanged();
+      } else {
+        unknownExtendedKeyUsagesBuilder_.addAllMessages(values);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Used to describe extended key usages that are not listed in the
+     * [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] message.
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.ObjectId unknown_extended_key_usages = 3;
+     * </code>
+     */
+    public Builder clearUnknownExtendedKeyUsages() {
+      if (unknownExtendedKeyUsagesBuilder_ == null) {
+        unknownExtendedKeyUsages_ = java.util.Collections.emptyList();
+        bitField0_ = (bitField0_ & ~0x00000001);
+        onChanged();
+      } else {
+        unknownExtendedKeyUsagesBuilder_.clear();
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Used to describe extended key usages that are not listed in the
+     * [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] message.
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.ObjectId unknown_extended_key_usages = 3;
+     * </code>
+     */
+    public Builder removeUnknownExtendedKeyUsages(int index) {
+      if (unknownExtendedKeyUsagesBuilder_ == null) {
+        ensureUnknownExtendedKeyUsagesIsMutable();
+        unknownExtendedKeyUsages_.remove(index);
+        onChanged();
+      } else {
+        unknownExtendedKeyUsagesBuilder_.remove(index);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Used to describe extended key usages that are not listed in the
+     * [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] message.
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.ObjectId unknown_extended_key_usages = 3;
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.ObjectId.Builder
+        getUnknownExtendedKeyUsagesBuilder(int index) {
+      return getUnknownExtendedKeyUsagesFieldBuilder().getBuilder(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Used to describe extended key usages that are not listed in the
+     * [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] message.
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.ObjectId unknown_extended_key_usages = 3;
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.ObjectIdOrBuilder
+        getUnknownExtendedKeyUsagesOrBuilder(int index) {
+      if (unknownExtendedKeyUsagesBuilder_ == null) {
+        return unknownExtendedKeyUsages_.get(index);
+      } else {
+        return unknownExtendedKeyUsagesBuilder_.getMessageOrBuilder(index);
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Used to describe extended key usages that are not listed in the
+     * [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] message.
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.ObjectId unknown_extended_key_usages = 3;
+     * </code>
+     */
+    public java.util.List<? extends com.google.cloud.security.privateca.v1.ObjectIdOrBuilder>
+        getUnknownExtendedKeyUsagesOrBuilderList() {
+      if (unknownExtendedKeyUsagesBuilder_ != null) {
+        return unknownExtendedKeyUsagesBuilder_.getMessageOrBuilderList();
+      } else {
+        return java.util.Collections.unmodifiableList(unknownExtendedKeyUsages_);
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Used to describe extended key usages that are not listed in the
+     * [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] message.
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.ObjectId unknown_extended_key_usages = 3;
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.ObjectId.Builder
+        addUnknownExtendedKeyUsagesBuilder() {
+      return getUnknownExtendedKeyUsagesFieldBuilder()
+          .addBuilder(com.google.cloud.security.privateca.v1.ObjectId.getDefaultInstance());
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Used to describe extended key usages that are not listed in the
+     * [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] message.
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.ObjectId unknown_extended_key_usages = 3;
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.ObjectId.Builder
+        addUnknownExtendedKeyUsagesBuilder(int index) {
+      return getUnknownExtendedKeyUsagesFieldBuilder()
+          .addBuilder(index, com.google.cloud.security.privateca.v1.ObjectId.getDefaultInstance());
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Used to describe extended key usages that are not listed in the
+     * [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] message.
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.ObjectId unknown_extended_key_usages = 3;
+     * </code>
+     */
+    public java.util.List<com.google.cloud.security.privateca.v1.ObjectId.Builder>
+        getUnknownExtendedKeyUsagesBuilderList() {
+      return getUnknownExtendedKeyUsagesFieldBuilder().getBuilderList();
+    }
+
+    private com.google.protobuf.RepeatedFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.ObjectId,
+            com.google.cloud.security.privateca.v1.ObjectId.Builder,
+            com.google.cloud.security.privateca.v1.ObjectIdOrBuilder>
+        getUnknownExtendedKeyUsagesFieldBuilder() {
+      if (unknownExtendedKeyUsagesBuilder_ == null) {
+        unknownExtendedKeyUsagesBuilder_ =
+            new com.google.protobuf.RepeatedFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.ObjectId,
+                com.google.cloud.security.privateca.v1.ObjectId.Builder,
+                com.google.cloud.security.privateca.v1.ObjectIdOrBuilder>(
+                unknownExtendedKeyUsages_,
+                ((bitField0_ & 0x00000001) != 0),
+                getParentForChildren(),
+                isClean());
+        unknownExtendedKeyUsages_ = null;
+      }
+      return unknownExtendedKeyUsagesBuilder_;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.KeyUsage)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.KeyUsage)
+  private static final com.google.cloud.security.privateca.v1.KeyUsage DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.KeyUsage();
+  }
+
+  public static com.google.cloud.security.privateca.v1.KeyUsage getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<KeyUsage> PARSER =
+      new com.google.protobuf.AbstractParser<KeyUsage>() {
+        @java.lang.Override
+        public KeyUsage parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new KeyUsage(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<KeyUsage> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<KeyUsage> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.KeyUsage getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/KeyUsageOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/KeyUsageOrBuilder.java
new file mode 100644
index 00000000..ad250fea
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/KeyUsageOrBuilder.java
@@ -0,0 +1,166 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/resources.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface KeyUsageOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.KeyUsage)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Describes high-level ways in which a key may be used.
+   * </pre>
+   *
+   * <code>.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions base_key_usage = 1;</code>
+   *
+   * @return Whether the baseKeyUsage field is set.
+   */
+  boolean hasBaseKeyUsage();
+  /**
+   *
+   *
+   * <pre>
+   * Describes high-level ways in which a key may be used.
+   * </pre>
+   *
+   * <code>.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions base_key_usage = 1;</code>
+   *
+   * @return The baseKeyUsage.
+   */
+  com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions getBaseKeyUsage();
+  /**
+   *
+   *
+   * <pre>
+   * Describes high-level ways in which a key may be used.
+   * </pre>
+   *
+   * <code>.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions base_key_usage = 1;</code>
+   */
+  com.google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptionsOrBuilder
+      getBaseKeyUsageOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Detailed scenarios in which a key may be used.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions extended_key_usage = 2;
+   * </code>
+   *
+   * @return Whether the extendedKeyUsage field is set.
+   */
+  boolean hasExtendedKeyUsage();
+  /**
+   *
+   *
+   * <pre>
+   * Detailed scenarios in which a key may be used.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions extended_key_usage = 2;
+   * </code>
+   *
+   * @return The extendedKeyUsage.
+   */
+  com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions getExtendedKeyUsage();
+  /**
+   *
+   *
+   * <pre>
+   * Detailed scenarios in which a key may be used.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions extended_key_usage = 2;
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptionsOrBuilder
+      getExtendedKeyUsageOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Used to describe extended key usages that are not listed in the
+   * [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] message.
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.ObjectId unknown_extended_key_usages = 3;
+   * </code>
+   */
+  java.util.List<com.google.cloud.security.privateca.v1.ObjectId> getUnknownExtendedKeyUsagesList();
+  /**
+   *
+   *
+   * <pre>
+   * Used to describe extended key usages that are not listed in the
+   * [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] message.
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.ObjectId unknown_extended_key_usages = 3;
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.ObjectId getUnknownExtendedKeyUsages(int index);
+  /**
+   *
+   *
+   * <pre>
+   * Used to describe extended key usages that are not listed in the
+   * [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] message.
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.ObjectId unknown_extended_key_usages = 3;
+   * </code>
+   */
+  int getUnknownExtendedKeyUsagesCount();
+  /**
+   *
+   *
+   * <pre>
+   * Used to describe extended key usages that are not listed in the
+   * [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] message.
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.ObjectId unknown_extended_key_usages = 3;
+   * </code>
+   */
+  java.util.List<? extends com.google.cloud.security.privateca.v1.ObjectIdOrBuilder>
+      getUnknownExtendedKeyUsagesOrBuilderList();
+  /**
+   *
+   *
+   * <pre>
+   * Used to describe extended key usages that are not listed in the
+   * [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] message.
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.ObjectId unknown_extended_key_usages = 3;
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.ObjectIdOrBuilder getUnknownExtendedKeyUsagesOrBuilder(
+      int index);
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCaPoolsRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCaPoolsRequest.java
new file mode 100644
index 00000000..bbc600c4
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCaPoolsRequest.java
@@ -0,0 +1,1325 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Request message for
+ * [CertificateAuthorityService.ListCaPools][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCaPools].
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.ListCaPoolsRequest}
+ */
+public final class ListCaPoolsRequest extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.ListCaPoolsRequest)
+    ListCaPoolsRequestOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use ListCaPoolsRequest.newBuilder() to construct.
+  private ListCaPoolsRequest(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private ListCaPoolsRequest() {
+    parent_ = "";
+    pageToken_ = "";
+    filter_ = "";
+    orderBy_ = "";
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new ListCaPoolsRequest();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private ListCaPoolsRequest(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              parent_ = s;
+              break;
+            }
+          case 16:
+            {
+              pageSize_ = input.readInt32();
+              break;
+            }
+          case 26:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              pageToken_ = s;
+              break;
+            }
+          case 34:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              filter_ = s;
+              break;
+            }
+          case 42:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              orderBy_ = s;
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_ListCaPoolsRequest_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_ListCaPoolsRequest_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.ListCaPoolsRequest.class,
+            com.google.cloud.security.privateca.v1.ListCaPoolsRequest.Builder.class);
+  }
+
+  public static final int PARENT_FIELD_NUMBER = 1;
+  private volatile java.lang.Object parent_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name of the location associated with the
+   * [CaPools][google.cloud.security.privateca.v1.CaPool], in the format
+   * `projects/&#42;&#47;locations/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The parent.
+   */
+  @java.lang.Override
+  public java.lang.String getParent() {
+    java.lang.Object ref = parent_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      parent_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name of the location associated with the
+   * [CaPools][google.cloud.security.privateca.v1.CaPool], in the format
+   * `projects/&#42;&#47;locations/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for parent.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getParentBytes() {
+    java.lang.Object ref = parent_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      parent_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int PAGE_SIZE_FIELD_NUMBER = 2;
+  private int pageSize_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Limit on the number of
+   * [CaPools][google.cloud.security.privateca.v1.CaPool] to include in the
+   * response. Further [CaPools][google.cloud.security.privateca.v1.CaPool] can
+   * subsequently be obtained by including the
+   * [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token]
+   * in a subsequent request. If unspecified, the server will pick an
+   * appropriate default.
+   * </pre>
+   *
+   * <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The pageSize.
+   */
+  @java.lang.Override
+  public int getPageSize() {
+    return pageSize_;
+  }
+
+  public static final int PAGE_TOKEN_FIELD_NUMBER = 3;
+  private volatile java.lang.Object pageToken_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Pagination token, returned earlier via
+   * [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token].
+   * </pre>
+   *
+   * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The pageToken.
+   */
+  @java.lang.Override
+  public java.lang.String getPageToken() {
+    java.lang.Object ref = pageToken_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      pageToken_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Pagination token, returned earlier via
+   * [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token].
+   * </pre>
+   *
+   * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for pageToken.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getPageTokenBytes() {
+    java.lang.Object ref = pageToken_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      pageToken_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int FILTER_FIELD_NUMBER = 4;
+  private volatile java.lang.Object filter_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Only include resources that match the filter in the response.
+   * </pre>
+   *
+   * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The filter.
+   */
+  @java.lang.Override
+  public java.lang.String getFilter() {
+    java.lang.Object ref = filter_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      filter_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Only include resources that match the filter in the response.
+   * </pre>
+   *
+   * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for filter.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getFilterBytes() {
+    java.lang.Object ref = filter_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      filter_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int ORDER_BY_FIELD_NUMBER = 5;
+  private volatile java.lang.Object orderBy_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Specify how the results should be sorted.
+   * </pre>
+   *
+   * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The orderBy.
+   */
+  @java.lang.Override
+  public java.lang.String getOrderBy() {
+    java.lang.Object ref = orderBy_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      orderBy_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Specify how the results should be sorted.
+   * </pre>
+   *
+   * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for orderBy.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getOrderByBytes() {
+    java.lang.Object ref = orderBy_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      orderBy_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!getParentBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, parent_);
+    }
+    if (pageSize_ != 0) {
+      output.writeInt32(2, pageSize_);
+    }
+    if (!getPageTokenBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 3, pageToken_);
+    }
+    if (!getFilterBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 4, filter_);
+    }
+    if (!getOrderByBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 5, orderBy_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!getParentBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, parent_);
+    }
+    if (pageSize_ != 0) {
+      size += com.google.protobuf.CodedOutputStream.computeInt32Size(2, pageSize_);
+    }
+    if (!getPageTokenBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(3, pageToken_);
+    }
+    if (!getFilterBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(4, filter_);
+    }
+    if (!getOrderByBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(5, orderBy_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.security.privateca.v1.ListCaPoolsRequest)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.ListCaPoolsRequest other =
+        (com.google.cloud.security.privateca.v1.ListCaPoolsRequest) obj;
+
+    if (!getParent().equals(other.getParent())) return false;
+    if (getPageSize() != other.getPageSize()) return false;
+    if (!getPageToken().equals(other.getPageToken())) return false;
+    if (!getFilter().equals(other.getFilter())) return false;
+    if (!getOrderBy().equals(other.getOrderBy())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + PARENT_FIELD_NUMBER;
+    hash = (53 * hash) + getParent().hashCode();
+    hash = (37 * hash) + PAGE_SIZE_FIELD_NUMBER;
+    hash = (53 * hash) + getPageSize();
+    hash = (37 * hash) + PAGE_TOKEN_FIELD_NUMBER;
+    hash = (53 * hash) + getPageToken().hashCode();
+    hash = (37 * hash) + FILTER_FIELD_NUMBER;
+    hash = (53 * hash) + getFilter().hashCode();
+    hash = (37 * hash) + ORDER_BY_FIELD_NUMBER;
+    hash = (53 * hash) + getOrderBy().hashCode();
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCaPoolsRequest parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCaPoolsRequest parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCaPoolsRequest parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCaPoolsRequest parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCaPoolsRequest parseFrom(byte[] data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCaPoolsRequest parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCaPoolsRequest parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCaPoolsRequest parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCaPoolsRequest parseDelimitedFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCaPoolsRequest parseDelimitedFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCaPoolsRequest parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCaPoolsRequest parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.ListCaPoolsRequest prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Request message for
+   * [CertificateAuthorityService.ListCaPools][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCaPools].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.ListCaPoolsRequest}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.ListCaPoolsRequest)
+      com.google.cloud.security.privateca.v1.ListCaPoolsRequestOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_ListCaPoolsRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_ListCaPoolsRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.ListCaPoolsRequest.class,
+              com.google.cloud.security.privateca.v1.ListCaPoolsRequest.Builder.class);
+    }
+
+    // Construct using com.google.cloud.security.privateca.v1.ListCaPoolsRequest.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      parent_ = "";
+
+      pageSize_ = 0;
+
+      pageToken_ = "";
+
+      filter_ = "";
+
+      orderBy_ = "";
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_ListCaPoolsRequest_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.ListCaPoolsRequest getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.ListCaPoolsRequest.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.ListCaPoolsRequest build() {
+      com.google.cloud.security.privateca.v1.ListCaPoolsRequest result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.ListCaPoolsRequest buildPartial() {
+      com.google.cloud.security.privateca.v1.ListCaPoolsRequest result =
+          new com.google.cloud.security.privateca.v1.ListCaPoolsRequest(this);
+      result.parent_ = parent_;
+      result.pageSize_ = pageSize_;
+      result.pageToken_ = pageToken_;
+      result.filter_ = filter_;
+      result.orderBy_ = orderBy_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.security.privateca.v1.ListCaPoolsRequest) {
+        return mergeFrom((com.google.cloud.security.privateca.v1.ListCaPoolsRequest) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(com.google.cloud.security.privateca.v1.ListCaPoolsRequest other) {
+      if (other == com.google.cloud.security.privateca.v1.ListCaPoolsRequest.getDefaultInstance())
+        return this;
+      if (!other.getParent().isEmpty()) {
+        parent_ = other.parent_;
+        onChanged();
+      }
+      if (other.getPageSize() != 0) {
+        setPageSize(other.getPageSize());
+      }
+      if (!other.getPageToken().isEmpty()) {
+        pageToken_ = other.pageToken_;
+        onChanged();
+      }
+      if (!other.getFilter().isEmpty()) {
+        filter_ = other.filter_;
+        onChanged();
+      }
+      if (!other.getOrderBy().isEmpty()) {
+        orderBy_ = other.orderBy_;
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.ListCaPoolsRequest parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.ListCaPoolsRequest) e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private java.lang.Object parent_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the location associated with the
+     * [CaPools][google.cloud.security.privateca.v1.CaPool], in the format
+     * `projects/&#42;&#47;locations/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The parent.
+     */
+    public java.lang.String getParent() {
+      java.lang.Object ref = parent_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        parent_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the location associated with the
+     * [CaPools][google.cloud.security.privateca.v1.CaPool], in the format
+     * `projects/&#42;&#47;locations/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for parent.
+     */
+    public com.google.protobuf.ByteString getParentBytes() {
+      java.lang.Object ref = parent_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        parent_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the location associated with the
+     * [CaPools][google.cloud.security.privateca.v1.CaPool], in the format
+     * `projects/&#42;&#47;locations/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The parent to set.
+     * @return This builder for chaining.
+     */
+    public Builder setParent(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      parent_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the location associated with the
+     * [CaPools][google.cloud.security.privateca.v1.CaPool], in the format
+     * `projects/&#42;&#47;locations/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearParent() {
+
+      parent_ = getDefaultInstance().getParent();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the location associated with the
+     * [CaPools][google.cloud.security.privateca.v1.CaPool], in the format
+     * `projects/&#42;&#47;locations/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The bytes for parent to set.
+     * @return This builder for chaining.
+     */
+    public Builder setParentBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      parent_ = value;
+      onChanged();
+      return this;
+    }
+
+    private int pageSize_;
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Limit on the number of
+     * [CaPools][google.cloud.security.privateca.v1.CaPool] to include in the
+     * response. Further [CaPools][google.cloud.security.privateca.v1.CaPool] can
+     * subsequently be obtained by including the
+     * [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token]
+     * in a subsequent request. If unspecified, the server will pick an
+     * appropriate default.
+     * </pre>
+     *
+     * <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The pageSize.
+     */
+    @java.lang.Override
+    public int getPageSize() {
+      return pageSize_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Limit on the number of
+     * [CaPools][google.cloud.security.privateca.v1.CaPool] to include in the
+     * response. Further [CaPools][google.cloud.security.privateca.v1.CaPool] can
+     * subsequently be obtained by including the
+     * [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token]
+     * in a subsequent request. If unspecified, the server will pick an
+     * appropriate default.
+     * </pre>
+     *
+     * <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The pageSize to set.
+     * @return This builder for chaining.
+     */
+    public Builder setPageSize(int value) {
+
+      pageSize_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Limit on the number of
+     * [CaPools][google.cloud.security.privateca.v1.CaPool] to include in the
+     * response. Further [CaPools][google.cloud.security.privateca.v1.CaPool] can
+     * subsequently be obtained by including the
+     * [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token]
+     * in a subsequent request. If unspecified, the server will pick an
+     * appropriate default.
+     * </pre>
+     *
+     * <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearPageSize() {
+
+      pageSize_ = 0;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object pageToken_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Pagination token, returned earlier via
+     * [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token].
+     * </pre>
+     *
+     * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The pageToken.
+     */
+    public java.lang.String getPageToken() {
+      java.lang.Object ref = pageToken_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        pageToken_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Pagination token, returned earlier via
+     * [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token].
+     * </pre>
+     *
+     * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for pageToken.
+     */
+    public com.google.protobuf.ByteString getPageTokenBytes() {
+      java.lang.Object ref = pageToken_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        pageToken_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Pagination token, returned earlier via
+     * [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token].
+     * </pre>
+     *
+     * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The pageToken to set.
+     * @return This builder for chaining.
+     */
+    public Builder setPageToken(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      pageToken_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Pagination token, returned earlier via
+     * [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token].
+     * </pre>
+     *
+     * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearPageToken() {
+
+      pageToken_ = getDefaultInstance().getPageToken();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Pagination token, returned earlier via
+     * [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token].
+     * </pre>
+     *
+     * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The bytes for pageToken to set.
+     * @return This builder for chaining.
+     */
+    public Builder setPageTokenBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      pageToken_ = value;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object filter_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Only include resources that match the filter in the response.
+     * </pre>
+     *
+     * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The filter.
+     */
+    public java.lang.String getFilter() {
+      java.lang.Object ref = filter_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        filter_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Only include resources that match the filter in the response.
+     * </pre>
+     *
+     * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for filter.
+     */
+    public com.google.protobuf.ByteString getFilterBytes() {
+      java.lang.Object ref = filter_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        filter_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Only include resources that match the filter in the response.
+     * </pre>
+     *
+     * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The filter to set.
+     * @return This builder for chaining.
+     */
+    public Builder setFilter(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      filter_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Only include resources that match the filter in the response.
+     * </pre>
+     *
+     * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearFilter() {
+
+      filter_ = getDefaultInstance().getFilter();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Only include resources that match the filter in the response.
+     * </pre>
+     *
+     * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The bytes for filter to set.
+     * @return This builder for chaining.
+     */
+    public Builder setFilterBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      filter_ = value;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object orderBy_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Specify how the results should be sorted.
+     * </pre>
+     *
+     * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The orderBy.
+     */
+    public java.lang.String getOrderBy() {
+      java.lang.Object ref = orderBy_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        orderBy_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Specify how the results should be sorted.
+     * </pre>
+     *
+     * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for orderBy.
+     */
+    public com.google.protobuf.ByteString getOrderByBytes() {
+      java.lang.Object ref = orderBy_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        orderBy_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Specify how the results should be sorted.
+     * </pre>
+     *
+     * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The orderBy to set.
+     * @return This builder for chaining.
+     */
+    public Builder setOrderBy(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      orderBy_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Specify how the results should be sorted.
+     * </pre>
+     *
+     * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearOrderBy() {
+
+      orderBy_ = getDefaultInstance().getOrderBy();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Specify how the results should be sorted.
+     * </pre>
+     *
+     * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The bytes for orderBy to set.
+     * @return This builder for chaining.
+     */
+    public Builder setOrderByBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      orderBy_ = value;
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.ListCaPoolsRequest)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.ListCaPoolsRequest)
+  private static final com.google.cloud.security.privateca.v1.ListCaPoolsRequest DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.ListCaPoolsRequest();
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCaPoolsRequest getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<ListCaPoolsRequest> PARSER =
+      new com.google.protobuf.AbstractParser<ListCaPoolsRequest>() {
+        @java.lang.Override
+        public ListCaPoolsRequest parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new ListCaPoolsRequest(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<ListCaPoolsRequest> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<ListCaPoolsRequest> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.ListCaPoolsRequest getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCaPoolsRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCaPoolsRequestOrBuilder.java
new file mode 100644
index 00000000..f773b3e4
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCaPoolsRequestOrBuilder.java
@@ -0,0 +1,154 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface ListCaPoolsRequestOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.ListCaPoolsRequest)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name of the location associated with the
+   * [CaPools][google.cloud.security.privateca.v1.CaPool], in the format
+   * `projects/&#42;&#47;locations/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The parent.
+   */
+  java.lang.String getParent();
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name of the location associated with the
+   * [CaPools][google.cloud.security.privateca.v1.CaPool], in the format
+   * `projects/&#42;&#47;locations/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for parent.
+   */
+  com.google.protobuf.ByteString getParentBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Limit on the number of
+   * [CaPools][google.cloud.security.privateca.v1.CaPool] to include in the
+   * response. Further [CaPools][google.cloud.security.privateca.v1.CaPool] can
+   * subsequently be obtained by including the
+   * [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token]
+   * in a subsequent request. If unspecified, the server will pick an
+   * appropriate default.
+   * </pre>
+   *
+   * <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The pageSize.
+   */
+  int getPageSize();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Pagination token, returned earlier via
+   * [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token].
+   * </pre>
+   *
+   * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The pageToken.
+   */
+  java.lang.String getPageToken();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Pagination token, returned earlier via
+   * [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token].
+   * </pre>
+   *
+   * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for pageToken.
+   */
+  com.google.protobuf.ByteString getPageTokenBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Only include resources that match the filter in the response.
+   * </pre>
+   *
+   * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The filter.
+   */
+  java.lang.String getFilter();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Only include resources that match the filter in the response.
+   * </pre>
+   *
+   * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for filter.
+   */
+  com.google.protobuf.ByteString getFilterBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Specify how the results should be sorted.
+   * </pre>
+   *
+   * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The orderBy.
+   */
+  java.lang.String getOrderBy();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Specify how the results should be sorted.
+   * </pre>
+   *
+   * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for orderBy.
+   */
+  com.google.protobuf.ByteString getOrderByBytes();
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCaPoolsResponse.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCaPoolsResponse.java
new file mode 100644
index 00000000..5f0fb9e0
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCaPoolsResponse.java
@@ -0,0 +1,1422 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Response message for
+ * [CertificateAuthorityService.ListCaPools][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCaPools].
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.ListCaPoolsResponse}
+ */
+public final class ListCaPoolsResponse extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.ListCaPoolsResponse)
+    ListCaPoolsResponseOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use ListCaPoolsResponse.newBuilder() to construct.
+  private ListCaPoolsResponse(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private ListCaPoolsResponse() {
+    caPools_ = java.util.Collections.emptyList();
+    nextPageToken_ = "";
+    unreachable_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new ListCaPoolsResponse();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private ListCaPoolsResponse(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    int mutable_bitField0_ = 0;
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              if (!((mutable_bitField0_ & 0x00000001) != 0)) {
+                caPools_ = new java.util.ArrayList<com.google.cloud.security.privateca.v1.CaPool>();
+                mutable_bitField0_ |= 0x00000001;
+              }
+              caPools_.add(
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.CaPool.parser(), extensionRegistry));
+              break;
+            }
+          case 18:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              nextPageToken_ = s;
+              break;
+            }
+          case 26:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+              if (!((mutable_bitField0_ & 0x00000002) != 0)) {
+                unreachable_ = new com.google.protobuf.LazyStringArrayList();
+                mutable_bitField0_ |= 0x00000002;
+              }
+              unreachable_.add(s);
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      if (((mutable_bitField0_ & 0x00000001) != 0)) {
+        caPools_ = java.util.Collections.unmodifiableList(caPools_);
+      }
+      if (((mutable_bitField0_ & 0x00000002) != 0)) {
+        unreachable_ = unreachable_.getUnmodifiableView();
+      }
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_ListCaPoolsResponse_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_ListCaPoolsResponse_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.ListCaPoolsResponse.class,
+            com.google.cloud.security.privateca.v1.ListCaPoolsResponse.Builder.class);
+  }
+
+  public static final int CA_POOLS_FIELD_NUMBER = 1;
+  private java.util.List<com.google.cloud.security.privateca.v1.CaPool> caPools_;
+  /**
+   *
+   *
+   * <pre>
+   * The list of [CaPools][google.cloud.security.privateca.v1.CaPool].
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.CaPool ca_pools = 1;</code>
+   */
+  @java.lang.Override
+  public java.util.List<com.google.cloud.security.privateca.v1.CaPool> getCaPoolsList() {
+    return caPools_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The list of [CaPools][google.cloud.security.privateca.v1.CaPool].
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.CaPool ca_pools = 1;</code>
+   */
+  @java.lang.Override
+  public java.util.List<? extends com.google.cloud.security.privateca.v1.CaPoolOrBuilder>
+      getCaPoolsOrBuilderList() {
+    return caPools_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The list of [CaPools][google.cloud.security.privateca.v1.CaPool].
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.CaPool ca_pools = 1;</code>
+   */
+  @java.lang.Override
+  public int getCaPoolsCount() {
+    return caPools_.size();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The list of [CaPools][google.cloud.security.privateca.v1.CaPool].
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.CaPool ca_pools = 1;</code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CaPool getCaPools(int index) {
+    return caPools_.get(index);
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The list of [CaPools][google.cloud.security.privateca.v1.CaPool].
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.CaPool ca_pools = 1;</code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CaPoolOrBuilder getCaPoolsOrBuilder(int index) {
+    return caPools_.get(index);
+  }
+
+  public static final int NEXT_PAGE_TOKEN_FIELD_NUMBER = 2;
+  private volatile java.lang.Object nextPageToken_;
+  /**
+   *
+   *
+   * <pre>
+   * A token to retrieve next page of results. Pass this value in
+   * [ListCertificateAuthoritiesRequest.next_page_token][] to retrieve the next
+   * page of results.
+   * </pre>
+   *
+   * <code>string next_page_token = 2;</code>
+   *
+   * @return The nextPageToken.
+   */
+  @java.lang.Override
+  public java.lang.String getNextPageToken() {
+    java.lang.Object ref = nextPageToken_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      nextPageToken_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * A token to retrieve next page of results. Pass this value in
+   * [ListCertificateAuthoritiesRequest.next_page_token][] to retrieve the next
+   * page of results.
+   * </pre>
+   *
+   * <code>string next_page_token = 2;</code>
+   *
+   * @return The bytes for nextPageToken.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getNextPageTokenBytes() {
+    java.lang.Object ref = nextPageToken_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      nextPageToken_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int UNREACHABLE_FIELD_NUMBER = 3;
+  private com.google.protobuf.LazyStringList unreachable_;
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @return A list containing the unreachable.
+   */
+  public com.google.protobuf.ProtocolStringList getUnreachableList() {
+    return unreachable_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @return The count of unreachable.
+   */
+  public int getUnreachableCount() {
+    return unreachable_.size();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @param index The index of the element to return.
+   * @return The unreachable at the given index.
+   */
+  public java.lang.String getUnreachable(int index) {
+    return unreachable_.get(index);
+  }
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @param index The index of the value to return.
+   * @return The bytes of the unreachable at the given index.
+   */
+  public com.google.protobuf.ByteString getUnreachableBytes(int index) {
+    return unreachable_.getByteString(index);
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    for (int i = 0; i < caPools_.size(); i++) {
+      output.writeMessage(1, caPools_.get(i));
+    }
+    if (!getNextPageTokenBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 2, nextPageToken_);
+    }
+    for (int i = 0; i < unreachable_.size(); i++) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 3, unreachable_.getRaw(i));
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    for (int i = 0; i < caPools_.size(); i++) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(1, caPools_.get(i));
+    }
+    if (!getNextPageTokenBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(2, nextPageToken_);
+    }
+    {
+      int dataSize = 0;
+      for (int i = 0; i < unreachable_.size(); i++) {
+        dataSize += computeStringSizeNoTag(unreachable_.getRaw(i));
+      }
+      size += dataSize;
+      size += 1 * getUnreachableList().size();
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.security.privateca.v1.ListCaPoolsResponse)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.ListCaPoolsResponse other =
+        (com.google.cloud.security.privateca.v1.ListCaPoolsResponse) obj;
+
+    if (!getCaPoolsList().equals(other.getCaPoolsList())) return false;
+    if (!getNextPageToken().equals(other.getNextPageToken())) return false;
+    if (!getUnreachableList().equals(other.getUnreachableList())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    if (getCaPoolsCount() > 0) {
+      hash = (37 * hash) + CA_POOLS_FIELD_NUMBER;
+      hash = (53 * hash) + getCaPoolsList().hashCode();
+    }
+    hash = (37 * hash) + NEXT_PAGE_TOKEN_FIELD_NUMBER;
+    hash = (53 * hash) + getNextPageToken().hashCode();
+    if (getUnreachableCount() > 0) {
+      hash = (37 * hash) + UNREACHABLE_FIELD_NUMBER;
+      hash = (53 * hash) + getUnreachableList().hashCode();
+    }
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCaPoolsResponse parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCaPoolsResponse parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCaPoolsResponse parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCaPoolsResponse parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCaPoolsResponse parseFrom(byte[] data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCaPoolsResponse parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCaPoolsResponse parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCaPoolsResponse parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCaPoolsResponse parseDelimitedFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCaPoolsResponse parseDelimitedFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCaPoolsResponse parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCaPoolsResponse parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.ListCaPoolsResponse prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Response message for
+   * [CertificateAuthorityService.ListCaPools][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCaPools].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.ListCaPoolsResponse}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.ListCaPoolsResponse)
+      com.google.cloud.security.privateca.v1.ListCaPoolsResponseOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_ListCaPoolsResponse_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_ListCaPoolsResponse_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.ListCaPoolsResponse.class,
+              com.google.cloud.security.privateca.v1.ListCaPoolsResponse.Builder.class);
+    }
+
+    // Construct using com.google.cloud.security.privateca.v1.ListCaPoolsResponse.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {
+        getCaPoolsFieldBuilder();
+      }
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      if (caPoolsBuilder_ == null) {
+        caPools_ = java.util.Collections.emptyList();
+        bitField0_ = (bitField0_ & ~0x00000001);
+      } else {
+        caPoolsBuilder_.clear();
+      }
+      nextPageToken_ = "";
+
+      unreachable_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000002);
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_ListCaPoolsResponse_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.ListCaPoolsResponse getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.ListCaPoolsResponse.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.ListCaPoolsResponse build() {
+      com.google.cloud.security.privateca.v1.ListCaPoolsResponse result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.ListCaPoolsResponse buildPartial() {
+      com.google.cloud.security.privateca.v1.ListCaPoolsResponse result =
+          new com.google.cloud.security.privateca.v1.ListCaPoolsResponse(this);
+      int from_bitField0_ = bitField0_;
+      if (caPoolsBuilder_ == null) {
+        if (((bitField0_ & 0x00000001) != 0)) {
+          caPools_ = java.util.Collections.unmodifiableList(caPools_);
+          bitField0_ = (bitField0_ & ~0x00000001);
+        }
+        result.caPools_ = caPools_;
+      } else {
+        result.caPools_ = caPoolsBuilder_.build();
+      }
+      result.nextPageToken_ = nextPageToken_;
+      if (((bitField0_ & 0x00000002) != 0)) {
+        unreachable_ = unreachable_.getUnmodifiableView();
+        bitField0_ = (bitField0_ & ~0x00000002);
+      }
+      result.unreachable_ = unreachable_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.security.privateca.v1.ListCaPoolsResponse) {
+        return mergeFrom((com.google.cloud.security.privateca.v1.ListCaPoolsResponse) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(com.google.cloud.security.privateca.v1.ListCaPoolsResponse other) {
+      if (other == com.google.cloud.security.privateca.v1.ListCaPoolsResponse.getDefaultInstance())
+        return this;
+      if (caPoolsBuilder_ == null) {
+        if (!other.caPools_.isEmpty()) {
+          if (caPools_.isEmpty()) {
+            caPools_ = other.caPools_;
+            bitField0_ = (bitField0_ & ~0x00000001);
+          } else {
+            ensureCaPoolsIsMutable();
+            caPools_.addAll(other.caPools_);
+          }
+          onChanged();
+        }
+      } else {
+        if (!other.caPools_.isEmpty()) {
+          if (caPoolsBuilder_.isEmpty()) {
+            caPoolsBuilder_.dispose();
+            caPoolsBuilder_ = null;
+            caPools_ = other.caPools_;
+            bitField0_ = (bitField0_ & ~0x00000001);
+            caPoolsBuilder_ =
+                com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders
+                    ? getCaPoolsFieldBuilder()
+                    : null;
+          } else {
+            caPoolsBuilder_.addAllMessages(other.caPools_);
+          }
+        }
+      }
+      if (!other.getNextPageToken().isEmpty()) {
+        nextPageToken_ = other.nextPageToken_;
+        onChanged();
+      }
+      if (!other.unreachable_.isEmpty()) {
+        if (unreachable_.isEmpty()) {
+          unreachable_ = other.unreachable_;
+          bitField0_ = (bitField0_ & ~0x00000002);
+        } else {
+          ensureUnreachableIsMutable();
+          unreachable_.addAll(other.unreachable_);
+        }
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.ListCaPoolsResponse parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.ListCaPoolsResponse) e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private int bitField0_;
+
+    private java.util.List<com.google.cloud.security.privateca.v1.CaPool> caPools_ =
+        java.util.Collections.emptyList();
+
+    private void ensureCaPoolsIsMutable() {
+      if (!((bitField0_ & 0x00000001) != 0)) {
+        caPools_ = new java.util.ArrayList<com.google.cloud.security.privateca.v1.CaPool>(caPools_);
+        bitField0_ |= 0x00000001;
+      }
+    }
+
+    private com.google.protobuf.RepeatedFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CaPool,
+            com.google.cloud.security.privateca.v1.CaPool.Builder,
+            com.google.cloud.security.privateca.v1.CaPoolOrBuilder>
+        caPoolsBuilder_;
+
+    /**
+     *
+     *
+     * <pre>
+     * The list of [CaPools][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.CaPool ca_pools = 1;</code>
+     */
+    public java.util.List<com.google.cloud.security.privateca.v1.CaPool> getCaPoolsList() {
+      if (caPoolsBuilder_ == null) {
+        return java.util.Collections.unmodifiableList(caPools_);
+      } else {
+        return caPoolsBuilder_.getMessageList();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of [CaPools][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.CaPool ca_pools = 1;</code>
+     */
+    public int getCaPoolsCount() {
+      if (caPoolsBuilder_ == null) {
+        return caPools_.size();
+      } else {
+        return caPoolsBuilder_.getCount();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of [CaPools][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.CaPool ca_pools = 1;</code>
+     */
+    public com.google.cloud.security.privateca.v1.CaPool getCaPools(int index) {
+      if (caPoolsBuilder_ == null) {
+        return caPools_.get(index);
+      } else {
+        return caPoolsBuilder_.getMessage(index);
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of [CaPools][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.CaPool ca_pools = 1;</code>
+     */
+    public Builder setCaPools(int index, com.google.cloud.security.privateca.v1.CaPool value) {
+      if (caPoolsBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureCaPoolsIsMutable();
+        caPools_.set(index, value);
+        onChanged();
+      } else {
+        caPoolsBuilder_.setMessage(index, value);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of [CaPools][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.CaPool ca_pools = 1;</code>
+     */
+    public Builder setCaPools(
+        int index, com.google.cloud.security.privateca.v1.CaPool.Builder builderForValue) {
+      if (caPoolsBuilder_ == null) {
+        ensureCaPoolsIsMutable();
+        caPools_.set(index, builderForValue.build());
+        onChanged();
+      } else {
+        caPoolsBuilder_.setMessage(index, builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of [CaPools][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.CaPool ca_pools = 1;</code>
+     */
+    public Builder addCaPools(com.google.cloud.security.privateca.v1.CaPool value) {
+      if (caPoolsBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureCaPoolsIsMutable();
+        caPools_.add(value);
+        onChanged();
+      } else {
+        caPoolsBuilder_.addMessage(value);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of [CaPools][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.CaPool ca_pools = 1;</code>
+     */
+    public Builder addCaPools(int index, com.google.cloud.security.privateca.v1.CaPool value) {
+      if (caPoolsBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureCaPoolsIsMutable();
+        caPools_.add(index, value);
+        onChanged();
+      } else {
+        caPoolsBuilder_.addMessage(index, value);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of [CaPools][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.CaPool ca_pools = 1;</code>
+     */
+    public Builder addCaPools(
+        com.google.cloud.security.privateca.v1.CaPool.Builder builderForValue) {
+      if (caPoolsBuilder_ == null) {
+        ensureCaPoolsIsMutable();
+        caPools_.add(builderForValue.build());
+        onChanged();
+      } else {
+        caPoolsBuilder_.addMessage(builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of [CaPools][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.CaPool ca_pools = 1;</code>
+     */
+    public Builder addCaPools(
+        int index, com.google.cloud.security.privateca.v1.CaPool.Builder builderForValue) {
+      if (caPoolsBuilder_ == null) {
+        ensureCaPoolsIsMutable();
+        caPools_.add(index, builderForValue.build());
+        onChanged();
+      } else {
+        caPoolsBuilder_.addMessage(index, builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of [CaPools][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.CaPool ca_pools = 1;</code>
+     */
+    public Builder addAllCaPools(
+        java.lang.Iterable<? extends com.google.cloud.security.privateca.v1.CaPool> values) {
+      if (caPoolsBuilder_ == null) {
+        ensureCaPoolsIsMutable();
+        com.google.protobuf.AbstractMessageLite.Builder.addAll(values, caPools_);
+        onChanged();
+      } else {
+        caPoolsBuilder_.addAllMessages(values);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of [CaPools][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.CaPool ca_pools = 1;</code>
+     */
+    public Builder clearCaPools() {
+      if (caPoolsBuilder_ == null) {
+        caPools_ = java.util.Collections.emptyList();
+        bitField0_ = (bitField0_ & ~0x00000001);
+        onChanged();
+      } else {
+        caPoolsBuilder_.clear();
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of [CaPools][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.CaPool ca_pools = 1;</code>
+     */
+    public Builder removeCaPools(int index) {
+      if (caPoolsBuilder_ == null) {
+        ensureCaPoolsIsMutable();
+        caPools_.remove(index);
+        onChanged();
+      } else {
+        caPoolsBuilder_.remove(index);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of [CaPools][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.CaPool ca_pools = 1;</code>
+     */
+    public com.google.cloud.security.privateca.v1.CaPool.Builder getCaPoolsBuilder(int index) {
+      return getCaPoolsFieldBuilder().getBuilder(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of [CaPools][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.CaPool ca_pools = 1;</code>
+     */
+    public com.google.cloud.security.privateca.v1.CaPoolOrBuilder getCaPoolsOrBuilder(int index) {
+      if (caPoolsBuilder_ == null) {
+        return caPools_.get(index);
+      } else {
+        return caPoolsBuilder_.getMessageOrBuilder(index);
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of [CaPools][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.CaPool ca_pools = 1;</code>
+     */
+    public java.util.List<? extends com.google.cloud.security.privateca.v1.CaPoolOrBuilder>
+        getCaPoolsOrBuilderList() {
+      if (caPoolsBuilder_ != null) {
+        return caPoolsBuilder_.getMessageOrBuilderList();
+      } else {
+        return java.util.Collections.unmodifiableList(caPools_);
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of [CaPools][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.CaPool ca_pools = 1;</code>
+     */
+    public com.google.cloud.security.privateca.v1.CaPool.Builder addCaPoolsBuilder() {
+      return getCaPoolsFieldBuilder()
+          .addBuilder(com.google.cloud.security.privateca.v1.CaPool.getDefaultInstance());
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of [CaPools][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.CaPool ca_pools = 1;</code>
+     */
+    public com.google.cloud.security.privateca.v1.CaPool.Builder addCaPoolsBuilder(int index) {
+      return getCaPoolsFieldBuilder()
+          .addBuilder(index, com.google.cloud.security.privateca.v1.CaPool.getDefaultInstance());
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of [CaPools][google.cloud.security.privateca.v1.CaPool].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.CaPool ca_pools = 1;</code>
+     */
+    public java.util.List<com.google.cloud.security.privateca.v1.CaPool.Builder>
+        getCaPoolsBuilderList() {
+      return getCaPoolsFieldBuilder().getBuilderList();
+    }
+
+    private com.google.protobuf.RepeatedFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CaPool,
+            com.google.cloud.security.privateca.v1.CaPool.Builder,
+            com.google.cloud.security.privateca.v1.CaPoolOrBuilder>
+        getCaPoolsFieldBuilder() {
+      if (caPoolsBuilder_ == null) {
+        caPoolsBuilder_ =
+            new com.google.protobuf.RepeatedFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.CaPool,
+                com.google.cloud.security.privateca.v1.CaPool.Builder,
+                com.google.cloud.security.privateca.v1.CaPoolOrBuilder>(
+                caPools_, ((bitField0_ & 0x00000001) != 0), getParentForChildren(), isClean());
+        caPools_ = null;
+      }
+      return caPoolsBuilder_;
+    }
+
+    private java.lang.Object nextPageToken_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * A token to retrieve next page of results. Pass this value in
+     * [ListCertificateAuthoritiesRequest.next_page_token][] to retrieve the next
+     * page of results.
+     * </pre>
+     *
+     * <code>string next_page_token = 2;</code>
+     *
+     * @return The nextPageToken.
+     */
+    public java.lang.String getNextPageToken() {
+      java.lang.Object ref = nextPageToken_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        nextPageToken_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A token to retrieve next page of results. Pass this value in
+     * [ListCertificateAuthoritiesRequest.next_page_token][] to retrieve the next
+     * page of results.
+     * </pre>
+     *
+     * <code>string next_page_token = 2;</code>
+     *
+     * @return The bytes for nextPageToken.
+     */
+    public com.google.protobuf.ByteString getNextPageTokenBytes() {
+      java.lang.Object ref = nextPageToken_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        nextPageToken_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A token to retrieve next page of results. Pass this value in
+     * [ListCertificateAuthoritiesRequest.next_page_token][] to retrieve the next
+     * page of results.
+     * </pre>
+     *
+     * <code>string next_page_token = 2;</code>
+     *
+     * @param value The nextPageToken to set.
+     * @return This builder for chaining.
+     */
+    public Builder setNextPageToken(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      nextPageToken_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A token to retrieve next page of results. Pass this value in
+     * [ListCertificateAuthoritiesRequest.next_page_token][] to retrieve the next
+     * page of results.
+     * </pre>
+     *
+     * <code>string next_page_token = 2;</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearNextPageToken() {
+
+      nextPageToken_ = getDefaultInstance().getNextPageToken();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A token to retrieve next page of results. Pass this value in
+     * [ListCertificateAuthoritiesRequest.next_page_token][] to retrieve the next
+     * page of results.
+     * </pre>
+     *
+     * <code>string next_page_token = 2;</code>
+     *
+     * @param value The bytes for nextPageToken to set.
+     * @return This builder for chaining.
+     */
+    public Builder setNextPageTokenBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      nextPageToken_ = value;
+      onChanged();
+      return this;
+    }
+
+    private com.google.protobuf.LazyStringList unreachable_ =
+        com.google.protobuf.LazyStringArrayList.EMPTY;
+
+    private void ensureUnreachableIsMutable() {
+      if (!((bitField0_ & 0x00000002) != 0)) {
+        unreachable_ = new com.google.protobuf.LazyStringArrayList(unreachable_);
+        bitField0_ |= 0x00000002;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @return A list containing the unreachable.
+     */
+    public com.google.protobuf.ProtocolStringList getUnreachableList() {
+      return unreachable_.getUnmodifiableView();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @return The count of unreachable.
+     */
+    public int getUnreachableCount() {
+      return unreachable_.size();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @param index The index of the element to return.
+     * @return The unreachable at the given index.
+     */
+    public java.lang.String getUnreachable(int index) {
+      return unreachable_.get(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @param index The index of the value to return.
+     * @return The bytes of the unreachable at the given index.
+     */
+    public com.google.protobuf.ByteString getUnreachableBytes(int index) {
+      return unreachable_.getByteString(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @param index The index to set the value at.
+     * @param value The unreachable to set.
+     * @return This builder for chaining.
+     */
+    public Builder setUnreachable(int index, java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensureUnreachableIsMutable();
+      unreachable_.set(index, value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @param value The unreachable to add.
+     * @return This builder for chaining.
+     */
+    public Builder addUnreachable(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensureUnreachableIsMutable();
+      unreachable_.add(value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @param values The unreachable to add.
+     * @return This builder for chaining.
+     */
+    public Builder addAllUnreachable(java.lang.Iterable<java.lang.String> values) {
+      ensureUnreachableIsMutable();
+      com.google.protobuf.AbstractMessageLite.Builder.addAll(values, unreachable_);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearUnreachable() {
+      unreachable_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000002);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @param value The bytes of the unreachable to add.
+     * @return This builder for chaining.
+     */
+    public Builder addUnreachableBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+      ensureUnreachableIsMutable();
+      unreachable_.add(value);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.ListCaPoolsResponse)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.ListCaPoolsResponse)
+  private static final com.google.cloud.security.privateca.v1.ListCaPoolsResponse DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.ListCaPoolsResponse();
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCaPoolsResponse getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<ListCaPoolsResponse> PARSER =
+      new com.google.protobuf.AbstractParser<ListCaPoolsResponse>() {
+        @java.lang.Override
+        public ListCaPoolsResponse parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new ListCaPoolsResponse(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<ListCaPoolsResponse> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<ListCaPoolsResponse> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.ListCaPoolsResponse getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCaPoolsResponseOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCaPoolsResponseOrBuilder.java
new file mode 100644
index 00000000..1da02859
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCaPoolsResponseOrBuilder.java
@@ -0,0 +1,157 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface ListCaPoolsResponseOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.ListCaPoolsResponse)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * The list of [CaPools][google.cloud.security.privateca.v1.CaPool].
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.CaPool ca_pools = 1;</code>
+   */
+  java.util.List<com.google.cloud.security.privateca.v1.CaPool> getCaPoolsList();
+  /**
+   *
+   *
+   * <pre>
+   * The list of [CaPools][google.cloud.security.privateca.v1.CaPool].
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.CaPool ca_pools = 1;</code>
+   */
+  com.google.cloud.security.privateca.v1.CaPool getCaPools(int index);
+  /**
+   *
+   *
+   * <pre>
+   * The list of [CaPools][google.cloud.security.privateca.v1.CaPool].
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.CaPool ca_pools = 1;</code>
+   */
+  int getCaPoolsCount();
+  /**
+   *
+   *
+   * <pre>
+   * The list of [CaPools][google.cloud.security.privateca.v1.CaPool].
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.CaPool ca_pools = 1;</code>
+   */
+  java.util.List<? extends com.google.cloud.security.privateca.v1.CaPoolOrBuilder>
+      getCaPoolsOrBuilderList();
+  /**
+   *
+   *
+   * <pre>
+   * The list of [CaPools][google.cloud.security.privateca.v1.CaPool].
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.CaPool ca_pools = 1;</code>
+   */
+  com.google.cloud.security.privateca.v1.CaPoolOrBuilder getCaPoolsOrBuilder(int index);
+
+  /**
+   *
+   *
+   * <pre>
+   * A token to retrieve next page of results. Pass this value in
+   * [ListCertificateAuthoritiesRequest.next_page_token][] to retrieve the next
+   * page of results.
+   * </pre>
+   *
+   * <code>string next_page_token = 2;</code>
+   *
+   * @return The nextPageToken.
+   */
+  java.lang.String getNextPageToken();
+  /**
+   *
+   *
+   * <pre>
+   * A token to retrieve next page of results. Pass this value in
+   * [ListCertificateAuthoritiesRequest.next_page_token][] to retrieve the next
+   * page of results.
+   * </pre>
+   *
+   * <code>string next_page_token = 2;</code>
+   *
+   * @return The bytes for nextPageToken.
+   */
+  com.google.protobuf.ByteString getNextPageTokenBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @return A list containing the unreachable.
+   */
+  java.util.List<java.lang.String> getUnreachableList();
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @return The count of unreachable.
+   */
+  int getUnreachableCount();
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @param index The index of the element to return.
+   * @return The unreachable at the given index.
+   */
+  java.lang.String getUnreachable(int index);
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @param index The index of the value to return.
+   * @return The bytes of the unreachable at the given index.
+   */
+  com.google.protobuf.ByteString getUnreachableBytes(int index);
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateAuthoritiesRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateAuthoritiesRequest.java
new file mode 100644
index 00000000..361229a2
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateAuthoritiesRequest.java
@@ -0,0 +1,1353 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Request message for
+ * [CertificateAuthorityService.ListCertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateAuthorities].
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest}
+ */
+public final class ListCertificateAuthoritiesRequest extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest)
+    ListCertificateAuthoritiesRequestOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use ListCertificateAuthoritiesRequest.newBuilder() to construct.
+  private ListCertificateAuthoritiesRequest(
+      com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private ListCertificateAuthoritiesRequest() {
+    parent_ = "";
+    pageToken_ = "";
+    filter_ = "";
+    orderBy_ = "";
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new ListCertificateAuthoritiesRequest();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private ListCertificateAuthoritiesRequest(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              parent_ = s;
+              break;
+            }
+          case 16:
+            {
+              pageSize_ = input.readInt32();
+              break;
+            }
+          case 26:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              pageToken_ = s;
+              break;
+            }
+          case 34:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              filter_ = s;
+              break;
+            }
+          case 42:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              orderBy_ = s;
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_ListCertificateAuthoritiesRequest_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_ListCertificateAuthoritiesRequest_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest.class,
+            com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest.Builder.class);
+  }
+
+  public static final int PARENT_FIELD_NUMBER = 1;
+  private volatile java.lang.Object parent_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name of the
+   * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The parent.
+   */
+  @java.lang.Override
+  public java.lang.String getParent() {
+    java.lang.Object ref = parent_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      parent_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name of the
+   * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for parent.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getParentBytes() {
+    java.lang.Object ref = parent_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      parent_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int PAGE_SIZE_FIELD_NUMBER = 2;
+  private int pageSize_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Limit on the number of
+   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
+   * to include in the response. Further
+   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
+   * can subsequently be obtained by including the
+   * [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token]
+   * in a subsequent request. If unspecified, the server will pick an
+   * appropriate default.
+   * </pre>
+   *
+   * <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The pageSize.
+   */
+  @java.lang.Override
+  public int getPageSize() {
+    return pageSize_;
+  }
+
+  public static final int PAGE_TOKEN_FIELD_NUMBER = 3;
+  private volatile java.lang.Object pageToken_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Pagination token, returned earlier via
+   * [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token].
+   * </pre>
+   *
+   * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The pageToken.
+   */
+  @java.lang.Override
+  public java.lang.String getPageToken() {
+    java.lang.Object ref = pageToken_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      pageToken_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Pagination token, returned earlier via
+   * [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token].
+   * </pre>
+   *
+   * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for pageToken.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getPageTokenBytes() {
+    java.lang.Object ref = pageToken_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      pageToken_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int FILTER_FIELD_NUMBER = 4;
+  private volatile java.lang.Object filter_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Only include resources that match the filter in the response.
+   * </pre>
+   *
+   * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The filter.
+   */
+  @java.lang.Override
+  public java.lang.String getFilter() {
+    java.lang.Object ref = filter_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      filter_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Only include resources that match the filter in the response.
+   * </pre>
+   *
+   * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for filter.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getFilterBytes() {
+    java.lang.Object ref = filter_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      filter_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int ORDER_BY_FIELD_NUMBER = 5;
+  private volatile java.lang.Object orderBy_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Specify how the results should be sorted.
+   * </pre>
+   *
+   * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The orderBy.
+   */
+  @java.lang.Override
+  public java.lang.String getOrderBy() {
+    java.lang.Object ref = orderBy_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      orderBy_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Specify how the results should be sorted.
+   * </pre>
+   *
+   * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for orderBy.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getOrderByBytes() {
+    java.lang.Object ref = orderBy_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      orderBy_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!getParentBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, parent_);
+    }
+    if (pageSize_ != 0) {
+      output.writeInt32(2, pageSize_);
+    }
+    if (!getPageTokenBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 3, pageToken_);
+    }
+    if (!getFilterBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 4, filter_);
+    }
+    if (!getOrderByBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 5, orderBy_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!getParentBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, parent_);
+    }
+    if (pageSize_ != 0) {
+      size += com.google.protobuf.CodedOutputStream.computeInt32Size(2, pageSize_);
+    }
+    if (!getPageTokenBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(3, pageToken_);
+    }
+    if (!getFilterBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(4, filter_);
+    }
+    if (!getOrderByBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(5, orderBy_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj
+        instanceof com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest other =
+        (com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest) obj;
+
+    if (!getParent().equals(other.getParent())) return false;
+    if (getPageSize() != other.getPageSize()) return false;
+    if (!getPageToken().equals(other.getPageToken())) return false;
+    if (!getFilter().equals(other.getFilter())) return false;
+    if (!getOrderBy().equals(other.getOrderBy())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + PARENT_FIELD_NUMBER;
+    hash = (53 * hash) + getParent().hashCode();
+    hash = (37 * hash) + PAGE_SIZE_FIELD_NUMBER;
+    hash = (53 * hash) + getPageSize();
+    hash = (37 * hash) + PAGE_TOKEN_FIELD_NUMBER;
+    hash = (53 * hash) + getPageToken().hashCode();
+    hash = (37 * hash) + FILTER_FIELD_NUMBER;
+    hash = (53 * hash) + getFilter().hashCode();
+    hash = (37 * hash) + ORDER_BY_FIELD_NUMBER;
+    hash = (53 * hash) + getOrderBy().hashCode();
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest parseFrom(
+      byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest
+      parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest
+      parseDelimitedFrom(
+          java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Request message for
+   * [CertificateAuthorityService.ListCertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateAuthorities].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest)
+      com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequestOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_ListCertificateAuthoritiesRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_ListCertificateAuthoritiesRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest.class,
+              com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest.Builder
+                  .class);
+    }
+
+    // Construct using
+    // com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      parent_ = "";
+
+      pageSize_ = 0;
+
+      pageToken_ = "";
+
+      filter_ = "";
+
+      orderBy_ = "";
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_ListCertificateAuthoritiesRequest_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest
+        getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest
+          .getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest build() {
+      com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest result =
+          buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest buildPartial() {
+      com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest result =
+          new com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest(this);
+      result.parent_ = parent_;
+      result.pageSize_ = pageSize_;
+      result.pageToken_ = pageToken_;
+      result.filter_ = filter_;
+      result.orderBy_ = orderBy_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other
+          instanceof com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest) {
+        return mergeFrom(
+            (com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(
+        com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest other) {
+      if (other
+          == com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest
+              .getDefaultInstance()) return this;
+      if (!other.getParent().isEmpty()) {
+        parent_ = other.parent_;
+        onChanged();
+      }
+      if (other.getPageSize() != 0) {
+        setPageSize(other.getPageSize());
+      }
+      if (!other.getPageToken().isEmpty()) {
+        pageToken_ = other.pageToken_;
+        onChanged();
+      }
+      if (!other.getFilter().isEmpty()) {
+        filter_ = other.filter_;
+        onChanged();
+      }
+      if (!other.getOrderBy().isEmpty()) {
+        orderBy_ = other.orderBy_;
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest)
+                e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private java.lang.Object parent_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The parent.
+     */
+    public java.lang.String getParent() {
+      java.lang.Object ref = parent_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        parent_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for parent.
+     */
+    public com.google.protobuf.ByteString getParentBytes() {
+      java.lang.Object ref = parent_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        parent_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The parent to set.
+     * @return This builder for chaining.
+     */
+    public Builder setParent(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      parent_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearParent() {
+
+      parent_ = getDefaultInstance().getParent();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the
+     * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The bytes for parent to set.
+     * @return This builder for chaining.
+     */
+    public Builder setParentBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      parent_ = value;
+      onChanged();
+      return this;
+    }
+
+    private int pageSize_;
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Limit on the number of
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
+     * to include in the response. Further
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
+     * can subsequently be obtained by including the
+     * [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token]
+     * in a subsequent request. If unspecified, the server will pick an
+     * appropriate default.
+     * </pre>
+     *
+     * <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The pageSize.
+     */
+    @java.lang.Override
+    public int getPageSize() {
+      return pageSize_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Limit on the number of
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
+     * to include in the response. Further
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
+     * can subsequently be obtained by including the
+     * [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token]
+     * in a subsequent request. If unspecified, the server will pick an
+     * appropriate default.
+     * </pre>
+     *
+     * <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The pageSize to set.
+     * @return This builder for chaining.
+     */
+    public Builder setPageSize(int value) {
+
+      pageSize_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Limit on the number of
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
+     * to include in the response. Further
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
+     * can subsequently be obtained by including the
+     * [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token]
+     * in a subsequent request. If unspecified, the server will pick an
+     * appropriate default.
+     * </pre>
+     *
+     * <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearPageSize() {
+
+      pageSize_ = 0;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object pageToken_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Pagination token, returned earlier via
+     * [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token].
+     * </pre>
+     *
+     * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The pageToken.
+     */
+    public java.lang.String getPageToken() {
+      java.lang.Object ref = pageToken_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        pageToken_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Pagination token, returned earlier via
+     * [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token].
+     * </pre>
+     *
+     * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for pageToken.
+     */
+    public com.google.protobuf.ByteString getPageTokenBytes() {
+      java.lang.Object ref = pageToken_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        pageToken_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Pagination token, returned earlier via
+     * [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token].
+     * </pre>
+     *
+     * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The pageToken to set.
+     * @return This builder for chaining.
+     */
+    public Builder setPageToken(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      pageToken_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Pagination token, returned earlier via
+     * [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token].
+     * </pre>
+     *
+     * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearPageToken() {
+
+      pageToken_ = getDefaultInstance().getPageToken();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Pagination token, returned earlier via
+     * [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token].
+     * </pre>
+     *
+     * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The bytes for pageToken to set.
+     * @return This builder for chaining.
+     */
+    public Builder setPageTokenBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      pageToken_ = value;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object filter_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Only include resources that match the filter in the response.
+     * </pre>
+     *
+     * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The filter.
+     */
+    public java.lang.String getFilter() {
+      java.lang.Object ref = filter_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        filter_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Only include resources that match the filter in the response.
+     * </pre>
+     *
+     * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for filter.
+     */
+    public com.google.protobuf.ByteString getFilterBytes() {
+      java.lang.Object ref = filter_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        filter_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Only include resources that match the filter in the response.
+     * </pre>
+     *
+     * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The filter to set.
+     * @return This builder for chaining.
+     */
+    public Builder setFilter(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      filter_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Only include resources that match the filter in the response.
+     * </pre>
+     *
+     * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearFilter() {
+
+      filter_ = getDefaultInstance().getFilter();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Only include resources that match the filter in the response.
+     * </pre>
+     *
+     * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The bytes for filter to set.
+     * @return This builder for chaining.
+     */
+    public Builder setFilterBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      filter_ = value;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object orderBy_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Specify how the results should be sorted.
+     * </pre>
+     *
+     * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The orderBy.
+     */
+    public java.lang.String getOrderBy() {
+      java.lang.Object ref = orderBy_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        orderBy_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Specify how the results should be sorted.
+     * </pre>
+     *
+     * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for orderBy.
+     */
+    public com.google.protobuf.ByteString getOrderByBytes() {
+      java.lang.Object ref = orderBy_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        orderBy_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Specify how the results should be sorted.
+     * </pre>
+     *
+     * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The orderBy to set.
+     * @return This builder for chaining.
+     */
+    public Builder setOrderBy(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      orderBy_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Specify how the results should be sorted.
+     * </pre>
+     *
+     * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearOrderBy() {
+
+      orderBy_ = getDefaultInstance().getOrderBy();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Specify how the results should be sorted.
+     * </pre>
+     *
+     * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The bytes for orderBy to set.
+     * @return This builder for chaining.
+     */
+    public Builder setOrderByBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      orderBy_ = value;
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest)
+  private static final com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest
+      DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE =
+        new com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest();
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest
+      getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<ListCertificateAuthoritiesRequest> PARSER =
+      new com.google.protobuf.AbstractParser<ListCertificateAuthoritiesRequest>() {
+        @java.lang.Override
+        public ListCertificateAuthoritiesRequest parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new ListCertificateAuthoritiesRequest(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<ListCertificateAuthoritiesRequest> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<ListCertificateAuthoritiesRequest> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest
+      getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateAuthoritiesRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateAuthoritiesRequestOrBuilder.java
new file mode 100644
index 00000000..7e456af3
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateAuthoritiesRequestOrBuilder.java
@@ -0,0 +1,157 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface ListCertificateAuthoritiesRequestOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.ListCertificateAuthoritiesRequest)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name of the
+   * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The parent.
+   */
+  java.lang.String getParent();
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name of the
+   * [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for parent.
+   */
+  com.google.protobuf.ByteString getParentBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Limit on the number of
+   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
+   * to include in the response. Further
+   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
+   * can subsequently be obtained by including the
+   * [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token]
+   * in a subsequent request. If unspecified, the server will pick an
+   * appropriate default.
+   * </pre>
+   *
+   * <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The pageSize.
+   */
+  int getPageSize();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Pagination token, returned earlier via
+   * [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token].
+   * </pre>
+   *
+   * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The pageToken.
+   */
+  java.lang.String getPageToken();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Pagination token, returned earlier via
+   * [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token].
+   * </pre>
+   *
+   * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for pageToken.
+   */
+  com.google.protobuf.ByteString getPageTokenBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Only include resources that match the filter in the response.
+   * </pre>
+   *
+   * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The filter.
+   */
+  java.lang.String getFilter();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Only include resources that match the filter in the response.
+   * </pre>
+   *
+   * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for filter.
+   */
+  com.google.protobuf.ByteString getFilterBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Specify how the results should be sorted.
+   * </pre>
+   *
+   * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The orderBy.
+   */
+  java.lang.String getOrderBy();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Specify how the results should be sorted.
+   * </pre>
+   *
+   * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for orderBy.
+   */
+  com.google.protobuf.ByteString getOrderByBytes();
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateAuthoritiesResponse.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateAuthoritiesResponse.java
new file mode 100644
index 00000000..7c91ef21
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateAuthoritiesResponse.java
@@ -0,0 +1,1543 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Response message for
+ * [CertificateAuthorityService.ListCertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateAuthorities].
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse}
+ */
+public final class ListCertificateAuthoritiesResponse extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse)
+    ListCertificateAuthoritiesResponseOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use ListCertificateAuthoritiesResponse.newBuilder() to construct.
+  private ListCertificateAuthoritiesResponse(
+      com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private ListCertificateAuthoritiesResponse() {
+    certificateAuthorities_ = java.util.Collections.emptyList();
+    nextPageToken_ = "";
+    unreachable_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new ListCertificateAuthoritiesResponse();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private ListCertificateAuthoritiesResponse(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    int mutable_bitField0_ = 0;
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              if (!((mutable_bitField0_ & 0x00000001) != 0)) {
+                certificateAuthorities_ =
+                    new java.util.ArrayList<
+                        com.google.cloud.security.privateca.v1.CertificateAuthority>();
+                mutable_bitField0_ |= 0x00000001;
+              }
+              certificateAuthorities_.add(
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.CertificateAuthority.parser(),
+                      extensionRegistry));
+              break;
+            }
+          case 18:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              nextPageToken_ = s;
+              break;
+            }
+          case 26:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+              if (!((mutable_bitField0_ & 0x00000002) != 0)) {
+                unreachable_ = new com.google.protobuf.LazyStringArrayList();
+                mutable_bitField0_ |= 0x00000002;
+              }
+              unreachable_.add(s);
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      if (((mutable_bitField0_ & 0x00000001) != 0)) {
+        certificateAuthorities_ = java.util.Collections.unmodifiableList(certificateAuthorities_);
+      }
+      if (((mutable_bitField0_ & 0x00000002) != 0)) {
+        unreachable_ = unreachable_.getUnmodifiableView();
+      }
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_ListCertificateAuthoritiesResponse_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_ListCertificateAuthoritiesResponse_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.class,
+            com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.Builder
+                .class);
+  }
+
+  public static final int CERTIFICATE_AUTHORITIES_FIELD_NUMBER = 1;
+  private java.util.List<com.google.cloud.security.privateca.v1.CertificateAuthority>
+      certificateAuthorities_;
+  /**
+   *
+   *
+   * <pre>
+   * The list of
+   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateAuthority certificate_authorities = 1;
+   * </code>
+   */
+  @java.lang.Override
+  public java.util.List<com.google.cloud.security.privateca.v1.CertificateAuthority>
+      getCertificateAuthoritiesList() {
+    return certificateAuthorities_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The list of
+   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateAuthority certificate_authorities = 1;
+   * </code>
+   */
+  @java.lang.Override
+  public java.util.List<
+          ? extends com.google.cloud.security.privateca.v1.CertificateAuthorityOrBuilder>
+      getCertificateAuthoritiesOrBuilderList() {
+    return certificateAuthorities_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The list of
+   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateAuthority certificate_authorities = 1;
+   * </code>
+   */
+  @java.lang.Override
+  public int getCertificateAuthoritiesCount() {
+    return certificateAuthorities_.size();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The list of
+   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateAuthority certificate_authorities = 1;
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateAuthority getCertificateAuthorities(
+      int index) {
+    return certificateAuthorities_.get(index);
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The list of
+   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateAuthority certificate_authorities = 1;
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateAuthorityOrBuilder
+      getCertificateAuthoritiesOrBuilder(int index) {
+    return certificateAuthorities_.get(index);
+  }
+
+  public static final int NEXT_PAGE_TOKEN_FIELD_NUMBER = 2;
+  private volatile java.lang.Object nextPageToken_;
+  /**
+   *
+   *
+   * <pre>
+   * A token to retrieve next page of results. Pass this value in
+   * [ListCertificateAuthoritiesRequest.next_page_token][] to retrieve the next
+   * page of results.
+   * </pre>
+   *
+   * <code>string next_page_token = 2;</code>
+   *
+   * @return The nextPageToken.
+   */
+  @java.lang.Override
+  public java.lang.String getNextPageToken() {
+    java.lang.Object ref = nextPageToken_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      nextPageToken_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * A token to retrieve next page of results. Pass this value in
+   * [ListCertificateAuthoritiesRequest.next_page_token][] to retrieve the next
+   * page of results.
+   * </pre>
+   *
+   * <code>string next_page_token = 2;</code>
+   *
+   * @return The bytes for nextPageToken.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getNextPageTokenBytes() {
+    java.lang.Object ref = nextPageToken_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      nextPageToken_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int UNREACHABLE_FIELD_NUMBER = 3;
+  private com.google.protobuf.LazyStringList unreachable_;
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @return A list containing the unreachable.
+   */
+  public com.google.protobuf.ProtocolStringList getUnreachableList() {
+    return unreachable_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @return The count of unreachable.
+   */
+  public int getUnreachableCount() {
+    return unreachable_.size();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @param index The index of the element to return.
+   * @return The unreachable at the given index.
+   */
+  public java.lang.String getUnreachable(int index) {
+    return unreachable_.get(index);
+  }
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @param index The index of the value to return.
+   * @return The bytes of the unreachable at the given index.
+   */
+  public com.google.protobuf.ByteString getUnreachableBytes(int index) {
+    return unreachable_.getByteString(index);
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    for (int i = 0; i < certificateAuthorities_.size(); i++) {
+      output.writeMessage(1, certificateAuthorities_.get(i));
+    }
+    if (!getNextPageTokenBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 2, nextPageToken_);
+    }
+    for (int i = 0; i < unreachable_.size(); i++) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 3, unreachable_.getRaw(i));
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    for (int i = 0; i < certificateAuthorities_.size(); i++) {
+      size +=
+          com.google.protobuf.CodedOutputStream.computeMessageSize(
+              1, certificateAuthorities_.get(i));
+    }
+    if (!getNextPageTokenBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(2, nextPageToken_);
+    }
+    {
+      int dataSize = 0;
+      for (int i = 0; i < unreachable_.size(); i++) {
+        dataSize += computeStringSizeNoTag(unreachable_.getRaw(i));
+      }
+      size += dataSize;
+      size += 1 * getUnreachableList().size();
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj
+        instanceof com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse other =
+        (com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse) obj;
+
+    if (!getCertificateAuthoritiesList().equals(other.getCertificateAuthoritiesList()))
+      return false;
+    if (!getNextPageToken().equals(other.getNextPageToken())) return false;
+    if (!getUnreachableList().equals(other.getUnreachableList())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    if (getCertificateAuthoritiesCount() > 0) {
+      hash = (37 * hash) + CERTIFICATE_AUTHORITIES_FIELD_NUMBER;
+      hash = (53 * hash) + getCertificateAuthoritiesList().hashCode();
+    }
+    hash = (37 * hash) + NEXT_PAGE_TOKEN_FIELD_NUMBER;
+    hash = (53 * hash) + getNextPageToken().hashCode();
+    if (getUnreachableCount() > 0) {
+      hash = (37 * hash) + UNREACHABLE_FIELD_NUMBER;
+      hash = (53 * hash) + getUnreachableList().hashCode();
+    }
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse parseFrom(
+      byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse
+      parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse
+      parseDelimitedFrom(
+          java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Response message for
+   * [CertificateAuthorityService.ListCertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateAuthorities].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse)
+      com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponseOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_ListCertificateAuthoritiesResponse_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_ListCertificateAuthoritiesResponse_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.class,
+              com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.Builder
+                  .class);
+    }
+
+    // Construct using
+    // com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {
+        getCertificateAuthoritiesFieldBuilder();
+      }
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      if (certificateAuthoritiesBuilder_ == null) {
+        certificateAuthorities_ = java.util.Collections.emptyList();
+        bitField0_ = (bitField0_ & ~0x00000001);
+      } else {
+        certificateAuthoritiesBuilder_.clear();
+      }
+      nextPageToken_ = "";
+
+      unreachable_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000002);
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_ListCertificateAuthoritiesResponse_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse
+        getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse
+          .getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse build() {
+      com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse result =
+          buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse
+        buildPartial() {
+      com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse result =
+          new com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse(this);
+      int from_bitField0_ = bitField0_;
+      if (certificateAuthoritiesBuilder_ == null) {
+        if (((bitField0_ & 0x00000001) != 0)) {
+          certificateAuthorities_ = java.util.Collections.unmodifiableList(certificateAuthorities_);
+          bitField0_ = (bitField0_ & ~0x00000001);
+        }
+        result.certificateAuthorities_ = certificateAuthorities_;
+      } else {
+        result.certificateAuthorities_ = certificateAuthoritiesBuilder_.build();
+      }
+      result.nextPageToken_ = nextPageToken_;
+      if (((bitField0_ & 0x00000002) != 0)) {
+        unreachable_ = unreachable_.getUnmodifiableView();
+        bitField0_ = (bitField0_ & ~0x00000002);
+      }
+      result.unreachable_ = unreachable_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other
+          instanceof com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse) {
+        return mergeFrom(
+            (com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(
+        com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse other) {
+      if (other
+          == com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse
+              .getDefaultInstance()) return this;
+      if (certificateAuthoritiesBuilder_ == null) {
+        if (!other.certificateAuthorities_.isEmpty()) {
+          if (certificateAuthorities_.isEmpty()) {
+            certificateAuthorities_ = other.certificateAuthorities_;
+            bitField0_ = (bitField0_ & ~0x00000001);
+          } else {
+            ensureCertificateAuthoritiesIsMutable();
+            certificateAuthorities_.addAll(other.certificateAuthorities_);
+          }
+          onChanged();
+        }
+      } else {
+        if (!other.certificateAuthorities_.isEmpty()) {
+          if (certificateAuthoritiesBuilder_.isEmpty()) {
+            certificateAuthoritiesBuilder_.dispose();
+            certificateAuthoritiesBuilder_ = null;
+            certificateAuthorities_ = other.certificateAuthorities_;
+            bitField0_ = (bitField0_ & ~0x00000001);
+            certificateAuthoritiesBuilder_ =
+                com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders
+                    ? getCertificateAuthoritiesFieldBuilder()
+                    : null;
+          } else {
+            certificateAuthoritiesBuilder_.addAllMessages(other.certificateAuthorities_);
+          }
+        }
+      }
+      if (!other.getNextPageToken().isEmpty()) {
+        nextPageToken_ = other.nextPageToken_;
+        onChanged();
+      }
+      if (!other.unreachable_.isEmpty()) {
+        if (unreachable_.isEmpty()) {
+          unreachable_ = other.unreachable_;
+          bitField0_ = (bitField0_ & ~0x00000002);
+        } else {
+          ensureUnreachableIsMutable();
+          unreachable_.addAll(other.unreachable_);
+        }
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse parsedMessage =
+          null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse)
+                e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private int bitField0_;
+
+    private java.util.List<com.google.cloud.security.privateca.v1.CertificateAuthority>
+        certificateAuthorities_ = java.util.Collections.emptyList();
+
+    private void ensureCertificateAuthoritiesIsMutable() {
+      if (!((bitField0_ & 0x00000001) != 0)) {
+        certificateAuthorities_ =
+            new java.util.ArrayList<com.google.cloud.security.privateca.v1.CertificateAuthority>(
+                certificateAuthorities_);
+        bitField0_ |= 0x00000001;
+      }
+    }
+
+    private com.google.protobuf.RepeatedFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateAuthority,
+            com.google.cloud.security.privateca.v1.CertificateAuthority.Builder,
+            com.google.cloud.security.privateca.v1.CertificateAuthorityOrBuilder>
+        certificateAuthoritiesBuilder_;
+
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateAuthority certificate_authorities = 1;
+     * </code>
+     */
+    public java.util.List<com.google.cloud.security.privateca.v1.CertificateAuthority>
+        getCertificateAuthoritiesList() {
+      if (certificateAuthoritiesBuilder_ == null) {
+        return java.util.Collections.unmodifiableList(certificateAuthorities_);
+      } else {
+        return certificateAuthoritiesBuilder_.getMessageList();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateAuthority certificate_authorities = 1;
+     * </code>
+     */
+    public int getCertificateAuthoritiesCount() {
+      if (certificateAuthoritiesBuilder_ == null) {
+        return certificateAuthorities_.size();
+      } else {
+        return certificateAuthoritiesBuilder_.getCount();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateAuthority certificate_authorities = 1;
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateAuthority getCertificateAuthorities(
+        int index) {
+      if (certificateAuthoritiesBuilder_ == null) {
+        return certificateAuthorities_.get(index);
+      } else {
+        return certificateAuthoritiesBuilder_.getMessage(index);
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateAuthority certificate_authorities = 1;
+     * </code>
+     */
+    public Builder setCertificateAuthorities(
+        int index, com.google.cloud.security.privateca.v1.CertificateAuthority value) {
+      if (certificateAuthoritiesBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureCertificateAuthoritiesIsMutable();
+        certificateAuthorities_.set(index, value);
+        onChanged();
+      } else {
+        certificateAuthoritiesBuilder_.setMessage(index, value);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateAuthority certificate_authorities = 1;
+     * </code>
+     */
+    public Builder setCertificateAuthorities(
+        int index,
+        com.google.cloud.security.privateca.v1.CertificateAuthority.Builder builderForValue) {
+      if (certificateAuthoritiesBuilder_ == null) {
+        ensureCertificateAuthoritiesIsMutable();
+        certificateAuthorities_.set(index, builderForValue.build());
+        onChanged();
+      } else {
+        certificateAuthoritiesBuilder_.setMessage(index, builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateAuthority certificate_authorities = 1;
+     * </code>
+     */
+    public Builder addCertificateAuthorities(
+        com.google.cloud.security.privateca.v1.CertificateAuthority value) {
+      if (certificateAuthoritiesBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureCertificateAuthoritiesIsMutable();
+        certificateAuthorities_.add(value);
+        onChanged();
+      } else {
+        certificateAuthoritiesBuilder_.addMessage(value);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateAuthority certificate_authorities = 1;
+     * </code>
+     */
+    public Builder addCertificateAuthorities(
+        int index, com.google.cloud.security.privateca.v1.CertificateAuthority value) {
+      if (certificateAuthoritiesBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureCertificateAuthoritiesIsMutable();
+        certificateAuthorities_.add(index, value);
+        onChanged();
+      } else {
+        certificateAuthoritiesBuilder_.addMessage(index, value);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateAuthority certificate_authorities = 1;
+     * </code>
+     */
+    public Builder addCertificateAuthorities(
+        com.google.cloud.security.privateca.v1.CertificateAuthority.Builder builderForValue) {
+      if (certificateAuthoritiesBuilder_ == null) {
+        ensureCertificateAuthoritiesIsMutable();
+        certificateAuthorities_.add(builderForValue.build());
+        onChanged();
+      } else {
+        certificateAuthoritiesBuilder_.addMessage(builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateAuthority certificate_authorities = 1;
+     * </code>
+     */
+    public Builder addCertificateAuthorities(
+        int index,
+        com.google.cloud.security.privateca.v1.CertificateAuthority.Builder builderForValue) {
+      if (certificateAuthoritiesBuilder_ == null) {
+        ensureCertificateAuthoritiesIsMutable();
+        certificateAuthorities_.add(index, builderForValue.build());
+        onChanged();
+      } else {
+        certificateAuthoritiesBuilder_.addMessage(index, builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateAuthority certificate_authorities = 1;
+     * </code>
+     */
+    public Builder addAllCertificateAuthorities(
+        java.lang.Iterable<? extends com.google.cloud.security.privateca.v1.CertificateAuthority>
+            values) {
+      if (certificateAuthoritiesBuilder_ == null) {
+        ensureCertificateAuthoritiesIsMutable();
+        com.google.protobuf.AbstractMessageLite.Builder.addAll(values, certificateAuthorities_);
+        onChanged();
+      } else {
+        certificateAuthoritiesBuilder_.addAllMessages(values);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateAuthority certificate_authorities = 1;
+     * </code>
+     */
+    public Builder clearCertificateAuthorities() {
+      if (certificateAuthoritiesBuilder_ == null) {
+        certificateAuthorities_ = java.util.Collections.emptyList();
+        bitField0_ = (bitField0_ & ~0x00000001);
+        onChanged();
+      } else {
+        certificateAuthoritiesBuilder_.clear();
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateAuthority certificate_authorities = 1;
+     * </code>
+     */
+    public Builder removeCertificateAuthorities(int index) {
+      if (certificateAuthoritiesBuilder_ == null) {
+        ensureCertificateAuthoritiesIsMutable();
+        certificateAuthorities_.remove(index);
+        onChanged();
+      } else {
+        certificateAuthoritiesBuilder_.remove(index);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateAuthority certificate_authorities = 1;
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateAuthority.Builder
+        getCertificateAuthoritiesBuilder(int index) {
+      return getCertificateAuthoritiesFieldBuilder().getBuilder(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateAuthority certificate_authorities = 1;
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateAuthorityOrBuilder
+        getCertificateAuthoritiesOrBuilder(int index) {
+      if (certificateAuthoritiesBuilder_ == null) {
+        return certificateAuthorities_.get(index);
+      } else {
+        return certificateAuthoritiesBuilder_.getMessageOrBuilder(index);
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateAuthority certificate_authorities = 1;
+     * </code>
+     */
+    public java.util.List<
+            ? extends com.google.cloud.security.privateca.v1.CertificateAuthorityOrBuilder>
+        getCertificateAuthoritiesOrBuilderList() {
+      if (certificateAuthoritiesBuilder_ != null) {
+        return certificateAuthoritiesBuilder_.getMessageOrBuilderList();
+      } else {
+        return java.util.Collections.unmodifiableList(certificateAuthorities_);
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateAuthority certificate_authorities = 1;
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateAuthority.Builder
+        addCertificateAuthoritiesBuilder() {
+      return getCertificateAuthoritiesFieldBuilder()
+          .addBuilder(
+              com.google.cloud.security.privateca.v1.CertificateAuthority.getDefaultInstance());
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateAuthority certificate_authorities = 1;
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateAuthority.Builder
+        addCertificateAuthoritiesBuilder(int index) {
+      return getCertificateAuthoritiesFieldBuilder()
+          .addBuilder(
+              index,
+              com.google.cloud.security.privateca.v1.CertificateAuthority.getDefaultInstance());
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateAuthority certificate_authorities = 1;
+     * </code>
+     */
+    public java.util.List<com.google.cloud.security.privateca.v1.CertificateAuthority.Builder>
+        getCertificateAuthoritiesBuilderList() {
+      return getCertificateAuthoritiesFieldBuilder().getBuilderList();
+    }
+
+    private com.google.protobuf.RepeatedFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateAuthority,
+            com.google.cloud.security.privateca.v1.CertificateAuthority.Builder,
+            com.google.cloud.security.privateca.v1.CertificateAuthorityOrBuilder>
+        getCertificateAuthoritiesFieldBuilder() {
+      if (certificateAuthoritiesBuilder_ == null) {
+        certificateAuthoritiesBuilder_ =
+            new com.google.protobuf.RepeatedFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.CertificateAuthority,
+                com.google.cloud.security.privateca.v1.CertificateAuthority.Builder,
+                com.google.cloud.security.privateca.v1.CertificateAuthorityOrBuilder>(
+                certificateAuthorities_,
+                ((bitField0_ & 0x00000001) != 0),
+                getParentForChildren(),
+                isClean());
+        certificateAuthorities_ = null;
+      }
+      return certificateAuthoritiesBuilder_;
+    }
+
+    private java.lang.Object nextPageToken_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * A token to retrieve next page of results. Pass this value in
+     * [ListCertificateAuthoritiesRequest.next_page_token][] to retrieve the next
+     * page of results.
+     * </pre>
+     *
+     * <code>string next_page_token = 2;</code>
+     *
+     * @return The nextPageToken.
+     */
+    public java.lang.String getNextPageToken() {
+      java.lang.Object ref = nextPageToken_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        nextPageToken_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A token to retrieve next page of results. Pass this value in
+     * [ListCertificateAuthoritiesRequest.next_page_token][] to retrieve the next
+     * page of results.
+     * </pre>
+     *
+     * <code>string next_page_token = 2;</code>
+     *
+     * @return The bytes for nextPageToken.
+     */
+    public com.google.protobuf.ByteString getNextPageTokenBytes() {
+      java.lang.Object ref = nextPageToken_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        nextPageToken_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A token to retrieve next page of results. Pass this value in
+     * [ListCertificateAuthoritiesRequest.next_page_token][] to retrieve the next
+     * page of results.
+     * </pre>
+     *
+     * <code>string next_page_token = 2;</code>
+     *
+     * @param value The nextPageToken to set.
+     * @return This builder for chaining.
+     */
+    public Builder setNextPageToken(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      nextPageToken_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A token to retrieve next page of results. Pass this value in
+     * [ListCertificateAuthoritiesRequest.next_page_token][] to retrieve the next
+     * page of results.
+     * </pre>
+     *
+     * <code>string next_page_token = 2;</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearNextPageToken() {
+
+      nextPageToken_ = getDefaultInstance().getNextPageToken();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A token to retrieve next page of results. Pass this value in
+     * [ListCertificateAuthoritiesRequest.next_page_token][] to retrieve the next
+     * page of results.
+     * </pre>
+     *
+     * <code>string next_page_token = 2;</code>
+     *
+     * @param value The bytes for nextPageToken to set.
+     * @return This builder for chaining.
+     */
+    public Builder setNextPageTokenBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      nextPageToken_ = value;
+      onChanged();
+      return this;
+    }
+
+    private com.google.protobuf.LazyStringList unreachable_ =
+        com.google.protobuf.LazyStringArrayList.EMPTY;
+
+    private void ensureUnreachableIsMutable() {
+      if (!((bitField0_ & 0x00000002) != 0)) {
+        unreachable_ = new com.google.protobuf.LazyStringArrayList(unreachable_);
+        bitField0_ |= 0x00000002;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @return A list containing the unreachable.
+     */
+    public com.google.protobuf.ProtocolStringList getUnreachableList() {
+      return unreachable_.getUnmodifiableView();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @return The count of unreachable.
+     */
+    public int getUnreachableCount() {
+      return unreachable_.size();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @param index The index of the element to return.
+     * @return The unreachable at the given index.
+     */
+    public java.lang.String getUnreachable(int index) {
+      return unreachable_.get(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @param index The index of the value to return.
+     * @return The bytes of the unreachable at the given index.
+     */
+    public com.google.protobuf.ByteString getUnreachableBytes(int index) {
+      return unreachable_.getByteString(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @param index The index to set the value at.
+     * @param value The unreachable to set.
+     * @return This builder for chaining.
+     */
+    public Builder setUnreachable(int index, java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensureUnreachableIsMutable();
+      unreachable_.set(index, value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @param value The unreachable to add.
+     * @return This builder for chaining.
+     */
+    public Builder addUnreachable(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensureUnreachableIsMutable();
+      unreachable_.add(value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @param values The unreachable to add.
+     * @return This builder for chaining.
+     */
+    public Builder addAllUnreachable(java.lang.Iterable<java.lang.String> values) {
+      ensureUnreachableIsMutable();
+      com.google.protobuf.AbstractMessageLite.Builder.addAll(values, unreachable_);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearUnreachable() {
+      unreachable_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000002);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @param value The bytes of the unreachable to add.
+     * @return This builder for chaining.
+     */
+    public Builder addUnreachableBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+      ensureUnreachableIsMutable();
+      unreachable_.add(value);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse)
+  private static final com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse
+      DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE =
+        new com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse();
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse
+      getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<ListCertificateAuthoritiesResponse> PARSER =
+      new com.google.protobuf.AbstractParser<ListCertificateAuthoritiesResponse>() {
+        @java.lang.Override
+        public ListCertificateAuthoritiesResponse parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new ListCertificateAuthoritiesResponse(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<ListCertificateAuthoritiesResponse> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<ListCertificateAuthoritiesResponse> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse
+      getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateAuthoritiesResponseOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateAuthoritiesResponseOrBuilder.java
new file mode 100644
index 00000000..95f52c9c
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateAuthoritiesResponseOrBuilder.java
@@ -0,0 +1,174 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface ListCertificateAuthoritiesResponseOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * The list of
+   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateAuthority certificate_authorities = 1;
+   * </code>
+   */
+  java.util.List<com.google.cloud.security.privateca.v1.CertificateAuthority>
+      getCertificateAuthoritiesList();
+  /**
+   *
+   *
+   * <pre>
+   * The list of
+   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateAuthority certificate_authorities = 1;
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.CertificateAuthority getCertificateAuthorities(int index);
+  /**
+   *
+   *
+   * <pre>
+   * The list of
+   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateAuthority certificate_authorities = 1;
+   * </code>
+   */
+  int getCertificateAuthoritiesCount();
+  /**
+   *
+   *
+   * <pre>
+   * The list of
+   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateAuthority certificate_authorities = 1;
+   * </code>
+   */
+  java.util.List<? extends com.google.cloud.security.privateca.v1.CertificateAuthorityOrBuilder>
+      getCertificateAuthoritiesOrBuilderList();
+  /**
+   *
+   *
+   * <pre>
+   * The list of
+   * [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateAuthority certificate_authorities = 1;
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.CertificateAuthorityOrBuilder
+      getCertificateAuthoritiesOrBuilder(int index);
+
+  /**
+   *
+   *
+   * <pre>
+   * A token to retrieve next page of results. Pass this value in
+   * [ListCertificateAuthoritiesRequest.next_page_token][] to retrieve the next
+   * page of results.
+   * </pre>
+   *
+   * <code>string next_page_token = 2;</code>
+   *
+   * @return The nextPageToken.
+   */
+  java.lang.String getNextPageToken();
+  /**
+   *
+   *
+   * <pre>
+   * A token to retrieve next page of results. Pass this value in
+   * [ListCertificateAuthoritiesRequest.next_page_token][] to retrieve the next
+   * page of results.
+   * </pre>
+   *
+   * <code>string next_page_token = 2;</code>
+   *
+   * @return The bytes for nextPageToken.
+   */
+  com.google.protobuf.ByteString getNextPageTokenBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @return A list containing the unreachable.
+   */
+  java.util.List<java.lang.String> getUnreachableList();
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @return The count of unreachable.
+   */
+  int getUnreachableCount();
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @param index The index of the element to return.
+   * @return The unreachable at the given index.
+   */
+  java.lang.String getUnreachable(int index);
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @param index The index of the value to return.
+   * @return The bytes of the unreachable at the given index.
+   */
+  com.google.protobuf.ByteString getUnreachableBytes(int index);
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateRevocationListsRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateRevocationListsRequest.java
new file mode 100644
index 00000000..50ea72ce
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateRevocationListsRequest.java
@@ -0,0 +1,1355 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Request message for
+ * [CertificateAuthorityService.ListCertificateRevocationLists][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateRevocationLists].
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest}
+ */
+public final class ListCertificateRevocationListsRequest
+    extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest)
+    ListCertificateRevocationListsRequestOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use ListCertificateRevocationListsRequest.newBuilder() to construct.
+  private ListCertificateRevocationListsRequest(
+      com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private ListCertificateRevocationListsRequest() {
+    parent_ = "";
+    pageToken_ = "";
+    filter_ = "";
+    orderBy_ = "";
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new ListCertificateRevocationListsRequest();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private ListCertificateRevocationListsRequest(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              parent_ = s;
+              break;
+            }
+          case 16:
+            {
+              pageSize_ = input.readInt32();
+              break;
+            }
+          case 26:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              pageToken_ = s;
+              break;
+            }
+          case 34:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              filter_ = s;
+              break;
+            }
+          case 42:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              orderBy_ = s;
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_ListCertificateRevocationListsRequest_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_ListCertificateRevocationListsRequest_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest.class,
+            com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest.Builder
+                .class);
+  }
+
+  public static final int PARENT_FIELD_NUMBER = 1;
+  private volatile java.lang.Object parent_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name of the location associated with the
+   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList],
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The parent.
+   */
+  @java.lang.Override
+  public java.lang.String getParent() {
+    java.lang.Object ref = parent_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      parent_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name of the location associated with the
+   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList],
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for parent.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getParentBytes() {
+    java.lang.Object ref = parent_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      parent_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int PAGE_SIZE_FIELD_NUMBER = 2;
+  private int pageSize_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Limit on the number of
+   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
+   * to include in the response. Further
+   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
+   * can subsequently be obtained by including the
+   * [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token]
+   * in a subsequent request. If unspecified, the server will pick an
+   * appropriate default.
+   * </pre>
+   *
+   * <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The pageSize.
+   */
+  @java.lang.Override
+  public int getPageSize() {
+    return pageSize_;
+  }
+
+  public static final int PAGE_TOKEN_FIELD_NUMBER = 3;
+  private volatile java.lang.Object pageToken_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Pagination token, returned earlier via
+   * [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token].
+   * </pre>
+   *
+   * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The pageToken.
+   */
+  @java.lang.Override
+  public java.lang.String getPageToken() {
+    java.lang.Object ref = pageToken_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      pageToken_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Pagination token, returned earlier via
+   * [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token].
+   * </pre>
+   *
+   * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for pageToken.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getPageTokenBytes() {
+    java.lang.Object ref = pageToken_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      pageToken_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int FILTER_FIELD_NUMBER = 4;
+  private volatile java.lang.Object filter_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Only include resources that match the filter in the response.
+   * </pre>
+   *
+   * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The filter.
+   */
+  @java.lang.Override
+  public java.lang.String getFilter() {
+    java.lang.Object ref = filter_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      filter_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Only include resources that match the filter in the response.
+   * </pre>
+   *
+   * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for filter.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getFilterBytes() {
+    java.lang.Object ref = filter_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      filter_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int ORDER_BY_FIELD_NUMBER = 5;
+  private volatile java.lang.Object orderBy_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Specify how the results should be sorted.
+   * </pre>
+   *
+   * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The orderBy.
+   */
+  @java.lang.Override
+  public java.lang.String getOrderBy() {
+    java.lang.Object ref = orderBy_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      orderBy_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Specify how the results should be sorted.
+   * </pre>
+   *
+   * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for orderBy.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getOrderByBytes() {
+    java.lang.Object ref = orderBy_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      orderBy_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!getParentBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, parent_);
+    }
+    if (pageSize_ != 0) {
+      output.writeInt32(2, pageSize_);
+    }
+    if (!getPageTokenBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 3, pageToken_);
+    }
+    if (!getFilterBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 4, filter_);
+    }
+    if (!getOrderByBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 5, orderBy_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!getParentBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, parent_);
+    }
+    if (pageSize_ != 0) {
+      size += com.google.protobuf.CodedOutputStream.computeInt32Size(2, pageSize_);
+    }
+    if (!getPageTokenBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(3, pageToken_);
+    }
+    if (!getFilterBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(4, filter_);
+    }
+    if (!getOrderByBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(5, orderBy_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj
+        instanceof com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest other =
+        (com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest) obj;
+
+    if (!getParent().equals(other.getParent())) return false;
+    if (getPageSize() != other.getPageSize()) return false;
+    if (!getPageToken().equals(other.getPageToken())) return false;
+    if (!getFilter().equals(other.getFilter())) return false;
+    if (!getOrderBy().equals(other.getOrderBy())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + PARENT_FIELD_NUMBER;
+    hash = (53 * hash) + getParent().hashCode();
+    hash = (37 * hash) + PAGE_SIZE_FIELD_NUMBER;
+    hash = (53 * hash) + getPageSize();
+    hash = (37 * hash) + PAGE_TOKEN_FIELD_NUMBER;
+    hash = (53 * hash) + getPageToken().hashCode();
+    hash = (37 * hash) + FILTER_FIELD_NUMBER;
+    hash = (53 * hash) + getFilter().hashCode();
+    hash = (37 * hash) + ORDER_BY_FIELD_NUMBER;
+    hash = (53 * hash) + getOrderBy().hashCode();
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest
+      parseFrom(java.nio.ByteBuffer data)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest
+      parseFrom(
+          java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest
+      parseFrom(com.google.protobuf.ByteString data)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest
+      parseFrom(
+          com.google.protobuf.ByteString data,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest
+      parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest
+      parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest
+      parseFrom(java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest
+      parseFrom(
+          java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest
+      parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest
+      parseDelimitedFrom(
+          java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest
+      parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest
+      parseFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Request message for
+   * [CertificateAuthorityService.ListCertificateRevocationLists][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateRevocationLists].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest)
+      com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequestOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_ListCertificateRevocationListsRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_ListCertificateRevocationListsRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest.class,
+              com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest.Builder
+                  .class);
+    }
+
+    // Construct using
+    // com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      parent_ = "";
+
+      pageSize_ = 0;
+
+      pageToken_ = "";
+
+      filter_ = "";
+
+      orderBy_ = "";
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_ListCertificateRevocationListsRequest_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest
+        getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest
+          .getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest build() {
+      com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest result =
+          buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest
+        buildPartial() {
+      com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest result =
+          new com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest(this);
+      result.parent_ = parent_;
+      result.pageSize_ = pageSize_;
+      result.pageToken_ = pageToken_;
+      result.filter_ = filter_;
+      result.orderBy_ = orderBy_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other
+          instanceof com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest) {
+        return mergeFrom(
+            (com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(
+        com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest other) {
+      if (other
+          == com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest
+              .getDefaultInstance()) return this;
+      if (!other.getParent().isEmpty()) {
+        parent_ = other.parent_;
+        onChanged();
+      }
+      if (other.getPageSize() != 0) {
+        setPageSize(other.getPageSize());
+      }
+      if (!other.getPageToken().isEmpty()) {
+        pageToken_ = other.pageToken_;
+        onChanged();
+      }
+      if (!other.getFilter().isEmpty()) {
+        filter_ = other.filter_;
+        onChanged();
+      }
+      if (!other.getOrderBy().isEmpty()) {
+        orderBy_ = other.orderBy_;
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest parsedMessage =
+          null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest)
+                e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private java.lang.Object parent_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the location associated with the
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList],
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The parent.
+     */
+    public java.lang.String getParent() {
+      java.lang.Object ref = parent_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        parent_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the location associated with the
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList],
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for parent.
+     */
+    public com.google.protobuf.ByteString getParentBytes() {
+      java.lang.Object ref = parent_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        parent_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the location associated with the
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList],
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The parent to set.
+     * @return This builder for chaining.
+     */
+    public Builder setParent(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      parent_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the location associated with the
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList],
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearParent() {
+
+      parent_ = getDefaultInstance().getParent();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the location associated with the
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList],
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The bytes for parent to set.
+     * @return This builder for chaining.
+     */
+    public Builder setParentBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      parent_ = value;
+      onChanged();
+      return this;
+    }
+
+    private int pageSize_;
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Limit on the number of
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * to include in the response. Further
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * can subsequently be obtained by including the
+     * [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token]
+     * in a subsequent request. If unspecified, the server will pick an
+     * appropriate default.
+     * </pre>
+     *
+     * <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The pageSize.
+     */
+    @java.lang.Override
+    public int getPageSize() {
+      return pageSize_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Limit on the number of
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * to include in the response. Further
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * can subsequently be obtained by including the
+     * [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token]
+     * in a subsequent request. If unspecified, the server will pick an
+     * appropriate default.
+     * </pre>
+     *
+     * <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The pageSize to set.
+     * @return This builder for chaining.
+     */
+    public Builder setPageSize(int value) {
+
+      pageSize_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Limit on the number of
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * to include in the response. Further
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * can subsequently be obtained by including the
+     * [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token]
+     * in a subsequent request. If unspecified, the server will pick an
+     * appropriate default.
+     * </pre>
+     *
+     * <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearPageSize() {
+
+      pageSize_ = 0;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object pageToken_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Pagination token, returned earlier via
+     * [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token].
+     * </pre>
+     *
+     * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The pageToken.
+     */
+    public java.lang.String getPageToken() {
+      java.lang.Object ref = pageToken_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        pageToken_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Pagination token, returned earlier via
+     * [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token].
+     * </pre>
+     *
+     * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for pageToken.
+     */
+    public com.google.protobuf.ByteString getPageTokenBytes() {
+      java.lang.Object ref = pageToken_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        pageToken_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Pagination token, returned earlier via
+     * [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token].
+     * </pre>
+     *
+     * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The pageToken to set.
+     * @return This builder for chaining.
+     */
+    public Builder setPageToken(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      pageToken_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Pagination token, returned earlier via
+     * [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token].
+     * </pre>
+     *
+     * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearPageToken() {
+
+      pageToken_ = getDefaultInstance().getPageToken();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Pagination token, returned earlier via
+     * [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token].
+     * </pre>
+     *
+     * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The bytes for pageToken to set.
+     * @return This builder for chaining.
+     */
+    public Builder setPageTokenBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      pageToken_ = value;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object filter_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Only include resources that match the filter in the response.
+     * </pre>
+     *
+     * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The filter.
+     */
+    public java.lang.String getFilter() {
+      java.lang.Object ref = filter_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        filter_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Only include resources that match the filter in the response.
+     * </pre>
+     *
+     * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for filter.
+     */
+    public com.google.protobuf.ByteString getFilterBytes() {
+      java.lang.Object ref = filter_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        filter_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Only include resources that match the filter in the response.
+     * </pre>
+     *
+     * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The filter to set.
+     * @return This builder for chaining.
+     */
+    public Builder setFilter(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      filter_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Only include resources that match the filter in the response.
+     * </pre>
+     *
+     * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearFilter() {
+
+      filter_ = getDefaultInstance().getFilter();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Only include resources that match the filter in the response.
+     * </pre>
+     *
+     * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The bytes for filter to set.
+     * @return This builder for chaining.
+     */
+    public Builder setFilterBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      filter_ = value;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object orderBy_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Specify how the results should be sorted.
+     * </pre>
+     *
+     * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The orderBy.
+     */
+    public java.lang.String getOrderBy() {
+      java.lang.Object ref = orderBy_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        orderBy_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Specify how the results should be sorted.
+     * </pre>
+     *
+     * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for orderBy.
+     */
+    public com.google.protobuf.ByteString getOrderByBytes() {
+      java.lang.Object ref = orderBy_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        orderBy_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Specify how the results should be sorted.
+     * </pre>
+     *
+     * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The orderBy to set.
+     * @return This builder for chaining.
+     */
+    public Builder setOrderBy(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      orderBy_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Specify how the results should be sorted.
+     * </pre>
+     *
+     * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearOrderBy() {
+
+      orderBy_ = getDefaultInstance().getOrderBy();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Specify how the results should be sorted.
+     * </pre>
+     *
+     * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The bytes for orderBy to set.
+     * @return This builder for chaining.
+     */
+    public Builder setOrderByBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      orderBy_ = value;
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest)
+  private static final com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest
+      DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE =
+        new com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest();
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest
+      getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<ListCertificateRevocationListsRequest> PARSER =
+      new com.google.protobuf.AbstractParser<ListCertificateRevocationListsRequest>() {
+        @java.lang.Override
+        public ListCertificateRevocationListsRequest parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new ListCertificateRevocationListsRequest(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<ListCertificateRevocationListsRequest> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<ListCertificateRevocationListsRequest> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest
+      getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateRevocationListsRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateRevocationListsRequestOrBuilder.java
new file mode 100644
index 00000000..826ab4e3
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateRevocationListsRequestOrBuilder.java
@@ -0,0 +1,155 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface ListCertificateRevocationListsRequestOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.ListCertificateRevocationListsRequest)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name of the location associated with the
+   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList],
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The parent.
+   */
+  java.lang.String getParent();
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name of the location associated with the
+   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList],
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for parent.
+   */
+  com.google.protobuf.ByteString getParentBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Limit on the number of
+   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
+   * to include in the response. Further
+   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
+   * can subsequently be obtained by including the
+   * [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token]
+   * in a subsequent request. If unspecified, the server will pick an
+   * appropriate default.
+   * </pre>
+   *
+   * <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The pageSize.
+   */
+  int getPageSize();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Pagination token, returned earlier via
+   * [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token].
+   * </pre>
+   *
+   * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The pageToken.
+   */
+  java.lang.String getPageToken();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Pagination token, returned earlier via
+   * [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token].
+   * </pre>
+   *
+   * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for pageToken.
+   */
+  com.google.protobuf.ByteString getPageTokenBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Only include resources that match the filter in the response.
+   * </pre>
+   *
+   * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The filter.
+   */
+  java.lang.String getFilter();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Only include resources that match the filter in the response.
+   * </pre>
+   *
+   * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for filter.
+   */
+  com.google.protobuf.ByteString getFilterBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Specify how the results should be sorted.
+   * </pre>
+   *
+   * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The orderBy.
+   */
+  java.lang.String getOrderBy();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Specify how the results should be sorted.
+   * </pre>
+   *
+   * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for orderBy.
+   */
+  com.google.protobuf.ByteString getOrderByBytes();
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateRevocationListsResponse.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateRevocationListsResponse.java
new file mode 100644
index 00000000..8db54fe8
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateRevocationListsResponse.java
@@ -0,0 +1,1556 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Response message for
+ * [CertificateAuthorityService.ListCertificateRevocationLists][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateRevocationLists].
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse}
+ */
+public final class ListCertificateRevocationListsResponse
+    extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse)
+    ListCertificateRevocationListsResponseOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use ListCertificateRevocationListsResponse.newBuilder() to construct.
+  private ListCertificateRevocationListsResponse(
+      com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private ListCertificateRevocationListsResponse() {
+    certificateRevocationLists_ = java.util.Collections.emptyList();
+    nextPageToken_ = "";
+    unreachable_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new ListCertificateRevocationListsResponse();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private ListCertificateRevocationListsResponse(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    int mutable_bitField0_ = 0;
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              if (!((mutable_bitField0_ & 0x00000001) != 0)) {
+                certificateRevocationLists_ =
+                    new java.util.ArrayList<
+                        com.google.cloud.security.privateca.v1.CertificateRevocationList>();
+                mutable_bitField0_ |= 0x00000001;
+              }
+              certificateRevocationLists_.add(
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.CertificateRevocationList.parser(),
+                      extensionRegistry));
+              break;
+            }
+          case 18:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              nextPageToken_ = s;
+              break;
+            }
+          case 26:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+              if (!((mutable_bitField0_ & 0x00000002) != 0)) {
+                unreachable_ = new com.google.protobuf.LazyStringArrayList();
+                mutable_bitField0_ |= 0x00000002;
+              }
+              unreachable_.add(s);
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      if (((mutable_bitField0_ & 0x00000001) != 0)) {
+        certificateRevocationLists_ =
+            java.util.Collections.unmodifiableList(certificateRevocationLists_);
+      }
+      if (((mutable_bitField0_ & 0x00000002) != 0)) {
+        unreachable_ = unreachable_.getUnmodifiableView();
+      }
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_ListCertificateRevocationListsResponse_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_ListCertificateRevocationListsResponse_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.class,
+            com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.Builder
+                .class);
+  }
+
+  public static final int CERTIFICATE_REVOCATION_LISTS_FIELD_NUMBER = 1;
+  private java.util.List<com.google.cloud.security.privateca.v1.CertificateRevocationList>
+      certificateRevocationLists_;
+  /**
+   *
+   *
+   * <pre>
+   * The list of
+   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_lists = 1;
+   * </code>
+   */
+  @java.lang.Override
+  public java.util.List<com.google.cloud.security.privateca.v1.CertificateRevocationList>
+      getCertificateRevocationListsList() {
+    return certificateRevocationLists_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The list of
+   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_lists = 1;
+   * </code>
+   */
+  @java.lang.Override
+  public java.util.List<
+          ? extends com.google.cloud.security.privateca.v1.CertificateRevocationListOrBuilder>
+      getCertificateRevocationListsOrBuilderList() {
+    return certificateRevocationLists_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The list of
+   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_lists = 1;
+   * </code>
+   */
+  @java.lang.Override
+  public int getCertificateRevocationListsCount() {
+    return certificateRevocationLists_.size();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The list of
+   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_lists = 1;
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateRevocationList
+      getCertificateRevocationLists(int index) {
+    return certificateRevocationLists_.get(index);
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The list of
+   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_lists = 1;
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateRevocationListOrBuilder
+      getCertificateRevocationListsOrBuilder(int index) {
+    return certificateRevocationLists_.get(index);
+  }
+
+  public static final int NEXT_PAGE_TOKEN_FIELD_NUMBER = 2;
+  private volatile java.lang.Object nextPageToken_;
+  /**
+   *
+   *
+   * <pre>
+   * A token to retrieve next page of results. Pass this value in
+   * [ListCertificateRevocationListsRequest.next_page_token][] to retrieve the
+   * next page of results.
+   * </pre>
+   *
+   * <code>string next_page_token = 2;</code>
+   *
+   * @return The nextPageToken.
+   */
+  @java.lang.Override
+  public java.lang.String getNextPageToken() {
+    java.lang.Object ref = nextPageToken_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      nextPageToken_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * A token to retrieve next page of results. Pass this value in
+   * [ListCertificateRevocationListsRequest.next_page_token][] to retrieve the
+   * next page of results.
+   * </pre>
+   *
+   * <code>string next_page_token = 2;</code>
+   *
+   * @return The bytes for nextPageToken.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getNextPageTokenBytes() {
+    java.lang.Object ref = nextPageToken_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      nextPageToken_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int UNREACHABLE_FIELD_NUMBER = 3;
+  private com.google.protobuf.LazyStringList unreachable_;
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @return A list containing the unreachable.
+   */
+  public com.google.protobuf.ProtocolStringList getUnreachableList() {
+    return unreachable_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @return The count of unreachable.
+   */
+  public int getUnreachableCount() {
+    return unreachable_.size();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @param index The index of the element to return.
+   * @return The unreachable at the given index.
+   */
+  public java.lang.String getUnreachable(int index) {
+    return unreachable_.get(index);
+  }
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @param index The index of the value to return.
+   * @return The bytes of the unreachable at the given index.
+   */
+  public com.google.protobuf.ByteString getUnreachableBytes(int index) {
+    return unreachable_.getByteString(index);
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    for (int i = 0; i < certificateRevocationLists_.size(); i++) {
+      output.writeMessage(1, certificateRevocationLists_.get(i));
+    }
+    if (!getNextPageTokenBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 2, nextPageToken_);
+    }
+    for (int i = 0; i < unreachable_.size(); i++) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 3, unreachable_.getRaw(i));
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    for (int i = 0; i < certificateRevocationLists_.size(); i++) {
+      size +=
+          com.google.protobuf.CodedOutputStream.computeMessageSize(
+              1, certificateRevocationLists_.get(i));
+    }
+    if (!getNextPageTokenBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(2, nextPageToken_);
+    }
+    {
+      int dataSize = 0;
+      for (int i = 0; i < unreachable_.size(); i++) {
+        dataSize += computeStringSizeNoTag(unreachable_.getRaw(i));
+      }
+      size += dataSize;
+      size += 1 * getUnreachableList().size();
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj
+        instanceof com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse other =
+        (com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse) obj;
+
+    if (!getCertificateRevocationListsList().equals(other.getCertificateRevocationListsList()))
+      return false;
+    if (!getNextPageToken().equals(other.getNextPageToken())) return false;
+    if (!getUnreachableList().equals(other.getUnreachableList())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    if (getCertificateRevocationListsCount() > 0) {
+      hash = (37 * hash) + CERTIFICATE_REVOCATION_LISTS_FIELD_NUMBER;
+      hash = (53 * hash) + getCertificateRevocationListsList().hashCode();
+    }
+    hash = (37 * hash) + NEXT_PAGE_TOKEN_FIELD_NUMBER;
+    hash = (53 * hash) + getNextPageToken().hashCode();
+    if (getUnreachableCount() > 0) {
+      hash = (37 * hash) + UNREACHABLE_FIELD_NUMBER;
+      hash = (53 * hash) + getUnreachableList().hashCode();
+    }
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse
+      parseFrom(java.nio.ByteBuffer data)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse
+      parseFrom(
+          java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse
+      parseFrom(com.google.protobuf.ByteString data)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse
+      parseFrom(
+          com.google.protobuf.ByteString data,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse
+      parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse
+      parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse
+      parseFrom(java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse
+      parseFrom(
+          java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse
+      parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse
+      parseDelimitedFrom(
+          java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse
+      parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse
+      parseFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Response message for
+   * [CertificateAuthorityService.ListCertificateRevocationLists][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateRevocationLists].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse)
+      com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponseOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_ListCertificateRevocationListsResponse_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_ListCertificateRevocationListsResponse_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.class,
+              com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.Builder
+                  .class);
+    }
+
+    // Construct using
+    // com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {
+        getCertificateRevocationListsFieldBuilder();
+      }
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      if (certificateRevocationListsBuilder_ == null) {
+        certificateRevocationLists_ = java.util.Collections.emptyList();
+        bitField0_ = (bitField0_ & ~0x00000001);
+      } else {
+        certificateRevocationListsBuilder_.clear();
+      }
+      nextPageToken_ = "";
+
+      unreachable_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000002);
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_ListCertificateRevocationListsResponse_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse
+        getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse
+          .getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse build() {
+      com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse result =
+          buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse
+        buildPartial() {
+      com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse result =
+          new com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse(this);
+      int from_bitField0_ = bitField0_;
+      if (certificateRevocationListsBuilder_ == null) {
+        if (((bitField0_ & 0x00000001) != 0)) {
+          certificateRevocationLists_ =
+              java.util.Collections.unmodifiableList(certificateRevocationLists_);
+          bitField0_ = (bitField0_ & ~0x00000001);
+        }
+        result.certificateRevocationLists_ = certificateRevocationLists_;
+      } else {
+        result.certificateRevocationLists_ = certificateRevocationListsBuilder_.build();
+      }
+      result.nextPageToken_ = nextPageToken_;
+      if (((bitField0_ & 0x00000002) != 0)) {
+        unreachable_ = unreachable_.getUnmodifiableView();
+        bitField0_ = (bitField0_ & ~0x00000002);
+      }
+      result.unreachable_ = unreachable_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other
+          instanceof
+          com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse) {
+        return mergeFrom(
+            (com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(
+        com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse other) {
+      if (other
+          == com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse
+              .getDefaultInstance()) return this;
+      if (certificateRevocationListsBuilder_ == null) {
+        if (!other.certificateRevocationLists_.isEmpty()) {
+          if (certificateRevocationLists_.isEmpty()) {
+            certificateRevocationLists_ = other.certificateRevocationLists_;
+            bitField0_ = (bitField0_ & ~0x00000001);
+          } else {
+            ensureCertificateRevocationListsIsMutable();
+            certificateRevocationLists_.addAll(other.certificateRevocationLists_);
+          }
+          onChanged();
+        }
+      } else {
+        if (!other.certificateRevocationLists_.isEmpty()) {
+          if (certificateRevocationListsBuilder_.isEmpty()) {
+            certificateRevocationListsBuilder_.dispose();
+            certificateRevocationListsBuilder_ = null;
+            certificateRevocationLists_ = other.certificateRevocationLists_;
+            bitField0_ = (bitField0_ & ~0x00000001);
+            certificateRevocationListsBuilder_ =
+                com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders
+                    ? getCertificateRevocationListsFieldBuilder()
+                    : null;
+          } else {
+            certificateRevocationListsBuilder_.addAllMessages(other.certificateRevocationLists_);
+          }
+        }
+      }
+      if (!other.getNextPageToken().isEmpty()) {
+        nextPageToken_ = other.nextPageToken_;
+        onChanged();
+      }
+      if (!other.unreachable_.isEmpty()) {
+        if (unreachable_.isEmpty()) {
+          unreachable_ = other.unreachable_;
+          bitField0_ = (bitField0_ & ~0x00000002);
+        } else {
+          ensureUnreachableIsMutable();
+          unreachable_.addAll(other.unreachable_);
+        }
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse parsedMessage =
+          null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse)
+                e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private int bitField0_;
+
+    private java.util.List<com.google.cloud.security.privateca.v1.CertificateRevocationList>
+        certificateRevocationLists_ = java.util.Collections.emptyList();
+
+    private void ensureCertificateRevocationListsIsMutable() {
+      if (!((bitField0_ & 0x00000001) != 0)) {
+        certificateRevocationLists_ =
+            new java.util.ArrayList<
+                com.google.cloud.security.privateca.v1.CertificateRevocationList>(
+                certificateRevocationLists_);
+        bitField0_ |= 0x00000001;
+      }
+    }
+
+    private com.google.protobuf.RepeatedFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateRevocationList,
+            com.google.cloud.security.privateca.v1.CertificateRevocationList.Builder,
+            com.google.cloud.security.privateca.v1.CertificateRevocationListOrBuilder>
+        certificateRevocationListsBuilder_;
+
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_lists = 1;
+     * </code>
+     */
+    public java.util.List<com.google.cloud.security.privateca.v1.CertificateRevocationList>
+        getCertificateRevocationListsList() {
+      if (certificateRevocationListsBuilder_ == null) {
+        return java.util.Collections.unmodifiableList(certificateRevocationLists_);
+      } else {
+        return certificateRevocationListsBuilder_.getMessageList();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_lists = 1;
+     * </code>
+     */
+    public int getCertificateRevocationListsCount() {
+      if (certificateRevocationListsBuilder_ == null) {
+        return certificateRevocationLists_.size();
+      } else {
+        return certificateRevocationListsBuilder_.getCount();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_lists = 1;
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateRevocationList
+        getCertificateRevocationLists(int index) {
+      if (certificateRevocationListsBuilder_ == null) {
+        return certificateRevocationLists_.get(index);
+      } else {
+        return certificateRevocationListsBuilder_.getMessage(index);
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_lists = 1;
+     * </code>
+     */
+    public Builder setCertificateRevocationLists(
+        int index, com.google.cloud.security.privateca.v1.CertificateRevocationList value) {
+      if (certificateRevocationListsBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureCertificateRevocationListsIsMutable();
+        certificateRevocationLists_.set(index, value);
+        onChanged();
+      } else {
+        certificateRevocationListsBuilder_.setMessage(index, value);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_lists = 1;
+     * </code>
+     */
+    public Builder setCertificateRevocationLists(
+        int index,
+        com.google.cloud.security.privateca.v1.CertificateRevocationList.Builder builderForValue) {
+      if (certificateRevocationListsBuilder_ == null) {
+        ensureCertificateRevocationListsIsMutable();
+        certificateRevocationLists_.set(index, builderForValue.build());
+        onChanged();
+      } else {
+        certificateRevocationListsBuilder_.setMessage(index, builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_lists = 1;
+     * </code>
+     */
+    public Builder addCertificateRevocationLists(
+        com.google.cloud.security.privateca.v1.CertificateRevocationList value) {
+      if (certificateRevocationListsBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureCertificateRevocationListsIsMutable();
+        certificateRevocationLists_.add(value);
+        onChanged();
+      } else {
+        certificateRevocationListsBuilder_.addMessage(value);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_lists = 1;
+     * </code>
+     */
+    public Builder addCertificateRevocationLists(
+        int index, com.google.cloud.security.privateca.v1.CertificateRevocationList value) {
+      if (certificateRevocationListsBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureCertificateRevocationListsIsMutable();
+        certificateRevocationLists_.add(index, value);
+        onChanged();
+      } else {
+        certificateRevocationListsBuilder_.addMessage(index, value);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_lists = 1;
+     * </code>
+     */
+    public Builder addCertificateRevocationLists(
+        com.google.cloud.security.privateca.v1.CertificateRevocationList.Builder builderForValue) {
+      if (certificateRevocationListsBuilder_ == null) {
+        ensureCertificateRevocationListsIsMutable();
+        certificateRevocationLists_.add(builderForValue.build());
+        onChanged();
+      } else {
+        certificateRevocationListsBuilder_.addMessage(builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_lists = 1;
+     * </code>
+     */
+    public Builder addCertificateRevocationLists(
+        int index,
+        com.google.cloud.security.privateca.v1.CertificateRevocationList.Builder builderForValue) {
+      if (certificateRevocationListsBuilder_ == null) {
+        ensureCertificateRevocationListsIsMutable();
+        certificateRevocationLists_.add(index, builderForValue.build());
+        onChanged();
+      } else {
+        certificateRevocationListsBuilder_.addMessage(index, builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_lists = 1;
+     * </code>
+     */
+    public Builder addAllCertificateRevocationLists(
+        java.lang.Iterable<
+                ? extends com.google.cloud.security.privateca.v1.CertificateRevocationList>
+            values) {
+      if (certificateRevocationListsBuilder_ == null) {
+        ensureCertificateRevocationListsIsMutable();
+        com.google.protobuf.AbstractMessageLite.Builder.addAll(values, certificateRevocationLists_);
+        onChanged();
+      } else {
+        certificateRevocationListsBuilder_.addAllMessages(values);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_lists = 1;
+     * </code>
+     */
+    public Builder clearCertificateRevocationLists() {
+      if (certificateRevocationListsBuilder_ == null) {
+        certificateRevocationLists_ = java.util.Collections.emptyList();
+        bitField0_ = (bitField0_ & ~0x00000001);
+        onChanged();
+      } else {
+        certificateRevocationListsBuilder_.clear();
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_lists = 1;
+     * </code>
+     */
+    public Builder removeCertificateRevocationLists(int index) {
+      if (certificateRevocationListsBuilder_ == null) {
+        ensureCertificateRevocationListsIsMutable();
+        certificateRevocationLists_.remove(index);
+        onChanged();
+      } else {
+        certificateRevocationListsBuilder_.remove(index);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_lists = 1;
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateRevocationList.Builder
+        getCertificateRevocationListsBuilder(int index) {
+      return getCertificateRevocationListsFieldBuilder().getBuilder(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_lists = 1;
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateRevocationListOrBuilder
+        getCertificateRevocationListsOrBuilder(int index) {
+      if (certificateRevocationListsBuilder_ == null) {
+        return certificateRevocationLists_.get(index);
+      } else {
+        return certificateRevocationListsBuilder_.getMessageOrBuilder(index);
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_lists = 1;
+     * </code>
+     */
+    public java.util.List<
+            ? extends com.google.cloud.security.privateca.v1.CertificateRevocationListOrBuilder>
+        getCertificateRevocationListsOrBuilderList() {
+      if (certificateRevocationListsBuilder_ != null) {
+        return certificateRevocationListsBuilder_.getMessageOrBuilderList();
+      } else {
+        return java.util.Collections.unmodifiableList(certificateRevocationLists_);
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_lists = 1;
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateRevocationList.Builder
+        addCertificateRevocationListsBuilder() {
+      return getCertificateRevocationListsFieldBuilder()
+          .addBuilder(
+              com.google.cloud.security.privateca.v1.CertificateRevocationList
+                  .getDefaultInstance());
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_lists = 1;
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateRevocationList.Builder
+        addCertificateRevocationListsBuilder(int index) {
+      return getCertificateRevocationListsFieldBuilder()
+          .addBuilder(
+              index,
+              com.google.cloud.security.privateca.v1.CertificateRevocationList
+                  .getDefaultInstance());
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_lists = 1;
+     * </code>
+     */
+    public java.util.List<com.google.cloud.security.privateca.v1.CertificateRevocationList.Builder>
+        getCertificateRevocationListsBuilderList() {
+      return getCertificateRevocationListsFieldBuilder().getBuilderList();
+    }
+
+    private com.google.protobuf.RepeatedFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateRevocationList,
+            com.google.cloud.security.privateca.v1.CertificateRevocationList.Builder,
+            com.google.cloud.security.privateca.v1.CertificateRevocationListOrBuilder>
+        getCertificateRevocationListsFieldBuilder() {
+      if (certificateRevocationListsBuilder_ == null) {
+        certificateRevocationListsBuilder_ =
+            new com.google.protobuf.RepeatedFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.CertificateRevocationList,
+                com.google.cloud.security.privateca.v1.CertificateRevocationList.Builder,
+                com.google.cloud.security.privateca.v1.CertificateRevocationListOrBuilder>(
+                certificateRevocationLists_,
+                ((bitField0_ & 0x00000001) != 0),
+                getParentForChildren(),
+                isClean());
+        certificateRevocationLists_ = null;
+      }
+      return certificateRevocationListsBuilder_;
+    }
+
+    private java.lang.Object nextPageToken_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * A token to retrieve next page of results. Pass this value in
+     * [ListCertificateRevocationListsRequest.next_page_token][] to retrieve the
+     * next page of results.
+     * </pre>
+     *
+     * <code>string next_page_token = 2;</code>
+     *
+     * @return The nextPageToken.
+     */
+    public java.lang.String getNextPageToken() {
+      java.lang.Object ref = nextPageToken_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        nextPageToken_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A token to retrieve next page of results. Pass this value in
+     * [ListCertificateRevocationListsRequest.next_page_token][] to retrieve the
+     * next page of results.
+     * </pre>
+     *
+     * <code>string next_page_token = 2;</code>
+     *
+     * @return The bytes for nextPageToken.
+     */
+    public com.google.protobuf.ByteString getNextPageTokenBytes() {
+      java.lang.Object ref = nextPageToken_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        nextPageToken_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A token to retrieve next page of results. Pass this value in
+     * [ListCertificateRevocationListsRequest.next_page_token][] to retrieve the
+     * next page of results.
+     * </pre>
+     *
+     * <code>string next_page_token = 2;</code>
+     *
+     * @param value The nextPageToken to set.
+     * @return This builder for chaining.
+     */
+    public Builder setNextPageToken(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      nextPageToken_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A token to retrieve next page of results. Pass this value in
+     * [ListCertificateRevocationListsRequest.next_page_token][] to retrieve the
+     * next page of results.
+     * </pre>
+     *
+     * <code>string next_page_token = 2;</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearNextPageToken() {
+
+      nextPageToken_ = getDefaultInstance().getNextPageToken();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A token to retrieve next page of results. Pass this value in
+     * [ListCertificateRevocationListsRequest.next_page_token][] to retrieve the
+     * next page of results.
+     * </pre>
+     *
+     * <code>string next_page_token = 2;</code>
+     *
+     * @param value The bytes for nextPageToken to set.
+     * @return This builder for chaining.
+     */
+    public Builder setNextPageTokenBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      nextPageToken_ = value;
+      onChanged();
+      return this;
+    }
+
+    private com.google.protobuf.LazyStringList unreachable_ =
+        com.google.protobuf.LazyStringArrayList.EMPTY;
+
+    private void ensureUnreachableIsMutable() {
+      if (!((bitField0_ & 0x00000002) != 0)) {
+        unreachable_ = new com.google.protobuf.LazyStringArrayList(unreachable_);
+        bitField0_ |= 0x00000002;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @return A list containing the unreachable.
+     */
+    public com.google.protobuf.ProtocolStringList getUnreachableList() {
+      return unreachable_.getUnmodifiableView();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @return The count of unreachable.
+     */
+    public int getUnreachableCount() {
+      return unreachable_.size();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @param index The index of the element to return.
+     * @return The unreachable at the given index.
+     */
+    public java.lang.String getUnreachable(int index) {
+      return unreachable_.get(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @param index The index of the value to return.
+     * @return The bytes of the unreachable at the given index.
+     */
+    public com.google.protobuf.ByteString getUnreachableBytes(int index) {
+      return unreachable_.getByteString(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @param index The index to set the value at.
+     * @param value The unreachable to set.
+     * @return This builder for chaining.
+     */
+    public Builder setUnreachable(int index, java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensureUnreachableIsMutable();
+      unreachable_.set(index, value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @param value The unreachable to add.
+     * @return This builder for chaining.
+     */
+    public Builder addUnreachable(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensureUnreachableIsMutable();
+      unreachable_.add(value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @param values The unreachable to add.
+     * @return This builder for chaining.
+     */
+    public Builder addAllUnreachable(java.lang.Iterable<java.lang.String> values) {
+      ensureUnreachableIsMutable();
+      com.google.protobuf.AbstractMessageLite.Builder.addAll(values, unreachable_);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearUnreachable() {
+      unreachable_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000002);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @param value The bytes of the unreachable to add.
+     * @return This builder for chaining.
+     */
+    public Builder addUnreachableBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+      ensureUnreachableIsMutable();
+      unreachable_.add(value);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse)
+  private static final com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse
+      DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE =
+        new com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse();
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse
+      getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<ListCertificateRevocationListsResponse> PARSER =
+      new com.google.protobuf.AbstractParser<ListCertificateRevocationListsResponse>() {
+        @java.lang.Override
+        public ListCertificateRevocationListsResponse parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new ListCertificateRevocationListsResponse(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<ListCertificateRevocationListsResponse> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<ListCertificateRevocationListsResponse> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse
+      getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateRevocationListsResponseOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateRevocationListsResponseOrBuilder.java
new file mode 100644
index 00000000..1586ac1c
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateRevocationListsResponseOrBuilder.java
@@ -0,0 +1,176 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface ListCertificateRevocationListsResponseOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * The list of
+   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_lists = 1;
+   * </code>
+   */
+  java.util.List<com.google.cloud.security.privateca.v1.CertificateRevocationList>
+      getCertificateRevocationListsList();
+  /**
+   *
+   *
+   * <pre>
+   * The list of
+   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_lists = 1;
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.CertificateRevocationList getCertificateRevocationLists(
+      int index);
+  /**
+   *
+   *
+   * <pre>
+   * The list of
+   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_lists = 1;
+   * </code>
+   */
+  int getCertificateRevocationListsCount();
+  /**
+   *
+   *
+   * <pre>
+   * The list of
+   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_lists = 1;
+   * </code>
+   */
+  java.util.List<
+          ? extends com.google.cloud.security.privateca.v1.CertificateRevocationListOrBuilder>
+      getCertificateRevocationListsOrBuilderList();
+  /**
+   *
+   *
+   * <pre>
+   * The list of
+   * [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_lists = 1;
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.CertificateRevocationListOrBuilder
+      getCertificateRevocationListsOrBuilder(int index);
+
+  /**
+   *
+   *
+   * <pre>
+   * A token to retrieve next page of results. Pass this value in
+   * [ListCertificateRevocationListsRequest.next_page_token][] to retrieve the
+   * next page of results.
+   * </pre>
+   *
+   * <code>string next_page_token = 2;</code>
+   *
+   * @return The nextPageToken.
+   */
+  java.lang.String getNextPageToken();
+  /**
+   *
+   *
+   * <pre>
+   * A token to retrieve next page of results. Pass this value in
+   * [ListCertificateRevocationListsRequest.next_page_token][] to retrieve the
+   * next page of results.
+   * </pre>
+   *
+   * <code>string next_page_token = 2;</code>
+   *
+   * @return The bytes for nextPageToken.
+   */
+  com.google.protobuf.ByteString getNextPageTokenBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @return A list containing the unreachable.
+   */
+  java.util.List<java.lang.String> getUnreachableList();
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @return The count of unreachable.
+   */
+  int getUnreachableCount();
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @param index The index of the element to return.
+   * @return The unreachable at the given index.
+   */
+  java.lang.String getUnreachable(int index);
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @param index The index of the value to return.
+   * @return The bytes of the unreachable at the given index.
+   */
+  com.google.protobuf.ByteString getUnreachableBytes(int index);
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateTemplatesRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateTemplatesRequest.java
new file mode 100644
index 00000000..b0eecb9d
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateTemplatesRequest.java
@@ -0,0 +1,1342 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Request message for
+ * [CertificateAuthorityService.ListCertificateTemplates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateTemplates].
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.ListCertificateTemplatesRequest}
+ */
+public final class ListCertificateTemplatesRequest extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.ListCertificateTemplatesRequest)
+    ListCertificateTemplatesRequestOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use ListCertificateTemplatesRequest.newBuilder() to construct.
+  private ListCertificateTemplatesRequest(
+      com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private ListCertificateTemplatesRequest() {
+    parent_ = "";
+    pageToken_ = "";
+    filter_ = "";
+    orderBy_ = "";
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new ListCertificateTemplatesRequest();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private ListCertificateTemplatesRequest(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              parent_ = s;
+              break;
+            }
+          case 16:
+            {
+              pageSize_ = input.readInt32();
+              break;
+            }
+          case 26:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              pageToken_ = s;
+              break;
+            }
+          case 34:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              filter_ = s;
+              break;
+            }
+          case 42:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              orderBy_ = s;
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_ListCertificateTemplatesRequest_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_ListCertificateTemplatesRequest_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest.class,
+            com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest.Builder.class);
+  }
+
+  public static final int PARENT_FIELD_NUMBER = 1;
+  private volatile java.lang.Object parent_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name of the location associated with the
+   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate],
+   * in the format `projects/&#42;&#47;locations/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The parent.
+   */
+  @java.lang.Override
+  public java.lang.String getParent() {
+    java.lang.Object ref = parent_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      parent_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name of the location associated with the
+   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate],
+   * in the format `projects/&#42;&#47;locations/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for parent.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getParentBytes() {
+    java.lang.Object ref = parent_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      parent_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int PAGE_SIZE_FIELD_NUMBER = 2;
+  private int pageSize_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Limit on the number of
+   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]
+   * to include in the response. Further
+   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]
+   * can subsequently be obtained by including the
+   * [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token]
+   * in a subsequent request. If unspecified, the server will pick an
+   * appropriate default.
+   * </pre>
+   *
+   * <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The pageSize.
+   */
+  @java.lang.Override
+  public int getPageSize() {
+    return pageSize_;
+  }
+
+  public static final int PAGE_TOKEN_FIELD_NUMBER = 3;
+  private volatile java.lang.Object pageToken_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Pagination token, returned earlier via
+   * [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token].
+   * </pre>
+   *
+   * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The pageToken.
+   */
+  @java.lang.Override
+  public java.lang.String getPageToken() {
+    java.lang.Object ref = pageToken_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      pageToken_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Pagination token, returned earlier via
+   * [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token].
+   * </pre>
+   *
+   * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for pageToken.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getPageTokenBytes() {
+    java.lang.Object ref = pageToken_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      pageToken_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int FILTER_FIELD_NUMBER = 4;
+  private volatile java.lang.Object filter_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Only include resources that match the filter in the response.
+   * </pre>
+   *
+   * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The filter.
+   */
+  @java.lang.Override
+  public java.lang.String getFilter() {
+    java.lang.Object ref = filter_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      filter_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Only include resources that match the filter in the response.
+   * </pre>
+   *
+   * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for filter.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getFilterBytes() {
+    java.lang.Object ref = filter_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      filter_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int ORDER_BY_FIELD_NUMBER = 5;
+  private volatile java.lang.Object orderBy_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Specify how the results should be sorted.
+   * </pre>
+   *
+   * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The orderBy.
+   */
+  @java.lang.Override
+  public java.lang.String getOrderBy() {
+    java.lang.Object ref = orderBy_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      orderBy_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Specify how the results should be sorted.
+   * </pre>
+   *
+   * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for orderBy.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getOrderByBytes() {
+    java.lang.Object ref = orderBy_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      orderBy_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!getParentBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, parent_);
+    }
+    if (pageSize_ != 0) {
+      output.writeInt32(2, pageSize_);
+    }
+    if (!getPageTokenBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 3, pageToken_);
+    }
+    if (!getFilterBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 4, filter_);
+    }
+    if (!getOrderByBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 5, orderBy_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!getParentBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, parent_);
+    }
+    if (pageSize_ != 0) {
+      size += com.google.protobuf.CodedOutputStream.computeInt32Size(2, pageSize_);
+    }
+    if (!getPageTokenBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(3, pageToken_);
+    }
+    if (!getFilterBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(4, filter_);
+    }
+    if (!getOrderByBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(5, orderBy_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest other =
+        (com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest) obj;
+
+    if (!getParent().equals(other.getParent())) return false;
+    if (getPageSize() != other.getPageSize()) return false;
+    if (!getPageToken().equals(other.getPageToken())) return false;
+    if (!getFilter().equals(other.getFilter())) return false;
+    if (!getOrderBy().equals(other.getOrderBy())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + PARENT_FIELD_NUMBER;
+    hash = (53 * hash) + getParent().hashCode();
+    hash = (37 * hash) + PAGE_SIZE_FIELD_NUMBER;
+    hash = (53 * hash) + getPageSize();
+    hash = (37 * hash) + PAGE_TOKEN_FIELD_NUMBER;
+    hash = (53 * hash) + getPageToken().hashCode();
+    hash = (37 * hash) + FILTER_FIELD_NUMBER;
+    hash = (53 * hash) + getFilter().hashCode();
+    hash = (37 * hash) + ORDER_BY_FIELD_NUMBER;
+    hash = (53 * hash) + getOrderBy().hashCode();
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest parseFrom(
+      byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest
+      parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest
+      parseDelimitedFrom(
+          java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Request message for
+   * [CertificateAuthorityService.ListCertificateTemplates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateTemplates].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.ListCertificateTemplatesRequest}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.ListCertificateTemplatesRequest)
+      com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequestOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_ListCertificateTemplatesRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_ListCertificateTemplatesRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest.class,
+              com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest.Builder.class);
+    }
+
+    // Construct using
+    // com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      parent_ = "";
+
+      pageSize_ = 0;
+
+      pageToken_ = "";
+
+      filter_ = "";
+
+      orderBy_ = "";
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_ListCertificateTemplatesRequest_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest
+        getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest
+          .getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest build() {
+      com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest result =
+          buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest buildPartial() {
+      com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest result =
+          new com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest(this);
+      result.parent_ = parent_;
+      result.pageSize_ = pageSize_;
+      result.pageToken_ = pageToken_;
+      result.filter_ = filter_;
+      result.orderBy_ = orderBy_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest) {
+        return mergeFrom(
+            (com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(
+        com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest other) {
+      if (other
+          == com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest
+              .getDefaultInstance()) return this;
+      if (!other.getParent().isEmpty()) {
+        parent_ = other.parent_;
+        onChanged();
+      }
+      if (other.getPageSize() != 0) {
+        setPageSize(other.getPageSize());
+      }
+      if (!other.getPageToken().isEmpty()) {
+        pageToken_ = other.pageToken_;
+        onChanged();
+      }
+      if (!other.getFilter().isEmpty()) {
+        filter_ = other.filter_;
+        onChanged();
+      }
+      if (!other.getOrderBy().isEmpty()) {
+        orderBy_ = other.orderBy_;
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest)
+                e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private java.lang.Object parent_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the location associated with the
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate],
+     * in the format `projects/&#42;&#47;locations/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The parent.
+     */
+    public java.lang.String getParent() {
+      java.lang.Object ref = parent_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        parent_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the location associated with the
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate],
+     * in the format `projects/&#42;&#47;locations/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for parent.
+     */
+    public com.google.protobuf.ByteString getParentBytes() {
+      java.lang.Object ref = parent_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        parent_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the location associated with the
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate],
+     * in the format `projects/&#42;&#47;locations/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The parent to set.
+     * @return This builder for chaining.
+     */
+    public Builder setParent(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      parent_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the location associated with the
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate],
+     * in the format `projects/&#42;&#47;locations/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearParent() {
+
+      parent_ = getDefaultInstance().getParent();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the location associated with the
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate],
+     * in the format `projects/&#42;&#47;locations/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The bytes for parent to set.
+     * @return This builder for chaining.
+     */
+    public Builder setParentBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      parent_ = value;
+      onChanged();
+      return this;
+    }
+
+    private int pageSize_;
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Limit on the number of
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]
+     * to include in the response. Further
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]
+     * can subsequently be obtained by including the
+     * [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token]
+     * in a subsequent request. If unspecified, the server will pick an
+     * appropriate default.
+     * </pre>
+     *
+     * <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The pageSize.
+     */
+    @java.lang.Override
+    public int getPageSize() {
+      return pageSize_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Limit on the number of
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]
+     * to include in the response. Further
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]
+     * can subsequently be obtained by including the
+     * [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token]
+     * in a subsequent request. If unspecified, the server will pick an
+     * appropriate default.
+     * </pre>
+     *
+     * <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The pageSize to set.
+     * @return This builder for chaining.
+     */
+    public Builder setPageSize(int value) {
+
+      pageSize_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Limit on the number of
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]
+     * to include in the response. Further
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]
+     * can subsequently be obtained by including the
+     * [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token]
+     * in a subsequent request. If unspecified, the server will pick an
+     * appropriate default.
+     * </pre>
+     *
+     * <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearPageSize() {
+
+      pageSize_ = 0;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object pageToken_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Pagination token, returned earlier via
+     * [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token].
+     * </pre>
+     *
+     * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The pageToken.
+     */
+    public java.lang.String getPageToken() {
+      java.lang.Object ref = pageToken_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        pageToken_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Pagination token, returned earlier via
+     * [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token].
+     * </pre>
+     *
+     * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for pageToken.
+     */
+    public com.google.protobuf.ByteString getPageTokenBytes() {
+      java.lang.Object ref = pageToken_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        pageToken_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Pagination token, returned earlier via
+     * [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token].
+     * </pre>
+     *
+     * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The pageToken to set.
+     * @return This builder for chaining.
+     */
+    public Builder setPageToken(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      pageToken_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Pagination token, returned earlier via
+     * [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token].
+     * </pre>
+     *
+     * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearPageToken() {
+
+      pageToken_ = getDefaultInstance().getPageToken();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Pagination token, returned earlier via
+     * [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token].
+     * </pre>
+     *
+     * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The bytes for pageToken to set.
+     * @return This builder for chaining.
+     */
+    public Builder setPageTokenBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      pageToken_ = value;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object filter_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Only include resources that match the filter in the response.
+     * </pre>
+     *
+     * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The filter.
+     */
+    public java.lang.String getFilter() {
+      java.lang.Object ref = filter_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        filter_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Only include resources that match the filter in the response.
+     * </pre>
+     *
+     * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for filter.
+     */
+    public com.google.protobuf.ByteString getFilterBytes() {
+      java.lang.Object ref = filter_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        filter_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Only include resources that match the filter in the response.
+     * </pre>
+     *
+     * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The filter to set.
+     * @return This builder for chaining.
+     */
+    public Builder setFilter(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      filter_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Only include resources that match the filter in the response.
+     * </pre>
+     *
+     * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearFilter() {
+
+      filter_ = getDefaultInstance().getFilter();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Only include resources that match the filter in the response.
+     * </pre>
+     *
+     * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The bytes for filter to set.
+     * @return This builder for chaining.
+     */
+    public Builder setFilterBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      filter_ = value;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object orderBy_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Specify how the results should be sorted.
+     * </pre>
+     *
+     * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The orderBy.
+     */
+    public java.lang.String getOrderBy() {
+      java.lang.Object ref = orderBy_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        orderBy_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Specify how the results should be sorted.
+     * </pre>
+     *
+     * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for orderBy.
+     */
+    public com.google.protobuf.ByteString getOrderByBytes() {
+      java.lang.Object ref = orderBy_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        orderBy_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Specify how the results should be sorted.
+     * </pre>
+     *
+     * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The orderBy to set.
+     * @return This builder for chaining.
+     */
+    public Builder setOrderBy(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      orderBy_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Specify how the results should be sorted.
+     * </pre>
+     *
+     * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearOrderBy() {
+
+      orderBy_ = getDefaultInstance().getOrderBy();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Specify how the results should be sorted.
+     * </pre>
+     *
+     * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The bytes for orderBy to set.
+     * @return This builder for chaining.
+     */
+    public Builder setOrderByBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      orderBy_ = value;
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.ListCertificateTemplatesRequest)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.ListCertificateTemplatesRequest)
+  private static final com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest
+      DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest();
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest
+      getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<ListCertificateTemplatesRequest> PARSER =
+      new com.google.protobuf.AbstractParser<ListCertificateTemplatesRequest>() {
+        @java.lang.Override
+        public ListCertificateTemplatesRequest parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new ListCertificateTemplatesRequest(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<ListCertificateTemplatesRequest> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<ListCertificateTemplatesRequest> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest
+      getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateTemplatesRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateTemplatesRequestOrBuilder.java
new file mode 100644
index 00000000..811d893a
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateTemplatesRequestOrBuilder.java
@@ -0,0 +1,155 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface ListCertificateTemplatesRequestOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.ListCertificateTemplatesRequest)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name of the location associated with the
+   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate],
+   * in the format `projects/&#42;&#47;locations/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The parent.
+   */
+  java.lang.String getParent();
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name of the location associated with the
+   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate],
+   * in the format `projects/&#42;&#47;locations/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for parent.
+   */
+  com.google.protobuf.ByteString getParentBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Limit on the number of
+   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]
+   * to include in the response. Further
+   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]
+   * can subsequently be obtained by including the
+   * [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token]
+   * in a subsequent request. If unspecified, the server will pick an
+   * appropriate default.
+   * </pre>
+   *
+   * <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The pageSize.
+   */
+  int getPageSize();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Pagination token, returned earlier via
+   * [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token].
+   * </pre>
+   *
+   * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The pageToken.
+   */
+  java.lang.String getPageToken();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Pagination token, returned earlier via
+   * [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token].
+   * </pre>
+   *
+   * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for pageToken.
+   */
+  com.google.protobuf.ByteString getPageTokenBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Only include resources that match the filter in the response.
+   * </pre>
+   *
+   * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The filter.
+   */
+  java.lang.String getFilter();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Only include resources that match the filter in the response.
+   * </pre>
+   *
+   * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for filter.
+   */
+  com.google.protobuf.ByteString getFilterBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Specify how the results should be sorted.
+   * </pre>
+   *
+   * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The orderBy.
+   */
+  java.lang.String getOrderBy();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Specify how the results should be sorted.
+   * </pre>
+   *
+   * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for orderBy.
+   */
+  com.google.protobuf.ByteString getOrderByBytes();
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateTemplatesResponse.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateTemplatesResponse.java
new file mode 100644
index 00000000..15beb449
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateTemplatesResponse.java
@@ -0,0 +1,1537 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Response message for
+ * [CertificateAuthorityService.ListCertificateTemplates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateTemplates].
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.ListCertificateTemplatesResponse}
+ */
+public final class ListCertificateTemplatesResponse extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.ListCertificateTemplatesResponse)
+    ListCertificateTemplatesResponseOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use ListCertificateTemplatesResponse.newBuilder() to construct.
+  private ListCertificateTemplatesResponse(
+      com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private ListCertificateTemplatesResponse() {
+    certificateTemplates_ = java.util.Collections.emptyList();
+    nextPageToken_ = "";
+    unreachable_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new ListCertificateTemplatesResponse();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private ListCertificateTemplatesResponse(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    int mutable_bitField0_ = 0;
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              if (!((mutable_bitField0_ & 0x00000001) != 0)) {
+                certificateTemplates_ =
+                    new java.util.ArrayList<
+                        com.google.cloud.security.privateca.v1.CertificateTemplate>();
+                mutable_bitField0_ |= 0x00000001;
+              }
+              certificateTemplates_.add(
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.CertificateTemplate.parser(),
+                      extensionRegistry));
+              break;
+            }
+          case 18:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              nextPageToken_ = s;
+              break;
+            }
+          case 26:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+              if (!((mutable_bitField0_ & 0x00000002) != 0)) {
+                unreachable_ = new com.google.protobuf.LazyStringArrayList();
+                mutable_bitField0_ |= 0x00000002;
+              }
+              unreachable_.add(s);
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      if (((mutable_bitField0_ & 0x00000001) != 0)) {
+        certificateTemplates_ = java.util.Collections.unmodifiableList(certificateTemplates_);
+      }
+      if (((mutable_bitField0_ & 0x00000002) != 0)) {
+        unreachable_ = unreachable_.getUnmodifiableView();
+      }
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_ListCertificateTemplatesResponse_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_ListCertificateTemplatesResponse_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.class,
+            com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.Builder.class);
+  }
+
+  public static final int CERTIFICATE_TEMPLATES_FIELD_NUMBER = 1;
+  private java.util.List<com.google.cloud.security.privateca.v1.CertificateTemplate>
+      certificateTemplates_;
+  /**
+   *
+   *
+   * <pre>
+   * The list of
+   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateTemplate certificate_templates = 1;
+   * </code>
+   */
+  @java.lang.Override
+  public java.util.List<com.google.cloud.security.privateca.v1.CertificateTemplate>
+      getCertificateTemplatesList() {
+    return certificateTemplates_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The list of
+   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateTemplate certificate_templates = 1;
+   * </code>
+   */
+  @java.lang.Override
+  public java.util.List<
+          ? extends com.google.cloud.security.privateca.v1.CertificateTemplateOrBuilder>
+      getCertificateTemplatesOrBuilderList() {
+    return certificateTemplates_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The list of
+   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateTemplate certificate_templates = 1;
+   * </code>
+   */
+  @java.lang.Override
+  public int getCertificateTemplatesCount() {
+    return certificateTemplates_.size();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The list of
+   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateTemplate certificate_templates = 1;
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateTemplate getCertificateTemplates(
+      int index) {
+    return certificateTemplates_.get(index);
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The list of
+   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateTemplate certificate_templates = 1;
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateTemplateOrBuilder
+      getCertificateTemplatesOrBuilder(int index) {
+    return certificateTemplates_.get(index);
+  }
+
+  public static final int NEXT_PAGE_TOKEN_FIELD_NUMBER = 2;
+  private volatile java.lang.Object nextPageToken_;
+  /**
+   *
+   *
+   * <pre>
+   * A token to retrieve next page of results. Pass this value in
+   * [ListCertificateTemplatesRequest.next_page_token][] to retrieve
+   * the next page of results.
+   * </pre>
+   *
+   * <code>string next_page_token = 2;</code>
+   *
+   * @return The nextPageToken.
+   */
+  @java.lang.Override
+  public java.lang.String getNextPageToken() {
+    java.lang.Object ref = nextPageToken_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      nextPageToken_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * A token to retrieve next page of results. Pass this value in
+   * [ListCertificateTemplatesRequest.next_page_token][] to retrieve
+   * the next page of results.
+   * </pre>
+   *
+   * <code>string next_page_token = 2;</code>
+   *
+   * @return The bytes for nextPageToken.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getNextPageTokenBytes() {
+    java.lang.Object ref = nextPageToken_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      nextPageToken_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int UNREACHABLE_FIELD_NUMBER = 3;
+  private com.google.protobuf.LazyStringList unreachable_;
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @return A list containing the unreachable.
+   */
+  public com.google.protobuf.ProtocolStringList getUnreachableList() {
+    return unreachable_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @return The count of unreachable.
+   */
+  public int getUnreachableCount() {
+    return unreachable_.size();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @param index The index of the element to return.
+   * @return The unreachable at the given index.
+   */
+  public java.lang.String getUnreachable(int index) {
+    return unreachable_.get(index);
+  }
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @param index The index of the value to return.
+   * @return The bytes of the unreachable at the given index.
+   */
+  public com.google.protobuf.ByteString getUnreachableBytes(int index) {
+    return unreachable_.getByteString(index);
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    for (int i = 0; i < certificateTemplates_.size(); i++) {
+      output.writeMessage(1, certificateTemplates_.get(i));
+    }
+    if (!getNextPageTokenBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 2, nextPageToken_);
+    }
+    for (int i = 0; i < unreachable_.size(); i++) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 3, unreachable_.getRaw(i));
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    for (int i = 0; i < certificateTemplates_.size(); i++) {
+      size +=
+          com.google.protobuf.CodedOutputStream.computeMessageSize(1, certificateTemplates_.get(i));
+    }
+    if (!getNextPageTokenBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(2, nextPageToken_);
+    }
+    {
+      int dataSize = 0;
+      for (int i = 0; i < unreachable_.size(); i++) {
+        dataSize += computeStringSizeNoTag(unreachable_.getRaw(i));
+      }
+      size += dataSize;
+      size += 1 * getUnreachableList().size();
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse other =
+        (com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse) obj;
+
+    if (!getCertificateTemplatesList().equals(other.getCertificateTemplatesList())) return false;
+    if (!getNextPageToken().equals(other.getNextPageToken())) return false;
+    if (!getUnreachableList().equals(other.getUnreachableList())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    if (getCertificateTemplatesCount() > 0) {
+      hash = (37 * hash) + CERTIFICATE_TEMPLATES_FIELD_NUMBER;
+      hash = (53 * hash) + getCertificateTemplatesList().hashCode();
+    }
+    hash = (37 * hash) + NEXT_PAGE_TOKEN_FIELD_NUMBER;
+    hash = (53 * hash) + getNextPageToken().hashCode();
+    if (getUnreachableCount() > 0) {
+      hash = (37 * hash) + UNREACHABLE_FIELD_NUMBER;
+      hash = (53 * hash) + getUnreachableList().hashCode();
+    }
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse parseFrom(
+      byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse
+      parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse
+      parseDelimitedFrom(
+          java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Response message for
+   * [CertificateAuthorityService.ListCertificateTemplates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateTemplates].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.ListCertificateTemplatesResponse}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.ListCertificateTemplatesResponse)
+      com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponseOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_ListCertificateTemplatesResponse_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_ListCertificateTemplatesResponse_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.class,
+              com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.Builder
+                  .class);
+    }
+
+    // Construct using
+    // com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {
+        getCertificateTemplatesFieldBuilder();
+      }
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      if (certificateTemplatesBuilder_ == null) {
+        certificateTemplates_ = java.util.Collections.emptyList();
+        bitField0_ = (bitField0_ & ~0x00000001);
+      } else {
+        certificateTemplatesBuilder_.clear();
+      }
+      nextPageToken_ = "";
+
+      unreachable_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000002);
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_ListCertificateTemplatesResponse_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse
+        getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse
+          .getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse build() {
+      com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse result =
+          buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse buildPartial() {
+      com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse result =
+          new com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse(this);
+      int from_bitField0_ = bitField0_;
+      if (certificateTemplatesBuilder_ == null) {
+        if (((bitField0_ & 0x00000001) != 0)) {
+          certificateTemplates_ = java.util.Collections.unmodifiableList(certificateTemplates_);
+          bitField0_ = (bitField0_ & ~0x00000001);
+        }
+        result.certificateTemplates_ = certificateTemplates_;
+      } else {
+        result.certificateTemplates_ = certificateTemplatesBuilder_.build();
+      }
+      result.nextPageToken_ = nextPageToken_;
+      if (((bitField0_ & 0x00000002) != 0)) {
+        unreachable_ = unreachable_.getUnmodifiableView();
+        bitField0_ = (bitField0_ & ~0x00000002);
+      }
+      result.unreachable_ = unreachable_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other
+          instanceof com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse) {
+        return mergeFrom(
+            (com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(
+        com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse other) {
+      if (other
+          == com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse
+              .getDefaultInstance()) return this;
+      if (certificateTemplatesBuilder_ == null) {
+        if (!other.certificateTemplates_.isEmpty()) {
+          if (certificateTemplates_.isEmpty()) {
+            certificateTemplates_ = other.certificateTemplates_;
+            bitField0_ = (bitField0_ & ~0x00000001);
+          } else {
+            ensureCertificateTemplatesIsMutable();
+            certificateTemplates_.addAll(other.certificateTemplates_);
+          }
+          onChanged();
+        }
+      } else {
+        if (!other.certificateTemplates_.isEmpty()) {
+          if (certificateTemplatesBuilder_.isEmpty()) {
+            certificateTemplatesBuilder_.dispose();
+            certificateTemplatesBuilder_ = null;
+            certificateTemplates_ = other.certificateTemplates_;
+            bitField0_ = (bitField0_ & ~0x00000001);
+            certificateTemplatesBuilder_ =
+                com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders
+                    ? getCertificateTemplatesFieldBuilder()
+                    : null;
+          } else {
+            certificateTemplatesBuilder_.addAllMessages(other.certificateTemplates_);
+          }
+        }
+      }
+      if (!other.getNextPageToken().isEmpty()) {
+        nextPageToken_ = other.nextPageToken_;
+        onChanged();
+      }
+      if (!other.unreachable_.isEmpty()) {
+        if (unreachable_.isEmpty()) {
+          unreachable_ = other.unreachable_;
+          bitField0_ = (bitField0_ & ~0x00000002);
+        } else {
+          ensureUnreachableIsMutable();
+          unreachable_.addAll(other.unreachable_);
+        }
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse)
+                e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private int bitField0_;
+
+    private java.util.List<com.google.cloud.security.privateca.v1.CertificateTemplate>
+        certificateTemplates_ = java.util.Collections.emptyList();
+
+    private void ensureCertificateTemplatesIsMutable() {
+      if (!((bitField0_ & 0x00000001) != 0)) {
+        certificateTemplates_ =
+            new java.util.ArrayList<com.google.cloud.security.privateca.v1.CertificateTemplate>(
+                certificateTemplates_);
+        bitField0_ |= 0x00000001;
+      }
+    }
+
+    private com.google.protobuf.RepeatedFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateTemplate,
+            com.google.cloud.security.privateca.v1.CertificateTemplate.Builder,
+            com.google.cloud.security.privateca.v1.CertificateTemplateOrBuilder>
+        certificateTemplatesBuilder_;
+
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateTemplate certificate_templates = 1;
+     * </code>
+     */
+    public java.util.List<com.google.cloud.security.privateca.v1.CertificateTemplate>
+        getCertificateTemplatesList() {
+      if (certificateTemplatesBuilder_ == null) {
+        return java.util.Collections.unmodifiableList(certificateTemplates_);
+      } else {
+        return certificateTemplatesBuilder_.getMessageList();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateTemplate certificate_templates = 1;
+     * </code>
+     */
+    public int getCertificateTemplatesCount() {
+      if (certificateTemplatesBuilder_ == null) {
+        return certificateTemplates_.size();
+      } else {
+        return certificateTemplatesBuilder_.getCount();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateTemplate certificate_templates = 1;
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateTemplate getCertificateTemplates(
+        int index) {
+      if (certificateTemplatesBuilder_ == null) {
+        return certificateTemplates_.get(index);
+      } else {
+        return certificateTemplatesBuilder_.getMessage(index);
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateTemplate certificate_templates = 1;
+     * </code>
+     */
+    public Builder setCertificateTemplates(
+        int index, com.google.cloud.security.privateca.v1.CertificateTemplate value) {
+      if (certificateTemplatesBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureCertificateTemplatesIsMutable();
+        certificateTemplates_.set(index, value);
+        onChanged();
+      } else {
+        certificateTemplatesBuilder_.setMessage(index, value);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateTemplate certificate_templates = 1;
+     * </code>
+     */
+    public Builder setCertificateTemplates(
+        int index,
+        com.google.cloud.security.privateca.v1.CertificateTemplate.Builder builderForValue) {
+      if (certificateTemplatesBuilder_ == null) {
+        ensureCertificateTemplatesIsMutable();
+        certificateTemplates_.set(index, builderForValue.build());
+        onChanged();
+      } else {
+        certificateTemplatesBuilder_.setMessage(index, builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateTemplate certificate_templates = 1;
+     * </code>
+     */
+    public Builder addCertificateTemplates(
+        com.google.cloud.security.privateca.v1.CertificateTemplate value) {
+      if (certificateTemplatesBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureCertificateTemplatesIsMutable();
+        certificateTemplates_.add(value);
+        onChanged();
+      } else {
+        certificateTemplatesBuilder_.addMessage(value);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateTemplate certificate_templates = 1;
+     * </code>
+     */
+    public Builder addCertificateTemplates(
+        int index, com.google.cloud.security.privateca.v1.CertificateTemplate value) {
+      if (certificateTemplatesBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureCertificateTemplatesIsMutable();
+        certificateTemplates_.add(index, value);
+        onChanged();
+      } else {
+        certificateTemplatesBuilder_.addMessage(index, value);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateTemplate certificate_templates = 1;
+     * </code>
+     */
+    public Builder addCertificateTemplates(
+        com.google.cloud.security.privateca.v1.CertificateTemplate.Builder builderForValue) {
+      if (certificateTemplatesBuilder_ == null) {
+        ensureCertificateTemplatesIsMutable();
+        certificateTemplates_.add(builderForValue.build());
+        onChanged();
+      } else {
+        certificateTemplatesBuilder_.addMessage(builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateTemplate certificate_templates = 1;
+     * </code>
+     */
+    public Builder addCertificateTemplates(
+        int index,
+        com.google.cloud.security.privateca.v1.CertificateTemplate.Builder builderForValue) {
+      if (certificateTemplatesBuilder_ == null) {
+        ensureCertificateTemplatesIsMutable();
+        certificateTemplates_.add(index, builderForValue.build());
+        onChanged();
+      } else {
+        certificateTemplatesBuilder_.addMessage(index, builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateTemplate certificate_templates = 1;
+     * </code>
+     */
+    public Builder addAllCertificateTemplates(
+        java.lang.Iterable<? extends com.google.cloud.security.privateca.v1.CertificateTemplate>
+            values) {
+      if (certificateTemplatesBuilder_ == null) {
+        ensureCertificateTemplatesIsMutable();
+        com.google.protobuf.AbstractMessageLite.Builder.addAll(values, certificateTemplates_);
+        onChanged();
+      } else {
+        certificateTemplatesBuilder_.addAllMessages(values);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateTemplate certificate_templates = 1;
+     * </code>
+     */
+    public Builder clearCertificateTemplates() {
+      if (certificateTemplatesBuilder_ == null) {
+        certificateTemplates_ = java.util.Collections.emptyList();
+        bitField0_ = (bitField0_ & ~0x00000001);
+        onChanged();
+      } else {
+        certificateTemplatesBuilder_.clear();
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateTemplate certificate_templates = 1;
+     * </code>
+     */
+    public Builder removeCertificateTemplates(int index) {
+      if (certificateTemplatesBuilder_ == null) {
+        ensureCertificateTemplatesIsMutable();
+        certificateTemplates_.remove(index);
+        onChanged();
+      } else {
+        certificateTemplatesBuilder_.remove(index);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateTemplate certificate_templates = 1;
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateTemplate.Builder
+        getCertificateTemplatesBuilder(int index) {
+      return getCertificateTemplatesFieldBuilder().getBuilder(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateTemplate certificate_templates = 1;
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateTemplateOrBuilder
+        getCertificateTemplatesOrBuilder(int index) {
+      if (certificateTemplatesBuilder_ == null) {
+        return certificateTemplates_.get(index);
+      } else {
+        return certificateTemplatesBuilder_.getMessageOrBuilder(index);
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateTemplate certificate_templates = 1;
+     * </code>
+     */
+    public java.util.List<
+            ? extends com.google.cloud.security.privateca.v1.CertificateTemplateOrBuilder>
+        getCertificateTemplatesOrBuilderList() {
+      if (certificateTemplatesBuilder_ != null) {
+        return certificateTemplatesBuilder_.getMessageOrBuilderList();
+      } else {
+        return java.util.Collections.unmodifiableList(certificateTemplates_);
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateTemplate certificate_templates = 1;
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateTemplate.Builder
+        addCertificateTemplatesBuilder() {
+      return getCertificateTemplatesFieldBuilder()
+          .addBuilder(
+              com.google.cloud.security.privateca.v1.CertificateTemplate.getDefaultInstance());
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateTemplate certificate_templates = 1;
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateTemplate.Builder
+        addCertificateTemplatesBuilder(int index) {
+      return getCertificateTemplatesFieldBuilder()
+          .addBuilder(
+              index,
+              com.google.cloud.security.privateca.v1.CertificateTemplate.getDefaultInstance());
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of
+     * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.CertificateTemplate certificate_templates = 1;
+     * </code>
+     */
+    public java.util.List<com.google.cloud.security.privateca.v1.CertificateTemplate.Builder>
+        getCertificateTemplatesBuilderList() {
+      return getCertificateTemplatesFieldBuilder().getBuilderList();
+    }
+
+    private com.google.protobuf.RepeatedFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateTemplate,
+            com.google.cloud.security.privateca.v1.CertificateTemplate.Builder,
+            com.google.cloud.security.privateca.v1.CertificateTemplateOrBuilder>
+        getCertificateTemplatesFieldBuilder() {
+      if (certificateTemplatesBuilder_ == null) {
+        certificateTemplatesBuilder_ =
+            new com.google.protobuf.RepeatedFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.CertificateTemplate,
+                com.google.cloud.security.privateca.v1.CertificateTemplate.Builder,
+                com.google.cloud.security.privateca.v1.CertificateTemplateOrBuilder>(
+                certificateTemplates_,
+                ((bitField0_ & 0x00000001) != 0),
+                getParentForChildren(),
+                isClean());
+        certificateTemplates_ = null;
+      }
+      return certificateTemplatesBuilder_;
+    }
+
+    private java.lang.Object nextPageToken_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * A token to retrieve next page of results. Pass this value in
+     * [ListCertificateTemplatesRequest.next_page_token][] to retrieve
+     * the next page of results.
+     * </pre>
+     *
+     * <code>string next_page_token = 2;</code>
+     *
+     * @return The nextPageToken.
+     */
+    public java.lang.String getNextPageToken() {
+      java.lang.Object ref = nextPageToken_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        nextPageToken_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A token to retrieve next page of results. Pass this value in
+     * [ListCertificateTemplatesRequest.next_page_token][] to retrieve
+     * the next page of results.
+     * </pre>
+     *
+     * <code>string next_page_token = 2;</code>
+     *
+     * @return The bytes for nextPageToken.
+     */
+    public com.google.protobuf.ByteString getNextPageTokenBytes() {
+      java.lang.Object ref = nextPageToken_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        nextPageToken_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A token to retrieve next page of results. Pass this value in
+     * [ListCertificateTemplatesRequest.next_page_token][] to retrieve
+     * the next page of results.
+     * </pre>
+     *
+     * <code>string next_page_token = 2;</code>
+     *
+     * @param value The nextPageToken to set.
+     * @return This builder for chaining.
+     */
+    public Builder setNextPageToken(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      nextPageToken_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A token to retrieve next page of results. Pass this value in
+     * [ListCertificateTemplatesRequest.next_page_token][] to retrieve
+     * the next page of results.
+     * </pre>
+     *
+     * <code>string next_page_token = 2;</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearNextPageToken() {
+
+      nextPageToken_ = getDefaultInstance().getNextPageToken();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A token to retrieve next page of results. Pass this value in
+     * [ListCertificateTemplatesRequest.next_page_token][] to retrieve
+     * the next page of results.
+     * </pre>
+     *
+     * <code>string next_page_token = 2;</code>
+     *
+     * @param value The bytes for nextPageToken to set.
+     * @return This builder for chaining.
+     */
+    public Builder setNextPageTokenBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      nextPageToken_ = value;
+      onChanged();
+      return this;
+    }
+
+    private com.google.protobuf.LazyStringList unreachable_ =
+        com.google.protobuf.LazyStringArrayList.EMPTY;
+
+    private void ensureUnreachableIsMutable() {
+      if (!((bitField0_ & 0x00000002) != 0)) {
+        unreachable_ = new com.google.protobuf.LazyStringArrayList(unreachable_);
+        bitField0_ |= 0x00000002;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @return A list containing the unreachable.
+     */
+    public com.google.protobuf.ProtocolStringList getUnreachableList() {
+      return unreachable_.getUnmodifiableView();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @return The count of unreachable.
+     */
+    public int getUnreachableCount() {
+      return unreachable_.size();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @param index The index of the element to return.
+     * @return The unreachable at the given index.
+     */
+    public java.lang.String getUnreachable(int index) {
+      return unreachable_.get(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @param index The index of the value to return.
+     * @return The bytes of the unreachable at the given index.
+     */
+    public com.google.protobuf.ByteString getUnreachableBytes(int index) {
+      return unreachable_.getByteString(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @param index The index to set the value at.
+     * @param value The unreachable to set.
+     * @return This builder for chaining.
+     */
+    public Builder setUnreachable(int index, java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensureUnreachableIsMutable();
+      unreachable_.set(index, value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @param value The unreachable to add.
+     * @return This builder for chaining.
+     */
+    public Builder addUnreachable(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensureUnreachableIsMutable();
+      unreachable_.add(value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @param values The unreachable to add.
+     * @return This builder for chaining.
+     */
+    public Builder addAllUnreachable(java.lang.Iterable<java.lang.String> values) {
+      ensureUnreachableIsMutable();
+      com.google.protobuf.AbstractMessageLite.Builder.addAll(values, unreachable_);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearUnreachable() {
+      unreachable_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000002);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @param value The bytes of the unreachable to add.
+     * @return This builder for chaining.
+     */
+    public Builder addUnreachableBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+      ensureUnreachableIsMutable();
+      unreachable_.add(value);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.ListCertificateTemplatesResponse)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.ListCertificateTemplatesResponse)
+  private static final com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse
+      DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE =
+        new com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse();
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse
+      getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<ListCertificateTemplatesResponse> PARSER =
+      new com.google.protobuf.AbstractParser<ListCertificateTemplatesResponse>() {
+        @java.lang.Override
+        public ListCertificateTemplatesResponse parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new ListCertificateTemplatesResponse(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<ListCertificateTemplatesResponse> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<ListCertificateTemplatesResponse> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse
+      getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateTemplatesResponseOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateTemplatesResponseOrBuilder.java
new file mode 100644
index 00000000..94f3b057
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificateTemplatesResponseOrBuilder.java
@@ -0,0 +1,174 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface ListCertificateTemplatesResponseOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.ListCertificateTemplatesResponse)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * The list of
+   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateTemplate certificate_templates = 1;
+   * </code>
+   */
+  java.util.List<com.google.cloud.security.privateca.v1.CertificateTemplate>
+      getCertificateTemplatesList();
+  /**
+   *
+   *
+   * <pre>
+   * The list of
+   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateTemplate certificate_templates = 1;
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.CertificateTemplate getCertificateTemplates(int index);
+  /**
+   *
+   *
+   * <pre>
+   * The list of
+   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateTemplate certificate_templates = 1;
+   * </code>
+   */
+  int getCertificateTemplatesCount();
+  /**
+   *
+   *
+   * <pre>
+   * The list of
+   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateTemplate certificate_templates = 1;
+   * </code>
+   */
+  java.util.List<? extends com.google.cloud.security.privateca.v1.CertificateTemplateOrBuilder>
+      getCertificateTemplatesOrBuilderList();
+  /**
+   *
+   *
+   * <pre>
+   * The list of
+   * [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.CertificateTemplate certificate_templates = 1;
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.CertificateTemplateOrBuilder
+      getCertificateTemplatesOrBuilder(int index);
+
+  /**
+   *
+   *
+   * <pre>
+   * A token to retrieve next page of results. Pass this value in
+   * [ListCertificateTemplatesRequest.next_page_token][] to retrieve
+   * the next page of results.
+   * </pre>
+   *
+   * <code>string next_page_token = 2;</code>
+   *
+   * @return The nextPageToken.
+   */
+  java.lang.String getNextPageToken();
+  /**
+   *
+   *
+   * <pre>
+   * A token to retrieve next page of results. Pass this value in
+   * [ListCertificateTemplatesRequest.next_page_token][] to retrieve
+   * the next page of results.
+   * </pre>
+   *
+   * <code>string next_page_token = 2;</code>
+   *
+   * @return The bytes for nextPageToken.
+   */
+  com.google.protobuf.ByteString getNextPageTokenBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @return A list containing the unreachable.
+   */
+  java.util.List<java.lang.String> getUnreachableList();
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @return The count of unreachable.
+   */
+  int getUnreachableCount();
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @param index The index of the element to return.
+   * @return The unreachable at the given index.
+   */
+  java.lang.String getUnreachable(int index);
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @param index The index of the value to return.
+   * @return The bytes of the unreachable at the given index.
+   */
+  com.google.protobuf.ByteString getUnreachableBytes(int index);
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificatesRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificatesRequest.java
new file mode 100644
index 00000000..c67f0410
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificatesRequest.java
@@ -0,0 +1,1363 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Request message for
+ * [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificates].
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.ListCertificatesRequest}
+ */
+public final class ListCertificatesRequest extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.ListCertificatesRequest)
+    ListCertificatesRequestOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use ListCertificatesRequest.newBuilder() to construct.
+  private ListCertificatesRequest(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private ListCertificatesRequest() {
+    parent_ = "";
+    pageToken_ = "";
+    filter_ = "";
+    orderBy_ = "";
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new ListCertificatesRequest();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private ListCertificatesRequest(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              parent_ = s;
+              break;
+            }
+          case 16:
+            {
+              pageSize_ = input.readInt32();
+              break;
+            }
+          case 26:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              pageToken_ = s;
+              break;
+            }
+          case 34:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              filter_ = s;
+              break;
+            }
+          case 42:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              orderBy_ = s;
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_ListCertificatesRequest_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_ListCertificatesRequest_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.ListCertificatesRequest.class,
+            com.google.cloud.security.privateca.v1.ListCertificatesRequest.Builder.class);
+  }
+
+  public static final int PARENT_FIELD_NUMBER = 1;
+  private volatile java.lang.Object parent_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name of the location associated with the
+   * [Certificates][google.cloud.security.privateca.v1.Certificate], in the
+   * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The parent.
+   */
+  @java.lang.Override
+  public java.lang.String getParent() {
+    java.lang.Object ref = parent_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      parent_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name of the location associated with the
+   * [Certificates][google.cloud.security.privateca.v1.Certificate], in the
+   * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for parent.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getParentBytes() {
+    java.lang.Object ref = parent_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      parent_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int PAGE_SIZE_FIELD_NUMBER = 2;
+  private int pageSize_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Limit on the number of
+   * [Certificates][google.cloud.security.privateca.v1.Certificate] to include
+   * in the response. Further
+   * [Certificates][google.cloud.security.privateca.v1.Certificate] can
+   * subsequently be obtained by including the
+   * [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token]
+   * in a subsequent request. If unspecified, the server will pick an
+   * appropriate default.
+   * </pre>
+   *
+   * <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The pageSize.
+   */
+  @java.lang.Override
+  public int getPageSize() {
+    return pageSize_;
+  }
+
+  public static final int PAGE_TOKEN_FIELD_NUMBER = 3;
+  private volatile java.lang.Object pageToken_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Pagination token, returned earlier via
+   * [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token].
+   * </pre>
+   *
+   * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The pageToken.
+   */
+  @java.lang.Override
+  public java.lang.String getPageToken() {
+    java.lang.Object ref = pageToken_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      pageToken_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Pagination token, returned earlier via
+   * [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token].
+   * </pre>
+   *
+   * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for pageToken.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getPageTokenBytes() {
+    java.lang.Object ref = pageToken_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      pageToken_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int FILTER_FIELD_NUMBER = 4;
+  private volatile java.lang.Object filter_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Only include resources that match the filter in the response. For
+   * details on supported filters and syntax, see [Certificates Filtering
+   * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#filtering_support).
+   * </pre>
+   *
+   * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The filter.
+   */
+  @java.lang.Override
+  public java.lang.String getFilter() {
+    java.lang.Object ref = filter_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      filter_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Only include resources that match the filter in the response. For
+   * details on supported filters and syntax, see [Certificates Filtering
+   * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#filtering_support).
+   * </pre>
+   *
+   * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for filter.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getFilterBytes() {
+    java.lang.Object ref = filter_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      filter_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int ORDER_BY_FIELD_NUMBER = 5;
+  private volatile java.lang.Object orderBy_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Specify how the results should be sorted. For details on
+   * supported fields and syntax, see [Certificates Sorting
+   * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#sorting_support).
+   * </pre>
+   *
+   * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The orderBy.
+   */
+  @java.lang.Override
+  public java.lang.String getOrderBy() {
+    java.lang.Object ref = orderBy_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      orderBy_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Specify how the results should be sorted. For details on
+   * supported fields and syntax, see [Certificates Sorting
+   * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#sorting_support).
+   * </pre>
+   *
+   * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for orderBy.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getOrderByBytes() {
+    java.lang.Object ref = orderBy_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      orderBy_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!getParentBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, parent_);
+    }
+    if (pageSize_ != 0) {
+      output.writeInt32(2, pageSize_);
+    }
+    if (!getPageTokenBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 3, pageToken_);
+    }
+    if (!getFilterBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 4, filter_);
+    }
+    if (!getOrderByBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 5, orderBy_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!getParentBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, parent_);
+    }
+    if (pageSize_ != 0) {
+      size += com.google.protobuf.CodedOutputStream.computeInt32Size(2, pageSize_);
+    }
+    if (!getPageTokenBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(3, pageToken_);
+    }
+    if (!getFilterBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(4, filter_);
+    }
+    if (!getOrderByBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(5, orderBy_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.security.privateca.v1.ListCertificatesRequest)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.ListCertificatesRequest other =
+        (com.google.cloud.security.privateca.v1.ListCertificatesRequest) obj;
+
+    if (!getParent().equals(other.getParent())) return false;
+    if (getPageSize() != other.getPageSize()) return false;
+    if (!getPageToken().equals(other.getPageToken())) return false;
+    if (!getFilter().equals(other.getFilter())) return false;
+    if (!getOrderBy().equals(other.getOrderBy())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + PARENT_FIELD_NUMBER;
+    hash = (53 * hash) + getParent().hashCode();
+    hash = (37 * hash) + PAGE_SIZE_FIELD_NUMBER;
+    hash = (53 * hash) + getPageSize();
+    hash = (37 * hash) + PAGE_TOKEN_FIELD_NUMBER;
+    hash = (53 * hash) + getPageToken().hashCode();
+    hash = (37 * hash) + FILTER_FIELD_NUMBER;
+    hash = (53 * hash) + getFilter().hashCode();
+    hash = (37 * hash) + ORDER_BY_FIELD_NUMBER;
+    hash = (53 * hash) + getOrderBy().hashCode();
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificatesRequest parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificatesRequest parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificatesRequest parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificatesRequest parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificatesRequest parseFrom(
+      byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificatesRequest parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificatesRequest parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificatesRequest parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificatesRequest parseDelimitedFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificatesRequest parseDelimitedFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificatesRequest parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificatesRequest parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.ListCertificatesRequest prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Request message for
+   * [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificates].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.ListCertificatesRequest}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.ListCertificatesRequest)
+      com.google.cloud.security.privateca.v1.ListCertificatesRequestOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_ListCertificatesRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_ListCertificatesRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.ListCertificatesRequest.class,
+              com.google.cloud.security.privateca.v1.ListCertificatesRequest.Builder.class);
+    }
+
+    // Construct using com.google.cloud.security.privateca.v1.ListCertificatesRequest.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      parent_ = "";
+
+      pageSize_ = 0;
+
+      pageToken_ = "";
+
+      filter_ = "";
+
+      orderBy_ = "";
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_ListCertificatesRequest_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.ListCertificatesRequest
+        getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.ListCertificatesRequest.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.ListCertificatesRequest build() {
+      com.google.cloud.security.privateca.v1.ListCertificatesRequest result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.ListCertificatesRequest buildPartial() {
+      com.google.cloud.security.privateca.v1.ListCertificatesRequest result =
+          new com.google.cloud.security.privateca.v1.ListCertificatesRequest(this);
+      result.parent_ = parent_;
+      result.pageSize_ = pageSize_;
+      result.pageToken_ = pageToken_;
+      result.filter_ = filter_;
+      result.orderBy_ = orderBy_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.security.privateca.v1.ListCertificatesRequest) {
+        return mergeFrom((com.google.cloud.security.privateca.v1.ListCertificatesRequest) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(com.google.cloud.security.privateca.v1.ListCertificatesRequest other) {
+      if (other
+          == com.google.cloud.security.privateca.v1.ListCertificatesRequest.getDefaultInstance())
+        return this;
+      if (!other.getParent().isEmpty()) {
+        parent_ = other.parent_;
+        onChanged();
+      }
+      if (other.getPageSize() != 0) {
+        setPageSize(other.getPageSize());
+      }
+      if (!other.getPageToken().isEmpty()) {
+        pageToken_ = other.pageToken_;
+        onChanged();
+      }
+      if (!other.getFilter().isEmpty()) {
+        filter_ = other.filter_;
+        onChanged();
+      }
+      if (!other.getOrderBy().isEmpty()) {
+        orderBy_ = other.orderBy_;
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.ListCertificatesRequest parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.ListCertificatesRequest)
+                e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private java.lang.Object parent_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the location associated with the
+     * [Certificates][google.cloud.security.privateca.v1.Certificate], in the
+     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The parent.
+     */
+    public java.lang.String getParent() {
+      java.lang.Object ref = parent_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        parent_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the location associated with the
+     * [Certificates][google.cloud.security.privateca.v1.Certificate], in the
+     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for parent.
+     */
+    public com.google.protobuf.ByteString getParentBytes() {
+      java.lang.Object ref = parent_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        parent_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the location associated with the
+     * [Certificates][google.cloud.security.privateca.v1.Certificate], in the
+     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The parent to set.
+     * @return This builder for chaining.
+     */
+    public Builder setParent(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      parent_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the location associated with the
+     * [Certificates][google.cloud.security.privateca.v1.Certificate], in the
+     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearParent() {
+
+      parent_ = getDefaultInstance().getParent();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name of the location associated with the
+     * [Certificates][google.cloud.security.privateca.v1.Certificate], in the
+     * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The bytes for parent to set.
+     * @return This builder for chaining.
+     */
+    public Builder setParentBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      parent_ = value;
+      onChanged();
+      return this;
+    }
+
+    private int pageSize_;
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Limit on the number of
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] to include
+     * in the response. Further
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] can
+     * subsequently be obtained by including the
+     * [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token]
+     * in a subsequent request. If unspecified, the server will pick an
+     * appropriate default.
+     * </pre>
+     *
+     * <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The pageSize.
+     */
+    @java.lang.Override
+    public int getPageSize() {
+      return pageSize_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Limit on the number of
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] to include
+     * in the response. Further
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] can
+     * subsequently be obtained by including the
+     * [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token]
+     * in a subsequent request. If unspecified, the server will pick an
+     * appropriate default.
+     * </pre>
+     *
+     * <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The pageSize to set.
+     * @return This builder for chaining.
+     */
+    public Builder setPageSize(int value) {
+
+      pageSize_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Limit on the number of
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] to include
+     * in the response. Further
+     * [Certificates][google.cloud.security.privateca.v1.Certificate] can
+     * subsequently be obtained by including the
+     * [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token]
+     * in a subsequent request. If unspecified, the server will pick an
+     * appropriate default.
+     * </pre>
+     *
+     * <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearPageSize() {
+
+      pageSize_ = 0;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object pageToken_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Pagination token, returned earlier via
+     * [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token].
+     * </pre>
+     *
+     * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The pageToken.
+     */
+    public java.lang.String getPageToken() {
+      java.lang.Object ref = pageToken_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        pageToken_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Pagination token, returned earlier via
+     * [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token].
+     * </pre>
+     *
+     * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for pageToken.
+     */
+    public com.google.protobuf.ByteString getPageTokenBytes() {
+      java.lang.Object ref = pageToken_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        pageToken_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Pagination token, returned earlier via
+     * [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token].
+     * </pre>
+     *
+     * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The pageToken to set.
+     * @return This builder for chaining.
+     */
+    public Builder setPageToken(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      pageToken_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Pagination token, returned earlier via
+     * [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token].
+     * </pre>
+     *
+     * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearPageToken() {
+
+      pageToken_ = getDefaultInstance().getPageToken();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Pagination token, returned earlier via
+     * [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token].
+     * </pre>
+     *
+     * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The bytes for pageToken to set.
+     * @return This builder for chaining.
+     */
+    public Builder setPageTokenBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      pageToken_ = value;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object filter_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Only include resources that match the filter in the response. For
+     * details on supported filters and syntax, see [Certificates Filtering
+     * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#filtering_support).
+     * </pre>
+     *
+     * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The filter.
+     */
+    public java.lang.String getFilter() {
+      java.lang.Object ref = filter_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        filter_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Only include resources that match the filter in the response. For
+     * details on supported filters and syntax, see [Certificates Filtering
+     * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#filtering_support).
+     * </pre>
+     *
+     * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for filter.
+     */
+    public com.google.protobuf.ByteString getFilterBytes() {
+      java.lang.Object ref = filter_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        filter_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Only include resources that match the filter in the response. For
+     * details on supported filters and syntax, see [Certificates Filtering
+     * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#filtering_support).
+     * </pre>
+     *
+     * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The filter to set.
+     * @return This builder for chaining.
+     */
+    public Builder setFilter(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      filter_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Only include resources that match the filter in the response. For
+     * details on supported filters and syntax, see [Certificates Filtering
+     * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#filtering_support).
+     * </pre>
+     *
+     * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearFilter() {
+
+      filter_ = getDefaultInstance().getFilter();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Only include resources that match the filter in the response. For
+     * details on supported filters and syntax, see [Certificates Filtering
+     * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#filtering_support).
+     * </pre>
+     *
+     * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The bytes for filter to set.
+     * @return This builder for chaining.
+     */
+    public Builder setFilterBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      filter_ = value;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object orderBy_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Specify how the results should be sorted. For details on
+     * supported fields and syntax, see [Certificates Sorting
+     * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#sorting_support).
+     * </pre>
+     *
+     * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The orderBy.
+     */
+    public java.lang.String getOrderBy() {
+      java.lang.Object ref = orderBy_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        orderBy_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Specify how the results should be sorted. For details on
+     * supported fields and syntax, see [Certificates Sorting
+     * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#sorting_support).
+     * </pre>
+     *
+     * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for orderBy.
+     */
+    public com.google.protobuf.ByteString getOrderByBytes() {
+      java.lang.Object ref = orderBy_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        orderBy_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Specify how the results should be sorted. For details on
+     * supported fields and syntax, see [Certificates Sorting
+     * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#sorting_support).
+     * </pre>
+     *
+     * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The orderBy to set.
+     * @return This builder for chaining.
+     */
+    public Builder setOrderBy(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      orderBy_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Specify how the results should be sorted. For details on
+     * supported fields and syntax, see [Certificates Sorting
+     * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#sorting_support).
+     * </pre>
+     *
+     * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearOrderBy() {
+
+      orderBy_ = getDefaultInstance().getOrderBy();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Specify how the results should be sorted. For details on
+     * supported fields and syntax, see [Certificates Sorting
+     * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#sorting_support).
+     * </pre>
+     *
+     * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The bytes for orderBy to set.
+     * @return This builder for chaining.
+     */
+    public Builder setOrderByBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      orderBy_ = value;
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.ListCertificatesRequest)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.ListCertificatesRequest)
+  private static final com.google.cloud.security.privateca.v1.ListCertificatesRequest
+      DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.ListCertificatesRequest();
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificatesRequest
+      getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<ListCertificatesRequest> PARSER =
+      new com.google.protobuf.AbstractParser<ListCertificatesRequest>() {
+        @java.lang.Override
+        public ListCertificatesRequest parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new ListCertificatesRequest(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<ListCertificatesRequest> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<ListCertificatesRequest> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.ListCertificatesRequest
+      getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificatesRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificatesRequestOrBuilder.java
new file mode 100644
index 00000000..2ffe474c
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificatesRequestOrBuilder.java
@@ -0,0 +1,163 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface ListCertificatesRequestOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.ListCertificatesRequest)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name of the location associated with the
+   * [Certificates][google.cloud.security.privateca.v1.Certificate], in the
+   * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The parent.
+   */
+  java.lang.String getParent();
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name of the location associated with the
+   * [Certificates][google.cloud.security.privateca.v1.Certificate], in the
+   * format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string parent = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for parent.
+   */
+  com.google.protobuf.ByteString getParentBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Limit on the number of
+   * [Certificates][google.cloud.security.privateca.v1.Certificate] to include
+   * in the response. Further
+   * [Certificates][google.cloud.security.privateca.v1.Certificate] can
+   * subsequently be obtained by including the
+   * [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token]
+   * in a subsequent request. If unspecified, the server will pick an
+   * appropriate default.
+   * </pre>
+   *
+   * <code>int32 page_size = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The pageSize.
+   */
+  int getPageSize();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Pagination token, returned earlier via
+   * [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token].
+   * </pre>
+   *
+   * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The pageToken.
+   */
+  java.lang.String getPageToken();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Pagination token, returned earlier via
+   * [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token].
+   * </pre>
+   *
+   * <code>string page_token = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for pageToken.
+   */
+  com.google.protobuf.ByteString getPageTokenBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Only include resources that match the filter in the response. For
+   * details on supported filters and syntax, see [Certificates Filtering
+   * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#filtering_support).
+   * </pre>
+   *
+   * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The filter.
+   */
+  java.lang.String getFilter();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Only include resources that match the filter in the response. For
+   * details on supported filters and syntax, see [Certificates Filtering
+   * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#filtering_support).
+   * </pre>
+   *
+   * <code>string filter = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for filter.
+   */
+  com.google.protobuf.ByteString getFilterBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Specify how the results should be sorted. For details on
+   * supported fields and syntax, see [Certificates Sorting
+   * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#sorting_support).
+   * </pre>
+   *
+   * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The orderBy.
+   */
+  java.lang.String getOrderBy();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Specify how the results should be sorted. For details on
+   * supported fields and syntax, see [Certificates Sorting
+   * documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#sorting_support).
+   * </pre>
+   *
+   * <code>string order_by = 5 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for orderBy.
+   */
+  com.google.protobuf.ByteString getOrderByBytes();
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificatesResponse.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificatesResponse.java
new file mode 100644
index 00000000..44bbb311
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificatesResponse.java
@@ -0,0 +1,1441 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Response message for
+ * [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificates].
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.ListCertificatesResponse}
+ */
+public final class ListCertificatesResponse extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.ListCertificatesResponse)
+    ListCertificatesResponseOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use ListCertificatesResponse.newBuilder() to construct.
+  private ListCertificatesResponse(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private ListCertificatesResponse() {
+    certificates_ = java.util.Collections.emptyList();
+    nextPageToken_ = "";
+    unreachable_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new ListCertificatesResponse();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private ListCertificatesResponse(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    int mutable_bitField0_ = 0;
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              if (!((mutable_bitField0_ & 0x00000001) != 0)) {
+                certificates_ =
+                    new java.util.ArrayList<com.google.cloud.security.privateca.v1.Certificate>();
+                mutable_bitField0_ |= 0x00000001;
+              }
+              certificates_.add(
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.Certificate.parser(),
+                      extensionRegistry));
+              break;
+            }
+          case 18:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              nextPageToken_ = s;
+              break;
+            }
+          case 26:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+              if (!((mutable_bitField0_ & 0x00000002) != 0)) {
+                unreachable_ = new com.google.protobuf.LazyStringArrayList();
+                mutable_bitField0_ |= 0x00000002;
+              }
+              unreachable_.add(s);
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      if (((mutable_bitField0_ & 0x00000001) != 0)) {
+        certificates_ = java.util.Collections.unmodifiableList(certificates_);
+      }
+      if (((mutable_bitField0_ & 0x00000002) != 0)) {
+        unreachable_ = unreachable_.getUnmodifiableView();
+      }
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_ListCertificatesResponse_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_ListCertificatesResponse_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.ListCertificatesResponse.class,
+            com.google.cloud.security.privateca.v1.ListCertificatesResponse.Builder.class);
+  }
+
+  public static final int CERTIFICATES_FIELD_NUMBER = 1;
+  private java.util.List<com.google.cloud.security.privateca.v1.Certificate> certificates_;
+  /**
+   *
+   *
+   * <pre>
+   * The list of [Certificates][google.cloud.security.privateca.v1.Certificate].
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.Certificate certificates = 1;</code>
+   */
+  @java.lang.Override
+  public java.util.List<com.google.cloud.security.privateca.v1.Certificate> getCertificatesList() {
+    return certificates_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The list of [Certificates][google.cloud.security.privateca.v1.Certificate].
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.Certificate certificates = 1;</code>
+   */
+  @java.lang.Override
+  public java.util.List<? extends com.google.cloud.security.privateca.v1.CertificateOrBuilder>
+      getCertificatesOrBuilderList() {
+    return certificates_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The list of [Certificates][google.cloud.security.privateca.v1.Certificate].
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.Certificate certificates = 1;</code>
+   */
+  @java.lang.Override
+  public int getCertificatesCount() {
+    return certificates_.size();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The list of [Certificates][google.cloud.security.privateca.v1.Certificate].
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.Certificate certificates = 1;</code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.Certificate getCertificates(int index) {
+    return certificates_.get(index);
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The list of [Certificates][google.cloud.security.privateca.v1.Certificate].
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.Certificate certificates = 1;</code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateOrBuilder getCertificatesOrBuilder(
+      int index) {
+    return certificates_.get(index);
+  }
+
+  public static final int NEXT_PAGE_TOKEN_FIELD_NUMBER = 2;
+  private volatile java.lang.Object nextPageToken_;
+  /**
+   *
+   *
+   * <pre>
+   * A token to retrieve next page of results. Pass this value in
+   * [ListCertificatesRequest.next_page_token][] to retrieve the
+   * next page of results.
+   * </pre>
+   *
+   * <code>string next_page_token = 2;</code>
+   *
+   * @return The nextPageToken.
+   */
+  @java.lang.Override
+  public java.lang.String getNextPageToken() {
+    java.lang.Object ref = nextPageToken_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      nextPageToken_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * A token to retrieve next page of results. Pass this value in
+   * [ListCertificatesRequest.next_page_token][] to retrieve the
+   * next page of results.
+   * </pre>
+   *
+   * <code>string next_page_token = 2;</code>
+   *
+   * @return The bytes for nextPageToken.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getNextPageTokenBytes() {
+    java.lang.Object ref = nextPageToken_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      nextPageToken_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int UNREACHABLE_FIELD_NUMBER = 3;
+  private com.google.protobuf.LazyStringList unreachable_;
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @return A list containing the unreachable.
+   */
+  public com.google.protobuf.ProtocolStringList getUnreachableList() {
+    return unreachable_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @return The count of unreachable.
+   */
+  public int getUnreachableCount() {
+    return unreachable_.size();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @param index The index of the element to return.
+   * @return The unreachable at the given index.
+   */
+  public java.lang.String getUnreachable(int index) {
+    return unreachable_.get(index);
+  }
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @param index The index of the value to return.
+   * @return The bytes of the unreachable at the given index.
+   */
+  public com.google.protobuf.ByteString getUnreachableBytes(int index) {
+    return unreachable_.getByteString(index);
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    for (int i = 0; i < certificates_.size(); i++) {
+      output.writeMessage(1, certificates_.get(i));
+    }
+    if (!getNextPageTokenBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 2, nextPageToken_);
+    }
+    for (int i = 0; i < unreachable_.size(); i++) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 3, unreachable_.getRaw(i));
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    for (int i = 0; i < certificates_.size(); i++) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(1, certificates_.get(i));
+    }
+    if (!getNextPageTokenBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(2, nextPageToken_);
+    }
+    {
+      int dataSize = 0;
+      for (int i = 0; i < unreachable_.size(); i++) {
+        dataSize += computeStringSizeNoTag(unreachable_.getRaw(i));
+      }
+      size += dataSize;
+      size += 1 * getUnreachableList().size();
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.security.privateca.v1.ListCertificatesResponse)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.ListCertificatesResponse other =
+        (com.google.cloud.security.privateca.v1.ListCertificatesResponse) obj;
+
+    if (!getCertificatesList().equals(other.getCertificatesList())) return false;
+    if (!getNextPageToken().equals(other.getNextPageToken())) return false;
+    if (!getUnreachableList().equals(other.getUnreachableList())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    if (getCertificatesCount() > 0) {
+      hash = (37 * hash) + CERTIFICATES_FIELD_NUMBER;
+      hash = (53 * hash) + getCertificatesList().hashCode();
+    }
+    hash = (37 * hash) + NEXT_PAGE_TOKEN_FIELD_NUMBER;
+    hash = (53 * hash) + getNextPageToken().hashCode();
+    if (getUnreachableCount() > 0) {
+      hash = (37 * hash) + UNREACHABLE_FIELD_NUMBER;
+      hash = (53 * hash) + getUnreachableList().hashCode();
+    }
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificatesResponse parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificatesResponse parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificatesResponse parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificatesResponse parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificatesResponse parseFrom(
+      byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificatesResponse parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificatesResponse parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificatesResponse parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificatesResponse parseDelimitedFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificatesResponse parseDelimitedFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificatesResponse parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificatesResponse parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.ListCertificatesResponse prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Response message for
+   * [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificates].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.ListCertificatesResponse}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.ListCertificatesResponse)
+      com.google.cloud.security.privateca.v1.ListCertificatesResponseOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_ListCertificatesResponse_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_ListCertificatesResponse_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.ListCertificatesResponse.class,
+              com.google.cloud.security.privateca.v1.ListCertificatesResponse.Builder.class);
+    }
+
+    // Construct using com.google.cloud.security.privateca.v1.ListCertificatesResponse.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {
+        getCertificatesFieldBuilder();
+      }
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      if (certificatesBuilder_ == null) {
+        certificates_ = java.util.Collections.emptyList();
+        bitField0_ = (bitField0_ & ~0x00000001);
+      } else {
+        certificatesBuilder_.clear();
+      }
+      nextPageToken_ = "";
+
+      unreachable_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000002);
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_ListCertificatesResponse_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.ListCertificatesResponse
+        getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.ListCertificatesResponse.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.ListCertificatesResponse build() {
+      com.google.cloud.security.privateca.v1.ListCertificatesResponse result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.ListCertificatesResponse buildPartial() {
+      com.google.cloud.security.privateca.v1.ListCertificatesResponse result =
+          new com.google.cloud.security.privateca.v1.ListCertificatesResponse(this);
+      int from_bitField0_ = bitField0_;
+      if (certificatesBuilder_ == null) {
+        if (((bitField0_ & 0x00000001) != 0)) {
+          certificates_ = java.util.Collections.unmodifiableList(certificates_);
+          bitField0_ = (bitField0_ & ~0x00000001);
+        }
+        result.certificates_ = certificates_;
+      } else {
+        result.certificates_ = certificatesBuilder_.build();
+      }
+      result.nextPageToken_ = nextPageToken_;
+      if (((bitField0_ & 0x00000002) != 0)) {
+        unreachable_ = unreachable_.getUnmodifiableView();
+        bitField0_ = (bitField0_ & ~0x00000002);
+      }
+      result.unreachable_ = unreachable_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.security.privateca.v1.ListCertificatesResponse) {
+        return mergeFrom((com.google.cloud.security.privateca.v1.ListCertificatesResponse) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(
+        com.google.cloud.security.privateca.v1.ListCertificatesResponse other) {
+      if (other
+          == com.google.cloud.security.privateca.v1.ListCertificatesResponse.getDefaultInstance())
+        return this;
+      if (certificatesBuilder_ == null) {
+        if (!other.certificates_.isEmpty()) {
+          if (certificates_.isEmpty()) {
+            certificates_ = other.certificates_;
+            bitField0_ = (bitField0_ & ~0x00000001);
+          } else {
+            ensureCertificatesIsMutable();
+            certificates_.addAll(other.certificates_);
+          }
+          onChanged();
+        }
+      } else {
+        if (!other.certificates_.isEmpty()) {
+          if (certificatesBuilder_.isEmpty()) {
+            certificatesBuilder_.dispose();
+            certificatesBuilder_ = null;
+            certificates_ = other.certificates_;
+            bitField0_ = (bitField0_ & ~0x00000001);
+            certificatesBuilder_ =
+                com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders
+                    ? getCertificatesFieldBuilder()
+                    : null;
+          } else {
+            certificatesBuilder_.addAllMessages(other.certificates_);
+          }
+        }
+      }
+      if (!other.getNextPageToken().isEmpty()) {
+        nextPageToken_ = other.nextPageToken_;
+        onChanged();
+      }
+      if (!other.unreachable_.isEmpty()) {
+        if (unreachable_.isEmpty()) {
+          unreachable_ = other.unreachable_;
+          bitField0_ = (bitField0_ & ~0x00000002);
+        } else {
+          ensureUnreachableIsMutable();
+          unreachable_.addAll(other.unreachable_);
+        }
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.ListCertificatesResponse parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.ListCertificatesResponse)
+                e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private int bitField0_;
+
+    private java.util.List<com.google.cloud.security.privateca.v1.Certificate> certificates_ =
+        java.util.Collections.emptyList();
+
+    private void ensureCertificatesIsMutable() {
+      if (!((bitField0_ & 0x00000001) != 0)) {
+        certificates_ =
+            new java.util.ArrayList<com.google.cloud.security.privateca.v1.Certificate>(
+                certificates_);
+        bitField0_ |= 0x00000001;
+      }
+    }
+
+    private com.google.protobuf.RepeatedFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.Certificate,
+            com.google.cloud.security.privateca.v1.Certificate.Builder,
+            com.google.cloud.security.privateca.v1.CertificateOrBuilder>
+        certificatesBuilder_;
+
+    /**
+     *
+     *
+     * <pre>
+     * The list of [Certificates][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.Certificate certificates = 1;</code>
+     */
+    public java.util.List<com.google.cloud.security.privateca.v1.Certificate>
+        getCertificatesList() {
+      if (certificatesBuilder_ == null) {
+        return java.util.Collections.unmodifiableList(certificates_);
+      } else {
+        return certificatesBuilder_.getMessageList();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of [Certificates][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.Certificate certificates = 1;</code>
+     */
+    public int getCertificatesCount() {
+      if (certificatesBuilder_ == null) {
+        return certificates_.size();
+      } else {
+        return certificatesBuilder_.getCount();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of [Certificates][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.Certificate certificates = 1;</code>
+     */
+    public com.google.cloud.security.privateca.v1.Certificate getCertificates(int index) {
+      if (certificatesBuilder_ == null) {
+        return certificates_.get(index);
+      } else {
+        return certificatesBuilder_.getMessage(index);
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of [Certificates][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.Certificate certificates = 1;</code>
+     */
+    public Builder setCertificates(
+        int index, com.google.cloud.security.privateca.v1.Certificate value) {
+      if (certificatesBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureCertificatesIsMutable();
+        certificates_.set(index, value);
+        onChanged();
+      } else {
+        certificatesBuilder_.setMessage(index, value);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of [Certificates][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.Certificate certificates = 1;</code>
+     */
+    public Builder setCertificates(
+        int index, com.google.cloud.security.privateca.v1.Certificate.Builder builderForValue) {
+      if (certificatesBuilder_ == null) {
+        ensureCertificatesIsMutable();
+        certificates_.set(index, builderForValue.build());
+        onChanged();
+      } else {
+        certificatesBuilder_.setMessage(index, builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of [Certificates][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.Certificate certificates = 1;</code>
+     */
+    public Builder addCertificates(com.google.cloud.security.privateca.v1.Certificate value) {
+      if (certificatesBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureCertificatesIsMutable();
+        certificates_.add(value);
+        onChanged();
+      } else {
+        certificatesBuilder_.addMessage(value);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of [Certificates][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.Certificate certificates = 1;</code>
+     */
+    public Builder addCertificates(
+        int index, com.google.cloud.security.privateca.v1.Certificate value) {
+      if (certificatesBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureCertificatesIsMutable();
+        certificates_.add(index, value);
+        onChanged();
+      } else {
+        certificatesBuilder_.addMessage(index, value);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of [Certificates][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.Certificate certificates = 1;</code>
+     */
+    public Builder addCertificates(
+        com.google.cloud.security.privateca.v1.Certificate.Builder builderForValue) {
+      if (certificatesBuilder_ == null) {
+        ensureCertificatesIsMutable();
+        certificates_.add(builderForValue.build());
+        onChanged();
+      } else {
+        certificatesBuilder_.addMessage(builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of [Certificates][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.Certificate certificates = 1;</code>
+     */
+    public Builder addCertificates(
+        int index, com.google.cloud.security.privateca.v1.Certificate.Builder builderForValue) {
+      if (certificatesBuilder_ == null) {
+        ensureCertificatesIsMutable();
+        certificates_.add(index, builderForValue.build());
+        onChanged();
+      } else {
+        certificatesBuilder_.addMessage(index, builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of [Certificates][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.Certificate certificates = 1;</code>
+     */
+    public Builder addAllCertificates(
+        java.lang.Iterable<? extends com.google.cloud.security.privateca.v1.Certificate> values) {
+      if (certificatesBuilder_ == null) {
+        ensureCertificatesIsMutable();
+        com.google.protobuf.AbstractMessageLite.Builder.addAll(values, certificates_);
+        onChanged();
+      } else {
+        certificatesBuilder_.addAllMessages(values);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of [Certificates][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.Certificate certificates = 1;</code>
+     */
+    public Builder clearCertificates() {
+      if (certificatesBuilder_ == null) {
+        certificates_ = java.util.Collections.emptyList();
+        bitField0_ = (bitField0_ & ~0x00000001);
+        onChanged();
+      } else {
+        certificatesBuilder_.clear();
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of [Certificates][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.Certificate certificates = 1;</code>
+     */
+    public Builder removeCertificates(int index) {
+      if (certificatesBuilder_ == null) {
+        ensureCertificatesIsMutable();
+        certificates_.remove(index);
+        onChanged();
+      } else {
+        certificatesBuilder_.remove(index);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of [Certificates][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.Certificate certificates = 1;</code>
+     */
+    public com.google.cloud.security.privateca.v1.Certificate.Builder getCertificatesBuilder(
+        int index) {
+      return getCertificatesFieldBuilder().getBuilder(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of [Certificates][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.Certificate certificates = 1;</code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateOrBuilder getCertificatesOrBuilder(
+        int index) {
+      if (certificatesBuilder_ == null) {
+        return certificates_.get(index);
+      } else {
+        return certificatesBuilder_.getMessageOrBuilder(index);
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of [Certificates][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.Certificate certificates = 1;</code>
+     */
+    public java.util.List<? extends com.google.cloud.security.privateca.v1.CertificateOrBuilder>
+        getCertificatesOrBuilderList() {
+      if (certificatesBuilder_ != null) {
+        return certificatesBuilder_.getMessageOrBuilderList();
+      } else {
+        return java.util.Collections.unmodifiableList(certificates_);
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of [Certificates][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.Certificate certificates = 1;</code>
+     */
+    public com.google.cloud.security.privateca.v1.Certificate.Builder addCertificatesBuilder() {
+      return getCertificatesFieldBuilder()
+          .addBuilder(com.google.cloud.security.privateca.v1.Certificate.getDefaultInstance());
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of [Certificates][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.Certificate certificates = 1;</code>
+     */
+    public com.google.cloud.security.privateca.v1.Certificate.Builder addCertificatesBuilder(
+        int index) {
+      return getCertificatesFieldBuilder()
+          .addBuilder(
+              index, com.google.cloud.security.privateca.v1.Certificate.getDefaultInstance());
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The list of [Certificates][google.cloud.security.privateca.v1.Certificate].
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.Certificate certificates = 1;</code>
+     */
+    public java.util.List<com.google.cloud.security.privateca.v1.Certificate.Builder>
+        getCertificatesBuilderList() {
+      return getCertificatesFieldBuilder().getBuilderList();
+    }
+
+    private com.google.protobuf.RepeatedFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.Certificate,
+            com.google.cloud.security.privateca.v1.Certificate.Builder,
+            com.google.cloud.security.privateca.v1.CertificateOrBuilder>
+        getCertificatesFieldBuilder() {
+      if (certificatesBuilder_ == null) {
+        certificatesBuilder_ =
+            new com.google.protobuf.RepeatedFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.Certificate,
+                com.google.cloud.security.privateca.v1.Certificate.Builder,
+                com.google.cloud.security.privateca.v1.CertificateOrBuilder>(
+                certificates_, ((bitField0_ & 0x00000001) != 0), getParentForChildren(), isClean());
+        certificates_ = null;
+      }
+      return certificatesBuilder_;
+    }
+
+    private java.lang.Object nextPageToken_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * A token to retrieve next page of results. Pass this value in
+     * [ListCertificatesRequest.next_page_token][] to retrieve the
+     * next page of results.
+     * </pre>
+     *
+     * <code>string next_page_token = 2;</code>
+     *
+     * @return The nextPageToken.
+     */
+    public java.lang.String getNextPageToken() {
+      java.lang.Object ref = nextPageToken_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        nextPageToken_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A token to retrieve next page of results. Pass this value in
+     * [ListCertificatesRequest.next_page_token][] to retrieve the
+     * next page of results.
+     * </pre>
+     *
+     * <code>string next_page_token = 2;</code>
+     *
+     * @return The bytes for nextPageToken.
+     */
+    public com.google.protobuf.ByteString getNextPageTokenBytes() {
+      java.lang.Object ref = nextPageToken_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        nextPageToken_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A token to retrieve next page of results. Pass this value in
+     * [ListCertificatesRequest.next_page_token][] to retrieve the
+     * next page of results.
+     * </pre>
+     *
+     * <code>string next_page_token = 2;</code>
+     *
+     * @param value The nextPageToken to set.
+     * @return This builder for chaining.
+     */
+    public Builder setNextPageToken(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      nextPageToken_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A token to retrieve next page of results. Pass this value in
+     * [ListCertificatesRequest.next_page_token][] to retrieve the
+     * next page of results.
+     * </pre>
+     *
+     * <code>string next_page_token = 2;</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearNextPageToken() {
+
+      nextPageToken_ = getDefaultInstance().getNextPageToken();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A token to retrieve next page of results. Pass this value in
+     * [ListCertificatesRequest.next_page_token][] to retrieve the
+     * next page of results.
+     * </pre>
+     *
+     * <code>string next_page_token = 2;</code>
+     *
+     * @param value The bytes for nextPageToken to set.
+     * @return This builder for chaining.
+     */
+    public Builder setNextPageTokenBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      nextPageToken_ = value;
+      onChanged();
+      return this;
+    }
+
+    private com.google.protobuf.LazyStringList unreachable_ =
+        com.google.protobuf.LazyStringArrayList.EMPTY;
+
+    private void ensureUnreachableIsMutable() {
+      if (!((bitField0_ & 0x00000002) != 0)) {
+        unreachable_ = new com.google.protobuf.LazyStringArrayList(unreachable_);
+        bitField0_ |= 0x00000002;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @return A list containing the unreachable.
+     */
+    public com.google.protobuf.ProtocolStringList getUnreachableList() {
+      return unreachable_.getUnmodifiableView();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @return The count of unreachable.
+     */
+    public int getUnreachableCount() {
+      return unreachable_.size();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @param index The index of the element to return.
+     * @return The unreachable at the given index.
+     */
+    public java.lang.String getUnreachable(int index) {
+      return unreachable_.get(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @param index The index of the value to return.
+     * @return The bytes of the unreachable at the given index.
+     */
+    public com.google.protobuf.ByteString getUnreachableBytes(int index) {
+      return unreachable_.getByteString(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @param index The index to set the value at.
+     * @param value The unreachable to set.
+     * @return This builder for chaining.
+     */
+    public Builder setUnreachable(int index, java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensureUnreachableIsMutable();
+      unreachable_.set(index, value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @param value The unreachable to add.
+     * @return This builder for chaining.
+     */
+    public Builder addUnreachable(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensureUnreachableIsMutable();
+      unreachable_.add(value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @param values The unreachable to add.
+     * @return This builder for chaining.
+     */
+    public Builder addAllUnreachable(java.lang.Iterable<java.lang.String> values) {
+      ensureUnreachableIsMutable();
+      com.google.protobuf.AbstractMessageLite.Builder.addAll(values, unreachable_);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearUnreachable() {
+      unreachable_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000002);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * A list of locations (e.g. "us-west1") that could not be reached.
+     * </pre>
+     *
+     * <code>repeated string unreachable = 3;</code>
+     *
+     * @param value The bytes of the unreachable to add.
+     * @return This builder for chaining.
+     */
+    public Builder addUnreachableBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+      ensureUnreachableIsMutable();
+      unreachable_.add(value);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.ListCertificatesResponse)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.ListCertificatesResponse)
+  private static final com.google.cloud.security.privateca.v1.ListCertificatesResponse
+      DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.ListCertificatesResponse();
+  }
+
+  public static com.google.cloud.security.privateca.v1.ListCertificatesResponse
+      getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<ListCertificatesResponse> PARSER =
+      new com.google.protobuf.AbstractParser<ListCertificatesResponse>() {
+        @java.lang.Override
+        public ListCertificatesResponse parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new ListCertificatesResponse(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<ListCertificatesResponse> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<ListCertificatesResponse> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.ListCertificatesResponse
+      getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificatesResponseOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificatesResponseOrBuilder.java
new file mode 100644
index 00000000..7b1ce1eb
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ListCertificatesResponseOrBuilder.java
@@ -0,0 +1,157 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface ListCertificatesResponseOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.ListCertificatesResponse)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * The list of [Certificates][google.cloud.security.privateca.v1.Certificate].
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.Certificate certificates = 1;</code>
+   */
+  java.util.List<com.google.cloud.security.privateca.v1.Certificate> getCertificatesList();
+  /**
+   *
+   *
+   * <pre>
+   * The list of [Certificates][google.cloud.security.privateca.v1.Certificate].
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.Certificate certificates = 1;</code>
+   */
+  com.google.cloud.security.privateca.v1.Certificate getCertificates(int index);
+  /**
+   *
+   *
+   * <pre>
+   * The list of [Certificates][google.cloud.security.privateca.v1.Certificate].
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.Certificate certificates = 1;</code>
+   */
+  int getCertificatesCount();
+  /**
+   *
+   *
+   * <pre>
+   * The list of [Certificates][google.cloud.security.privateca.v1.Certificate].
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.Certificate certificates = 1;</code>
+   */
+  java.util.List<? extends com.google.cloud.security.privateca.v1.CertificateOrBuilder>
+      getCertificatesOrBuilderList();
+  /**
+   *
+   *
+   * <pre>
+   * The list of [Certificates][google.cloud.security.privateca.v1.Certificate].
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.Certificate certificates = 1;</code>
+   */
+  com.google.cloud.security.privateca.v1.CertificateOrBuilder getCertificatesOrBuilder(int index);
+
+  /**
+   *
+   *
+   * <pre>
+   * A token to retrieve next page of results. Pass this value in
+   * [ListCertificatesRequest.next_page_token][] to retrieve the
+   * next page of results.
+   * </pre>
+   *
+   * <code>string next_page_token = 2;</code>
+   *
+   * @return The nextPageToken.
+   */
+  java.lang.String getNextPageToken();
+  /**
+   *
+   *
+   * <pre>
+   * A token to retrieve next page of results. Pass this value in
+   * [ListCertificatesRequest.next_page_token][] to retrieve the
+   * next page of results.
+   * </pre>
+   *
+   * <code>string next_page_token = 2;</code>
+   *
+   * @return The bytes for nextPageToken.
+   */
+  com.google.protobuf.ByteString getNextPageTokenBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @return A list containing the unreachable.
+   */
+  java.util.List<java.lang.String> getUnreachableList();
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @return The count of unreachable.
+   */
+  int getUnreachableCount();
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @param index The index of the element to return.
+   * @return The unreachable at the given index.
+   */
+  java.lang.String getUnreachable(int index);
+  /**
+   *
+   *
+   * <pre>
+   * A list of locations (e.g. "us-west1") that could not be reached.
+   * </pre>
+   *
+   * <code>repeated string unreachable = 3;</code>
+   *
+   * @param index The index of the value to return.
+   * @return The bytes of the unreachable at the given index.
+   */
+  com.google.protobuf.ByteString getUnreachableBytes(int index);
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/LocationName.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/LocationName.java
new file mode 100644
index 00000000..f0744066
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/LocationName.java
@@ -0,0 +1,192 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.cloud.security.privateca.v1;
+
+import com.google.api.pathtemplate.PathTemplate;
+import com.google.api.resourcenames.ResourceName;
+import com.google.common.base.Preconditions;
+import com.google.common.collect.ImmutableMap;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import javax.annotation.Generated;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS.
+@Generated("by gapic-generator-java")
+public class LocationName implements ResourceName {
+  private static final PathTemplate PROJECT_LOCATION =
+      PathTemplate.createWithoutUrlEncoding("projects/{project}/locations/{location}");
+  private volatile Map<String, String> fieldValuesMap;
+  private final String project;
+  private final String location;
+
+  @Deprecated
+  protected LocationName() {
+    project = null;
+    location = null;
+  }
+
+  private LocationName(Builder builder) {
+    project = Preconditions.checkNotNull(builder.getProject());
+    location = Preconditions.checkNotNull(builder.getLocation());
+  }
+
+  public String getProject() {
+    return project;
+  }
+
+  public String getLocation() {
+    return location;
+  }
+
+  public static Builder newBuilder() {
+    return new Builder();
+  }
+
+  public Builder toBuilder() {
+    return new Builder(this);
+  }
+
+  public static LocationName of(String project, String location) {
+    return newBuilder().setProject(project).setLocation(location).build();
+  }
+
+  public static String format(String project, String location) {
+    return newBuilder().setProject(project).setLocation(location).build().toString();
+  }
+
+  public static LocationName parse(String formattedString) {
+    if (formattedString.isEmpty()) {
+      return null;
+    }
+    Map<String, String> matchMap =
+        PROJECT_LOCATION.validatedMatch(
+            formattedString, "LocationName.parse: formattedString not in valid format");
+    return of(matchMap.get("project"), matchMap.get("location"));
+  }
+
+  public static List<LocationName> parseList(List<String> formattedStrings) {
+    List<LocationName> list = new ArrayList<>(formattedStrings.size());
+    for (String formattedString : formattedStrings) {
+      list.add(parse(formattedString));
+    }
+    return list;
+  }
+
+  public static List<String> toStringList(List<LocationName> values) {
+    List<String> list = new ArrayList<>(values.size());
+    for (LocationName value : values) {
+      if (value == null) {
+        list.add("");
+      } else {
+        list.add(value.toString());
+      }
+    }
+    return list;
+  }
+
+  public static boolean isParsableFrom(String formattedString) {
+    return PROJECT_LOCATION.matches(formattedString);
+  }
+
+  @Override
+  public Map<String, String> getFieldValuesMap() {
+    if (fieldValuesMap == null) {
+      synchronized (this) {
+        if (fieldValuesMap == null) {
+          ImmutableMap.Builder<String, String> fieldMapBuilder = ImmutableMap.builder();
+          if (project != null) {
+            fieldMapBuilder.put("project", project);
+          }
+          if (location != null) {
+            fieldMapBuilder.put("location", location);
+          }
+          fieldValuesMap = fieldMapBuilder.build();
+        }
+      }
+    }
+    return fieldValuesMap;
+  }
+
+  public String getFieldValue(String fieldName) {
+    return getFieldValuesMap().get(fieldName);
+  }
+
+  @Override
+  public String toString() {
+    return PROJECT_LOCATION.instantiate("project", project, "location", location);
+  }
+
+  @Override
+  public boolean equals(Object o) {
+    if (o == this) {
+      return true;
+    }
+    if (o != null || getClass() == o.getClass()) {
+      LocationName that = ((LocationName) o);
+      return Objects.equals(this.project, that.project)
+          && Objects.equals(this.location, that.location);
+    }
+    return false;
+  }
+
+  @Override
+  public int hashCode() {
+    int h = 1;
+    h *= 1000003;
+    h ^= Objects.hashCode(project);
+    h *= 1000003;
+    h ^= Objects.hashCode(location);
+    return h;
+  }
+
+  /** Builder for projects/{project}/locations/{location}. */
+  public static class Builder {
+    private String project;
+    private String location;
+
+    protected Builder() {}
+
+    public String getProject() {
+      return project;
+    }
+
+    public String getLocation() {
+      return location;
+    }
+
+    public Builder setProject(String project) {
+      this.project = project;
+      return this;
+    }
+
+    public Builder setLocation(String location) {
+      this.location = location;
+      return this;
+    }
+
+    private Builder(LocationName locationName) {
+      project = locationName.project;
+      location = locationName.location;
+    }
+
+    public LocationName build() {
+      return new LocationName(this);
+    }
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ObjectId.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ObjectId.java
new file mode 100644
index 00000000..d41c49c8
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ObjectId.java
@@ -0,0 +1,717 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/resources.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * An [ObjectId][google.cloud.security.privateca.v1.ObjectId] specifies an object identifier (OID). These provide context
+ * and describe types in ASN.1 messages.
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.ObjectId}
+ */
+public final class ObjectId extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.ObjectId)
+    ObjectIdOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use ObjectId.newBuilder() to construct.
+  private ObjectId(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private ObjectId() {
+    objectIdPath_ = emptyIntList();
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new ObjectId();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private ObjectId(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    int mutable_bitField0_ = 0;
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 8:
+            {
+              if (!((mutable_bitField0_ & 0x00000001) != 0)) {
+                objectIdPath_ = newIntList();
+                mutable_bitField0_ |= 0x00000001;
+              }
+              objectIdPath_.addInt(input.readInt32());
+              break;
+            }
+          case 10:
+            {
+              int length = input.readRawVarint32();
+              int limit = input.pushLimit(length);
+              if (!((mutable_bitField0_ & 0x00000001) != 0) && input.getBytesUntilLimit() > 0) {
+                objectIdPath_ = newIntList();
+                mutable_bitField0_ |= 0x00000001;
+              }
+              while (input.getBytesUntilLimit() > 0) {
+                objectIdPath_.addInt(input.readInt32());
+              }
+              input.popLimit(limit);
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      if (((mutable_bitField0_ & 0x00000001) != 0)) {
+        objectIdPath_.makeImmutable(); // C
+      }
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+        .internal_static_google_cloud_security_privateca_v1_ObjectId_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+        .internal_static_google_cloud_security_privateca_v1_ObjectId_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.ObjectId.class,
+            com.google.cloud.security.privateca.v1.ObjectId.Builder.class);
+  }
+
+  public static final int OBJECT_ID_PATH_FIELD_NUMBER = 1;
+  private com.google.protobuf.Internal.IntList objectIdPath_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. The parts of an OID path. The most significant parts of the path come
+   * first.
+   * </pre>
+   *
+   * <code>repeated int32 object_id_path = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+   *
+   * @return A list containing the objectIdPath.
+   */
+  @java.lang.Override
+  public java.util.List<java.lang.Integer> getObjectIdPathList() {
+    return objectIdPath_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. The parts of an OID path. The most significant parts of the path come
+   * first.
+   * </pre>
+   *
+   * <code>repeated int32 object_id_path = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+   *
+   * @return The count of objectIdPath.
+   */
+  public int getObjectIdPathCount() {
+    return objectIdPath_.size();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. The parts of an OID path. The most significant parts of the path come
+   * first.
+   * </pre>
+   *
+   * <code>repeated int32 object_id_path = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+   *
+   * @param index The index of the element to return.
+   * @return The objectIdPath at the given index.
+   */
+  public int getObjectIdPath(int index) {
+    return objectIdPath_.getInt(index);
+  }
+
+  private int objectIdPathMemoizedSerializedSize = -1;
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    getSerializedSize();
+    if (getObjectIdPathList().size() > 0) {
+      output.writeUInt32NoTag(10);
+      output.writeUInt32NoTag(objectIdPathMemoizedSerializedSize);
+    }
+    for (int i = 0; i < objectIdPath_.size(); i++) {
+      output.writeInt32NoTag(objectIdPath_.getInt(i));
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    {
+      int dataSize = 0;
+      for (int i = 0; i < objectIdPath_.size(); i++) {
+        dataSize +=
+            com.google.protobuf.CodedOutputStream.computeInt32SizeNoTag(objectIdPath_.getInt(i));
+      }
+      size += dataSize;
+      if (!getObjectIdPathList().isEmpty()) {
+        size += 1;
+        size += com.google.protobuf.CodedOutputStream.computeInt32SizeNoTag(dataSize);
+      }
+      objectIdPathMemoizedSerializedSize = dataSize;
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.security.privateca.v1.ObjectId)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.ObjectId other =
+        (com.google.cloud.security.privateca.v1.ObjectId) obj;
+
+    if (!getObjectIdPathList().equals(other.getObjectIdPathList())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    if (getObjectIdPathCount() > 0) {
+      hash = (37 * hash) + OBJECT_ID_PATH_FIELD_NUMBER;
+      hash = (53 * hash) + getObjectIdPathList().hashCode();
+    }
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.ObjectId parseFrom(java.nio.ByteBuffer data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ObjectId parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ObjectId parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ObjectId parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ObjectId parseFrom(byte[] data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ObjectId parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ObjectId parseFrom(java.io.InputStream input)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ObjectId parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ObjectId parseDelimitedFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ObjectId parseDelimitedFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ObjectId parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.ObjectId parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(com.google.cloud.security.privateca.v1.ObjectId prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * An [ObjectId][google.cloud.security.privateca.v1.ObjectId] specifies an object identifier (OID). These provide context
+   * and describe types in ASN.1 messages.
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.ObjectId}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.ObjectId)
+      com.google.cloud.security.privateca.v1.ObjectIdOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_ObjectId_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_ObjectId_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.ObjectId.class,
+              com.google.cloud.security.privateca.v1.ObjectId.Builder.class);
+    }
+
+    // Construct using com.google.cloud.security.privateca.v1.ObjectId.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      objectIdPath_ = emptyIntList();
+      bitField0_ = (bitField0_ & ~0x00000001);
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_ObjectId_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.ObjectId getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.ObjectId.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.ObjectId build() {
+      com.google.cloud.security.privateca.v1.ObjectId result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.ObjectId buildPartial() {
+      com.google.cloud.security.privateca.v1.ObjectId result =
+          new com.google.cloud.security.privateca.v1.ObjectId(this);
+      int from_bitField0_ = bitField0_;
+      if (((bitField0_ & 0x00000001) != 0)) {
+        objectIdPath_.makeImmutable();
+        bitField0_ = (bitField0_ & ~0x00000001);
+      }
+      result.objectIdPath_ = objectIdPath_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.security.privateca.v1.ObjectId) {
+        return mergeFrom((com.google.cloud.security.privateca.v1.ObjectId) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(com.google.cloud.security.privateca.v1.ObjectId other) {
+      if (other == com.google.cloud.security.privateca.v1.ObjectId.getDefaultInstance())
+        return this;
+      if (!other.objectIdPath_.isEmpty()) {
+        if (objectIdPath_.isEmpty()) {
+          objectIdPath_ = other.objectIdPath_;
+          bitField0_ = (bitField0_ & ~0x00000001);
+        } else {
+          ensureObjectIdPathIsMutable();
+          objectIdPath_.addAll(other.objectIdPath_);
+        }
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.ObjectId parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage = (com.google.cloud.security.privateca.v1.ObjectId) e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private int bitField0_;
+
+    private com.google.protobuf.Internal.IntList objectIdPath_ = emptyIntList();
+
+    private void ensureObjectIdPathIsMutable() {
+      if (!((bitField0_ & 0x00000001) != 0)) {
+        objectIdPath_ = mutableCopy(objectIdPath_);
+        bitField0_ |= 0x00000001;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The parts of an OID path. The most significant parts of the path come
+     * first.
+     * </pre>
+     *
+     * <code>repeated int32 object_id_path = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return A list containing the objectIdPath.
+     */
+    public java.util.List<java.lang.Integer> getObjectIdPathList() {
+      return ((bitField0_ & 0x00000001) != 0)
+          ? java.util.Collections.unmodifiableList(objectIdPath_)
+          : objectIdPath_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The parts of an OID path. The most significant parts of the path come
+     * first.
+     * </pre>
+     *
+     * <code>repeated int32 object_id_path = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The count of objectIdPath.
+     */
+    public int getObjectIdPathCount() {
+      return objectIdPath_.size();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The parts of an OID path. The most significant parts of the path come
+     * first.
+     * </pre>
+     *
+     * <code>repeated int32 object_id_path = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @param index The index of the element to return.
+     * @return The objectIdPath at the given index.
+     */
+    public int getObjectIdPath(int index) {
+      return objectIdPath_.getInt(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The parts of an OID path. The most significant parts of the path come
+     * first.
+     * </pre>
+     *
+     * <code>repeated int32 object_id_path = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @param index The index to set the value at.
+     * @param value The objectIdPath to set.
+     * @return This builder for chaining.
+     */
+    public Builder setObjectIdPath(int index, int value) {
+      ensureObjectIdPathIsMutable();
+      objectIdPath_.setInt(index, value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The parts of an OID path. The most significant parts of the path come
+     * first.
+     * </pre>
+     *
+     * <code>repeated int32 object_id_path = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @param value The objectIdPath to add.
+     * @return This builder for chaining.
+     */
+    public Builder addObjectIdPath(int value) {
+      ensureObjectIdPathIsMutable();
+      objectIdPath_.addInt(value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The parts of an OID path. The most significant parts of the path come
+     * first.
+     * </pre>
+     *
+     * <code>repeated int32 object_id_path = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @param values The objectIdPath to add.
+     * @return This builder for chaining.
+     */
+    public Builder addAllObjectIdPath(java.lang.Iterable<? extends java.lang.Integer> values) {
+      ensureObjectIdPathIsMutable();
+      com.google.protobuf.AbstractMessageLite.Builder.addAll(values, objectIdPath_);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The parts of an OID path. The most significant parts of the path come
+     * first.
+     * </pre>
+     *
+     * <code>repeated int32 object_id_path = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearObjectIdPath() {
+      objectIdPath_ = emptyIntList();
+      bitField0_ = (bitField0_ & ~0x00000001);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.ObjectId)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.ObjectId)
+  private static final com.google.cloud.security.privateca.v1.ObjectId DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.ObjectId();
+  }
+
+  public static com.google.cloud.security.privateca.v1.ObjectId getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<ObjectId> PARSER =
+      new com.google.protobuf.AbstractParser<ObjectId>() {
+        @java.lang.Override
+        public ObjectId parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new ObjectId(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<ObjectId> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<ObjectId> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.ObjectId getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ObjectIdOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ObjectIdOrBuilder.java
new file mode 100644
index 00000000..d1720388
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/ObjectIdOrBuilder.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/resources.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface ObjectIdOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.ObjectId)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. The parts of an OID path. The most significant parts of the path come
+   * first.
+   * </pre>
+   *
+   * <code>repeated int32 object_id_path = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+   *
+   * @return A list containing the objectIdPath.
+   */
+  java.util.List<java.lang.Integer> getObjectIdPathList();
+  /**
+   *
+   *
+   * <pre>
+   * Required. The parts of an OID path. The most significant parts of the path come
+   * first.
+   * </pre>
+   *
+   * <code>repeated int32 object_id_path = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+   *
+   * @return The count of objectIdPath.
+   */
+  int getObjectIdPathCount();
+  /**
+   *
+   *
+   * <pre>
+   * Required. The parts of an OID path. The most significant parts of the path come
+   * first.
+   * </pre>
+   *
+   * <code>repeated int32 object_id_path = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+   *
+   * @param index The index of the element to return.
+   * @return The objectIdPath at the given index.
+   */
+  int getObjectIdPath(int index);
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/OperationMetadata.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/OperationMetadata.java
new file mode 100644
index 00000000..5488788b
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/OperationMetadata.java
@@ -0,0 +1,1853 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Represents the metadata of the long-running operation.
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.OperationMetadata}
+ */
+public final class OperationMetadata extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.OperationMetadata)
+    OperationMetadataOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use OperationMetadata.newBuilder() to construct.
+  private OperationMetadata(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private OperationMetadata() {
+    target_ = "";
+    verb_ = "";
+    statusMessage_ = "";
+    apiVersion_ = "";
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new OperationMetadata();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private OperationMetadata(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              com.google.protobuf.Timestamp.Builder subBuilder = null;
+              if (createTime_ != null) {
+                subBuilder = createTime_.toBuilder();
+              }
+              createTime_ =
+                  input.readMessage(com.google.protobuf.Timestamp.parser(), extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(createTime_);
+                createTime_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 18:
+            {
+              com.google.protobuf.Timestamp.Builder subBuilder = null;
+              if (endTime_ != null) {
+                subBuilder = endTime_.toBuilder();
+              }
+              endTime_ =
+                  input.readMessage(com.google.protobuf.Timestamp.parser(), extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(endTime_);
+                endTime_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 26:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              target_ = s;
+              break;
+            }
+          case 34:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              verb_ = s;
+              break;
+            }
+          case 42:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              statusMessage_ = s;
+              break;
+            }
+          case 48:
+            {
+              requestedCancellation_ = input.readBool();
+              break;
+            }
+          case 58:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              apiVersion_ = s;
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_OperationMetadata_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_OperationMetadata_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.OperationMetadata.class,
+            com.google.cloud.security.privateca.v1.OperationMetadata.Builder.class);
+  }
+
+  public static final int CREATE_TIME_FIELD_NUMBER = 1;
+  private com.google.protobuf.Timestamp createTime_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time the operation was created.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp create_time = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return Whether the createTime field is set.
+   */
+  @java.lang.Override
+  public boolean hasCreateTime() {
+    return createTime_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time the operation was created.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp create_time = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The createTime.
+   */
+  @java.lang.Override
+  public com.google.protobuf.Timestamp getCreateTime() {
+    return createTime_ == null ? com.google.protobuf.Timestamp.getDefaultInstance() : createTime_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time the operation was created.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp create_time = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.protobuf.TimestampOrBuilder getCreateTimeOrBuilder() {
+    return getCreateTime();
+  }
+
+  public static final int END_TIME_FIELD_NUMBER = 2;
+  private com.google.protobuf.Timestamp endTime_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time the operation finished running.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp end_time = 2 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return Whether the endTime field is set.
+   */
+  @java.lang.Override
+  public boolean hasEndTime() {
+    return endTime_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time the operation finished running.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp end_time = 2 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The endTime.
+   */
+  @java.lang.Override
+  public com.google.protobuf.Timestamp getEndTime() {
+    return endTime_ == null ? com.google.protobuf.Timestamp.getDefaultInstance() : endTime_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time the operation finished running.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp end_time = 2 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.protobuf.TimestampOrBuilder getEndTimeOrBuilder() {
+    return getEndTime();
+  }
+
+  public static final int TARGET_FIELD_NUMBER = 3;
+  private volatile java.lang.Object target_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. Server-defined resource path for the target of the operation.
+   * </pre>
+   *
+   * <code>string target = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The target.
+   */
+  @java.lang.Override
+  public java.lang.String getTarget() {
+    java.lang.Object ref = target_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      target_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. Server-defined resource path for the target of the operation.
+   * </pre>
+   *
+   * <code>string target = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The bytes for target.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getTargetBytes() {
+    java.lang.Object ref = target_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      target_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int VERB_FIELD_NUMBER = 4;
+  private volatile java.lang.Object verb_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. Name of the verb executed by the operation.
+   * </pre>
+   *
+   * <code>string verb = 4 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The verb.
+   */
+  @java.lang.Override
+  public java.lang.String getVerb() {
+    java.lang.Object ref = verb_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      verb_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. Name of the verb executed by the operation.
+   * </pre>
+   *
+   * <code>string verb = 4 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The bytes for verb.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getVerbBytes() {
+    java.lang.Object ref = verb_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      verb_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int STATUS_MESSAGE_FIELD_NUMBER = 5;
+  private volatile java.lang.Object statusMessage_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. Human-readable status of the operation, if any.
+   * </pre>
+   *
+   * <code>string status_message = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The statusMessage.
+   */
+  @java.lang.Override
+  public java.lang.String getStatusMessage() {
+    java.lang.Object ref = statusMessage_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      statusMessage_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. Human-readable status of the operation, if any.
+   * </pre>
+   *
+   * <code>string status_message = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The bytes for statusMessage.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getStatusMessageBytes() {
+    java.lang.Object ref = statusMessage_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      statusMessage_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int REQUESTED_CANCELLATION_FIELD_NUMBER = 6;
+  private boolean requestedCancellation_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. Identifies whether the user has requested cancellation
+   * of the operation. Operations that have successfully been cancelled
+   * have [Operation.error][] value with a
+   * [google.rpc.Status.code][google.rpc.Status.code] of 1, corresponding to
+   * `Code.CANCELLED`.
+   * </pre>
+   *
+   * <code>bool requested_cancellation = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The requestedCancellation.
+   */
+  @java.lang.Override
+  public boolean getRequestedCancellation() {
+    return requestedCancellation_;
+  }
+
+  public static final int API_VERSION_FIELD_NUMBER = 7;
+  private volatile java.lang.Object apiVersion_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. API version used to start the operation.
+   * </pre>
+   *
+   * <code>string api_version = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The apiVersion.
+   */
+  @java.lang.Override
+  public java.lang.String getApiVersion() {
+    java.lang.Object ref = apiVersion_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      apiVersion_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Output only. API version used to start the operation.
+   * </pre>
+   *
+   * <code>string api_version = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The bytes for apiVersion.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getApiVersionBytes() {
+    java.lang.Object ref = apiVersion_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      apiVersion_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (createTime_ != null) {
+      output.writeMessage(1, getCreateTime());
+    }
+    if (endTime_ != null) {
+      output.writeMessage(2, getEndTime());
+    }
+    if (!getTargetBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 3, target_);
+    }
+    if (!getVerbBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 4, verb_);
+    }
+    if (!getStatusMessageBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 5, statusMessage_);
+    }
+    if (requestedCancellation_ != false) {
+      output.writeBool(6, requestedCancellation_);
+    }
+    if (!getApiVersionBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 7, apiVersion_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (createTime_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(1, getCreateTime());
+    }
+    if (endTime_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(2, getEndTime());
+    }
+    if (!getTargetBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(3, target_);
+    }
+    if (!getVerbBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(4, verb_);
+    }
+    if (!getStatusMessageBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(5, statusMessage_);
+    }
+    if (requestedCancellation_ != false) {
+      size += com.google.protobuf.CodedOutputStream.computeBoolSize(6, requestedCancellation_);
+    }
+    if (!getApiVersionBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(7, apiVersion_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.security.privateca.v1.OperationMetadata)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.OperationMetadata other =
+        (com.google.cloud.security.privateca.v1.OperationMetadata) obj;
+
+    if (hasCreateTime() != other.hasCreateTime()) return false;
+    if (hasCreateTime()) {
+      if (!getCreateTime().equals(other.getCreateTime())) return false;
+    }
+    if (hasEndTime() != other.hasEndTime()) return false;
+    if (hasEndTime()) {
+      if (!getEndTime().equals(other.getEndTime())) return false;
+    }
+    if (!getTarget().equals(other.getTarget())) return false;
+    if (!getVerb().equals(other.getVerb())) return false;
+    if (!getStatusMessage().equals(other.getStatusMessage())) return false;
+    if (getRequestedCancellation() != other.getRequestedCancellation()) return false;
+    if (!getApiVersion().equals(other.getApiVersion())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    if (hasCreateTime()) {
+      hash = (37 * hash) + CREATE_TIME_FIELD_NUMBER;
+      hash = (53 * hash) + getCreateTime().hashCode();
+    }
+    if (hasEndTime()) {
+      hash = (37 * hash) + END_TIME_FIELD_NUMBER;
+      hash = (53 * hash) + getEndTime().hashCode();
+    }
+    hash = (37 * hash) + TARGET_FIELD_NUMBER;
+    hash = (53 * hash) + getTarget().hashCode();
+    hash = (37 * hash) + VERB_FIELD_NUMBER;
+    hash = (53 * hash) + getVerb().hashCode();
+    hash = (37 * hash) + STATUS_MESSAGE_FIELD_NUMBER;
+    hash = (53 * hash) + getStatusMessage().hashCode();
+    hash = (37 * hash) + REQUESTED_CANCELLATION_FIELD_NUMBER;
+    hash = (53 * hash) + com.google.protobuf.Internal.hashBoolean(getRequestedCancellation());
+    hash = (37 * hash) + API_VERSION_FIELD_NUMBER;
+    hash = (53 * hash) + getApiVersion().hashCode();
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.OperationMetadata parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.OperationMetadata parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.OperationMetadata parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.OperationMetadata parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.OperationMetadata parseFrom(byte[] data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.OperationMetadata parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.OperationMetadata parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.OperationMetadata parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.OperationMetadata parseDelimitedFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.OperationMetadata parseDelimitedFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.OperationMetadata parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.OperationMetadata parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.OperationMetadata prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Represents the metadata of the long-running operation.
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.OperationMetadata}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.OperationMetadata)
+      com.google.cloud.security.privateca.v1.OperationMetadataOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_OperationMetadata_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_OperationMetadata_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.OperationMetadata.class,
+              com.google.cloud.security.privateca.v1.OperationMetadata.Builder.class);
+    }
+
+    // Construct using com.google.cloud.security.privateca.v1.OperationMetadata.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      if (createTimeBuilder_ == null) {
+        createTime_ = null;
+      } else {
+        createTime_ = null;
+        createTimeBuilder_ = null;
+      }
+      if (endTimeBuilder_ == null) {
+        endTime_ = null;
+      } else {
+        endTime_ = null;
+        endTimeBuilder_ = null;
+      }
+      target_ = "";
+
+      verb_ = "";
+
+      statusMessage_ = "";
+
+      requestedCancellation_ = false;
+
+      apiVersion_ = "";
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_OperationMetadata_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.OperationMetadata getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.OperationMetadata.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.OperationMetadata build() {
+      com.google.cloud.security.privateca.v1.OperationMetadata result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.OperationMetadata buildPartial() {
+      com.google.cloud.security.privateca.v1.OperationMetadata result =
+          new com.google.cloud.security.privateca.v1.OperationMetadata(this);
+      if (createTimeBuilder_ == null) {
+        result.createTime_ = createTime_;
+      } else {
+        result.createTime_ = createTimeBuilder_.build();
+      }
+      if (endTimeBuilder_ == null) {
+        result.endTime_ = endTime_;
+      } else {
+        result.endTime_ = endTimeBuilder_.build();
+      }
+      result.target_ = target_;
+      result.verb_ = verb_;
+      result.statusMessage_ = statusMessage_;
+      result.requestedCancellation_ = requestedCancellation_;
+      result.apiVersion_ = apiVersion_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.security.privateca.v1.OperationMetadata) {
+        return mergeFrom((com.google.cloud.security.privateca.v1.OperationMetadata) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(com.google.cloud.security.privateca.v1.OperationMetadata other) {
+      if (other == com.google.cloud.security.privateca.v1.OperationMetadata.getDefaultInstance())
+        return this;
+      if (other.hasCreateTime()) {
+        mergeCreateTime(other.getCreateTime());
+      }
+      if (other.hasEndTime()) {
+        mergeEndTime(other.getEndTime());
+      }
+      if (!other.getTarget().isEmpty()) {
+        target_ = other.target_;
+        onChanged();
+      }
+      if (!other.getVerb().isEmpty()) {
+        verb_ = other.verb_;
+        onChanged();
+      }
+      if (!other.getStatusMessage().isEmpty()) {
+        statusMessage_ = other.statusMessage_;
+        onChanged();
+      }
+      if (other.getRequestedCancellation() != false) {
+        setRequestedCancellation(other.getRequestedCancellation());
+      }
+      if (!other.getApiVersion().isEmpty()) {
+        apiVersion_ = other.apiVersion_;
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.OperationMetadata parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.OperationMetadata) e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private com.google.protobuf.Timestamp createTime_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.Timestamp,
+            com.google.protobuf.Timestamp.Builder,
+            com.google.protobuf.TimestampOrBuilder>
+        createTimeBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time the operation was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return Whether the createTime field is set.
+     */
+    public boolean hasCreateTime() {
+      return createTimeBuilder_ != null || createTime_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time the operation was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return The createTime.
+     */
+    public com.google.protobuf.Timestamp getCreateTime() {
+      if (createTimeBuilder_ == null) {
+        return createTime_ == null
+            ? com.google.protobuf.Timestamp.getDefaultInstance()
+            : createTime_;
+      } else {
+        return createTimeBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time the operation was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder setCreateTime(com.google.protobuf.Timestamp value) {
+      if (createTimeBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        createTime_ = value;
+        onChanged();
+      } else {
+        createTimeBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time the operation was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder setCreateTime(com.google.protobuf.Timestamp.Builder builderForValue) {
+      if (createTimeBuilder_ == null) {
+        createTime_ = builderForValue.build();
+        onChanged();
+      } else {
+        createTimeBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time the operation was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder mergeCreateTime(com.google.protobuf.Timestamp value) {
+      if (createTimeBuilder_ == null) {
+        if (createTime_ != null) {
+          createTime_ =
+              com.google.protobuf.Timestamp.newBuilder(createTime_).mergeFrom(value).buildPartial();
+        } else {
+          createTime_ = value;
+        }
+        onChanged();
+      } else {
+        createTimeBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time the operation was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder clearCreateTime() {
+      if (createTimeBuilder_ == null) {
+        createTime_ = null;
+        onChanged();
+      } else {
+        createTime_ = null;
+        createTimeBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time the operation was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.protobuf.Timestamp.Builder getCreateTimeBuilder() {
+
+      onChanged();
+      return getCreateTimeFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time the operation was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.protobuf.TimestampOrBuilder getCreateTimeOrBuilder() {
+      if (createTimeBuilder_ != null) {
+        return createTimeBuilder_.getMessageOrBuilder();
+      } else {
+        return createTime_ == null
+            ? com.google.protobuf.Timestamp.getDefaultInstance()
+            : createTime_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time the operation was created.
+     * </pre>
+     *
+     * <code>
+     * .google.protobuf.Timestamp create_time = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.Timestamp,
+            com.google.protobuf.Timestamp.Builder,
+            com.google.protobuf.TimestampOrBuilder>
+        getCreateTimeFieldBuilder() {
+      if (createTimeBuilder_ == null) {
+        createTimeBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.protobuf.Timestamp,
+                com.google.protobuf.Timestamp.Builder,
+                com.google.protobuf.TimestampOrBuilder>(
+                getCreateTime(), getParentForChildren(), isClean());
+        createTime_ = null;
+      }
+      return createTimeBuilder_;
+    }
+
+    private com.google.protobuf.Timestamp endTime_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.Timestamp,
+            com.google.protobuf.Timestamp.Builder,
+            com.google.protobuf.TimestampOrBuilder>
+        endTimeBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time the operation finished running.
+     * </pre>
+     *
+     * <code>.google.protobuf.Timestamp end_time = 2 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return Whether the endTime field is set.
+     */
+    public boolean hasEndTime() {
+      return endTimeBuilder_ != null || endTime_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time the operation finished running.
+     * </pre>
+     *
+     * <code>.google.protobuf.Timestamp end_time = 2 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     *
+     * @return The endTime.
+     */
+    public com.google.protobuf.Timestamp getEndTime() {
+      if (endTimeBuilder_ == null) {
+        return endTime_ == null ? com.google.protobuf.Timestamp.getDefaultInstance() : endTime_;
+      } else {
+        return endTimeBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time the operation finished running.
+     * </pre>
+     *
+     * <code>.google.protobuf.Timestamp end_time = 2 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder setEndTime(com.google.protobuf.Timestamp value) {
+      if (endTimeBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        endTime_ = value;
+        onChanged();
+      } else {
+        endTimeBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time the operation finished running.
+     * </pre>
+     *
+     * <code>.google.protobuf.Timestamp end_time = 2 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder setEndTime(com.google.protobuf.Timestamp.Builder builderForValue) {
+      if (endTimeBuilder_ == null) {
+        endTime_ = builderForValue.build();
+        onChanged();
+      } else {
+        endTimeBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time the operation finished running.
+     * </pre>
+     *
+     * <code>.google.protobuf.Timestamp end_time = 2 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder mergeEndTime(com.google.protobuf.Timestamp value) {
+      if (endTimeBuilder_ == null) {
+        if (endTime_ != null) {
+          endTime_ =
+              com.google.protobuf.Timestamp.newBuilder(endTime_).mergeFrom(value).buildPartial();
+        } else {
+          endTime_ = value;
+        }
+        onChanged();
+      } else {
+        endTimeBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time the operation finished running.
+     * </pre>
+     *
+     * <code>.google.protobuf.Timestamp end_time = 2 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public Builder clearEndTime() {
+      if (endTimeBuilder_ == null) {
+        endTime_ = null;
+        onChanged();
+      } else {
+        endTime_ = null;
+        endTimeBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time the operation finished running.
+     * </pre>
+     *
+     * <code>.google.protobuf.Timestamp end_time = 2 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.protobuf.Timestamp.Builder getEndTimeBuilder() {
+
+      onChanged();
+      return getEndTimeFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time the operation finished running.
+     * </pre>
+     *
+     * <code>.google.protobuf.Timestamp end_time = 2 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    public com.google.protobuf.TimestampOrBuilder getEndTimeOrBuilder() {
+      if (endTimeBuilder_ != null) {
+        return endTimeBuilder_.getMessageOrBuilder();
+      } else {
+        return endTime_ == null ? com.google.protobuf.Timestamp.getDefaultInstance() : endTime_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. The time the operation finished running.
+     * </pre>
+     *
+     * <code>.google.protobuf.Timestamp end_time = 2 [(.google.api.field_behavior) = OUTPUT_ONLY];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.Timestamp,
+            com.google.protobuf.Timestamp.Builder,
+            com.google.protobuf.TimestampOrBuilder>
+        getEndTimeFieldBuilder() {
+      if (endTimeBuilder_ == null) {
+        endTimeBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.protobuf.Timestamp,
+                com.google.protobuf.Timestamp.Builder,
+                com.google.protobuf.TimestampOrBuilder>(
+                getEndTime(), getParentForChildren(), isClean());
+        endTime_ = null;
+      }
+      return endTimeBuilder_;
+    }
+
+    private java.lang.Object target_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Server-defined resource path for the target of the operation.
+     * </pre>
+     *
+     * <code>string target = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return The target.
+     */
+    public java.lang.String getTarget() {
+      java.lang.Object ref = target_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        target_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Server-defined resource path for the target of the operation.
+     * </pre>
+     *
+     * <code>string target = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return The bytes for target.
+     */
+    public com.google.protobuf.ByteString getTargetBytes() {
+      java.lang.Object ref = target_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        target_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Server-defined resource path for the target of the operation.
+     * </pre>
+     *
+     * <code>string target = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @param value The target to set.
+     * @return This builder for chaining.
+     */
+    public Builder setTarget(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      target_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Server-defined resource path for the target of the operation.
+     * </pre>
+     *
+     * <code>string target = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearTarget() {
+
+      target_ = getDefaultInstance().getTarget();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Server-defined resource path for the target of the operation.
+     * </pre>
+     *
+     * <code>string target = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @param value The bytes for target to set.
+     * @return This builder for chaining.
+     */
+    public Builder setTargetBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      target_ = value;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object verb_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Name of the verb executed by the operation.
+     * </pre>
+     *
+     * <code>string verb = 4 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return The verb.
+     */
+    public java.lang.String getVerb() {
+      java.lang.Object ref = verb_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        verb_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Name of the verb executed by the operation.
+     * </pre>
+     *
+     * <code>string verb = 4 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return The bytes for verb.
+     */
+    public com.google.protobuf.ByteString getVerbBytes() {
+      java.lang.Object ref = verb_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        verb_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Name of the verb executed by the operation.
+     * </pre>
+     *
+     * <code>string verb = 4 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @param value The verb to set.
+     * @return This builder for chaining.
+     */
+    public Builder setVerb(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      verb_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Name of the verb executed by the operation.
+     * </pre>
+     *
+     * <code>string verb = 4 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearVerb() {
+
+      verb_ = getDefaultInstance().getVerb();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Name of the verb executed by the operation.
+     * </pre>
+     *
+     * <code>string verb = 4 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @param value The bytes for verb to set.
+     * @return This builder for chaining.
+     */
+    public Builder setVerbBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      verb_ = value;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object statusMessage_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Human-readable status of the operation, if any.
+     * </pre>
+     *
+     * <code>string status_message = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return The statusMessage.
+     */
+    public java.lang.String getStatusMessage() {
+      java.lang.Object ref = statusMessage_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        statusMessage_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Human-readable status of the operation, if any.
+     * </pre>
+     *
+     * <code>string status_message = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return The bytes for statusMessage.
+     */
+    public com.google.protobuf.ByteString getStatusMessageBytes() {
+      java.lang.Object ref = statusMessage_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        statusMessage_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Human-readable status of the operation, if any.
+     * </pre>
+     *
+     * <code>string status_message = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @param value The statusMessage to set.
+     * @return This builder for chaining.
+     */
+    public Builder setStatusMessage(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      statusMessage_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Human-readable status of the operation, if any.
+     * </pre>
+     *
+     * <code>string status_message = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearStatusMessage() {
+
+      statusMessage_ = getDefaultInstance().getStatusMessage();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Human-readable status of the operation, if any.
+     * </pre>
+     *
+     * <code>string status_message = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @param value The bytes for statusMessage to set.
+     * @return This builder for chaining.
+     */
+    public Builder setStatusMessageBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      statusMessage_ = value;
+      onChanged();
+      return this;
+    }
+
+    private boolean requestedCancellation_;
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Identifies whether the user has requested cancellation
+     * of the operation. Operations that have successfully been cancelled
+     * have [Operation.error][] value with a
+     * [google.rpc.Status.code][google.rpc.Status.code] of 1, corresponding to
+     * `Code.CANCELLED`.
+     * </pre>
+     *
+     * <code>bool requested_cancellation = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return The requestedCancellation.
+     */
+    @java.lang.Override
+    public boolean getRequestedCancellation() {
+      return requestedCancellation_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Identifies whether the user has requested cancellation
+     * of the operation. Operations that have successfully been cancelled
+     * have [Operation.error][] value with a
+     * [google.rpc.Status.code][google.rpc.Status.code] of 1, corresponding to
+     * `Code.CANCELLED`.
+     * </pre>
+     *
+     * <code>bool requested_cancellation = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @param value The requestedCancellation to set.
+     * @return This builder for chaining.
+     */
+    public Builder setRequestedCancellation(boolean value) {
+
+      requestedCancellation_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Identifies whether the user has requested cancellation
+     * of the operation. Operations that have successfully been cancelled
+     * have [Operation.error][] value with a
+     * [google.rpc.Status.code][google.rpc.Status.code] of 1, corresponding to
+     * `Code.CANCELLED`.
+     * </pre>
+     *
+     * <code>bool requested_cancellation = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearRequestedCancellation() {
+
+      requestedCancellation_ = false;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object apiVersion_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Output only. API version used to start the operation.
+     * </pre>
+     *
+     * <code>string api_version = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return The apiVersion.
+     */
+    public java.lang.String getApiVersion() {
+      java.lang.Object ref = apiVersion_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        apiVersion_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. API version used to start the operation.
+     * </pre>
+     *
+     * <code>string api_version = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return The bytes for apiVersion.
+     */
+    public com.google.protobuf.ByteString getApiVersionBytes() {
+      java.lang.Object ref = apiVersion_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        apiVersion_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. API version used to start the operation.
+     * </pre>
+     *
+     * <code>string api_version = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @param value The apiVersion to set.
+     * @return This builder for chaining.
+     */
+    public Builder setApiVersion(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      apiVersion_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. API version used to start the operation.
+     * </pre>
+     *
+     * <code>string api_version = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearApiVersion() {
+
+      apiVersion_ = getDefaultInstance().getApiVersion();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. API version used to start the operation.
+     * </pre>
+     *
+     * <code>string api_version = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @param value The bytes for apiVersion to set.
+     * @return This builder for chaining.
+     */
+    public Builder setApiVersionBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      apiVersion_ = value;
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.OperationMetadata)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.OperationMetadata)
+  private static final com.google.cloud.security.privateca.v1.OperationMetadata DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.OperationMetadata();
+  }
+
+  public static com.google.cloud.security.privateca.v1.OperationMetadata getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<OperationMetadata> PARSER =
+      new com.google.protobuf.AbstractParser<OperationMetadata>() {
+        @java.lang.Override
+        public OperationMetadata parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new OperationMetadata(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<OperationMetadata> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<OperationMetadata> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.OperationMetadata getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/OperationMetadataOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/OperationMetadataOrBuilder.java
new file mode 100644
index 00000000..4b1c70e4
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/OperationMetadataOrBuilder.java
@@ -0,0 +1,218 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface OperationMetadataOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.OperationMetadata)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time the operation was created.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp create_time = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return Whether the createTime field is set.
+   */
+  boolean hasCreateTime();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time the operation was created.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp create_time = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The createTime.
+   */
+  com.google.protobuf.Timestamp getCreateTime();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time the operation was created.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp create_time = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  com.google.protobuf.TimestampOrBuilder getCreateTimeOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time the operation finished running.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp end_time = 2 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return Whether the endTime field is set.
+   */
+  boolean hasEndTime();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time the operation finished running.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp end_time = 2 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   *
+   * @return The endTime.
+   */
+  com.google.protobuf.Timestamp getEndTime();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. The time the operation finished running.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp end_time = 2 [(.google.api.field_behavior) = OUTPUT_ONLY];
+   * </code>
+   */
+  com.google.protobuf.TimestampOrBuilder getEndTimeOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. Server-defined resource path for the target of the operation.
+   * </pre>
+   *
+   * <code>string target = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The target.
+   */
+  java.lang.String getTarget();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. Server-defined resource path for the target of the operation.
+   * </pre>
+   *
+   * <code>string target = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The bytes for target.
+   */
+  com.google.protobuf.ByteString getTargetBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. Name of the verb executed by the operation.
+   * </pre>
+   *
+   * <code>string verb = 4 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The verb.
+   */
+  java.lang.String getVerb();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. Name of the verb executed by the operation.
+   * </pre>
+   *
+   * <code>string verb = 4 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The bytes for verb.
+   */
+  com.google.protobuf.ByteString getVerbBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. Human-readable status of the operation, if any.
+   * </pre>
+   *
+   * <code>string status_message = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The statusMessage.
+   */
+  java.lang.String getStatusMessage();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. Human-readable status of the operation, if any.
+   * </pre>
+   *
+   * <code>string status_message = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The bytes for statusMessage.
+   */
+  com.google.protobuf.ByteString getStatusMessageBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. Identifies whether the user has requested cancellation
+   * of the operation. Operations that have successfully been cancelled
+   * have [Operation.error][] value with a
+   * [google.rpc.Status.code][google.rpc.Status.code] of 1, corresponding to
+   * `Code.CANCELLED`.
+   * </pre>
+   *
+   * <code>bool requested_cancellation = 6 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The requestedCancellation.
+   */
+  boolean getRequestedCancellation();
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. API version used to start the operation.
+   * </pre>
+   *
+   * <code>string api_version = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The apiVersion.
+   */
+  java.lang.String getApiVersion();
+  /**
+   *
+   *
+   * <pre>
+   * Output only. API version used to start the operation.
+   * </pre>
+   *
+   * <code>string api_version = 7 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The bytes for apiVersion.
+   */
+  com.google.protobuf.ByteString getApiVersionBytes();
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/PrivateCaProto.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/PrivateCaProto.java
new file mode 100644
index 00000000..5020195a
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/PrivateCaProto.java
@@ -0,0 +1,908 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public final class PrivateCaProto {
+  private PrivateCaProto() {}
+
+  public static void registerAllExtensions(com.google.protobuf.ExtensionRegistryLite registry) {}
+
+  public static void registerAllExtensions(com.google.protobuf.ExtensionRegistry registry) {
+    registerAllExtensions((com.google.protobuf.ExtensionRegistryLite) registry);
+  }
+
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_CreateCertificateRequest_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_CreateCertificateRequest_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_GetCertificateRequest_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_GetCertificateRequest_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_ListCertificatesRequest_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_ListCertificatesRequest_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_ListCertificatesResponse_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_ListCertificatesResponse_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_RevokeCertificateRequest_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_RevokeCertificateRequest_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_UpdateCertificateRequest_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_UpdateCertificateRequest_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_ActivateCertificateAuthorityRequest_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_ActivateCertificateAuthorityRequest_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_CreateCertificateAuthorityRequest_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_CreateCertificateAuthorityRequest_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_DisableCertificateAuthorityRequest_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_DisableCertificateAuthorityRequest_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_EnableCertificateAuthorityRequest_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_EnableCertificateAuthorityRequest_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_FetchCertificateAuthorityCsrRequest_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_FetchCertificateAuthorityCsrRequest_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_FetchCertificateAuthorityCsrResponse_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_FetchCertificateAuthorityCsrResponse_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_GetCertificateAuthorityRequest_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_GetCertificateAuthorityRequest_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_ListCertificateAuthoritiesRequest_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_ListCertificateAuthoritiesRequest_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_ListCertificateAuthoritiesResponse_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_ListCertificateAuthoritiesResponse_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_UndeleteCertificateAuthorityRequest_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_UndeleteCertificateAuthorityRequest_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_DeleteCertificateAuthorityRequest_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_DeleteCertificateAuthorityRequest_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_UpdateCertificateAuthorityRequest_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_UpdateCertificateAuthorityRequest_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_CreateCaPoolRequest_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_CreateCaPoolRequest_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_UpdateCaPoolRequest_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_UpdateCaPoolRequest_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_DeleteCaPoolRequest_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_DeleteCaPoolRequest_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_FetchCaCertsRequest_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_FetchCaCertsRequest_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_FetchCaCertsResponse_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_FetchCaCertsResponse_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_FetchCaCertsResponse_CertChain_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_FetchCaCertsResponse_CertChain_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_GetCaPoolRequest_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_GetCaPoolRequest_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_ListCaPoolsRequest_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_ListCaPoolsRequest_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_ListCaPoolsResponse_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_ListCaPoolsResponse_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_GetCertificateRevocationListRequest_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_GetCertificateRevocationListRequest_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_ListCertificateRevocationListsRequest_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_ListCertificateRevocationListsRequest_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_ListCertificateRevocationListsResponse_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_ListCertificateRevocationListsResponse_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_UpdateCertificateRevocationListRequest_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_UpdateCertificateRevocationListRequest_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_CreateCertificateTemplateRequest_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_CreateCertificateTemplateRequest_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_DeleteCertificateTemplateRequest_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_DeleteCertificateTemplateRequest_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_GetCertificateTemplateRequest_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_GetCertificateTemplateRequest_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_ListCertificateTemplatesRequest_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_ListCertificateTemplatesRequest_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_ListCertificateTemplatesResponse_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_ListCertificateTemplatesResponse_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_UpdateCertificateTemplateRequest_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_UpdateCertificateTemplateRequest_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_OperationMetadata_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_OperationMetadata_fieldAccessorTable;
+
+  public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
+    return descriptor;
+  }
+
+  private static com.google.protobuf.Descriptors.FileDescriptor descriptor;
+
+  static {
+    java.lang.String[] descriptorData = {
+      "\n0google/cloud/security/privateca/v1/ser"
+          + "vice.proto\022\"google.cloud.security.privat"
+          + "eca.v1\032\034google/api/annotations.proto\032\027go"
+          + "ogle/api/client.proto\032\037google/api/field_"
+          + "behavior.proto\032\031google/api/resource.prot"
+          + "o\0322google/cloud/security/privateca/v1/re"
+          + "sources.proto\032#google/longrunning/operat"
+          + "ions.proto\032\036google/protobuf/duration.pro"
+          + "to\032 google/protobuf/field_mask.proto\032\037go"
+          + "ogle/protobuf/timestamp.proto\"\237\002\n\030Create"
+          + "CertificateRequest\0227\n\006parent\030\001 \001(\tB\'\340A\002\372"
+          + "A!\n\037privateca.googleapis.com/CaPool\022\033\n\016c"
+          + "ertificate_id\030\002 \001(\tB\003\340A\001\022I\n\013certificate\030"
+          + "\003 \001(\0132/.google.cloud.security.privateca."
+          + "v1.CertificateB\003\340A\002\022\027\n\nrequest_id\030\004 \001(\tB"
+          + "\003\340A\001\022\032\n\rvalidate_only\030\005 \001(\010B\003\340A\001\022-\n issu"
+          + "ing_certificate_authority_id\030\006 \001(\tB\003\340A\001\""
+          + "S\n\025GetCertificateRequest\022:\n\004name\030\001 \001(\tB,"
+          + "\340A\002\372A&\n$privateca.googleapis.com/Certifi"
+          + "cate\"\257\001\n\027ListCertificatesRequest\0227\n\006pare"
+          + "nt\030\001 \001(\tB\'\340A\002\372A!\n\037privateca.googleapis.c"
+          + "om/CaPool\022\026\n\tpage_size\030\002 \001(\005B\003\340A\001\022\027\n\npag"
+          + "e_token\030\003 \001(\tB\003\340A\001\022\023\n\006filter\030\004 \001(\tB\003\340A\001\022"
+          + "\025\n\010order_by\030\005 \001(\tB\003\340A\001\"\217\001\n\030ListCertifica"
+          + "tesResponse\022E\n\014certificates\030\001 \003(\0132/.goog"
+          + "le.cloud.security.privateca.v1.Certifica"
+          + "te\022\027\n\017next_page_token\030\002 \001(\t\022\023\n\013unreachab"
+          + "le\030\003 \003(\t\"\272\001\n\030RevokeCertificateRequest\022:\n"
+          + "\004name\030\001 \001(\tB,\340A\002\372A&\n$privateca.googleapi"
+          + "s.com/Certificate\022I\n\006reason\030\002 \001(\01624.goog"
+          + "le.cloud.security.privateca.v1.Revocatio"
+          + "nReasonB\003\340A\002\022\027\n\nrequest_id\030\003 \001(\tB\003\340A\001\"\264\001"
+          + "\n\030UpdateCertificateRequest\022I\n\013certificat"
+          + "e\030\001 \001(\0132/.google.cloud.security.privatec"
+          + "a.v1.CertificateB\003\340A\002\0224\n\013update_mask\030\002 \001"
+          + "(\0132\032.google.protobuf.FieldMaskB\003\340A\002\022\027\n\nr"
+          + "equest_id\030\003 \001(\tB\003\340A\001\"\374\001\n#ActivateCertifi"
+          + "cateAuthorityRequest\022C\n\004name\030\001 \001(\tB5\340A\002\372"
+          + "A/\n-privateca.googleapis.com/Certificate"
+          + "Authority\022\037\n\022pem_ca_certificate\030\002 \001(\tB\003\340"
+          + "A\002\022V\n\022subordinate_config\030\003 \001(\01325.google."
+          + "cloud.security.privateca.v1.SubordinateC"
+          + "onfigB\003\340A\002\022\027\n\nrequest_id\030\004 \001(\tB\003\340A\001\"\372\001\n!"
+          + "CreateCertificateAuthorityRequest\0227\n\006par"
+          + "ent\030\001 \001(\tB\'\340A\002\372A!\n\037privateca.googleapis."
+          + "com/CaPool\022%\n\030certificate_authority_id\030\002"
+          + " \001(\tB\003\340A\002\022\\\n\025certificate_authority\030\003 \001(\013"
+          + "28.google.cloud.security.privateca.v1.Ce"
+          + "rtificateAuthorityB\003\340A\002\022\027\n\nrequest_id\030\004 "
+          + "\001(\tB\003\340A\001\"\202\001\n\"DisableCertificateAuthority"
+          + "Request\022C\n\004name\030\001 \001(\tB5\340A\002\372A/\n-privateca"
+          + ".googleapis.com/CertificateAuthority\022\027\n\n"
+          + "request_id\030\002 \001(\tB\003\340A\001\"\201\001\n!EnableCertific"
+          + "ateAuthorityRequest\022C\n\004name\030\001 \001(\tB5\340A\002\372A"
+          + "/\n-privateca.googleapis.com/CertificateA"
+          + "uthority\022\027\n\nrequest_id\030\002 \001(\tB\003\340A\001\"j\n#Fet"
+          + "chCertificateAuthorityCsrRequest\022C\n\004name"
+          + "\030\001 \001(\tB5\340A\002\372A/\n-privateca.googleapis.com"
+          + "/CertificateAuthority\"<\n$FetchCertificat"
+          + "eAuthorityCsrResponse\022\024\n\007pem_csr\030\001 \001(\tB\003"
+          + "\340A\003\"e\n\036GetCertificateAuthorityRequest\022C\n"
+          + "\004name\030\001 \001(\tB5\340A\002\372A/\n-privateca.googleapi"
+          + "s.com/CertificateAuthority\"\271\001\n!ListCerti"
+          + "ficateAuthoritiesRequest\0227\n\006parent\030\001 \001(\t"
+          + "B\'\340A\002\372A!\n\037privateca.googleapis.com/CaPoo"
+          + "l\022\026\n\tpage_size\030\002 \001(\005B\003\340A\001\022\027\n\npage_token\030"
+          + "\003 \001(\tB\003\340A\001\022\023\n\006filter\030\004 \001(\tB\003\340A\001\022\025\n\010order"
+          + "_by\030\005 \001(\tB\003\340A\001\"\255\001\n\"ListCertificateAuthor"
+          + "itiesResponse\022Y\n\027certificate_authorities"
+          + "\030\001 \003(\01328.google.cloud.security.privateca"
+          + ".v1.CertificateAuthority\022\027\n\017next_page_to"
+          + "ken\030\002 \001(\t\022\023\n\013unreachable\030\003 \003(\t\"\203\001\n#Undel"
+          + "eteCertificateAuthorityRequest\022C\n\004name\030\001"
+          + " \001(\tB5\340A\002\372A/\n-privateca.googleapis.com/C"
+          + "ertificateAuthority\022\027\n\nrequest_id\030\002 \001(\tB"
+          + "\003\340A\001\"\252\001\n!DeleteCertificateAuthorityReque"
+          + "st\022C\n\004name\030\001 \001(\tB5\340A\002\372A/\n-privateca.goog"
+          + "leapis.com/CertificateAuthority\022\027\n\nreque"
+          + "st_id\030\002 \001(\tB\003\340A\001\022\'\n\032ignore_active_certif"
+          + "icates\030\004 \001(\010B\003\340A\001\"\320\001\n!UpdateCertificateA"
+          + "uthorityRequest\022\\\n\025certificate_authority"
+          + "\030\001 \001(\01328.google.cloud.security.privateca"
+          + ".v1.CertificateAuthorityB\003\340A\002\0224\n\013update_"
+          + "mask\030\002 \001(\0132\032.google.protobuf.FieldMaskB\003"
+          + "\340A\002\022\027\n\nrequest_id\030\003 \001(\tB\003\340A\001\"\304\001\n\023CreateC"
+          + "aPoolRequest\0229\n\006parent\030\001 \001(\tB)\340A\002\372A#\n!lo"
+          + "cations.googleapis.com/Location\022\027\n\nca_po"
+          + "ol_id\030\002 \001(\tB\003\340A\002\022@\n\007ca_pool\030\003 \001(\0132*.goog"
+          + "le.cloud.security.privateca.v1.CaPoolB\003\340"
+          + "A\002\022\027\n\nrequest_id\030\004 \001(\tB\003\340A\001\"\246\001\n\023UpdateCa"
+          + "PoolRequest\022@\n\007ca_pool\030\001 \001(\0132*.google.cl"
+          + "oud.security.privateca.v1.CaPoolB\003\340A\002\0224\n"
+          + "\013update_mask\030\002 \001(\0132\032.google.protobuf.Fie"
+          + "ldMaskB\003\340A\002\022\027\n\nrequest_id\030\003 \001(\tB\003\340A\001\"e\n\023"
+          + "DeleteCaPoolRequest\0225\n\004name\030\001 \001(\tB\'\340A\002\372A"
+          + "!\n\037privateca.googleapis.com/CaPool\022\027\n\nre"
+          + "quest_id\030\002 \001(\tB\003\340A\001\"h\n\023FetchCaCertsReque"
+          + "st\0228\n\007ca_pool\030\001 \001(\tB\'\340A\002\372A!\n\037privateca.g"
+          + "oogleapis.com/CaPool\022\027\n\nrequest_id\030\002 \001(\t"
+          + "B\003\340A\001\"\217\001\n\024FetchCaCertsResponse\022T\n\010ca_cer"
+          + "ts\030\001 \003(\0132B.google.cloud.security.private"
+          + "ca.v1.FetchCaCertsResponse.CertChain\032!\n\t"
+          + "CertChain\022\024\n\014certificates\030\001 \003(\t\"I\n\020GetCa"
+          + "PoolRequest\0225\n\004name\030\001 \001(\tB\'\340A\002\372A!\n\037priva"
+          + "teca.googleapis.com/CaPool\"\254\001\n\022ListCaPoo"
+          + "lsRequest\0229\n\006parent\030\001 \001(\tB)\340A\002\372A#\n!locat"
+          + "ions.googleapis.com/Location\022\026\n\tpage_siz"
+          + "e\030\002 \001(\005B\003\340A\001\022\027\n\npage_token\030\003 \001(\tB\003\340A\001\022\023\n"
+          + "\006filter\030\004 \001(\tB\003\340A\001\022\025\n\010order_by\030\005 \001(\tB\003\340A"
+          + "\001\"\201\001\n\023ListCaPoolsResponse\022<\n\010ca_pools\030\001 "
+          + "\003(\0132*.google.cloud.security.privateca.v1"
+          + ".CaPool\022\027\n\017next_page_token\030\002 \001(\t\022\023\n\013unre"
+          + "achable\030\003 \003(\t\"o\n#GetCertificateRevocatio"
+          + "nListRequest\022H\n\004name\030\001 \001(\tB:\340A\002\372A4\n2priv"
+          + "ateca.googleapis.com/CertificateRevocati"
+          + "onList\"\313\001\n%ListCertificateRevocationList"
+          + "sRequest\022E\n\006parent\030\001 \001(\tB5\340A\002\372A/\n-privat"
+          + "eca.googleapis.com/CertificateAuthority\022"
+          + "\026\n\tpage_size\030\002 \001(\005B\003\340A\001\022\027\n\npage_token\030\003 "
+          + "\001(\tB\003\340A\001\022\023\n\006filter\030\004 \001(\tB\003\340A\001\022\025\n\010order_b"
+          + "y\030\005 \001(\tB\003\340A\001\"\273\001\n&ListCertificateRevocati"
+          + "onListsResponse\022c\n\034certificate_revocatio"
+          + "n_lists\030\001 \003(\0132=.google.cloud.security.pr"
+          + "ivateca.v1.CertificateRevocationList\022\027\n\017"
+          + "next_page_token\030\002 \001(\t\022\023\n\013unreachable\030\003 \003"
+          + "(\t\"\340\001\n&UpdateCertificateRevocationListRe"
+          + "quest\022g\n\033certificate_revocation_list\030\001 \001"
+          + "(\0132=.google.cloud.security.privateca.v1."
+          + "CertificateRevocationListB\003\340A\002\0224\n\013update"
+          + "_mask\030\002 \001(\0132\032.google.protobuf.FieldMaskB"
+          + "\003\340A\002\022\027\n\nrequest_id\030\003 \001(\tB\003\340A\001\"\370\001\n Create"
+          + "CertificateTemplateRequest\0229\n\006parent\030\001 \001"
+          + "(\tB)\340A\002\372A#\n!locations.googleapis.com/Loc"
+          + "ation\022$\n\027certificate_template_id\030\002 \001(\tB\003"
+          + "\340A\002\022Z\n\024certificate_template\030\003 \001(\01327.goog"
+          + "le.cloud.security.privateca.v1.Certifica"
+          + "teTemplateB\003\340A\002\022\027\n\nrequest_id\030\004 \001(\tB\003\340A\001"
+          + "\"\177\n DeleteCertificateTemplateRequest\022B\n\004"
+          + "name\030\001 \001(\tB4\340A\002\372A.\n,privateca.googleapis"
+          + ".com/CertificateTemplate\022\027\n\nrequest_id\030\002"
+          + " \001(\tB\003\340A\001\"c\n\035GetCertificateTemplateReque"
+          + "st\022B\n\004name\030\001 \001(\tB4\340A\002\372A.\n,privateca.goog"
+          + "leapis.com/CertificateTemplate\"\271\001\n\037ListC"
+          + "ertificateTemplatesRequest\0229\n\006parent\030\001 \001"
+          + "(\tB)\340A\002\372A#\n!locations.googleapis.com/Loc"
+          + "ation\022\026\n\tpage_size\030\002 \001(\005B\003\340A\001\022\027\n\npage_to"
+          + "ken\030\003 \001(\tB\003\340A\001\022\023\n\006filter\030\004 \001(\tB\003\340A\001\022\025\n\010o"
+          + "rder_by\030\005 \001(\tB\003\340A\001\"\250\001\n ListCertificateTe"
+          + "mplatesResponse\022V\n\025certificate_templates"
+          + "\030\001 \003(\01327.google.cloud.security.privateca"
+          + ".v1.CertificateTemplate\022\027\n\017next_page_tok"
+          + "en\030\002 \001(\t\022\023\n\013unreachable\030\003 \003(\t\"\315\001\n Update"
+          + "CertificateTemplateRequest\022Z\n\024certificat"
+          + "e_template\030\001 \001(\01327.google.cloud.security"
+          + ".privateca.v1.CertificateTemplateB\003\340A\002\0224"
+          + "\n\013update_mask\030\002 \001(\0132\032.google.protobuf.Fi"
+          + "eldMaskB\003\340A\002\022\027\n\nrequest_id\030\003 \001(\tB\003\340A\001\"\200\002"
+          + "\n\021OperationMetadata\0224\n\013create_time\030\001 \001(\013"
+          + "2\032.google.protobuf.TimestampB\003\340A\003\0221\n\010end"
+          + "_time\030\002 \001(\0132\032.google.protobuf.TimestampB"
+          + "\003\340A\003\022\023\n\006target\030\003 \001(\tB\003\340A\003\022\021\n\004verb\030\004 \001(\tB"
+          + "\003\340A\003\022\033\n\016status_message\030\005 \001(\tB\003\340A\003\022#\n\026req"
+          + "uested_cancellation\030\006 \001(\010B\003\340A\003\022\030\n\013api_ve"
+          + "rsion\030\007 \001(\tB\003\340A\0032\353;\n\033CertificateAuthorit"
+          + "yService\022\367\001\n\021CreateCertificate\022<.google."
+          + "cloud.security.privateca.v1.CreateCertif"
+          + "icateRequest\032/.google.cloud.security.pri"
+          + "vateca.v1.Certificate\"s\202\323\344\223\002I\":/v1/{pare"
+          + "nt=projects/*/locations/*/caPools/*}/cer"
+          + "tificates:\013certificate\332A!parent,certific"
+          + "ate,certificate_id\022\307\001\n\016GetCertificate\0229."
+          + "google.cloud.security.privateca.v1.GetCe"
+          + "rtificateRequest\032/.google.cloud.security"
+          + ".privateca.v1.Certificate\"I\202\323\344\223\002<\022:/v1/{"
+          + "name=projects/*/locations/*/caPools/*/ce"
+          + "rtificates/*}\332A\004name\022\332\001\n\020ListCertificate"
+          + "s\022;.google.cloud.security.privateca.v1.L"
+          + "istCertificatesRequest\032<.google.cloud.se"
+          + "curity.privateca.v1.ListCertificatesResp"
+          + "onse\"K\202\323\344\223\002<\022:/v1/{parent=projects/*/loc"
+          + "ations/*/caPools/*}/certificates\332A\006paren"
+          + "t\022\327\001\n\021RevokeCertificate\022<.google.cloud.s"
+          + "ecurity.privateca.v1.RevokeCertificateRe"
+          + "quest\032/.google.cloud.security.privateca."
+          + "v1.Certificate\"S\202\323\344\223\002F\"A/v1/{name=projec"
+          + "ts/*/locations/*/caPools/*/certificates/"
+          + "*}:revoke:\001*\332A\004name\022\371\001\n\021UpdateCertificat"
+          + "e\022<.google.cloud.security.privateca.v1.U"
+          + "pdateCertificateRequest\032/.google.cloud.s"
+          + "ecurity.privateca.v1.Certificate\"u\202\323\344\223\002U"
+          + "2F/v1/{certificate.name=projects/*/locat"
+          + "ions/*/caPools/*/certificates/*}:\013certif"
+          + "icate\332A\027certificate,update_mask\022\224\002\n\034Acti"
+          + "vateCertificateAuthority\022G.google.cloud."
+          + "security.privateca.v1.ActivateCertificat"
+          + "eAuthorityRequest\032\035.google.longrunning.O"
+          + "peration\"\213\001\202\323\344\223\002R\"M/v1/{name=projects/*/"
+          + "locations/*/caPools/*/certificateAuthori"
+          + "ties/*}:activate:\001*\332A\004name\312A)\n\024Certifica"
+          + "teAuthority\022\021OperationMetadata\022\314\002\n\032Creat"
+          + "eCertificateAuthority\022E.google.cloud.sec"
+          + "urity.privateca.v1.CreateCertificateAuth"
+          + "orityRequest\032\035.google.longrunning.Operat"
+          + "ion\"\307\001\202\323\344\223\002]\"D/v1/{parent=projects/*/loc"
+          + "ations/*/caPools/*}/certificateAuthoriti"
+          + "es:\025certificate_authority\332A5parent,certi"
+          + "ficate_authority,certificate_authority_i"
+          + "d\312A)\n\024CertificateAuthority\022\021OperationMet"
+          + "adata\022\221\002\n\033DisableCertificateAuthority\022F."
+          + "google.cloud.security.privateca.v1.Disab"
+          + "leCertificateAuthorityRequest\032\035.google.l"
+          + "ongrunning.Operation\"\212\001\202\323\344\223\002Q\"L/v1/{name"
+          + "=projects/*/locations/*/caPools/*/certif"
+          + "icateAuthorities/*}:disable:\001*\332A\004name\312A)"
+          + "\n\024CertificateAuthority\022\021OperationMetadat"
+          + "a\022\216\002\n\032EnableCertificateAuthority\022E.googl"
+          + "e.cloud.security.privateca.v1.EnableCert"
+          + "ificateAuthorityRequest\032\035.google.longrun"
+          + "ning.Operation\"\211\001\202\323\344\223\002P\"K/v1/{name=proje"
+          + "cts/*/locations/*/caPools/*/certificateA"
+          + "uthorities/*}:enable:\001*\332A\004name\312A)\n\024Certi"
+          + "ficateAuthority\022\021OperationMetadata\022\214\002\n\034F"
+          + "etchCertificateAuthorityCsr\022G.google.clo"
+          + "ud.security.privateca.v1.FetchCertificat"
+          + "eAuthorityCsrRequest\032H.google.cloud.secu"
+          + "rity.privateca.v1.FetchCertificateAuthor"
+          + "ityCsrResponse\"Y\202\323\344\223\002L\022J/v1/{name=projec"
+          + "ts/*/locations/*/caPools/*/certificateAu"
+          + "thorities/*}:fetch\332A\004name\022\354\001\n\027GetCertifi"
+          + "cateAuthority\022B.google.cloud.security.pr"
+          + "ivateca.v1.GetCertificateAuthorityReques"
+          + "t\0328.google.cloud.security.privateca.v1.C"
+          + "ertificateAuthority\"S\202\323\344\223\002F\022D/v1/{name=p"
+          + "rojects/*/locations/*/caPools/*/certific"
+          + "ateAuthorities/*}\332A\004name\022\202\002\n\032ListCertifi"
+          + "cateAuthorities\022E.google.cloud.security."
+          + "privateca.v1.ListCertificateAuthoritiesR"
+          + "equest\032F.google.cloud.security.privateca"
+          + ".v1.ListCertificateAuthoritiesResponse\"U"
+          + "\202\323\344\223\002F\022D/v1/{parent=projects/*/locations"
+          + "/*/caPools/*}/certificateAuthorities\332A\006p"
+          + "arent\022\224\002\n\034UndeleteCertificateAuthority\022G"
+          + ".google.cloud.security.privateca.v1.Unde"
+          + "leteCertificateAuthorityRequest\032\035.google"
+          + ".longrunning.Operation\"\213\001\202\323\344\223\002R\"M/v1/{na"
+          + "me=projects/*/locations/*/caPools/*/cert"
+          + "ificateAuthorities/*}:undelete:\001*\332A\004name"
+          + "\312A)\n\024CertificateAuthority\022\021OperationMeta"
+          + "data\022\203\002\n\032DeleteCertificateAuthority\022E.go"
+          + "ogle.cloud.security.privateca.v1.DeleteC"
+          + "ertificateAuthorityRequest\032\035.google.long"
+          + "running.Operation\"\177\202\323\344\223\002F*D/v1/{name=pro"
+          + "jects/*/locations/*/caPools/*/certificat"
+          + "eAuthorities/*}\332A\004name\312A)\n\024CertificateAu"
+          + "thority\022\021OperationMetadata\022\316\002\n\032UpdateCer"
+          + "tificateAuthority\022E.google.cloud.securit"
+          + "y.privateca.v1.UpdateCertificateAuthorit"
+          + "yRequest\032\035.google.longrunning.Operation\""
+          + "\311\001\202\323\344\223\002s2Z/v1/{certificate_authority.nam"
+          + "e=projects/*/locations/*/caPools/*/certi"
+          + "ficateAuthorities/*}:\025certificate_author"
+          + "ity\332A!certificate_authority,update_mask\312"
+          + "A)\n\024CertificateAuthority\022\021OperationMetad"
+          + "ata\022\336\001\n\014CreateCaPool\0227.google.cloud.secu"
+          + "rity.privateca.v1.CreateCaPoolRequest\032\035."
+          + "google.longrunning.Operation\"v\202\323\344\223\0026\"+/v"
+          + "1/{parent=projects/*/locations/*}/caPool"
+          + "s:\007ca_pool\332A\031parent,ca_pool,ca_pool_id\312A"
+          + "\033\n\006CaPool\022\021OperationMetadata\022\340\001\n\014UpdateC"
+          + "aPool\0227.google.cloud.security.privateca."
+          + "v1.UpdateCaPoolRequest\032\035.google.longrunn"
+          + "ing.Operation\"x\202\323\344\223\002>23/v1/{ca_pool.name"
+          + "=projects/*/locations/*/caPools/*}:\007ca_p"
+          + "ool\332A\023ca_pool,update_mask\312A\033\n\006CaPool\022\021Op"
+          + "erationMetadata\022\251\001\n\tGetCaPool\0224.google.c"
+          + "loud.security.privateca.v1.GetCaPoolRequ"
+          + "est\032*.google.cloud.security.privateca.v1"
+          + ".CaPool\":\202\323\344\223\002-\022+/v1/{name=projects/*/lo"
+          + "cations/*/caPools/*}\332A\004name\022\274\001\n\013ListCaPo"
+          + "ols\0226.google.cloud.security.privateca.v1"
+          + ".ListCaPoolsRequest\0327.google.cloud.secur"
+          + "ity.privateca.v1.ListCaPoolsResponse\"<\202\323"
+          + "\344\223\002-\022+/v1/{parent=projects/*/locations/*"
+          + "}/caPools\332A\006parent\022\300\001\n\014DeleteCaPool\0227.go"
+          + "ogle.cloud.security.privateca.v1.DeleteC"
+          + "aPoolRequest\032\035.google.longrunning.Operat"
+          + "ion\"X\202\323\344\223\002-*+/v1/{name=projects/*/locati"
+          + "ons/*/caPools/*}\332A\004name\312A\033\n\006CaPool\022\021Oper"
+          + "ationMetadata\022\323\001\n\014FetchCaCerts\0227.google."
+          + "cloud.security.privateca.v1.FetchCaCerts"
+          + "Request\0328.google.cloud.security.privatec"
+          + "a.v1.FetchCaCertsResponse\"P\202\323\344\223\002@\";/v1/{"
+          + "ca_pool=projects/*/locations/*/caPools/*"
+          + "}:fetchCaCerts:\001*\332A\007ca_pool\022\230\002\n\034GetCerti"
+          + "ficateRevocationList\022G.google.cloud.secu"
+          + "rity.privateca.v1.GetCertificateRevocati"
+          + "onListRequest\032=.google.cloud.security.pr"
+          + "ivateca.v1.CertificateRevocationList\"p\202\323"
+          + "\344\223\002c\022a/v1/{name=projects/*/locations/*/c"
+          + "aPools/*/certificateAuthorities/*/certif"
+          + "icateRevocationLists/*}\332A\004name\022\253\002\n\036ListC"
+          + "ertificateRevocationLists\022I.google.cloud"
+          + ".security.privateca.v1.ListCertificateRe"
+          + "vocationListsRequest\032J.google.cloud.secu"
+          + "rity.privateca.v1.ListCertificateRevocat"
+          + "ionListsResponse\"r\202\323\344\223\002c\022a/v1/{parent=pr"
+          + "ojects/*/locations/*/caPools/*/certifica"
+          + "teAuthorities/*}/certificateRevocationLi"
+          + "sts\332A\006parent\022\215\003\n\037UpdateCertificateRevoca"
+          + "tionList\022J.google.cloud.security.private"
+          + "ca.v1.UpdateCertificateRevocationListReq"
+          + "uest\032\035.google.longrunning.Operation\"\376\001\202\323"
+          + "\344\223\002\234\0012}/v1/{certificate_revocation_list."
+          + "name=projects/*/locations/*/caPools/*/ce"
+          + "rtificateAuthorities/*/certificateRevoca"
+          + "tionLists/*}:\033certificate_revocation_lis"
+          + "t\332A\'certificate_revocation_list,update_m"
+          + "ask\312A.\n\031CertificateRevocationList\022\021Opera"
+          + "tionMetadata\022\272\002\n\031CreateCertificateTempla"
+          + "te\022D.google.cloud.security.privateca.v1."
+          + "CreateCertificateTemplateRequest\032\035.googl"
+          + "e.longrunning.Operation\"\267\001\202\323\344\223\002P\"8/v1/{p"
+          + "arent=projects/*/locations/*}/certificat"
+          + "eTemplates:\024certificate_template\332A3paren"
+          + "t,certificate_template,certificate_templ"
+          + "ate_id\312A(\n\023CertificateTemplate\022\021Operatio"
+          + "nMetadata\022\232\002\n\031DeleteCertificateTemplate\022"
+          + "D.google.cloud.security.privateca.v1.Del"
+          + "eteCertificateTemplateRequest\032\035.google.l"
+          + "ongrunning.Operation\"\227\001\202\323\344\223\002:*8/v1/{name"
+          + "=projects/*/locations/*/certificateTempl"
+          + "ates/*}\332A\004name\312AM\n\025google.protobuf.Empty"
+          + "\0224google.cloud.security.privateca.v1.Ope"
+          + "rationMetadata\022\335\001\n\026GetCertificateTemplat"
+          + "e\022A.google.cloud.security.privateca.v1.G"
+          + "etCertificateTemplateRequest\0327.google.cl"
+          + "oud.security.privateca.v1.CertificateTem"
+          + "plate\"G\202\323\344\223\002:\0228/v1/{name=projects/*/loca"
+          + "tions/*/certificateTemplates/*}\332A\004name\022\360"
+          + "\001\n\030ListCertificateTemplates\022C.google.clo"
+          + "ud.security.privateca.v1.ListCertificate"
+          + "TemplatesRequest\032D.google.cloud.security"
+          + ".privateca.v1.ListCertificateTemplatesRe"
+          + "sponse\"I\202\323\344\223\002:\0228/v1/{parent=projects/*/l"
+          + "ocations/*}/certificateTemplates\332A\006paren"
+          + "t\022\274\002\n\031UpdateCertificateTemplate\022D.google"
+          + ".cloud.security.privateca.v1.UpdateCerti"
+          + "ficateTemplateRequest\032\035.google.longrunni"
+          + "ng.Operation\"\271\001\202\323\344\223\002e2M/v1/{certificate_"
+          + "template.name=projects/*/locations/*/cer"
+          + "tificateTemplates/*}:\024certificate_templa"
+          + "te\332A certificate_template,update_mask\312A("
+          + "\n\023CertificateTemplate\022\021OperationMetadata"
+          + "\032L\312A\030privateca.googleapis.com\322A.https://"
+          + "www.googleapis.com/auth/cloud-platformB\375"
+          + "\001\n&com.google.cloud.security.privateca.v"
+          + "1B\016PrivateCaProtoP\001ZKgoogle.golang.org/g"
+          + "enproto/googleapis/cloud/security/privat"
+          + "eca/v1;privateca\370\001\001\252\002\"Google.Cloud.Secur"
+          + "ity.PrivateCA.V1\312\002\"Google\\Cloud\\Security"
+          + "\\PrivateCA\\v1\352\002&Google::Cloud::Security:"
+          + ":PrivateCA::v1b\006proto3"
+    };
+    descriptor =
+        com.google.protobuf.Descriptors.FileDescriptor.internalBuildGeneratedFileFrom(
+            descriptorData,
+            new com.google.protobuf.Descriptors.FileDescriptor[] {
+              com.google.api.AnnotationsProto.getDescriptor(),
+              com.google.api.ClientProto.getDescriptor(),
+              com.google.api.FieldBehaviorProto.getDescriptor(),
+              com.google.api.ResourceProto.getDescriptor(),
+              com.google.cloud.security.privateca.v1.PrivateCaResourcesProto.getDescriptor(),
+              com.google.longrunning.OperationsProto.getDescriptor(),
+              com.google.protobuf.DurationProto.getDescriptor(),
+              com.google.protobuf.FieldMaskProto.getDescriptor(),
+              com.google.protobuf.TimestampProto.getDescriptor(),
+            });
+    internal_static_google_cloud_security_privateca_v1_CreateCertificateRequest_descriptor =
+        getDescriptor().getMessageTypes().get(0);
+    internal_static_google_cloud_security_privateca_v1_CreateCertificateRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_CreateCertificateRequest_descriptor,
+            new java.lang.String[] {
+              "Parent",
+              "CertificateId",
+              "Certificate",
+              "RequestId",
+              "ValidateOnly",
+              "IssuingCertificateAuthorityId",
+            });
+    internal_static_google_cloud_security_privateca_v1_GetCertificateRequest_descriptor =
+        getDescriptor().getMessageTypes().get(1);
+    internal_static_google_cloud_security_privateca_v1_GetCertificateRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_GetCertificateRequest_descriptor,
+            new java.lang.String[] {
+              "Name",
+            });
+    internal_static_google_cloud_security_privateca_v1_ListCertificatesRequest_descriptor =
+        getDescriptor().getMessageTypes().get(2);
+    internal_static_google_cloud_security_privateca_v1_ListCertificatesRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_ListCertificatesRequest_descriptor,
+            new java.lang.String[] {
+              "Parent", "PageSize", "PageToken", "Filter", "OrderBy",
+            });
+    internal_static_google_cloud_security_privateca_v1_ListCertificatesResponse_descriptor =
+        getDescriptor().getMessageTypes().get(3);
+    internal_static_google_cloud_security_privateca_v1_ListCertificatesResponse_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_ListCertificatesResponse_descriptor,
+            new java.lang.String[] {
+              "Certificates", "NextPageToken", "Unreachable",
+            });
+    internal_static_google_cloud_security_privateca_v1_RevokeCertificateRequest_descriptor =
+        getDescriptor().getMessageTypes().get(4);
+    internal_static_google_cloud_security_privateca_v1_RevokeCertificateRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_RevokeCertificateRequest_descriptor,
+            new java.lang.String[] {
+              "Name", "Reason", "RequestId",
+            });
+    internal_static_google_cloud_security_privateca_v1_UpdateCertificateRequest_descriptor =
+        getDescriptor().getMessageTypes().get(5);
+    internal_static_google_cloud_security_privateca_v1_UpdateCertificateRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_UpdateCertificateRequest_descriptor,
+            new java.lang.String[] {
+              "Certificate", "UpdateMask", "RequestId",
+            });
+    internal_static_google_cloud_security_privateca_v1_ActivateCertificateAuthorityRequest_descriptor =
+        getDescriptor().getMessageTypes().get(6);
+    internal_static_google_cloud_security_privateca_v1_ActivateCertificateAuthorityRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_ActivateCertificateAuthorityRequest_descriptor,
+            new java.lang.String[] {
+              "Name", "PemCaCertificate", "SubordinateConfig", "RequestId",
+            });
+    internal_static_google_cloud_security_privateca_v1_CreateCertificateAuthorityRequest_descriptor =
+        getDescriptor().getMessageTypes().get(7);
+    internal_static_google_cloud_security_privateca_v1_CreateCertificateAuthorityRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_CreateCertificateAuthorityRequest_descriptor,
+            new java.lang.String[] {
+              "Parent", "CertificateAuthorityId", "CertificateAuthority", "RequestId",
+            });
+    internal_static_google_cloud_security_privateca_v1_DisableCertificateAuthorityRequest_descriptor =
+        getDescriptor().getMessageTypes().get(8);
+    internal_static_google_cloud_security_privateca_v1_DisableCertificateAuthorityRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_DisableCertificateAuthorityRequest_descriptor,
+            new java.lang.String[] {
+              "Name", "RequestId",
+            });
+    internal_static_google_cloud_security_privateca_v1_EnableCertificateAuthorityRequest_descriptor =
+        getDescriptor().getMessageTypes().get(9);
+    internal_static_google_cloud_security_privateca_v1_EnableCertificateAuthorityRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_EnableCertificateAuthorityRequest_descriptor,
+            new java.lang.String[] {
+              "Name", "RequestId",
+            });
+    internal_static_google_cloud_security_privateca_v1_FetchCertificateAuthorityCsrRequest_descriptor =
+        getDescriptor().getMessageTypes().get(10);
+    internal_static_google_cloud_security_privateca_v1_FetchCertificateAuthorityCsrRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_FetchCertificateAuthorityCsrRequest_descriptor,
+            new java.lang.String[] {
+              "Name",
+            });
+    internal_static_google_cloud_security_privateca_v1_FetchCertificateAuthorityCsrResponse_descriptor =
+        getDescriptor().getMessageTypes().get(11);
+    internal_static_google_cloud_security_privateca_v1_FetchCertificateAuthorityCsrResponse_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_FetchCertificateAuthorityCsrResponse_descriptor,
+            new java.lang.String[] {
+              "PemCsr",
+            });
+    internal_static_google_cloud_security_privateca_v1_GetCertificateAuthorityRequest_descriptor =
+        getDescriptor().getMessageTypes().get(12);
+    internal_static_google_cloud_security_privateca_v1_GetCertificateAuthorityRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_GetCertificateAuthorityRequest_descriptor,
+            new java.lang.String[] {
+              "Name",
+            });
+    internal_static_google_cloud_security_privateca_v1_ListCertificateAuthoritiesRequest_descriptor =
+        getDescriptor().getMessageTypes().get(13);
+    internal_static_google_cloud_security_privateca_v1_ListCertificateAuthoritiesRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_ListCertificateAuthoritiesRequest_descriptor,
+            new java.lang.String[] {
+              "Parent", "PageSize", "PageToken", "Filter", "OrderBy",
+            });
+    internal_static_google_cloud_security_privateca_v1_ListCertificateAuthoritiesResponse_descriptor =
+        getDescriptor().getMessageTypes().get(14);
+    internal_static_google_cloud_security_privateca_v1_ListCertificateAuthoritiesResponse_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_ListCertificateAuthoritiesResponse_descriptor,
+            new java.lang.String[] {
+              "CertificateAuthorities", "NextPageToken", "Unreachable",
+            });
+    internal_static_google_cloud_security_privateca_v1_UndeleteCertificateAuthorityRequest_descriptor =
+        getDescriptor().getMessageTypes().get(15);
+    internal_static_google_cloud_security_privateca_v1_UndeleteCertificateAuthorityRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_UndeleteCertificateAuthorityRequest_descriptor,
+            new java.lang.String[] {
+              "Name", "RequestId",
+            });
+    internal_static_google_cloud_security_privateca_v1_DeleteCertificateAuthorityRequest_descriptor =
+        getDescriptor().getMessageTypes().get(16);
+    internal_static_google_cloud_security_privateca_v1_DeleteCertificateAuthorityRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_DeleteCertificateAuthorityRequest_descriptor,
+            new java.lang.String[] {
+              "Name", "RequestId", "IgnoreActiveCertificates",
+            });
+    internal_static_google_cloud_security_privateca_v1_UpdateCertificateAuthorityRequest_descriptor =
+        getDescriptor().getMessageTypes().get(17);
+    internal_static_google_cloud_security_privateca_v1_UpdateCertificateAuthorityRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_UpdateCertificateAuthorityRequest_descriptor,
+            new java.lang.String[] {
+              "CertificateAuthority", "UpdateMask", "RequestId",
+            });
+    internal_static_google_cloud_security_privateca_v1_CreateCaPoolRequest_descriptor =
+        getDescriptor().getMessageTypes().get(18);
+    internal_static_google_cloud_security_privateca_v1_CreateCaPoolRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_CreateCaPoolRequest_descriptor,
+            new java.lang.String[] {
+              "Parent", "CaPoolId", "CaPool", "RequestId",
+            });
+    internal_static_google_cloud_security_privateca_v1_UpdateCaPoolRequest_descriptor =
+        getDescriptor().getMessageTypes().get(19);
+    internal_static_google_cloud_security_privateca_v1_UpdateCaPoolRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_UpdateCaPoolRequest_descriptor,
+            new java.lang.String[] {
+              "CaPool", "UpdateMask", "RequestId",
+            });
+    internal_static_google_cloud_security_privateca_v1_DeleteCaPoolRequest_descriptor =
+        getDescriptor().getMessageTypes().get(20);
+    internal_static_google_cloud_security_privateca_v1_DeleteCaPoolRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_DeleteCaPoolRequest_descriptor,
+            new java.lang.String[] {
+              "Name", "RequestId",
+            });
+    internal_static_google_cloud_security_privateca_v1_FetchCaCertsRequest_descriptor =
+        getDescriptor().getMessageTypes().get(21);
+    internal_static_google_cloud_security_privateca_v1_FetchCaCertsRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_FetchCaCertsRequest_descriptor,
+            new java.lang.String[] {
+              "CaPool", "RequestId",
+            });
+    internal_static_google_cloud_security_privateca_v1_FetchCaCertsResponse_descriptor =
+        getDescriptor().getMessageTypes().get(22);
+    internal_static_google_cloud_security_privateca_v1_FetchCaCertsResponse_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_FetchCaCertsResponse_descriptor,
+            new java.lang.String[] {
+              "CaCerts",
+            });
+    internal_static_google_cloud_security_privateca_v1_FetchCaCertsResponse_CertChain_descriptor =
+        internal_static_google_cloud_security_privateca_v1_FetchCaCertsResponse_descriptor
+            .getNestedTypes()
+            .get(0);
+    internal_static_google_cloud_security_privateca_v1_FetchCaCertsResponse_CertChain_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_FetchCaCertsResponse_CertChain_descriptor,
+            new java.lang.String[] {
+              "Certificates",
+            });
+    internal_static_google_cloud_security_privateca_v1_GetCaPoolRequest_descriptor =
+        getDescriptor().getMessageTypes().get(23);
+    internal_static_google_cloud_security_privateca_v1_GetCaPoolRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_GetCaPoolRequest_descriptor,
+            new java.lang.String[] {
+              "Name",
+            });
+    internal_static_google_cloud_security_privateca_v1_ListCaPoolsRequest_descriptor =
+        getDescriptor().getMessageTypes().get(24);
+    internal_static_google_cloud_security_privateca_v1_ListCaPoolsRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_ListCaPoolsRequest_descriptor,
+            new java.lang.String[] {
+              "Parent", "PageSize", "PageToken", "Filter", "OrderBy",
+            });
+    internal_static_google_cloud_security_privateca_v1_ListCaPoolsResponse_descriptor =
+        getDescriptor().getMessageTypes().get(25);
+    internal_static_google_cloud_security_privateca_v1_ListCaPoolsResponse_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_ListCaPoolsResponse_descriptor,
+            new java.lang.String[] {
+              "CaPools", "NextPageToken", "Unreachable",
+            });
+    internal_static_google_cloud_security_privateca_v1_GetCertificateRevocationListRequest_descriptor =
+        getDescriptor().getMessageTypes().get(26);
+    internal_static_google_cloud_security_privateca_v1_GetCertificateRevocationListRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_GetCertificateRevocationListRequest_descriptor,
+            new java.lang.String[] {
+              "Name",
+            });
+    internal_static_google_cloud_security_privateca_v1_ListCertificateRevocationListsRequest_descriptor =
+        getDescriptor().getMessageTypes().get(27);
+    internal_static_google_cloud_security_privateca_v1_ListCertificateRevocationListsRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_ListCertificateRevocationListsRequest_descriptor,
+            new java.lang.String[] {
+              "Parent", "PageSize", "PageToken", "Filter", "OrderBy",
+            });
+    internal_static_google_cloud_security_privateca_v1_ListCertificateRevocationListsResponse_descriptor =
+        getDescriptor().getMessageTypes().get(28);
+    internal_static_google_cloud_security_privateca_v1_ListCertificateRevocationListsResponse_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_ListCertificateRevocationListsResponse_descriptor,
+            new java.lang.String[] {
+              "CertificateRevocationLists", "NextPageToken", "Unreachable",
+            });
+    internal_static_google_cloud_security_privateca_v1_UpdateCertificateRevocationListRequest_descriptor =
+        getDescriptor().getMessageTypes().get(29);
+    internal_static_google_cloud_security_privateca_v1_UpdateCertificateRevocationListRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_UpdateCertificateRevocationListRequest_descriptor,
+            new java.lang.String[] {
+              "CertificateRevocationList", "UpdateMask", "RequestId",
+            });
+    internal_static_google_cloud_security_privateca_v1_CreateCertificateTemplateRequest_descriptor =
+        getDescriptor().getMessageTypes().get(30);
+    internal_static_google_cloud_security_privateca_v1_CreateCertificateTemplateRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_CreateCertificateTemplateRequest_descriptor,
+            new java.lang.String[] {
+              "Parent", "CertificateTemplateId", "CertificateTemplate", "RequestId",
+            });
+    internal_static_google_cloud_security_privateca_v1_DeleteCertificateTemplateRequest_descriptor =
+        getDescriptor().getMessageTypes().get(31);
+    internal_static_google_cloud_security_privateca_v1_DeleteCertificateTemplateRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_DeleteCertificateTemplateRequest_descriptor,
+            new java.lang.String[] {
+              "Name", "RequestId",
+            });
+    internal_static_google_cloud_security_privateca_v1_GetCertificateTemplateRequest_descriptor =
+        getDescriptor().getMessageTypes().get(32);
+    internal_static_google_cloud_security_privateca_v1_GetCertificateTemplateRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_GetCertificateTemplateRequest_descriptor,
+            new java.lang.String[] {
+              "Name",
+            });
+    internal_static_google_cloud_security_privateca_v1_ListCertificateTemplatesRequest_descriptor =
+        getDescriptor().getMessageTypes().get(33);
+    internal_static_google_cloud_security_privateca_v1_ListCertificateTemplatesRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_ListCertificateTemplatesRequest_descriptor,
+            new java.lang.String[] {
+              "Parent", "PageSize", "PageToken", "Filter", "OrderBy",
+            });
+    internal_static_google_cloud_security_privateca_v1_ListCertificateTemplatesResponse_descriptor =
+        getDescriptor().getMessageTypes().get(34);
+    internal_static_google_cloud_security_privateca_v1_ListCertificateTemplatesResponse_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_ListCertificateTemplatesResponse_descriptor,
+            new java.lang.String[] {
+              "CertificateTemplates", "NextPageToken", "Unreachable",
+            });
+    internal_static_google_cloud_security_privateca_v1_UpdateCertificateTemplateRequest_descriptor =
+        getDescriptor().getMessageTypes().get(35);
+    internal_static_google_cloud_security_privateca_v1_UpdateCertificateTemplateRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_UpdateCertificateTemplateRequest_descriptor,
+            new java.lang.String[] {
+              "CertificateTemplate", "UpdateMask", "RequestId",
+            });
+    internal_static_google_cloud_security_privateca_v1_OperationMetadata_descriptor =
+        getDescriptor().getMessageTypes().get(36);
+    internal_static_google_cloud_security_privateca_v1_OperationMetadata_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_OperationMetadata_descriptor,
+            new java.lang.String[] {
+              "CreateTime",
+              "EndTime",
+              "Target",
+              "Verb",
+              "StatusMessage",
+              "RequestedCancellation",
+              "ApiVersion",
+            });
+    com.google.protobuf.ExtensionRegistry registry =
+        com.google.protobuf.ExtensionRegistry.newInstance();
+    registry.add(com.google.api.ClientProto.defaultHost);
+    registry.add(com.google.api.FieldBehaviorProto.fieldBehavior);
+    registry.add(com.google.api.AnnotationsProto.http);
+    registry.add(com.google.api.ClientProto.methodSignature);
+    registry.add(com.google.api.ClientProto.oauthScopes);
+    registry.add(com.google.api.ResourceProto.resourceReference);
+    registry.add(com.google.longrunning.OperationsProto.operationInfo);
+    com.google.protobuf.Descriptors.FileDescriptor.internalUpdateFileDescriptor(
+        descriptor, registry);
+    com.google.api.AnnotationsProto.getDescriptor();
+    com.google.api.ClientProto.getDescriptor();
+    com.google.api.FieldBehaviorProto.getDescriptor();
+    com.google.api.ResourceProto.getDescriptor();
+    com.google.cloud.security.privateca.v1.PrivateCaResourcesProto.getDescriptor();
+    com.google.longrunning.OperationsProto.getDescriptor();
+    com.google.protobuf.DurationProto.getDescriptor();
+    com.google.protobuf.FieldMaskProto.getDescriptor();
+    com.google.protobuf.TimestampProto.getDescriptor();
+  }
+
+  // @@protoc_insertion_point(outer_class_scope)
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/PrivateCaResourcesProto.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/PrivateCaResourcesProto.java
new file mode 100644
index 00000000..7d6244b2
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/PrivateCaResourcesProto.java
@@ -0,0 +1,965 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/resources.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public final class PrivateCaResourcesProto {
+  private PrivateCaResourcesProto() {}
+
+  public static void registerAllExtensions(com.google.protobuf.ExtensionRegistryLite registry) {}
+
+  public static void registerAllExtensions(com.google.protobuf.ExtensionRegistry registry) {
+    registerAllExtensions((com.google.protobuf.ExtensionRegistryLite) registry);
+  }
+
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_CertificateAuthority_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_CertificateAuthority_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_CertificateAuthority_AccessUrls_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_CertificateAuthority_AccessUrls_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_CertificateAuthority_KeyVersionSpec_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_CertificateAuthority_KeyVersionSpec_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_CertificateAuthority_LabelsEntry_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_CertificateAuthority_LabelsEntry_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_CaPool_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_CaPool_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_CaPool_PublishingOptions_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_CaPool_PublishingOptions_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_AllowedKeyType_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_AllowedKeyType_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_IssuanceModes_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_IssuanceModes_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_CaPool_LabelsEntry_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_CaPool_LabelsEntry_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_CertificateRevocationList_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_CertificateRevocationList_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_CertificateRevocationList_RevokedCertificate_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_CertificateRevocationList_RevokedCertificate_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_CertificateRevocationList_LabelsEntry_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_CertificateRevocationList_LabelsEntry_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_Certificate_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_Certificate_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_Certificate_RevocationDetails_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_Certificate_RevocationDetails_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_Certificate_LabelsEntry_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_Certificate_LabelsEntry_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_CertificateTemplate_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_CertificateTemplate_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_CertificateTemplate_LabelsEntry_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_CertificateTemplate_LabelsEntry_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_X509Parameters_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_X509Parameters_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_X509Parameters_CaOptions_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_X509Parameters_CaOptions_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_SubordinateConfig_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_SubordinateConfig_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_SubordinateConfig_SubordinateConfigChain_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_SubordinateConfig_SubordinateConfigChain_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_PublicKey_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_PublicKey_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_CertificateConfig_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_CertificateConfig_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_CertificateConfig_SubjectConfig_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_CertificateConfig_SubjectConfig_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_CertificateDescription_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_CertificateDescription_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_CertificateDescription_SubjectDescription_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_CertificateDescription_SubjectDescription_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_CertificateDescription_KeyId_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_CertificateDescription_KeyId_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_CertificateDescription_CertificateFingerprint_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_CertificateDescription_CertificateFingerprint_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_ObjectId_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_ObjectId_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_X509Extension_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_X509Extension_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_KeyUsage_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_KeyUsage_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_KeyUsage_KeyUsageOptions_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_KeyUsage_KeyUsageOptions_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_KeyUsage_ExtendedKeyUsageOptions_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_KeyUsage_ExtendedKeyUsageOptions_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_Subject_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_Subject_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_SubjectAltNames_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_SubjectAltNames_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_CertificateIdentityConstraints_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_CertificateIdentityConstraints_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_cloud_security_privateca_v1_CertificateExtensionConstraints_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_cloud_security_privateca_v1_CertificateExtensionConstraints_fieldAccessorTable;
+
+  public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
+    return descriptor;
+  }
+
+  private static com.google.protobuf.Descriptors.FileDescriptor descriptor;
+
+  static {
+    java.lang.String[] descriptorData = {
+      "\n2google/cloud/security/privateca/v1/res"
+          + "ources.proto\022\"google.cloud.security.priv"
+          + "ateca.v1\032\037google/api/field_behavior.prot"
+          + "o\032\031google/api/resource.proto\032\036google/pro"
+          + "tobuf/duration.proto\032\037google/protobuf/ti"
+          + "mestamp.proto\032\026google/type/expr.proto\032\034g"
+          + "oogle/api/annotations.proto\"\362\017\n\024Certific"
+          + "ateAuthority\022\021\n\004name\030\001 \001(\tB\003\340A\003\022S\n\004type\030"
+          + "\002 \001(\0162=.google.cloud.security.privateca."
+          + "v1.CertificateAuthority.TypeB\006\340A\002\340A\005\022M\n\006"
+          + "config\030\003 \001(\01325.google.cloud.security.pri"
+          + "vateca.v1.CertificateConfigB\006\340A\002\340A\005\0220\n\010l"
+          + "ifetime\030\004 \001(\0132\031.google.protobuf.Duration"
+          + "B\003\340A\002\022a\n\010key_spec\030\005 \001(\0132G.google.cloud.s"
+          + "ecurity.privateca.v1.CertificateAuthorit"
+          + "y.KeyVersionSpecB\006\340A\002\340A\005\022V\n\022subordinate_"
+          + "config\030\006 \001(\01325.google.cloud.security.pri"
+          + "vateca.v1.SubordinateConfigB\003\340A\001\022B\n\004tier"
+          + "\030\007 \001(\0162/.google.cloud.security.privateca"
+          + ".v1.CaPool.TierB\003\340A\003\022R\n\005state\030\010 \001(\0162>.go"
+          + "ogle.cloud.security.privateca.v1.Certifi"
+          + "cateAuthority.StateB\003\340A\003\022 \n\023pem_ca_certi"
+          + "ficates\030\t \003(\tB\003\340A\003\022d\n\033ca_certificate_des"
+          + "criptions\030\n \003(\0132:.google.cloud.security."
+          + "privateca.v1.CertificateDescriptionB\003\340A\003"
+          + "\022\027\n\ngcs_bucket\030\013 \001(\tB\003\340A\005\022]\n\013access_urls"
+          + "\030\014 \001(\0132C.google.cloud.security.privateca"
+          + ".v1.CertificateAuthority.AccessUrlsB\003\340A\003"
+          + "\0224\n\013create_time\030\r \001(\0132\032.google.protobuf."
+          + "TimestampB\003\340A\003\0224\n\013update_time\030\016 \001(\0132\032.go"
+          + "ogle.protobuf.TimestampB\003\340A\003\0224\n\013delete_t"
+          + "ime\030\017 \001(\0132\032.google.protobuf.TimestampB\003\340"
+          + "A\003\0224\n\013expire_time\030\020 \001(\0132\032.google.protobu"
+          + "f.TimestampB\003\340A\003\022Y\n\006labels\030\021 \003(\0132D.googl"
+          + "e.cloud.security.privateca.v1.Certificat"
+          + "eAuthority.LabelsEntryB\003\340A\001\032H\n\nAccessUrl"
+          + "s\022!\n\031ca_certificate_access_url\030\001 \001(\t\022\027\n\017"
+          + "crl_access_urls\030\002 \003(\t\032\240\001\n\016KeyVersionSpec"
+          + "\022\037\n\025cloud_kms_key_version\030\001 \001(\tH\000\022_\n\talg"
+          + "orithm\030\002 \001(\0162J.google.cloud.security.pri"
+          + "vateca.v1.CertificateAuthority.SignHashA"
+          + "lgorithmH\000B\014\n\nKeyVersion\032-\n\013LabelsEntry\022"
+          + "\013\n\003key\030\001 \001(\t\022\r\n\005value\030\002 \001(\t:\0028\001\">\n\004Type\022"
+          + "\024\n\020TYPE_UNSPECIFIED\020\000\022\017\n\013SELF_SIGNED\020\001\022\017"
+          + "\n\013SUBORDINATE\020\002\"p\n\005State\022\025\n\021STATE_UNSPEC"
+          + "IFIED\020\000\022\013\n\007ENABLED\020\001\022\014\n\010DISABLED\020\002\022\n\n\006ST"
+          + "AGED\020\003\022\034\n\030AWAITING_USER_ACTIVATION\020\004\022\013\n\007"
+          + "DELETED\020\005\"\374\001\n\021SignHashAlgorithm\022#\n\037SIGN_"
+          + "HASH_ALGORITHM_UNSPECIFIED\020\000\022\027\n\023RSA_PSS_"
+          + "2048_SHA256\020\001\022\027\n\023RSA_PSS_3072_SHA256\020\002\022\027"
+          + "\n\023RSA_PSS_4096_SHA256\020\003\022\031\n\025RSA_PKCS1_204"
+          + "8_SHA256\020\006\022\031\n\025RSA_PKCS1_3072_SHA256\020\007\022\031\n"
+          + "\025RSA_PKCS1_4096_SHA256\020\010\022\022\n\016EC_P256_SHA2"
+          + "56\020\004\022\022\n\016EC_P384_SHA384\020\005:\235\001\352A\231\001\n-private"
+          + "ca.googleapis.com/CertificateAuthority\022h"
+          + "projects/{project}/locations/{location}/"
+          + "caPools/{ca_pool}/certificateAuthorities"
+          + "/{certificate_authority}\"\302\r\n\006CaPool\022\021\n\004n"
+          + "ame\030\001 \001(\tB\003\340A\003\022E\n\004tier\030\002 \001(\0162/.google.cl"
+          + "oud.security.privateca.v1.CaPool.TierB\006\340"
+          + "A\002\340A\005\022W\n\017issuance_policy\030\003 \001(\01329.google."
+          + "cloud.security.privateca.v1.CaPool.Issua"
+          + "ncePolicyB\003\340A\001\022]\n\022publishing_options\030\004 \001"
+          + "(\0132<.google.cloud.security.privateca.v1."
+          + "CaPool.PublishingOptionsB\003\340A\001\022K\n\006labels\030"
+          + "\005 \003(\01326.google.cloud.security.privateca."
+          + "v1.CaPool.LabelsEntryB\003\340A\001\032K\n\021Publishing"
+          + "Options\022\034\n\017publish_ca_cert\030\001 \001(\010B\003\340A\002\022\030\n"
+          + "\013publish_crl\030\002 \001(\010B\003\340A\002\032\301\010\n\016IssuancePoli"
+          + "cy\022h\n\021allowed_key_types\030\001 \003(\0132H.google.c"
+          + "loud.security.privateca.v1.CaPool.Issuan"
+          + "cePolicy.AllowedKeyTypeB\003\340A\001\0228\n\020maximum_"
+          + "lifetime\030\002 \001(\0132\031.google.protobuf.Duratio"
+          + "nB\003\340A\001\022l\n\026allowed_issuance_modes\030\003 \001(\0132G"
+          + ".google.cloud.security.privateca.v1.CaPo"
+          + "ol.IssuancePolicy.IssuanceModesB\003\340A\001\022P\n\017"
+          + "baseline_values\030\004 \001(\01322.google.cloud.sec"
+          + "urity.privateca.v1.X509ParametersB\003\340A\001\022e"
+          + "\n\024identity_constraints\030\005 \001(\0132B.google.cl"
+          + "oud.security.privateca.v1.CertificateIde"
+          + "ntityConstraintsB\003\340A\001\022h\n\026passthrough_ext"
+          + "ensions\030\006 \001(\0132C.google.cloud.security.pr"
+          + "ivateca.v1.CertificateExtensionConstrain"
+          + "tsB\003\340A\001\032\227\003\n\016AllowedKeyType\022b\n\003rsa\030\001 \001(\0132"
+          + "S.google.cloud.security.privateca.v1.CaP"
+          + "ool.IssuancePolicy.AllowedKeyType.RsaKey"
+          + "TypeH\000\022m\n\016elliptic_curve\030\002 \001(\0162S.google."
+          + "cloud.security.privateca.v1.CaPool.Issua"
+          + "ncePolicy.AllowedKeyType.NamedCurveH\000\032J\n"
+          + "\nRsaKeyType\022\035\n\020min_modulus_size\030\001 \001(\003B\003\340"
+          + "A\001\022\035\n\020max_modulus_size\030\002 \001(\003B\003\340A\001\"Z\n\nNam"
+          + "edCurve\022\033\n\027NAMED_CURVE_UNSPECIFIED\020\000\022\016\n\n"
+          + "ECDSA_P256\020\002\022\016\n\nECDSA_P384\020\003\022\017\n\013EDDSA_25"
+          + "519\020\004B\n\n\010key_type\032`\n\rIssuanceModes\022%\n\030al"
+          + "low_csr_based_issuance\030\001 \001(\010B\003\340A\002\022(\n\033all"
+          + "ow_config_based_issuance\030\002 \001(\010B\003\340A\002\032-\n\013L"
+          + "abelsEntry\022\013\n\003key\030\001 \001(\t\022\r\n\005value\030\002 \001(\t:\002"
+          + "8\001\"8\n\004Tier\022\024\n\020TIER_UNSPECIFIED\020\000\022\016\n\nENTE"
+          + "RPRISE\020\001\022\n\n\006DEVOPS\020\002:_\352A\\\n\037privateca.goo"
+          + "gleapis.com/CaPool\0229projects/{project}/l"
+          + "ocations/{location}/caPools/{ca_pool}\"\274\010"
+          + "\n\031CertificateRevocationList\022\021\n\004name\030\001 \001("
+          + "\tB\003\340A\003\022\034\n\017sequence_number\030\002 \001(\003B\003\340A\003\022s\n\024"
+          + "revoked_certificates\030\003 \003(\0132P.google.clou"
+          + "d.security.privateca.v1.CertificateRevoc"
+          + "ationList.RevokedCertificateB\003\340A\003\022\024\n\007pem"
+          + "_crl\030\004 \001(\tB\003\340A\003\022\027\n\naccess_url\030\005 \001(\tB\003\340A\003"
+          + "\022W\n\005state\030\006 \001(\0162C.google.cloud.security."
+          + "privateca.v1.CertificateRevocationList.S"
+          + "tateB\003\340A\003\0224\n\013create_time\030\007 \001(\0132\032.google."
+          + "protobuf.TimestampB\003\340A\003\0224\n\013update_time\030\010"
+          + " \001(\0132\032.google.protobuf.TimestampB\003\340A\003\022\030\n"
+          + "\013revision_id\030\t \001(\tB\003\340A\003\022^\n\006labels\030\n \003(\0132"
+          + "I.google.cloud.security.privateca.v1.Cer"
+          + "tificateRevocationList.LabelsEntryB\003\340A\001\032"
+          + "\300\001\n\022RevokedCertificate\022>\n\013certificate\030\001 "
+          + "\001(\tB)\372A&\n$privateca.googleapis.com/Certi"
+          + "ficate\022\031\n\021hex_serial_number\030\002 \001(\t\022O\n\021rev"
+          + "ocation_reason\030\003 \001(\01624.google.cloud.secu"
+          + "rity.privateca.v1.RevocationReason\032-\n\013La"
+          + "belsEntry\022\013\n\003key\030\001 \001(\t\022\r\n\005value\030\002 \001(\t:\0028"
+          + "\001\":\n\005State\022\025\n\021STATE_UNSPECIFIED\020\000\022\n\n\006ACT"
+          + "IVE\020\001\022\016\n\nSUPERSEDED\020\002:\334\001\352A\330\001\n2privateca."
+          + "googleapis.com/CertificateRevocationList"
+          + "\022\241\001projects/{project}/locations/{locatio"
+          + "n}/caPools/{ca_pool}/certificateAuthorit"
+          + "ies/{certificate_authority}/certificateR"
+          + "evocationLists/{certificate_revocation_l"
+          + "ist}\"\217\n\n\013Certificate\022:\n\004name\030\001 \001(\tB,\340A\003\372"
+          + "A&\n$privateca.googleapis.com/Certificate"
+          + "\022\026\n\007pem_csr\030\002 \001(\tB\003\340A\005H\000\022L\n\006config\030\003 \001(\013"
+          + "25.google.cloud.security.privateca.v1.Ce"
+          + "rtificateConfigB\003\340A\005H\000\022[\n\034issuer_certifi"
+          + "cate_authority\030\004 \001(\tB5\340A\003\372A/\n-privateca."
+          + "googleapis.com/CertificateAuthority\0223\n\010l"
+          + "ifetime\030\005 \001(\0132\031.google.protobuf.Duration"
+          + "B\006\340A\002\340A\005\022R\n\024certificate_template\030\006 \001(\tB4"
+          + "\340A\005\372A.\n,privateca.googleapis.com/Certifi"
+          + "cateTemplate\022Q\n\014subject_mode\030\007 \001(\01626.goo"
+          + "gle.cloud.security.privateca.v1.SubjectR"
+          + "equestModeB\003\340A\005\022b\n\022revocation_details\030\010 "
+          + "\001(\0132A.google.cloud.security.privateca.v1"
+          + ".Certificate.RevocationDetailsB\003\340A\003\022\034\n\017p"
+          + "em_certificate\030\t \001(\tB\003\340A\003\022`\n\027certificate"
+          + "_description\030\n \001(\0132:.google.cloud.securi"
+          + "ty.privateca.v1.CertificateDescriptionB\003"
+          + "\340A\003\022\"\n\025pem_certificate_chain\030\013 \003(\tB\003\340A\003\022"
+          + "4\n\013create_time\030\014 \001(\0132\032.google.protobuf.T"
+          + "imestampB\003\340A\003\0224\n\013update_time\030\r \001(\0132\032.goo"
+          + "gle.protobuf.TimestampB\003\340A\003\022P\n\006labels\030\016 "
+          + "\003(\0132;.google.cloud.security.privateca.v1"
+          + ".Certificate.LabelsEntryB\003\340A\001\032\230\001\n\021Revoca"
+          + "tionDetails\022N\n\020revocation_state\030\001 \001(\01624."
+          + "google.cloud.security.privateca.v1.Revoc"
+          + "ationReason\0223\n\017revocation_time\030\002 \001(\0132\032.g"
+          + "oogle.protobuf.Timestamp\032-\n\013LabelsEntry\022"
+          + "\013\n\003key\030\001 \001(\t\022\r\n\005value\030\002 \001(\t:\0028\001:\177\352A|\n$pr"
+          + "ivateca.googleapis.com/Certificate\022Tproj"
+          + "ects/{project}/locations/{location}/caPo"
+          + "ols/{ca_pool}/certificates/{certificate}"
+          + "B\024\n\022certificate_config\"\227\006\n\023CertificateTe"
+          + "mplate\022B\n\004name\030\001 \001(\tB4\340A\003\372A.\n,privateca."
+          + "googleapis.com/CertificateTemplate\022R\n\021pr"
+          + "edefined_values\030\002 \001(\01322.google.cloud.sec"
+          + "urity.privateca.v1.X509ParametersB\003\340A\001\022e"
+          + "\n\024identity_constraints\030\003 \001(\0132B.google.cl"
+          + "oud.security.privateca.v1.CertificateIde"
+          + "ntityConstraintsB\003\340A\001\022h\n\026passthrough_ext"
+          + "ensions\030\004 \001(\0132C.google.cloud.security.pr"
+          + "ivateca.v1.CertificateExtensionConstrain"
+          + "tsB\003\340A\001\022\030\n\013description\030\005 \001(\tB\003\340A\001\0224\n\013cre"
+          + "ate_time\030\006 \001(\0132\032.google.protobuf.Timesta"
+          + "mpB\003\340A\003\0224\n\013update_time\030\007 \001(\0132\032.google.pr"
+          + "otobuf.TimestampB\003\340A\003\022X\n\006labels\030\010 \003(\0132C."
+          + "google.cloud.security.privateca.v1.Certi"
+          + "ficateTemplate.LabelsEntryB\003\340A\001\032-\n\013Label"
+          + "sEntry\022\013\n\003key\030\001 \001(\t\022\r\n\005value\030\002 \001(\t:\0028\001:\207"
+          + "\001\352A\203\001\n,privateca.googleapis.com/Certific"
+          + "ateTemplate\022Sprojects/{project}/location"
+          + "s/{location}/certificateTemplates/{certi"
+          + "ficate_template}\"\337\003\n\016X509Parameters\022D\n\tk"
+          + "ey_usage\030\001 \001(\0132,.google.cloud.security.p"
+          + "rivateca.v1.KeyUsageB\003\340A\001\022U\n\nca_options\030"
+          + "\002 \001(\0132<.google.cloud.security.privateca."
+          + "v1.X509Parameters.CaOptionsB\003\340A\001\022E\n\npoli"
+          + "cy_ids\030\003 \003(\0132,.google.cloud.security.pri"
+          + "vateca.v1.ObjectIdB\003\340A\001\022\035\n\020aia_ocsp_serv"
+          + "ers\030\004 \003(\tB\003\340A\001\022U\n\025additional_extensions\030"
+          + "\005 \003(\01321.google.cloud.security.privateca."
+          + "v1.X509ExtensionB\003\340A\001\032s\n\tCaOptions\022\027\n\005is"
+          + "_ca\030\001 \001(\010B\003\340A\001H\000\210\001\001\022(\n\026max_issuer_path_l"
+          + "ength\030\002 \001(\005B\003\340A\001H\001\210\001\001B\010\n\006_is_caB\031\n\027_max_"
+          + "issuer_path_length\"\251\002\n\021SubordinateConfig"
+          + "\022V\n\025certificate_authority\030\001 \001(\tB5\340A\002\372A/\n"
+          + "-privateca.googleapis.com/CertificateAut"
+          + "horityH\000\022m\n\020pem_issuer_chain\030\002 \001(\0132L.goo"
+          + "gle.cloud.security.privateca.v1.Subordin"
+          + "ateConfig.SubordinateConfigChainB\003\340A\002H\000\032"
+          + "7\n\026SubordinateConfigChain\022\035\n\020pem_certifi"
+          + "cates\030\001 \003(\tB\003\340A\002B\024\n\022subordinate_config\"\235"
+          + "\001\n\tPublicKey\022\020\n\003key\030\001 \001(\014B\003\340A\002\022L\n\006format"
+          + "\030\002 \001(\01627.google.cloud.security.privateca"
+          + ".v1.PublicKey.KeyFormatB\003\340A\002\"0\n\tKeyForma"
+          + "t\022\032\n\026KEY_FORMAT_UNSPECIFIED\020\000\022\007\n\003PEM\020\001\"\264"
+          + "\003\n\021CertificateConfig\022`\n\016subject_config\030\001"
+          + " \001(\0132C.google.cloud.security.privateca.v"
+          + "1.CertificateConfig.SubjectConfigB\003\340A\002\022L"
+          + "\n\013x509_config\030\002 \001(\01322.google.cloud.secur"
+          + "ity.privateca.v1.X509ParametersB\003\340A\002\022F\n\n"
+          + "public_key\030\003 \001(\0132-.google.cloud.security"
+          + ".privateca.v1.PublicKeyB\003\340A\001\032\246\001\n\rSubject"
+          + "Config\022A\n\007subject\030\001 \001(\0132+.google.cloud.s"
+          + "ecurity.privateca.v1.SubjectB\003\340A\002\022R\n\020sub"
+          + "ject_alt_name\030\002 \001(\01323.google.cloud.secur"
+          + "ity.privateca.v1.SubjectAltNamesB\003\340A\001\"\241\010"
+          + "\n\026CertificateDescription\022j\n\023subject_desc"
+          + "ription\030\001 \001(\0132M.google.cloud.security.pr"
+          + "ivateca.v1.CertificateDescription.Subjec"
+          + "tDescription\022L\n\020x509_description\030\002 \001(\01322"
+          + ".google.cloud.security.privateca.v1.X509"
+          + "Parameters\022A\n\npublic_key\030\003 \001(\0132-.google."
+          + "cloud.security.privateca.v1.PublicKey\022X\n"
+          + "\016subject_key_id\030\004 \001(\0132@.google.cloud.sec"
+          + "urity.privateca.v1.CertificateDescriptio"
+          + "n.KeyId\022Z\n\020authority_key_id\030\005 \001(\0132@.goog"
+          + "le.cloud.security.privateca.v1.Certifica"
+          + "teDescription.KeyId\022\037\n\027crl_distribution_"
+          + "points\030\006 \003(\t\022$\n\034aia_issuing_certificate_"
+          + "urls\030\007 \003(\t\022k\n\020cert_fingerprint\030\010 \001(\0132Q.g"
+          + "oogle.cloud.security.privateca.v1.Certif"
+          + "icateDescription.CertificateFingerprint\032"
+          + "\322\002\n\022SubjectDescription\022<\n\007subject\030\001 \001(\0132"
+          + "+.google.cloud.security.privateca.v1.Sub"
+          + "ject\022M\n\020subject_alt_name\030\002 \001(\01323.google."
+          + "cloud.security.privateca.v1.SubjectAltNa"
+          + "mes\022\031\n\021hex_serial_number\030\003 \001(\t\022+\n\010lifeti"
+          + "me\030\004 \001(\0132\031.google.protobuf.Duration\0223\n\017n"
+          + "ot_before_time\030\005 \001(\0132\032.google.protobuf.T"
+          + "imestamp\0222\n\016not_after_time\030\006 \001(\0132\032.googl"
+          + "e.protobuf.Timestamp\032\034\n\005KeyId\022\023\n\006key_id\030"
+          + "\001 \001(\tB\003\340A\001\032-\n\026CertificateFingerprint\022\023\n\013"
+          + "sha256_hash\030\001 \001(\t\"\'\n\010ObjectId\022\033\n\016object_"
+          + "id_path\030\001 \003(\005B\003\340A\002\"\200\001\n\rX509Extension\022D\n\t"
+          + "object_id\030\001 \001(\0132,.google.cloud.security."
+          + "privateca.v1.ObjectIdB\003\340A\002\022\025\n\010critical\030\002"
+          + " \001(\010B\003\340A\002\022\022\n\005value\030\003 \001(\014B\003\340A\002\"\242\005\n\010KeyUsa"
+          + "ge\022T\n\016base_key_usage\030\001 \001(\0132<.google.clou"
+          + "d.security.privateca.v1.KeyUsage.KeyUsag"
+          + "eOptions\022`\n\022extended_key_usage\030\002 \001(\0132D.g"
+          + "oogle.cloud.security.privateca.v1.KeyUsa"
+          + "ge.ExtendedKeyUsageOptions\022Q\n\033unknown_ex"
+          + "tended_key_usages\030\003 \003(\0132,.google.cloud.s"
+          + "ecurity.privateca.v1.ObjectId\032\347\001\n\017KeyUsa"
+          + "geOptions\022\031\n\021digital_signature\030\001 \001(\010\022\032\n\022"
+          + "content_commitment\030\002 \001(\010\022\030\n\020key_encipher"
+          + "ment\030\003 \001(\010\022\031\n\021data_encipherment\030\004 \001(\010\022\025\n"
+          + "\rkey_agreement\030\005 \001(\010\022\021\n\tcert_sign\030\006 \001(\010\022"
+          + "\020\n\010crl_sign\030\007 \001(\010\022\025\n\rencipher_only\030\010 \001(\010"
+          + "\022\025\n\rdecipher_only\030\t \001(\010\032\240\001\n\027ExtendedKeyU"
+          + "sageOptions\022\023\n\013server_auth\030\001 \001(\010\022\023\n\013clie"
+          + "nt_auth\030\002 \001(\010\022\024\n\014code_signing\030\003 \001(\010\022\030\n\020e"
+          + "mail_protection\030\004 \001(\010\022\025\n\rtime_stamping\030\005"
+          + " \001(\010\022\024\n\014ocsp_signing\030\006 \001(\010\"\270\001\n\007Subject\022\023"
+          + "\n\013common_name\030\001 \001(\t\022\024\n\014country_code\030\002 \001("
+          + "\t\022\024\n\014organization\030\003 \001(\t\022\033\n\023organizationa"
+          + "l_unit\030\004 \001(\t\022\020\n\010locality\030\005 \001(\t\022\020\n\010provin"
+          + "ce\030\006 \001(\t\022\026\n\016street_address\030\007 \001(\t\022\023\n\013post"
+          + "al_code\030\010 \001(\t\"\251\001\n\017SubjectAltNames\022\021\n\tdns"
+          + "_names\030\001 \003(\t\022\014\n\004uris\030\002 \003(\t\022\027\n\017email_addr"
+          + "esses\030\003 \003(\t\022\024\n\014ip_addresses\030\004 \003(\t\022F\n\013cus"
+          + "tom_sans\030\005 \003(\01321.google.cloud.security.p"
+          + "rivateca.v1.X509Extension\"\252\001\n\036Certificat"
+          + "eIdentityConstraints\022.\n\016cel_expression\030\001"
+          + " \001(\0132\021.google.type.ExprB\003\340A\001\022&\n\031allow_su"
+          + "bject_passthrough\030\002 \001(\010B\003\340A\001\0220\n#allow_su"
+          + "bject_alt_names_passthrough\030\003 \001(\010B\003\340A\001\"\236"
+          + "\003\n\037CertificateExtensionConstraints\022|\n\020kn"
+          + "own_extensions\030\001 \003(\0162].google.cloud.secu"
+          + "rity.privateca.v1.CertificateExtensionCo"
+          + "nstraints.KnownCertificateExtensionB\003\340A\001"
+          + "\022P\n\025additional_extensions\030\002 \003(\0132,.google"
+          + ".cloud.security.privateca.v1.ObjectIdB\003\340"
+          + "A\001\"\252\001\n\031KnownCertificateExtension\022+\n\'KNOW"
+          + "N_CERTIFICATE_EXTENSION_UNSPECIFIED\020\000\022\022\n"
+          + "\016BASE_KEY_USAGE\020\001\022\026\n\022EXTENDED_KEY_USAGE\020"
+          + "\002\022\016\n\nCA_OPTIONS\020\003\022\016\n\nPOLICY_IDS\020\004\022\024\n\020AIA"
+          + "_OCSP_SERVERS\020\005*\207\002\n\020RevocationReason\022!\n\035"
+          + "REVOCATION_REASON_UNSPECIFIED\020\000\022\022\n\016KEY_C"
+          + "OMPROMISE\020\001\022$\n CERTIFICATE_AUTHORITY_COM"
+          + "PROMISE\020\002\022\027\n\023AFFILIATION_CHANGED\020\003\022\016\n\nSU"
+          + "PERSEDED\020\004\022\032\n\026CESSATION_OF_OPERATION\020\005\022\024"
+          + "\n\020CERTIFICATE_HOLD\020\006\022\027\n\023PRIVILEGE_WITHDR"
+          + "AWN\020\007\022\"\n\036ATTRIBUTE_AUTHORITY_COMPROMISE\020"
+          + "\010*]\n\022SubjectRequestMode\022$\n SUBJECT_REQUE"
+          + "ST_MODE_UNSPECIFIED\020\000\022\013\n\007DEFAULT\020\001\022\024\n\020RE"
+          + "FLECTED_SPIFFE\020\002B\206\002\n&com.google.cloud.se"
+          + "curity.privateca.v1B\027PrivateCaResourcesP"
+          + "rotoP\001ZKgoogle.golang.org/genproto/googl"
+          + "eapis/cloud/security/privateca/v1;privat"
+          + "eca\370\001\001\252\002\"Google.Cloud.Security.PrivateCA"
+          + ".V1\312\002\"Google\\Cloud\\Security\\PrivateCA\\V1"
+          + "\352\002&Google::Cloud::Security::PrivateCA::V"
+          + "1b\006proto3"
+    };
+    descriptor =
+        com.google.protobuf.Descriptors.FileDescriptor.internalBuildGeneratedFileFrom(
+            descriptorData,
+            new com.google.protobuf.Descriptors.FileDescriptor[] {
+              com.google.api.FieldBehaviorProto.getDescriptor(),
+              com.google.api.ResourceProto.getDescriptor(),
+              com.google.protobuf.DurationProto.getDescriptor(),
+              com.google.protobuf.TimestampProto.getDescriptor(),
+              com.google.type.ExprProto.getDescriptor(),
+              com.google.api.AnnotationsProto.getDescriptor(),
+            });
+    internal_static_google_cloud_security_privateca_v1_CertificateAuthority_descriptor =
+        getDescriptor().getMessageTypes().get(0);
+    internal_static_google_cloud_security_privateca_v1_CertificateAuthority_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_CertificateAuthority_descriptor,
+            new java.lang.String[] {
+              "Name",
+              "Type",
+              "Config",
+              "Lifetime",
+              "KeySpec",
+              "SubordinateConfig",
+              "Tier",
+              "State",
+              "PemCaCertificates",
+              "CaCertificateDescriptions",
+              "GcsBucket",
+              "AccessUrls",
+              "CreateTime",
+              "UpdateTime",
+              "DeleteTime",
+              "ExpireTime",
+              "Labels",
+            });
+    internal_static_google_cloud_security_privateca_v1_CertificateAuthority_AccessUrls_descriptor =
+        internal_static_google_cloud_security_privateca_v1_CertificateAuthority_descriptor
+            .getNestedTypes()
+            .get(0);
+    internal_static_google_cloud_security_privateca_v1_CertificateAuthority_AccessUrls_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_CertificateAuthority_AccessUrls_descriptor,
+            new java.lang.String[] {
+              "CaCertificateAccessUrl", "CrlAccessUrls",
+            });
+    internal_static_google_cloud_security_privateca_v1_CertificateAuthority_KeyVersionSpec_descriptor =
+        internal_static_google_cloud_security_privateca_v1_CertificateAuthority_descriptor
+            .getNestedTypes()
+            .get(1);
+    internal_static_google_cloud_security_privateca_v1_CertificateAuthority_KeyVersionSpec_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_CertificateAuthority_KeyVersionSpec_descriptor,
+            new java.lang.String[] {
+              "CloudKmsKeyVersion", "Algorithm", "KeyVersion",
+            });
+    internal_static_google_cloud_security_privateca_v1_CertificateAuthority_LabelsEntry_descriptor =
+        internal_static_google_cloud_security_privateca_v1_CertificateAuthority_descriptor
+            .getNestedTypes()
+            .get(2);
+    internal_static_google_cloud_security_privateca_v1_CertificateAuthority_LabelsEntry_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_CertificateAuthority_LabelsEntry_descriptor,
+            new java.lang.String[] {
+              "Key", "Value",
+            });
+    internal_static_google_cloud_security_privateca_v1_CaPool_descriptor =
+        getDescriptor().getMessageTypes().get(1);
+    internal_static_google_cloud_security_privateca_v1_CaPool_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_CaPool_descriptor,
+            new java.lang.String[] {
+              "Name", "Tier", "IssuancePolicy", "PublishingOptions", "Labels",
+            });
+    internal_static_google_cloud_security_privateca_v1_CaPool_PublishingOptions_descriptor =
+        internal_static_google_cloud_security_privateca_v1_CaPool_descriptor
+            .getNestedTypes()
+            .get(0);
+    internal_static_google_cloud_security_privateca_v1_CaPool_PublishingOptions_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_CaPool_PublishingOptions_descriptor,
+            new java.lang.String[] {
+              "PublishCaCert", "PublishCrl",
+            });
+    internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_descriptor =
+        internal_static_google_cloud_security_privateca_v1_CaPool_descriptor
+            .getNestedTypes()
+            .get(1);
+    internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_descriptor,
+            new java.lang.String[] {
+              "AllowedKeyTypes",
+              "MaximumLifetime",
+              "AllowedIssuanceModes",
+              "BaselineValues",
+              "IdentityConstraints",
+              "PassthroughExtensions",
+            });
+    internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_AllowedKeyType_descriptor =
+        internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_descriptor
+            .getNestedTypes()
+            .get(0);
+    internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_AllowedKeyType_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_AllowedKeyType_descriptor,
+            new java.lang.String[] {
+              "Rsa", "EllipticCurve", "KeyType",
+            });
+    internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType_descriptor =
+        internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_AllowedKeyType_descriptor
+            .getNestedTypes()
+            .get(0);
+    internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_AllowedKeyType_RsaKeyType_descriptor,
+            new java.lang.String[] {
+              "MinModulusSize", "MaxModulusSize",
+            });
+    internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_IssuanceModes_descriptor =
+        internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_descriptor
+            .getNestedTypes()
+            .get(1);
+    internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_IssuanceModes_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_CaPool_IssuancePolicy_IssuanceModes_descriptor,
+            new java.lang.String[] {
+              "AllowCsrBasedIssuance", "AllowConfigBasedIssuance",
+            });
+    internal_static_google_cloud_security_privateca_v1_CaPool_LabelsEntry_descriptor =
+        internal_static_google_cloud_security_privateca_v1_CaPool_descriptor
+            .getNestedTypes()
+            .get(2);
+    internal_static_google_cloud_security_privateca_v1_CaPool_LabelsEntry_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_CaPool_LabelsEntry_descriptor,
+            new java.lang.String[] {
+              "Key", "Value",
+            });
+    internal_static_google_cloud_security_privateca_v1_CertificateRevocationList_descriptor =
+        getDescriptor().getMessageTypes().get(2);
+    internal_static_google_cloud_security_privateca_v1_CertificateRevocationList_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_CertificateRevocationList_descriptor,
+            new java.lang.String[] {
+              "Name",
+              "SequenceNumber",
+              "RevokedCertificates",
+              "PemCrl",
+              "AccessUrl",
+              "State",
+              "CreateTime",
+              "UpdateTime",
+              "RevisionId",
+              "Labels",
+            });
+    internal_static_google_cloud_security_privateca_v1_CertificateRevocationList_RevokedCertificate_descriptor =
+        internal_static_google_cloud_security_privateca_v1_CertificateRevocationList_descriptor
+            .getNestedTypes()
+            .get(0);
+    internal_static_google_cloud_security_privateca_v1_CertificateRevocationList_RevokedCertificate_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_CertificateRevocationList_RevokedCertificate_descriptor,
+            new java.lang.String[] {
+              "Certificate", "HexSerialNumber", "RevocationReason",
+            });
+    internal_static_google_cloud_security_privateca_v1_CertificateRevocationList_LabelsEntry_descriptor =
+        internal_static_google_cloud_security_privateca_v1_CertificateRevocationList_descriptor
+            .getNestedTypes()
+            .get(1);
+    internal_static_google_cloud_security_privateca_v1_CertificateRevocationList_LabelsEntry_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_CertificateRevocationList_LabelsEntry_descriptor,
+            new java.lang.String[] {
+              "Key", "Value",
+            });
+    internal_static_google_cloud_security_privateca_v1_Certificate_descriptor =
+        getDescriptor().getMessageTypes().get(3);
+    internal_static_google_cloud_security_privateca_v1_Certificate_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_Certificate_descriptor,
+            new java.lang.String[] {
+              "Name",
+              "PemCsr",
+              "Config",
+              "IssuerCertificateAuthority",
+              "Lifetime",
+              "CertificateTemplate",
+              "SubjectMode",
+              "RevocationDetails",
+              "PemCertificate",
+              "CertificateDescription",
+              "PemCertificateChain",
+              "CreateTime",
+              "UpdateTime",
+              "Labels",
+              "CertificateConfig",
+            });
+    internal_static_google_cloud_security_privateca_v1_Certificate_RevocationDetails_descriptor =
+        internal_static_google_cloud_security_privateca_v1_Certificate_descriptor
+            .getNestedTypes()
+            .get(0);
+    internal_static_google_cloud_security_privateca_v1_Certificate_RevocationDetails_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_Certificate_RevocationDetails_descriptor,
+            new java.lang.String[] {
+              "RevocationState", "RevocationTime",
+            });
+    internal_static_google_cloud_security_privateca_v1_Certificate_LabelsEntry_descriptor =
+        internal_static_google_cloud_security_privateca_v1_Certificate_descriptor
+            .getNestedTypes()
+            .get(1);
+    internal_static_google_cloud_security_privateca_v1_Certificate_LabelsEntry_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_Certificate_LabelsEntry_descriptor,
+            new java.lang.String[] {
+              "Key", "Value",
+            });
+    internal_static_google_cloud_security_privateca_v1_CertificateTemplate_descriptor =
+        getDescriptor().getMessageTypes().get(4);
+    internal_static_google_cloud_security_privateca_v1_CertificateTemplate_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_CertificateTemplate_descriptor,
+            new java.lang.String[] {
+              "Name",
+              "PredefinedValues",
+              "IdentityConstraints",
+              "PassthroughExtensions",
+              "Description",
+              "CreateTime",
+              "UpdateTime",
+              "Labels",
+            });
+    internal_static_google_cloud_security_privateca_v1_CertificateTemplate_LabelsEntry_descriptor =
+        internal_static_google_cloud_security_privateca_v1_CertificateTemplate_descriptor
+            .getNestedTypes()
+            .get(0);
+    internal_static_google_cloud_security_privateca_v1_CertificateTemplate_LabelsEntry_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_CertificateTemplate_LabelsEntry_descriptor,
+            new java.lang.String[] {
+              "Key", "Value",
+            });
+    internal_static_google_cloud_security_privateca_v1_X509Parameters_descriptor =
+        getDescriptor().getMessageTypes().get(5);
+    internal_static_google_cloud_security_privateca_v1_X509Parameters_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_X509Parameters_descriptor,
+            new java.lang.String[] {
+              "KeyUsage", "CaOptions", "PolicyIds", "AiaOcspServers", "AdditionalExtensions",
+            });
+    internal_static_google_cloud_security_privateca_v1_X509Parameters_CaOptions_descriptor =
+        internal_static_google_cloud_security_privateca_v1_X509Parameters_descriptor
+            .getNestedTypes()
+            .get(0);
+    internal_static_google_cloud_security_privateca_v1_X509Parameters_CaOptions_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_X509Parameters_CaOptions_descriptor,
+            new java.lang.String[] {
+              "IsCa", "MaxIssuerPathLength", "IsCa", "MaxIssuerPathLength",
+            });
+    internal_static_google_cloud_security_privateca_v1_SubordinateConfig_descriptor =
+        getDescriptor().getMessageTypes().get(6);
+    internal_static_google_cloud_security_privateca_v1_SubordinateConfig_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_SubordinateConfig_descriptor,
+            new java.lang.String[] {
+              "CertificateAuthority", "PemIssuerChain", "SubordinateConfig",
+            });
+    internal_static_google_cloud_security_privateca_v1_SubordinateConfig_SubordinateConfigChain_descriptor =
+        internal_static_google_cloud_security_privateca_v1_SubordinateConfig_descriptor
+            .getNestedTypes()
+            .get(0);
+    internal_static_google_cloud_security_privateca_v1_SubordinateConfig_SubordinateConfigChain_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_SubordinateConfig_SubordinateConfigChain_descriptor,
+            new java.lang.String[] {
+              "PemCertificates",
+            });
+    internal_static_google_cloud_security_privateca_v1_PublicKey_descriptor =
+        getDescriptor().getMessageTypes().get(7);
+    internal_static_google_cloud_security_privateca_v1_PublicKey_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_PublicKey_descriptor,
+            new java.lang.String[] {
+              "Key", "Format",
+            });
+    internal_static_google_cloud_security_privateca_v1_CertificateConfig_descriptor =
+        getDescriptor().getMessageTypes().get(8);
+    internal_static_google_cloud_security_privateca_v1_CertificateConfig_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_CertificateConfig_descriptor,
+            new java.lang.String[] {
+              "SubjectConfig", "X509Config", "PublicKey",
+            });
+    internal_static_google_cloud_security_privateca_v1_CertificateConfig_SubjectConfig_descriptor =
+        internal_static_google_cloud_security_privateca_v1_CertificateConfig_descriptor
+            .getNestedTypes()
+            .get(0);
+    internal_static_google_cloud_security_privateca_v1_CertificateConfig_SubjectConfig_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_CertificateConfig_SubjectConfig_descriptor,
+            new java.lang.String[] {
+              "Subject", "SubjectAltName",
+            });
+    internal_static_google_cloud_security_privateca_v1_CertificateDescription_descriptor =
+        getDescriptor().getMessageTypes().get(9);
+    internal_static_google_cloud_security_privateca_v1_CertificateDescription_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_CertificateDescription_descriptor,
+            new java.lang.String[] {
+              "SubjectDescription",
+              "X509Description",
+              "PublicKey",
+              "SubjectKeyId",
+              "AuthorityKeyId",
+              "CrlDistributionPoints",
+              "AiaIssuingCertificateUrls",
+              "CertFingerprint",
+            });
+    internal_static_google_cloud_security_privateca_v1_CertificateDescription_SubjectDescription_descriptor =
+        internal_static_google_cloud_security_privateca_v1_CertificateDescription_descriptor
+            .getNestedTypes()
+            .get(0);
+    internal_static_google_cloud_security_privateca_v1_CertificateDescription_SubjectDescription_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_CertificateDescription_SubjectDescription_descriptor,
+            new java.lang.String[] {
+              "Subject",
+              "SubjectAltName",
+              "HexSerialNumber",
+              "Lifetime",
+              "NotBeforeTime",
+              "NotAfterTime",
+            });
+    internal_static_google_cloud_security_privateca_v1_CertificateDescription_KeyId_descriptor =
+        internal_static_google_cloud_security_privateca_v1_CertificateDescription_descriptor
+            .getNestedTypes()
+            .get(1);
+    internal_static_google_cloud_security_privateca_v1_CertificateDescription_KeyId_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_CertificateDescription_KeyId_descriptor,
+            new java.lang.String[] {
+              "KeyId",
+            });
+    internal_static_google_cloud_security_privateca_v1_CertificateDescription_CertificateFingerprint_descriptor =
+        internal_static_google_cloud_security_privateca_v1_CertificateDescription_descriptor
+            .getNestedTypes()
+            .get(2);
+    internal_static_google_cloud_security_privateca_v1_CertificateDescription_CertificateFingerprint_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_CertificateDescription_CertificateFingerprint_descriptor,
+            new java.lang.String[] {
+              "Sha256Hash",
+            });
+    internal_static_google_cloud_security_privateca_v1_ObjectId_descriptor =
+        getDescriptor().getMessageTypes().get(10);
+    internal_static_google_cloud_security_privateca_v1_ObjectId_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_ObjectId_descriptor,
+            new java.lang.String[] {
+              "ObjectIdPath",
+            });
+    internal_static_google_cloud_security_privateca_v1_X509Extension_descriptor =
+        getDescriptor().getMessageTypes().get(11);
+    internal_static_google_cloud_security_privateca_v1_X509Extension_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_X509Extension_descriptor,
+            new java.lang.String[] {
+              "ObjectId", "Critical", "Value",
+            });
+    internal_static_google_cloud_security_privateca_v1_KeyUsage_descriptor =
+        getDescriptor().getMessageTypes().get(12);
+    internal_static_google_cloud_security_privateca_v1_KeyUsage_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_KeyUsage_descriptor,
+            new java.lang.String[] {
+              "BaseKeyUsage", "ExtendedKeyUsage", "UnknownExtendedKeyUsages",
+            });
+    internal_static_google_cloud_security_privateca_v1_KeyUsage_KeyUsageOptions_descriptor =
+        internal_static_google_cloud_security_privateca_v1_KeyUsage_descriptor
+            .getNestedTypes()
+            .get(0);
+    internal_static_google_cloud_security_privateca_v1_KeyUsage_KeyUsageOptions_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_KeyUsage_KeyUsageOptions_descriptor,
+            new java.lang.String[] {
+              "DigitalSignature",
+              "ContentCommitment",
+              "KeyEncipherment",
+              "DataEncipherment",
+              "KeyAgreement",
+              "CertSign",
+              "CrlSign",
+              "EncipherOnly",
+              "DecipherOnly",
+            });
+    internal_static_google_cloud_security_privateca_v1_KeyUsage_ExtendedKeyUsageOptions_descriptor =
+        internal_static_google_cloud_security_privateca_v1_KeyUsage_descriptor
+            .getNestedTypes()
+            .get(1);
+    internal_static_google_cloud_security_privateca_v1_KeyUsage_ExtendedKeyUsageOptions_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_KeyUsage_ExtendedKeyUsageOptions_descriptor,
+            new java.lang.String[] {
+              "ServerAuth",
+              "ClientAuth",
+              "CodeSigning",
+              "EmailProtection",
+              "TimeStamping",
+              "OcspSigning",
+            });
+    internal_static_google_cloud_security_privateca_v1_Subject_descriptor =
+        getDescriptor().getMessageTypes().get(13);
+    internal_static_google_cloud_security_privateca_v1_Subject_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_Subject_descriptor,
+            new java.lang.String[] {
+              "CommonName",
+              "CountryCode",
+              "Organization",
+              "OrganizationalUnit",
+              "Locality",
+              "Province",
+              "StreetAddress",
+              "PostalCode",
+            });
+    internal_static_google_cloud_security_privateca_v1_SubjectAltNames_descriptor =
+        getDescriptor().getMessageTypes().get(14);
+    internal_static_google_cloud_security_privateca_v1_SubjectAltNames_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_SubjectAltNames_descriptor,
+            new java.lang.String[] {
+              "DnsNames", "Uris", "EmailAddresses", "IpAddresses", "CustomSans",
+            });
+    internal_static_google_cloud_security_privateca_v1_CertificateIdentityConstraints_descriptor =
+        getDescriptor().getMessageTypes().get(15);
+    internal_static_google_cloud_security_privateca_v1_CertificateIdentityConstraints_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_CertificateIdentityConstraints_descriptor,
+            new java.lang.String[] {
+              "CelExpression", "AllowSubjectPassthrough", "AllowSubjectAltNamesPassthrough",
+            });
+    internal_static_google_cloud_security_privateca_v1_CertificateExtensionConstraints_descriptor =
+        getDescriptor().getMessageTypes().get(16);
+    internal_static_google_cloud_security_privateca_v1_CertificateExtensionConstraints_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_cloud_security_privateca_v1_CertificateExtensionConstraints_descriptor,
+            new java.lang.String[] {
+              "KnownExtensions", "AdditionalExtensions",
+            });
+    com.google.protobuf.ExtensionRegistry registry =
+        com.google.protobuf.ExtensionRegistry.newInstance();
+    registry.add(com.google.api.FieldBehaviorProto.fieldBehavior);
+    registry.add(com.google.api.ResourceProto.resource);
+    registry.add(com.google.api.ResourceProto.resourceReference);
+    com.google.protobuf.Descriptors.FileDescriptor.internalUpdateFileDescriptor(
+        descriptor, registry);
+    com.google.api.FieldBehaviorProto.getDescriptor();
+    com.google.api.ResourceProto.getDescriptor();
+    com.google.protobuf.DurationProto.getDescriptor();
+    com.google.protobuf.TimestampProto.getDescriptor();
+    com.google.type.ExprProto.getDescriptor();
+    com.google.api.AnnotationsProto.getDescriptor();
+  }
+
+  // @@protoc_insertion_point(outer_class_scope)
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/PublicKey.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/PublicKey.java
new file mode 100644
index 00000000..6605ca02
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/PublicKey.java
@@ -0,0 +1,886 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/resources.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * A [PublicKey][google.cloud.security.privateca.v1.PublicKey] describes a public key.
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.PublicKey}
+ */
+public final class PublicKey extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.PublicKey)
+    PublicKeyOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use PublicKey.newBuilder() to construct.
+  private PublicKey(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private PublicKey() {
+    key_ = com.google.protobuf.ByteString.EMPTY;
+    format_ = 0;
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new PublicKey();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private PublicKey(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              key_ = input.readBytes();
+              break;
+            }
+          case 16:
+            {
+              int rawValue = input.readEnum();
+
+              format_ = rawValue;
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+        .internal_static_google_cloud_security_privateca_v1_PublicKey_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+        .internal_static_google_cloud_security_privateca_v1_PublicKey_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.PublicKey.class,
+            com.google.cloud.security.privateca.v1.PublicKey.Builder.class);
+  }
+
+  /**
+   *
+   *
+   * <pre>
+   * Types of public keys formats that are supported. Currently, only `PEM`
+   * format is supported.
+   * </pre>
+   *
+   * Protobuf enum {@code google.cloud.security.privateca.v1.PublicKey.KeyFormat}
+   */
+  public enum KeyFormat implements com.google.protobuf.ProtocolMessageEnum {
+    /**
+     *
+     *
+     * <pre>
+     * Default unspecified value.
+     * </pre>
+     *
+     * <code>KEY_FORMAT_UNSPECIFIED = 0;</code>
+     */
+    KEY_FORMAT_UNSPECIFIED(0),
+    /**
+     *
+     *
+     * <pre>
+     * The key is PEM-encoded as defined in [RFC
+     * 7468](https://tools.ietf.org/html/rfc7468). It can be any of the
+     * following: a PEM-encoded PKCS#1/RFC 3447 RSAPublicKey
+     * structure, an RFC 5280
+     * [SubjectPublicKeyInfo](https://tools.ietf.org/html/rfc5280#section-4.1)
+     * or a PEM-encoded X.509 certificate signing request (CSR). If a
+     * [SubjectPublicKeyInfo](https://tools.ietf.org/html/rfc5280#section-4.1)
+     * is specified, it can contain a A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey
+     * or a NIST P-256/secp256r1/prime256v1 or P-384 key. If a CSR is specified,
+     * it will used solely for the purpose of extracting the public key. When
+     * generated by the service, it will always be an RFC 5280
+     * [SubjectPublicKeyInfo](https://tools.ietf.org/html/rfc5280#section-4.1)
+     * structure containing an algorithm identifier and a key.
+     * </pre>
+     *
+     * <code>PEM = 1;</code>
+     */
+    PEM(1),
+    UNRECOGNIZED(-1),
+    ;
+
+    /**
+     *
+     *
+     * <pre>
+     * Default unspecified value.
+     * </pre>
+     *
+     * <code>KEY_FORMAT_UNSPECIFIED = 0;</code>
+     */
+    public static final int KEY_FORMAT_UNSPECIFIED_VALUE = 0;
+    /**
+     *
+     *
+     * <pre>
+     * The key is PEM-encoded as defined in [RFC
+     * 7468](https://tools.ietf.org/html/rfc7468). It can be any of the
+     * following: a PEM-encoded PKCS#1/RFC 3447 RSAPublicKey
+     * structure, an RFC 5280
+     * [SubjectPublicKeyInfo](https://tools.ietf.org/html/rfc5280#section-4.1)
+     * or a PEM-encoded X.509 certificate signing request (CSR). If a
+     * [SubjectPublicKeyInfo](https://tools.ietf.org/html/rfc5280#section-4.1)
+     * is specified, it can contain a A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey
+     * or a NIST P-256/secp256r1/prime256v1 or P-384 key. If a CSR is specified,
+     * it will used solely for the purpose of extracting the public key. When
+     * generated by the service, it will always be an RFC 5280
+     * [SubjectPublicKeyInfo](https://tools.ietf.org/html/rfc5280#section-4.1)
+     * structure containing an algorithm identifier and a key.
+     * </pre>
+     *
+     * <code>PEM = 1;</code>
+     */
+    public static final int PEM_VALUE = 1;
+
+    public final int getNumber() {
+      if (this == UNRECOGNIZED) {
+        throw new java.lang.IllegalArgumentException(
+            "Can't get the number of an unknown enum value.");
+      }
+      return value;
+    }
+
+    /**
+     * @param value The numeric wire value of the corresponding enum entry.
+     * @return The enum associated with the given numeric wire value.
+     * @deprecated Use {@link #forNumber(int)} instead.
+     */
+    @java.lang.Deprecated
+    public static KeyFormat valueOf(int value) {
+      return forNumber(value);
+    }
+
+    /**
+     * @param value The numeric wire value of the corresponding enum entry.
+     * @return The enum associated with the given numeric wire value.
+     */
+    public static KeyFormat forNumber(int value) {
+      switch (value) {
+        case 0:
+          return KEY_FORMAT_UNSPECIFIED;
+        case 1:
+          return PEM;
+        default:
+          return null;
+      }
+    }
+
+    public static com.google.protobuf.Internal.EnumLiteMap<KeyFormat> internalGetValueMap() {
+      return internalValueMap;
+    }
+
+    private static final com.google.protobuf.Internal.EnumLiteMap<KeyFormat> internalValueMap =
+        new com.google.protobuf.Internal.EnumLiteMap<KeyFormat>() {
+          public KeyFormat findValueByNumber(int number) {
+            return KeyFormat.forNumber(number);
+          }
+        };
+
+    public final com.google.protobuf.Descriptors.EnumValueDescriptor getValueDescriptor() {
+      if (this == UNRECOGNIZED) {
+        throw new java.lang.IllegalStateException(
+            "Can't get the descriptor of an unrecognized enum value.");
+      }
+      return getDescriptor().getValues().get(ordinal());
+    }
+
+    public final com.google.protobuf.Descriptors.EnumDescriptor getDescriptorForType() {
+      return getDescriptor();
+    }
+
+    public static final com.google.protobuf.Descriptors.EnumDescriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PublicKey.getDescriptor().getEnumTypes().get(0);
+    }
+
+    private static final KeyFormat[] VALUES = values();
+
+    public static KeyFormat valueOf(com.google.protobuf.Descriptors.EnumValueDescriptor desc) {
+      if (desc.getType() != getDescriptor()) {
+        throw new java.lang.IllegalArgumentException("EnumValueDescriptor is not for this type.");
+      }
+      if (desc.getIndex() == -1) {
+        return UNRECOGNIZED;
+      }
+      return VALUES[desc.getIndex()];
+    }
+
+    private final int value;
+
+    private KeyFormat(int value) {
+      this.value = value;
+    }
+
+    // @@protoc_insertion_point(enum_scope:google.cloud.security.privateca.v1.PublicKey.KeyFormat)
+  }
+
+  public static final int KEY_FIELD_NUMBER = 1;
+  private com.google.protobuf.ByteString key_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. A public key. The padding and encoding
+   * must match with the `KeyFormat` value specified for the `format` field.
+   * </pre>
+   *
+   * <code>bytes key = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+   *
+   * @return The key.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getKey() {
+    return key_;
+  }
+
+  public static final int FORMAT_FIELD_NUMBER = 2;
+  private int format_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. The format of the public key.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.PublicKey.KeyFormat format = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The enum numeric value on the wire for format.
+   */
+  @java.lang.Override
+  public int getFormatValue() {
+    return format_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. The format of the public key.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.PublicKey.KeyFormat format = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The format.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.PublicKey.KeyFormat getFormat() {
+    @SuppressWarnings("deprecation")
+    com.google.cloud.security.privateca.v1.PublicKey.KeyFormat result =
+        com.google.cloud.security.privateca.v1.PublicKey.KeyFormat.valueOf(format_);
+    return result == null
+        ? com.google.cloud.security.privateca.v1.PublicKey.KeyFormat.UNRECOGNIZED
+        : result;
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!key_.isEmpty()) {
+      output.writeBytes(1, key_);
+    }
+    if (format_
+        != com.google.cloud.security.privateca.v1.PublicKey.KeyFormat.KEY_FORMAT_UNSPECIFIED
+            .getNumber()) {
+      output.writeEnum(2, format_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!key_.isEmpty()) {
+      size += com.google.protobuf.CodedOutputStream.computeBytesSize(1, key_);
+    }
+    if (format_
+        != com.google.cloud.security.privateca.v1.PublicKey.KeyFormat.KEY_FORMAT_UNSPECIFIED
+            .getNumber()) {
+      size += com.google.protobuf.CodedOutputStream.computeEnumSize(2, format_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.security.privateca.v1.PublicKey)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.PublicKey other =
+        (com.google.cloud.security.privateca.v1.PublicKey) obj;
+
+    if (!getKey().equals(other.getKey())) return false;
+    if (format_ != other.format_) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + KEY_FIELD_NUMBER;
+    hash = (53 * hash) + getKey().hashCode();
+    hash = (37 * hash) + FORMAT_FIELD_NUMBER;
+    hash = (53 * hash) + format_;
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.PublicKey parseFrom(java.nio.ByteBuffer data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.PublicKey parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.PublicKey parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.PublicKey parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.PublicKey parseFrom(byte[] data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.PublicKey parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.PublicKey parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.PublicKey parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.PublicKey parseDelimitedFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.PublicKey parseDelimitedFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.PublicKey parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.PublicKey parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(com.google.cloud.security.privateca.v1.PublicKey prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * A [PublicKey][google.cloud.security.privateca.v1.PublicKey] describes a public key.
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.PublicKey}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.PublicKey)
+      com.google.cloud.security.privateca.v1.PublicKeyOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_PublicKey_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_PublicKey_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.PublicKey.class,
+              com.google.cloud.security.privateca.v1.PublicKey.Builder.class);
+    }
+
+    // Construct using com.google.cloud.security.privateca.v1.PublicKey.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      key_ = com.google.protobuf.ByteString.EMPTY;
+
+      format_ = 0;
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_PublicKey_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.PublicKey getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.PublicKey.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.PublicKey build() {
+      com.google.cloud.security.privateca.v1.PublicKey result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.PublicKey buildPartial() {
+      com.google.cloud.security.privateca.v1.PublicKey result =
+          new com.google.cloud.security.privateca.v1.PublicKey(this);
+      result.key_ = key_;
+      result.format_ = format_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.security.privateca.v1.PublicKey) {
+        return mergeFrom((com.google.cloud.security.privateca.v1.PublicKey) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(com.google.cloud.security.privateca.v1.PublicKey other) {
+      if (other == com.google.cloud.security.privateca.v1.PublicKey.getDefaultInstance())
+        return this;
+      if (other.getKey() != com.google.protobuf.ByteString.EMPTY) {
+        setKey(other.getKey());
+      }
+      if (other.format_ != 0) {
+        setFormatValue(other.getFormatValue());
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.PublicKey parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage = (com.google.cloud.security.privateca.v1.PublicKey) e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private com.google.protobuf.ByteString key_ = com.google.protobuf.ByteString.EMPTY;
+    /**
+     *
+     *
+     * <pre>
+     * Required. A public key. The padding and encoding
+     * must match with the `KeyFormat` value specified for the `format` field.
+     * </pre>
+     *
+     * <code>bytes key = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The key.
+     */
+    @java.lang.Override
+    public com.google.protobuf.ByteString getKey() {
+      return key_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A public key. The padding and encoding
+     * must match with the `KeyFormat` value specified for the `format` field.
+     * </pre>
+     *
+     * <code>bytes key = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @param value The key to set.
+     * @return This builder for chaining.
+     */
+    public Builder setKey(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      key_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A public key. The padding and encoding
+     * must match with the `KeyFormat` value specified for the `format` field.
+     * </pre>
+     *
+     * <code>bytes key = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearKey() {
+
+      key_ = getDefaultInstance().getKey();
+      onChanged();
+      return this;
+    }
+
+    private int format_ = 0;
+    /**
+     *
+     *
+     * <pre>
+     * Required. The format of the public key.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.PublicKey.KeyFormat format = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The enum numeric value on the wire for format.
+     */
+    @java.lang.Override
+    public int getFormatValue() {
+      return format_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The format of the public key.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.PublicKey.KeyFormat format = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @param value The enum numeric value on the wire for format to set.
+     * @return This builder for chaining.
+     */
+    public Builder setFormatValue(int value) {
+
+      format_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The format of the public key.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.PublicKey.KeyFormat format = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The format.
+     */
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.PublicKey.KeyFormat getFormat() {
+      @SuppressWarnings("deprecation")
+      com.google.cloud.security.privateca.v1.PublicKey.KeyFormat result =
+          com.google.cloud.security.privateca.v1.PublicKey.KeyFormat.valueOf(format_);
+      return result == null
+          ? com.google.cloud.security.privateca.v1.PublicKey.KeyFormat.UNRECOGNIZED
+          : result;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The format of the public key.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.PublicKey.KeyFormat format = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @param value The format to set.
+     * @return This builder for chaining.
+     */
+    public Builder setFormat(com.google.cloud.security.privateca.v1.PublicKey.KeyFormat value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      format_ = value.getNumber();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The format of the public key.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.PublicKey.KeyFormat format = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearFormat() {
+
+      format_ = 0;
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.PublicKey)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.PublicKey)
+  private static final com.google.cloud.security.privateca.v1.PublicKey DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.PublicKey();
+  }
+
+  public static com.google.cloud.security.privateca.v1.PublicKey getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<PublicKey> PARSER =
+      new com.google.protobuf.AbstractParser<PublicKey>() {
+        @java.lang.Override
+        public PublicKey parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new PublicKey(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<PublicKey> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<PublicKey> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.PublicKey getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/PublicKeyOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/PublicKeyOrBuilder.java
new file mode 100644
index 00000000..d15b35b3
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/PublicKeyOrBuilder.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/resources.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface PublicKeyOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.PublicKey)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. A public key. The padding and encoding
+   * must match with the `KeyFormat` value specified for the `format` field.
+   * </pre>
+   *
+   * <code>bytes key = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+   *
+   * @return The key.
+   */
+  com.google.protobuf.ByteString getKey();
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. The format of the public key.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.PublicKey.KeyFormat format = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The enum numeric value on the wire for format.
+   */
+  int getFormatValue();
+  /**
+   *
+   *
+   * <pre>
+   * Required. The format of the public key.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.PublicKey.KeyFormat format = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The format.
+   */
+  com.google.cloud.security.privateca.v1.PublicKey.KeyFormat getFormat();
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/RevocationReason.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/RevocationReason.java
new file mode 100644
index 00000000..58e49550
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/RevocationReason.java
@@ -0,0 +1,326 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/resources.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * A [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] indicates whether a [Certificate][google.cloud.security.privateca.v1.Certificate] has been revoked,
+ * and the reason for revocation. These correspond to standard revocation
+ * reasons from RFC 5280. Note that the enum labels and values in this
+ * definition are not the same ASN.1 values defined in RFC 5280. These values
+ * will be translated to the correct ASN.1 values when a CRL is created.
+ * </pre>
+ *
+ * Protobuf enum {@code google.cloud.security.privateca.v1.RevocationReason}
+ */
+public enum RevocationReason implements com.google.protobuf.ProtocolMessageEnum {
+  /**
+   *
+   *
+   * <pre>
+   * Default unspecified value. This value does indicate that a [Certificate][google.cloud.security.privateca.v1.Certificate]
+   * has been revoked, but that a reason has not been recorded.
+   * </pre>
+   *
+   * <code>REVOCATION_REASON_UNSPECIFIED = 0;</code>
+   */
+  REVOCATION_REASON_UNSPECIFIED(0),
+  /**
+   *
+   *
+   * <pre>
+   * Key material for this [Certificate][google.cloud.security.privateca.v1.Certificate] may have leaked.
+   * </pre>
+   *
+   * <code>KEY_COMPROMISE = 1;</code>
+   */
+  KEY_COMPROMISE(1),
+  /**
+   *
+   *
+   * <pre>
+   * The key material for a certificate authority in the issuing path may have
+   * leaked.
+   * </pre>
+   *
+   * <code>CERTIFICATE_AUTHORITY_COMPROMISE = 2;</code>
+   */
+  CERTIFICATE_AUTHORITY_COMPROMISE(2),
+  /**
+   *
+   *
+   * <pre>
+   * The subject or other attributes in this [Certificate][google.cloud.security.privateca.v1.Certificate] have changed.
+   * </pre>
+   *
+   * <code>AFFILIATION_CHANGED = 3;</code>
+   */
+  AFFILIATION_CHANGED(3),
+  /**
+   *
+   *
+   * <pre>
+   * This [Certificate][google.cloud.security.privateca.v1.Certificate] has been superseded.
+   * </pre>
+   *
+   * <code>SUPERSEDED = 4;</code>
+   */
+  SUPERSEDED(4),
+  /**
+   *
+   *
+   * <pre>
+   * This [Certificate][google.cloud.security.privateca.v1.Certificate] or entities in the issuing path have ceased to
+   * operate.
+   * </pre>
+   *
+   * <code>CESSATION_OF_OPERATION = 5;</code>
+   */
+  CESSATION_OF_OPERATION(5),
+  /**
+   *
+   *
+   * <pre>
+   * This [Certificate][google.cloud.security.privateca.v1.Certificate] should not be considered valid, it is expected that it
+   * may become valid in the future.
+   * </pre>
+   *
+   * <code>CERTIFICATE_HOLD = 6;</code>
+   */
+  CERTIFICATE_HOLD(6),
+  /**
+   *
+   *
+   * <pre>
+   * This [Certificate][google.cloud.security.privateca.v1.Certificate] no longer has permission to assert the listed
+   * attributes.
+   * </pre>
+   *
+   * <code>PRIVILEGE_WITHDRAWN = 7;</code>
+   */
+  PRIVILEGE_WITHDRAWN(7),
+  /**
+   *
+   *
+   * <pre>
+   * The authority which determines appropriate attributes for a [Certificate][google.cloud.security.privateca.v1.Certificate]
+   * may have been compromised.
+   * </pre>
+   *
+   * <code>ATTRIBUTE_AUTHORITY_COMPROMISE = 8;</code>
+   */
+  ATTRIBUTE_AUTHORITY_COMPROMISE(8),
+  UNRECOGNIZED(-1),
+  ;
+
+  /**
+   *
+   *
+   * <pre>
+   * Default unspecified value. This value does indicate that a [Certificate][google.cloud.security.privateca.v1.Certificate]
+   * has been revoked, but that a reason has not been recorded.
+   * </pre>
+   *
+   * <code>REVOCATION_REASON_UNSPECIFIED = 0;</code>
+   */
+  public static final int REVOCATION_REASON_UNSPECIFIED_VALUE = 0;
+  /**
+   *
+   *
+   * <pre>
+   * Key material for this [Certificate][google.cloud.security.privateca.v1.Certificate] may have leaked.
+   * </pre>
+   *
+   * <code>KEY_COMPROMISE = 1;</code>
+   */
+  public static final int KEY_COMPROMISE_VALUE = 1;
+  /**
+   *
+   *
+   * <pre>
+   * The key material for a certificate authority in the issuing path may have
+   * leaked.
+   * </pre>
+   *
+   * <code>CERTIFICATE_AUTHORITY_COMPROMISE = 2;</code>
+   */
+  public static final int CERTIFICATE_AUTHORITY_COMPROMISE_VALUE = 2;
+  /**
+   *
+   *
+   * <pre>
+   * The subject or other attributes in this [Certificate][google.cloud.security.privateca.v1.Certificate] have changed.
+   * </pre>
+   *
+   * <code>AFFILIATION_CHANGED = 3;</code>
+   */
+  public static final int AFFILIATION_CHANGED_VALUE = 3;
+  /**
+   *
+   *
+   * <pre>
+   * This [Certificate][google.cloud.security.privateca.v1.Certificate] has been superseded.
+   * </pre>
+   *
+   * <code>SUPERSEDED = 4;</code>
+   */
+  public static final int SUPERSEDED_VALUE = 4;
+  /**
+   *
+   *
+   * <pre>
+   * This [Certificate][google.cloud.security.privateca.v1.Certificate] or entities in the issuing path have ceased to
+   * operate.
+   * </pre>
+   *
+   * <code>CESSATION_OF_OPERATION = 5;</code>
+   */
+  public static final int CESSATION_OF_OPERATION_VALUE = 5;
+  /**
+   *
+   *
+   * <pre>
+   * This [Certificate][google.cloud.security.privateca.v1.Certificate] should not be considered valid, it is expected that it
+   * may become valid in the future.
+   * </pre>
+   *
+   * <code>CERTIFICATE_HOLD = 6;</code>
+   */
+  public static final int CERTIFICATE_HOLD_VALUE = 6;
+  /**
+   *
+   *
+   * <pre>
+   * This [Certificate][google.cloud.security.privateca.v1.Certificate] no longer has permission to assert the listed
+   * attributes.
+   * </pre>
+   *
+   * <code>PRIVILEGE_WITHDRAWN = 7;</code>
+   */
+  public static final int PRIVILEGE_WITHDRAWN_VALUE = 7;
+  /**
+   *
+   *
+   * <pre>
+   * The authority which determines appropriate attributes for a [Certificate][google.cloud.security.privateca.v1.Certificate]
+   * may have been compromised.
+   * </pre>
+   *
+   * <code>ATTRIBUTE_AUTHORITY_COMPROMISE = 8;</code>
+   */
+  public static final int ATTRIBUTE_AUTHORITY_COMPROMISE_VALUE = 8;
+
+  public final int getNumber() {
+    if (this == UNRECOGNIZED) {
+      throw new java.lang.IllegalArgumentException(
+          "Can't get the number of an unknown enum value.");
+    }
+    return value;
+  }
+
+  /**
+   * @param value The numeric wire value of the corresponding enum entry.
+   * @return The enum associated with the given numeric wire value.
+   * @deprecated Use {@link #forNumber(int)} instead.
+   */
+  @java.lang.Deprecated
+  public static RevocationReason valueOf(int value) {
+    return forNumber(value);
+  }
+
+  /**
+   * @param value The numeric wire value of the corresponding enum entry.
+   * @return The enum associated with the given numeric wire value.
+   */
+  public static RevocationReason forNumber(int value) {
+    switch (value) {
+      case 0:
+        return REVOCATION_REASON_UNSPECIFIED;
+      case 1:
+        return KEY_COMPROMISE;
+      case 2:
+        return CERTIFICATE_AUTHORITY_COMPROMISE;
+      case 3:
+        return AFFILIATION_CHANGED;
+      case 4:
+        return SUPERSEDED;
+      case 5:
+        return CESSATION_OF_OPERATION;
+      case 6:
+        return CERTIFICATE_HOLD;
+      case 7:
+        return PRIVILEGE_WITHDRAWN;
+      case 8:
+        return ATTRIBUTE_AUTHORITY_COMPROMISE;
+      default:
+        return null;
+    }
+  }
+
+  public static com.google.protobuf.Internal.EnumLiteMap<RevocationReason> internalGetValueMap() {
+    return internalValueMap;
+  }
+
+  private static final com.google.protobuf.Internal.EnumLiteMap<RevocationReason> internalValueMap =
+      new com.google.protobuf.Internal.EnumLiteMap<RevocationReason>() {
+        public RevocationReason findValueByNumber(int number) {
+          return RevocationReason.forNumber(number);
+        }
+      };
+
+  public final com.google.protobuf.Descriptors.EnumValueDescriptor getValueDescriptor() {
+    if (this == UNRECOGNIZED) {
+      throw new java.lang.IllegalStateException(
+          "Can't get the descriptor of an unrecognized enum value.");
+    }
+    return getDescriptor().getValues().get(ordinal());
+  }
+
+  public final com.google.protobuf.Descriptors.EnumDescriptor getDescriptorForType() {
+    return getDescriptor();
+  }
+
+  public static final com.google.protobuf.Descriptors.EnumDescriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto.getDescriptor()
+        .getEnumTypes()
+        .get(0);
+  }
+
+  private static final RevocationReason[] VALUES = values();
+
+  public static RevocationReason valueOf(com.google.protobuf.Descriptors.EnumValueDescriptor desc) {
+    if (desc.getType() != getDescriptor()) {
+      throw new java.lang.IllegalArgumentException("EnumValueDescriptor is not for this type.");
+    }
+    if (desc.getIndex() == -1) {
+      return UNRECOGNIZED;
+    }
+    return VALUES[desc.getIndex()];
+  }
+
+  private final int value;
+
+  private RevocationReason(int value) {
+    this.value = value;
+  }
+
+  // @@protoc_insertion_point(enum_scope:google.cloud.security.privateca.v1.RevocationReason)
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/RevokeCertificateRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/RevokeCertificateRequest.java
new file mode 100644
index 00000000..07567fa1
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/RevokeCertificateRequest.java
@@ -0,0 +1,1109 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Request message for
+ * [CertificateAuthorityService.RevokeCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.RevokeCertificate].
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.RevokeCertificateRequest}
+ */
+public final class RevokeCertificateRequest extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.RevokeCertificateRequest)
+    RevokeCertificateRequestOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use RevokeCertificateRequest.newBuilder() to construct.
+  private RevokeCertificateRequest(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private RevokeCertificateRequest() {
+    name_ = "";
+    reason_ = 0;
+    requestId_ = "";
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new RevokeCertificateRequest();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private RevokeCertificateRequest(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              name_ = s;
+              break;
+            }
+          case 16:
+            {
+              int rawValue = input.readEnum();
+
+              reason_ = rawValue;
+              break;
+            }
+          case 26:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              requestId_ = s;
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_RevokeCertificateRequest_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_RevokeCertificateRequest_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.RevokeCertificateRequest.class,
+            com.google.cloud.security.privateca.v1.RevokeCertificateRequest.Builder.class);
+  }
+
+  public static final int NAME_FIELD_NUMBER = 1;
+  private volatile java.lang.Object name_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for this
+   * [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+   * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The name.
+   */
+  @java.lang.Override
+  public java.lang.String getName() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      name_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for this
+   * [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+   * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for name.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getNameBytes() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      name_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int REASON_FIELD_NUMBER = 2;
+  private int reason_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. The
+   * [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for
+   * revoking this certificate.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.RevocationReason reason = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The enum numeric value on the wire for reason.
+   */
+  @java.lang.Override
+  public int getReasonValue() {
+    return reason_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. The
+   * [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for
+   * revoking this certificate.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.RevocationReason reason = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The reason.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.RevocationReason getReason() {
+    @SuppressWarnings("deprecation")
+    com.google.cloud.security.privateca.v1.RevocationReason result =
+        com.google.cloud.security.privateca.v1.RevocationReason.valueOf(reason_);
+    return result == null
+        ? com.google.cloud.security.privateca.v1.RevocationReason.UNRECOGNIZED
+        : result;
+  }
+
+  public static final int REQUEST_ID_FIELD_NUMBER = 3;
+  private volatile java.lang.Object requestId_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The requestId.
+   */
+  @java.lang.Override
+  public java.lang.String getRequestId() {
+    java.lang.Object ref = requestId_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      requestId_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for requestId.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getRequestIdBytes() {
+    java.lang.Object ref = requestId_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      requestId_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!getNameBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, name_);
+    }
+    if (reason_
+        != com.google.cloud.security.privateca.v1.RevocationReason.REVOCATION_REASON_UNSPECIFIED
+            .getNumber()) {
+      output.writeEnum(2, reason_);
+    }
+    if (!getRequestIdBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 3, requestId_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!getNameBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, name_);
+    }
+    if (reason_
+        != com.google.cloud.security.privateca.v1.RevocationReason.REVOCATION_REASON_UNSPECIFIED
+            .getNumber()) {
+      size += com.google.protobuf.CodedOutputStream.computeEnumSize(2, reason_);
+    }
+    if (!getRequestIdBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(3, requestId_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.security.privateca.v1.RevokeCertificateRequest)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.RevokeCertificateRequest other =
+        (com.google.cloud.security.privateca.v1.RevokeCertificateRequest) obj;
+
+    if (!getName().equals(other.getName())) return false;
+    if (reason_ != other.reason_) return false;
+    if (!getRequestId().equals(other.getRequestId())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + NAME_FIELD_NUMBER;
+    hash = (53 * hash) + getName().hashCode();
+    hash = (37 * hash) + REASON_FIELD_NUMBER;
+    hash = (53 * hash) + reason_;
+    hash = (37 * hash) + REQUEST_ID_FIELD_NUMBER;
+    hash = (53 * hash) + getRequestId().hashCode();
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.RevokeCertificateRequest parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.RevokeCertificateRequest parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.RevokeCertificateRequest parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.RevokeCertificateRequest parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.RevokeCertificateRequest parseFrom(
+      byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.RevokeCertificateRequest parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.RevokeCertificateRequest parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.RevokeCertificateRequest parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.RevokeCertificateRequest parseDelimitedFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.RevokeCertificateRequest parseDelimitedFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.RevokeCertificateRequest parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.RevokeCertificateRequest parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.RevokeCertificateRequest prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Request message for
+   * [CertificateAuthorityService.RevokeCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.RevokeCertificate].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.RevokeCertificateRequest}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.RevokeCertificateRequest)
+      com.google.cloud.security.privateca.v1.RevokeCertificateRequestOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_RevokeCertificateRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_RevokeCertificateRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.RevokeCertificateRequest.class,
+              com.google.cloud.security.privateca.v1.RevokeCertificateRequest.Builder.class);
+    }
+
+    // Construct using com.google.cloud.security.privateca.v1.RevokeCertificateRequest.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      name_ = "";
+
+      reason_ = 0;
+
+      requestId_ = "";
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_RevokeCertificateRequest_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.RevokeCertificateRequest
+        getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.RevokeCertificateRequest.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.RevokeCertificateRequest build() {
+      com.google.cloud.security.privateca.v1.RevokeCertificateRequest result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.RevokeCertificateRequest buildPartial() {
+      com.google.cloud.security.privateca.v1.RevokeCertificateRequest result =
+          new com.google.cloud.security.privateca.v1.RevokeCertificateRequest(this);
+      result.name_ = name_;
+      result.reason_ = reason_;
+      result.requestId_ = requestId_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.security.privateca.v1.RevokeCertificateRequest) {
+        return mergeFrom((com.google.cloud.security.privateca.v1.RevokeCertificateRequest) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(
+        com.google.cloud.security.privateca.v1.RevokeCertificateRequest other) {
+      if (other
+          == com.google.cloud.security.privateca.v1.RevokeCertificateRequest.getDefaultInstance())
+        return this;
+      if (!other.getName().isEmpty()) {
+        name_ = other.name_;
+        onChanged();
+      }
+      if (other.reason_ != 0) {
+        setReasonValue(other.getReasonValue());
+      }
+      if (!other.getRequestId().isEmpty()) {
+        requestId_ = other.requestId_;
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.RevokeCertificateRequest parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.RevokeCertificateRequest)
+                e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private java.lang.Object name_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The name.
+     */
+    public java.lang.String getName() {
+      java.lang.Object ref = name_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        name_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for name.
+     */
+    public com.google.protobuf.ByteString getNameBytes() {
+      java.lang.Object ref = name_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        name_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The name to set.
+     * @return This builder for chaining.
+     */
+    public Builder setName(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearName() {
+
+      name_ = getDefaultInstance().getName();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The bytes for name to set.
+     * @return This builder for chaining.
+     */
+    public Builder setNameBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+
+    private int reason_ = 0;
+    /**
+     *
+     *
+     * <pre>
+     * Required. The
+     * [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for
+     * revoking this certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.RevocationReason reason = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The enum numeric value on the wire for reason.
+     */
+    @java.lang.Override
+    public int getReasonValue() {
+      return reason_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The
+     * [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for
+     * revoking this certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.RevocationReason reason = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @param value The enum numeric value on the wire for reason to set.
+     * @return This builder for chaining.
+     */
+    public Builder setReasonValue(int value) {
+
+      reason_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The
+     * [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for
+     * revoking this certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.RevocationReason reason = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The reason.
+     */
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.RevocationReason getReason() {
+      @SuppressWarnings("deprecation")
+      com.google.cloud.security.privateca.v1.RevocationReason result =
+          com.google.cloud.security.privateca.v1.RevocationReason.valueOf(reason_);
+      return result == null
+          ? com.google.cloud.security.privateca.v1.RevocationReason.UNRECOGNIZED
+          : result;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The
+     * [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for
+     * revoking this certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.RevocationReason reason = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @param value The reason to set.
+     * @return This builder for chaining.
+     */
+    public Builder setReason(com.google.cloud.security.privateca.v1.RevocationReason value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      reason_ = value.getNumber();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The
+     * [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for
+     * revoking this certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.RevocationReason reason = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearReason() {
+
+      reason_ = 0;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object requestId_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The requestId.
+     */
+    public java.lang.String getRequestId() {
+      java.lang.Object ref = requestId_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        requestId_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for requestId.
+     */
+    public com.google.protobuf.ByteString getRequestIdBytes() {
+      java.lang.Object ref = requestId_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        requestId_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The requestId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setRequestId(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      requestId_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearRequestId() {
+
+      requestId_ = getDefaultInstance().getRequestId();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The bytes for requestId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setRequestIdBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      requestId_ = value;
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.RevokeCertificateRequest)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.RevokeCertificateRequest)
+  private static final com.google.cloud.security.privateca.v1.RevokeCertificateRequest
+      DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.RevokeCertificateRequest();
+  }
+
+  public static com.google.cloud.security.privateca.v1.RevokeCertificateRequest
+      getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<RevokeCertificateRequest> PARSER =
+      new com.google.protobuf.AbstractParser<RevokeCertificateRequest>() {
+        @java.lang.Override
+        public RevokeCertificateRequest parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new RevokeCertificateRequest(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<RevokeCertificateRequest> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<RevokeCertificateRequest> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.RevokeCertificateRequest
+      getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/RevokeCertificateRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/RevokeCertificateRequestOrBuilder.java
new file mode 100644
index 00000000..3facbbce
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/RevokeCertificateRequestOrBuilder.java
@@ -0,0 +1,136 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface RevokeCertificateRequestOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.RevokeCertificateRequest)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for this
+   * [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+   * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The name.
+   */
+  java.lang.String getName();
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for this
+   * [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+   * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificates/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for name.
+   */
+  com.google.protobuf.ByteString getNameBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. The
+   * [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for
+   * revoking this certificate.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.RevocationReason reason = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The enum numeric value on the wire for reason.
+   */
+  int getReasonValue();
+  /**
+   *
+   *
+   * <pre>
+   * Required. The
+   * [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for
+   * revoking this certificate.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.RevocationReason reason = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The reason.
+   */
+  com.google.cloud.security.privateca.v1.RevocationReason getReason();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The requestId.
+   */
+  java.lang.String getRequestId();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for requestId.
+   */
+  com.google.protobuf.ByteString getRequestIdBytes();
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/Subject.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/Subject.java
new file mode 100644
index 00000000..3245f2b9
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/Subject.java
@@ -0,0 +1,1889 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/resources.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * [Subject][google.cloud.security.privateca.v1.Subject] describes parts of a distinguished name that, in turn,
+ * describes the subject of the certificate.
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.Subject}
+ */
+public final class Subject extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.Subject)
+    SubjectOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use Subject.newBuilder() to construct.
+  private Subject(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private Subject() {
+    commonName_ = "";
+    countryCode_ = "";
+    organization_ = "";
+    organizationalUnit_ = "";
+    locality_ = "";
+    province_ = "";
+    streetAddress_ = "";
+    postalCode_ = "";
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new Subject();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private Subject(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              commonName_ = s;
+              break;
+            }
+          case 18:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              countryCode_ = s;
+              break;
+            }
+          case 26:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              organization_ = s;
+              break;
+            }
+          case 34:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              organizationalUnit_ = s;
+              break;
+            }
+          case 42:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              locality_ = s;
+              break;
+            }
+          case 50:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              province_ = s;
+              break;
+            }
+          case 58:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              streetAddress_ = s;
+              break;
+            }
+          case 66:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              postalCode_ = s;
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+        .internal_static_google_cloud_security_privateca_v1_Subject_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+        .internal_static_google_cloud_security_privateca_v1_Subject_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.Subject.class,
+            com.google.cloud.security.privateca.v1.Subject.Builder.class);
+  }
+
+  public static final int COMMON_NAME_FIELD_NUMBER = 1;
+  private volatile java.lang.Object commonName_;
+  /**
+   *
+   *
+   * <pre>
+   * The "common name" of the subject.
+   * </pre>
+   *
+   * <code>string common_name = 1;</code>
+   *
+   * @return The commonName.
+   */
+  @java.lang.Override
+  public java.lang.String getCommonName() {
+    java.lang.Object ref = commonName_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      commonName_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The "common name" of the subject.
+   * </pre>
+   *
+   * <code>string common_name = 1;</code>
+   *
+   * @return The bytes for commonName.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getCommonNameBytes() {
+    java.lang.Object ref = commonName_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      commonName_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int COUNTRY_CODE_FIELD_NUMBER = 2;
+  private volatile java.lang.Object countryCode_;
+  /**
+   *
+   *
+   * <pre>
+   * The country code of the subject.
+   * </pre>
+   *
+   * <code>string country_code = 2;</code>
+   *
+   * @return The countryCode.
+   */
+  @java.lang.Override
+  public java.lang.String getCountryCode() {
+    java.lang.Object ref = countryCode_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      countryCode_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The country code of the subject.
+   * </pre>
+   *
+   * <code>string country_code = 2;</code>
+   *
+   * @return The bytes for countryCode.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getCountryCodeBytes() {
+    java.lang.Object ref = countryCode_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      countryCode_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int ORGANIZATION_FIELD_NUMBER = 3;
+  private volatile java.lang.Object organization_;
+  /**
+   *
+   *
+   * <pre>
+   * The organization of the subject.
+   * </pre>
+   *
+   * <code>string organization = 3;</code>
+   *
+   * @return The organization.
+   */
+  @java.lang.Override
+  public java.lang.String getOrganization() {
+    java.lang.Object ref = organization_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      organization_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The organization of the subject.
+   * </pre>
+   *
+   * <code>string organization = 3;</code>
+   *
+   * @return The bytes for organization.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getOrganizationBytes() {
+    java.lang.Object ref = organization_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      organization_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int ORGANIZATIONAL_UNIT_FIELD_NUMBER = 4;
+  private volatile java.lang.Object organizationalUnit_;
+  /**
+   *
+   *
+   * <pre>
+   * The organizational_unit of the subject.
+   * </pre>
+   *
+   * <code>string organizational_unit = 4;</code>
+   *
+   * @return The organizationalUnit.
+   */
+  @java.lang.Override
+  public java.lang.String getOrganizationalUnit() {
+    java.lang.Object ref = organizationalUnit_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      organizationalUnit_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The organizational_unit of the subject.
+   * </pre>
+   *
+   * <code>string organizational_unit = 4;</code>
+   *
+   * @return The bytes for organizationalUnit.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getOrganizationalUnitBytes() {
+    java.lang.Object ref = organizationalUnit_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      organizationalUnit_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int LOCALITY_FIELD_NUMBER = 5;
+  private volatile java.lang.Object locality_;
+  /**
+   *
+   *
+   * <pre>
+   * The locality or city of the subject.
+   * </pre>
+   *
+   * <code>string locality = 5;</code>
+   *
+   * @return The locality.
+   */
+  @java.lang.Override
+  public java.lang.String getLocality() {
+    java.lang.Object ref = locality_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      locality_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The locality or city of the subject.
+   * </pre>
+   *
+   * <code>string locality = 5;</code>
+   *
+   * @return The bytes for locality.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getLocalityBytes() {
+    java.lang.Object ref = locality_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      locality_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int PROVINCE_FIELD_NUMBER = 6;
+  private volatile java.lang.Object province_;
+  /**
+   *
+   *
+   * <pre>
+   * The province, territory, or regional state of the subject.
+   * </pre>
+   *
+   * <code>string province = 6;</code>
+   *
+   * @return The province.
+   */
+  @java.lang.Override
+  public java.lang.String getProvince() {
+    java.lang.Object ref = province_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      province_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The province, territory, or regional state of the subject.
+   * </pre>
+   *
+   * <code>string province = 6;</code>
+   *
+   * @return The bytes for province.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getProvinceBytes() {
+    java.lang.Object ref = province_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      province_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int STREET_ADDRESS_FIELD_NUMBER = 7;
+  private volatile java.lang.Object streetAddress_;
+  /**
+   *
+   *
+   * <pre>
+   * The street address of the subject.
+   * </pre>
+   *
+   * <code>string street_address = 7;</code>
+   *
+   * @return The streetAddress.
+   */
+  @java.lang.Override
+  public java.lang.String getStreetAddress() {
+    java.lang.Object ref = streetAddress_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      streetAddress_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The street address of the subject.
+   * </pre>
+   *
+   * <code>string street_address = 7;</code>
+   *
+   * @return The bytes for streetAddress.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getStreetAddressBytes() {
+    java.lang.Object ref = streetAddress_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      streetAddress_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int POSTAL_CODE_FIELD_NUMBER = 8;
+  private volatile java.lang.Object postalCode_;
+  /**
+   *
+   *
+   * <pre>
+   * The postal code of the subject.
+   * </pre>
+   *
+   * <code>string postal_code = 8;</code>
+   *
+   * @return The postalCode.
+   */
+  @java.lang.Override
+  public java.lang.String getPostalCode() {
+    java.lang.Object ref = postalCode_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      postalCode_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The postal code of the subject.
+   * </pre>
+   *
+   * <code>string postal_code = 8;</code>
+   *
+   * @return The bytes for postalCode.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getPostalCodeBytes() {
+    java.lang.Object ref = postalCode_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      postalCode_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!getCommonNameBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, commonName_);
+    }
+    if (!getCountryCodeBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 2, countryCode_);
+    }
+    if (!getOrganizationBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 3, organization_);
+    }
+    if (!getOrganizationalUnitBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 4, organizationalUnit_);
+    }
+    if (!getLocalityBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 5, locality_);
+    }
+    if (!getProvinceBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 6, province_);
+    }
+    if (!getStreetAddressBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 7, streetAddress_);
+    }
+    if (!getPostalCodeBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 8, postalCode_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!getCommonNameBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, commonName_);
+    }
+    if (!getCountryCodeBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(2, countryCode_);
+    }
+    if (!getOrganizationBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(3, organization_);
+    }
+    if (!getOrganizationalUnitBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(4, organizationalUnit_);
+    }
+    if (!getLocalityBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(5, locality_);
+    }
+    if (!getProvinceBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(6, province_);
+    }
+    if (!getStreetAddressBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(7, streetAddress_);
+    }
+    if (!getPostalCodeBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(8, postalCode_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.security.privateca.v1.Subject)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.Subject other =
+        (com.google.cloud.security.privateca.v1.Subject) obj;
+
+    if (!getCommonName().equals(other.getCommonName())) return false;
+    if (!getCountryCode().equals(other.getCountryCode())) return false;
+    if (!getOrganization().equals(other.getOrganization())) return false;
+    if (!getOrganizationalUnit().equals(other.getOrganizationalUnit())) return false;
+    if (!getLocality().equals(other.getLocality())) return false;
+    if (!getProvince().equals(other.getProvince())) return false;
+    if (!getStreetAddress().equals(other.getStreetAddress())) return false;
+    if (!getPostalCode().equals(other.getPostalCode())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + COMMON_NAME_FIELD_NUMBER;
+    hash = (53 * hash) + getCommonName().hashCode();
+    hash = (37 * hash) + COUNTRY_CODE_FIELD_NUMBER;
+    hash = (53 * hash) + getCountryCode().hashCode();
+    hash = (37 * hash) + ORGANIZATION_FIELD_NUMBER;
+    hash = (53 * hash) + getOrganization().hashCode();
+    hash = (37 * hash) + ORGANIZATIONAL_UNIT_FIELD_NUMBER;
+    hash = (53 * hash) + getOrganizationalUnit().hashCode();
+    hash = (37 * hash) + LOCALITY_FIELD_NUMBER;
+    hash = (53 * hash) + getLocality().hashCode();
+    hash = (37 * hash) + PROVINCE_FIELD_NUMBER;
+    hash = (53 * hash) + getProvince().hashCode();
+    hash = (37 * hash) + STREET_ADDRESS_FIELD_NUMBER;
+    hash = (53 * hash) + getStreetAddress().hashCode();
+    hash = (37 * hash) + POSTAL_CODE_FIELD_NUMBER;
+    hash = (53 * hash) + getPostalCode().hashCode();
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.Subject parseFrom(java.nio.ByteBuffer data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.Subject parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.Subject parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.Subject parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.Subject parseFrom(byte[] data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.Subject parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.Subject parseFrom(java.io.InputStream input)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.Subject parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.Subject parseDelimitedFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.Subject parseDelimitedFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.Subject parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.Subject parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(com.google.cloud.security.privateca.v1.Subject prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * [Subject][google.cloud.security.privateca.v1.Subject] describes parts of a distinguished name that, in turn,
+   * describes the subject of the certificate.
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.Subject}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.Subject)
+      com.google.cloud.security.privateca.v1.SubjectOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_Subject_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_Subject_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.Subject.class,
+              com.google.cloud.security.privateca.v1.Subject.Builder.class);
+    }
+
+    // Construct using com.google.cloud.security.privateca.v1.Subject.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      commonName_ = "";
+
+      countryCode_ = "";
+
+      organization_ = "";
+
+      organizationalUnit_ = "";
+
+      locality_ = "";
+
+      province_ = "";
+
+      streetAddress_ = "";
+
+      postalCode_ = "";
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_Subject_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.Subject getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.Subject.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.Subject build() {
+      com.google.cloud.security.privateca.v1.Subject result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.Subject buildPartial() {
+      com.google.cloud.security.privateca.v1.Subject result =
+          new com.google.cloud.security.privateca.v1.Subject(this);
+      result.commonName_ = commonName_;
+      result.countryCode_ = countryCode_;
+      result.organization_ = organization_;
+      result.organizationalUnit_ = organizationalUnit_;
+      result.locality_ = locality_;
+      result.province_ = province_;
+      result.streetAddress_ = streetAddress_;
+      result.postalCode_ = postalCode_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.security.privateca.v1.Subject) {
+        return mergeFrom((com.google.cloud.security.privateca.v1.Subject) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(com.google.cloud.security.privateca.v1.Subject other) {
+      if (other == com.google.cloud.security.privateca.v1.Subject.getDefaultInstance()) return this;
+      if (!other.getCommonName().isEmpty()) {
+        commonName_ = other.commonName_;
+        onChanged();
+      }
+      if (!other.getCountryCode().isEmpty()) {
+        countryCode_ = other.countryCode_;
+        onChanged();
+      }
+      if (!other.getOrganization().isEmpty()) {
+        organization_ = other.organization_;
+        onChanged();
+      }
+      if (!other.getOrganizationalUnit().isEmpty()) {
+        organizationalUnit_ = other.organizationalUnit_;
+        onChanged();
+      }
+      if (!other.getLocality().isEmpty()) {
+        locality_ = other.locality_;
+        onChanged();
+      }
+      if (!other.getProvince().isEmpty()) {
+        province_ = other.province_;
+        onChanged();
+      }
+      if (!other.getStreetAddress().isEmpty()) {
+        streetAddress_ = other.streetAddress_;
+        onChanged();
+      }
+      if (!other.getPostalCode().isEmpty()) {
+        postalCode_ = other.postalCode_;
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.Subject parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage = (com.google.cloud.security.privateca.v1.Subject) e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private java.lang.Object commonName_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * The "common name" of the subject.
+     * </pre>
+     *
+     * <code>string common_name = 1;</code>
+     *
+     * @return The commonName.
+     */
+    public java.lang.String getCommonName() {
+      java.lang.Object ref = commonName_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        commonName_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The "common name" of the subject.
+     * </pre>
+     *
+     * <code>string common_name = 1;</code>
+     *
+     * @return The bytes for commonName.
+     */
+    public com.google.protobuf.ByteString getCommonNameBytes() {
+      java.lang.Object ref = commonName_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        commonName_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The "common name" of the subject.
+     * </pre>
+     *
+     * <code>string common_name = 1;</code>
+     *
+     * @param value The commonName to set.
+     * @return This builder for chaining.
+     */
+    public Builder setCommonName(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      commonName_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The "common name" of the subject.
+     * </pre>
+     *
+     * <code>string common_name = 1;</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearCommonName() {
+
+      commonName_ = getDefaultInstance().getCommonName();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The "common name" of the subject.
+     * </pre>
+     *
+     * <code>string common_name = 1;</code>
+     *
+     * @param value The bytes for commonName to set.
+     * @return This builder for chaining.
+     */
+    public Builder setCommonNameBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      commonName_ = value;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object countryCode_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * The country code of the subject.
+     * </pre>
+     *
+     * <code>string country_code = 2;</code>
+     *
+     * @return The countryCode.
+     */
+    public java.lang.String getCountryCode() {
+      java.lang.Object ref = countryCode_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        countryCode_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The country code of the subject.
+     * </pre>
+     *
+     * <code>string country_code = 2;</code>
+     *
+     * @return The bytes for countryCode.
+     */
+    public com.google.protobuf.ByteString getCountryCodeBytes() {
+      java.lang.Object ref = countryCode_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        countryCode_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The country code of the subject.
+     * </pre>
+     *
+     * <code>string country_code = 2;</code>
+     *
+     * @param value The countryCode to set.
+     * @return This builder for chaining.
+     */
+    public Builder setCountryCode(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      countryCode_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The country code of the subject.
+     * </pre>
+     *
+     * <code>string country_code = 2;</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearCountryCode() {
+
+      countryCode_ = getDefaultInstance().getCountryCode();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The country code of the subject.
+     * </pre>
+     *
+     * <code>string country_code = 2;</code>
+     *
+     * @param value The bytes for countryCode to set.
+     * @return This builder for chaining.
+     */
+    public Builder setCountryCodeBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      countryCode_ = value;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object organization_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * The organization of the subject.
+     * </pre>
+     *
+     * <code>string organization = 3;</code>
+     *
+     * @return The organization.
+     */
+    public java.lang.String getOrganization() {
+      java.lang.Object ref = organization_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        organization_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The organization of the subject.
+     * </pre>
+     *
+     * <code>string organization = 3;</code>
+     *
+     * @return The bytes for organization.
+     */
+    public com.google.protobuf.ByteString getOrganizationBytes() {
+      java.lang.Object ref = organization_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        organization_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The organization of the subject.
+     * </pre>
+     *
+     * <code>string organization = 3;</code>
+     *
+     * @param value The organization to set.
+     * @return This builder for chaining.
+     */
+    public Builder setOrganization(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      organization_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The organization of the subject.
+     * </pre>
+     *
+     * <code>string organization = 3;</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearOrganization() {
+
+      organization_ = getDefaultInstance().getOrganization();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The organization of the subject.
+     * </pre>
+     *
+     * <code>string organization = 3;</code>
+     *
+     * @param value The bytes for organization to set.
+     * @return This builder for chaining.
+     */
+    public Builder setOrganizationBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      organization_ = value;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object organizationalUnit_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * The organizational_unit of the subject.
+     * </pre>
+     *
+     * <code>string organizational_unit = 4;</code>
+     *
+     * @return The organizationalUnit.
+     */
+    public java.lang.String getOrganizationalUnit() {
+      java.lang.Object ref = organizationalUnit_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        organizationalUnit_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The organizational_unit of the subject.
+     * </pre>
+     *
+     * <code>string organizational_unit = 4;</code>
+     *
+     * @return The bytes for organizationalUnit.
+     */
+    public com.google.protobuf.ByteString getOrganizationalUnitBytes() {
+      java.lang.Object ref = organizationalUnit_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        organizationalUnit_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The organizational_unit of the subject.
+     * </pre>
+     *
+     * <code>string organizational_unit = 4;</code>
+     *
+     * @param value The organizationalUnit to set.
+     * @return This builder for chaining.
+     */
+    public Builder setOrganizationalUnit(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      organizationalUnit_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The organizational_unit of the subject.
+     * </pre>
+     *
+     * <code>string organizational_unit = 4;</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearOrganizationalUnit() {
+
+      organizationalUnit_ = getDefaultInstance().getOrganizationalUnit();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The organizational_unit of the subject.
+     * </pre>
+     *
+     * <code>string organizational_unit = 4;</code>
+     *
+     * @param value The bytes for organizationalUnit to set.
+     * @return This builder for chaining.
+     */
+    public Builder setOrganizationalUnitBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      organizationalUnit_ = value;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object locality_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * The locality or city of the subject.
+     * </pre>
+     *
+     * <code>string locality = 5;</code>
+     *
+     * @return The locality.
+     */
+    public java.lang.String getLocality() {
+      java.lang.Object ref = locality_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        locality_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The locality or city of the subject.
+     * </pre>
+     *
+     * <code>string locality = 5;</code>
+     *
+     * @return The bytes for locality.
+     */
+    public com.google.protobuf.ByteString getLocalityBytes() {
+      java.lang.Object ref = locality_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        locality_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The locality or city of the subject.
+     * </pre>
+     *
+     * <code>string locality = 5;</code>
+     *
+     * @param value The locality to set.
+     * @return This builder for chaining.
+     */
+    public Builder setLocality(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      locality_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The locality or city of the subject.
+     * </pre>
+     *
+     * <code>string locality = 5;</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearLocality() {
+
+      locality_ = getDefaultInstance().getLocality();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The locality or city of the subject.
+     * </pre>
+     *
+     * <code>string locality = 5;</code>
+     *
+     * @param value The bytes for locality to set.
+     * @return This builder for chaining.
+     */
+    public Builder setLocalityBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      locality_ = value;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object province_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * The province, territory, or regional state of the subject.
+     * </pre>
+     *
+     * <code>string province = 6;</code>
+     *
+     * @return The province.
+     */
+    public java.lang.String getProvince() {
+      java.lang.Object ref = province_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        province_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The province, territory, or regional state of the subject.
+     * </pre>
+     *
+     * <code>string province = 6;</code>
+     *
+     * @return The bytes for province.
+     */
+    public com.google.protobuf.ByteString getProvinceBytes() {
+      java.lang.Object ref = province_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        province_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The province, territory, or regional state of the subject.
+     * </pre>
+     *
+     * <code>string province = 6;</code>
+     *
+     * @param value The province to set.
+     * @return This builder for chaining.
+     */
+    public Builder setProvince(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      province_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The province, territory, or regional state of the subject.
+     * </pre>
+     *
+     * <code>string province = 6;</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearProvince() {
+
+      province_ = getDefaultInstance().getProvince();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The province, territory, or regional state of the subject.
+     * </pre>
+     *
+     * <code>string province = 6;</code>
+     *
+     * @param value The bytes for province to set.
+     * @return This builder for chaining.
+     */
+    public Builder setProvinceBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      province_ = value;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object streetAddress_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * The street address of the subject.
+     * </pre>
+     *
+     * <code>string street_address = 7;</code>
+     *
+     * @return The streetAddress.
+     */
+    public java.lang.String getStreetAddress() {
+      java.lang.Object ref = streetAddress_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        streetAddress_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The street address of the subject.
+     * </pre>
+     *
+     * <code>string street_address = 7;</code>
+     *
+     * @return The bytes for streetAddress.
+     */
+    public com.google.protobuf.ByteString getStreetAddressBytes() {
+      java.lang.Object ref = streetAddress_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        streetAddress_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The street address of the subject.
+     * </pre>
+     *
+     * <code>string street_address = 7;</code>
+     *
+     * @param value The streetAddress to set.
+     * @return This builder for chaining.
+     */
+    public Builder setStreetAddress(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      streetAddress_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The street address of the subject.
+     * </pre>
+     *
+     * <code>string street_address = 7;</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearStreetAddress() {
+
+      streetAddress_ = getDefaultInstance().getStreetAddress();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The street address of the subject.
+     * </pre>
+     *
+     * <code>string street_address = 7;</code>
+     *
+     * @param value The bytes for streetAddress to set.
+     * @return This builder for chaining.
+     */
+    public Builder setStreetAddressBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      streetAddress_ = value;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object postalCode_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * The postal code of the subject.
+     * </pre>
+     *
+     * <code>string postal_code = 8;</code>
+     *
+     * @return The postalCode.
+     */
+    public java.lang.String getPostalCode() {
+      java.lang.Object ref = postalCode_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        postalCode_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The postal code of the subject.
+     * </pre>
+     *
+     * <code>string postal_code = 8;</code>
+     *
+     * @return The bytes for postalCode.
+     */
+    public com.google.protobuf.ByteString getPostalCodeBytes() {
+      java.lang.Object ref = postalCode_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        postalCode_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The postal code of the subject.
+     * </pre>
+     *
+     * <code>string postal_code = 8;</code>
+     *
+     * @param value The postalCode to set.
+     * @return This builder for chaining.
+     */
+    public Builder setPostalCode(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      postalCode_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The postal code of the subject.
+     * </pre>
+     *
+     * <code>string postal_code = 8;</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearPostalCode() {
+
+      postalCode_ = getDefaultInstance().getPostalCode();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The postal code of the subject.
+     * </pre>
+     *
+     * <code>string postal_code = 8;</code>
+     *
+     * @param value The bytes for postalCode to set.
+     * @return This builder for chaining.
+     */
+    public Builder setPostalCodeBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      postalCode_ = value;
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.Subject)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.Subject)
+  private static final com.google.cloud.security.privateca.v1.Subject DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.Subject();
+  }
+
+  public static com.google.cloud.security.privateca.v1.Subject getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<Subject> PARSER =
+      new com.google.protobuf.AbstractParser<Subject>() {
+        @java.lang.Override
+        public Subject parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new Subject(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<Subject> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<Subject> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.Subject getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/SubjectAltNames.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/SubjectAltNames.java
new file mode 100644
index 00000000..23b1851c
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/SubjectAltNames.java
@@ -0,0 +1,2071 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/resources.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] corresponds to a more modern way of listing what
+ * the asserted identity is in a certificate (i.e., compared to the "common
+ * name" in the distinguished name).
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.SubjectAltNames}
+ */
+public final class SubjectAltNames extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.SubjectAltNames)
+    SubjectAltNamesOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use SubjectAltNames.newBuilder() to construct.
+  private SubjectAltNames(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private SubjectAltNames() {
+    dnsNames_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+    uris_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+    emailAddresses_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+    ipAddresses_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+    customSans_ = java.util.Collections.emptyList();
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new SubjectAltNames();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private SubjectAltNames(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    int mutable_bitField0_ = 0;
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+              if (!((mutable_bitField0_ & 0x00000001) != 0)) {
+                dnsNames_ = new com.google.protobuf.LazyStringArrayList();
+                mutable_bitField0_ |= 0x00000001;
+              }
+              dnsNames_.add(s);
+              break;
+            }
+          case 18:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+              if (!((mutable_bitField0_ & 0x00000002) != 0)) {
+                uris_ = new com.google.protobuf.LazyStringArrayList();
+                mutable_bitField0_ |= 0x00000002;
+              }
+              uris_.add(s);
+              break;
+            }
+          case 26:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+              if (!((mutable_bitField0_ & 0x00000004) != 0)) {
+                emailAddresses_ = new com.google.protobuf.LazyStringArrayList();
+                mutable_bitField0_ |= 0x00000004;
+              }
+              emailAddresses_.add(s);
+              break;
+            }
+          case 34:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+              if (!((mutable_bitField0_ & 0x00000008) != 0)) {
+                ipAddresses_ = new com.google.protobuf.LazyStringArrayList();
+                mutable_bitField0_ |= 0x00000008;
+              }
+              ipAddresses_.add(s);
+              break;
+            }
+          case 42:
+            {
+              if (!((mutable_bitField0_ & 0x00000010) != 0)) {
+                customSans_ =
+                    new java.util.ArrayList<com.google.cloud.security.privateca.v1.X509Extension>();
+                mutable_bitField0_ |= 0x00000010;
+              }
+              customSans_.add(
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.X509Extension.parser(),
+                      extensionRegistry));
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      if (((mutable_bitField0_ & 0x00000001) != 0)) {
+        dnsNames_ = dnsNames_.getUnmodifiableView();
+      }
+      if (((mutable_bitField0_ & 0x00000002) != 0)) {
+        uris_ = uris_.getUnmodifiableView();
+      }
+      if (((mutable_bitField0_ & 0x00000004) != 0)) {
+        emailAddresses_ = emailAddresses_.getUnmodifiableView();
+      }
+      if (((mutable_bitField0_ & 0x00000008) != 0)) {
+        ipAddresses_ = ipAddresses_.getUnmodifiableView();
+      }
+      if (((mutable_bitField0_ & 0x00000010) != 0)) {
+        customSans_ = java.util.Collections.unmodifiableList(customSans_);
+      }
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+        .internal_static_google_cloud_security_privateca_v1_SubjectAltNames_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+        .internal_static_google_cloud_security_privateca_v1_SubjectAltNames_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.SubjectAltNames.class,
+            com.google.cloud.security.privateca.v1.SubjectAltNames.Builder.class);
+  }
+
+  public static final int DNS_NAMES_FIELD_NUMBER = 1;
+  private com.google.protobuf.LazyStringList dnsNames_;
+  /**
+   *
+   *
+   * <pre>
+   * Contains only valid, fully-qualified host names.
+   * </pre>
+   *
+   * <code>repeated string dns_names = 1;</code>
+   *
+   * @return A list containing the dnsNames.
+   */
+  public com.google.protobuf.ProtocolStringList getDnsNamesList() {
+    return dnsNames_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Contains only valid, fully-qualified host names.
+   * </pre>
+   *
+   * <code>repeated string dns_names = 1;</code>
+   *
+   * @return The count of dnsNames.
+   */
+  public int getDnsNamesCount() {
+    return dnsNames_.size();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Contains only valid, fully-qualified host names.
+   * </pre>
+   *
+   * <code>repeated string dns_names = 1;</code>
+   *
+   * @param index The index of the element to return.
+   * @return The dnsNames at the given index.
+   */
+  public java.lang.String getDnsNames(int index) {
+    return dnsNames_.get(index);
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Contains only valid, fully-qualified host names.
+   * </pre>
+   *
+   * <code>repeated string dns_names = 1;</code>
+   *
+   * @param index The index of the value to return.
+   * @return The bytes of the dnsNames at the given index.
+   */
+  public com.google.protobuf.ByteString getDnsNamesBytes(int index) {
+    return dnsNames_.getByteString(index);
+  }
+
+  public static final int URIS_FIELD_NUMBER = 2;
+  private com.google.protobuf.LazyStringList uris_;
+  /**
+   *
+   *
+   * <pre>
+   * Contains only valid RFC 3986 URIs.
+   * </pre>
+   *
+   * <code>repeated string uris = 2;</code>
+   *
+   * @return A list containing the uris.
+   */
+  public com.google.protobuf.ProtocolStringList getUrisList() {
+    return uris_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Contains only valid RFC 3986 URIs.
+   * </pre>
+   *
+   * <code>repeated string uris = 2;</code>
+   *
+   * @return The count of uris.
+   */
+  public int getUrisCount() {
+    return uris_.size();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Contains only valid RFC 3986 URIs.
+   * </pre>
+   *
+   * <code>repeated string uris = 2;</code>
+   *
+   * @param index The index of the element to return.
+   * @return The uris at the given index.
+   */
+  public java.lang.String getUris(int index) {
+    return uris_.get(index);
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Contains only valid RFC 3986 URIs.
+   * </pre>
+   *
+   * <code>repeated string uris = 2;</code>
+   *
+   * @param index The index of the value to return.
+   * @return The bytes of the uris at the given index.
+   */
+  public com.google.protobuf.ByteString getUrisBytes(int index) {
+    return uris_.getByteString(index);
+  }
+
+  public static final int EMAIL_ADDRESSES_FIELD_NUMBER = 3;
+  private com.google.protobuf.LazyStringList emailAddresses_;
+  /**
+   *
+   *
+   * <pre>
+   * Contains only valid RFC 2822 E-mail addresses.
+   * </pre>
+   *
+   * <code>repeated string email_addresses = 3;</code>
+   *
+   * @return A list containing the emailAddresses.
+   */
+  public com.google.protobuf.ProtocolStringList getEmailAddressesList() {
+    return emailAddresses_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Contains only valid RFC 2822 E-mail addresses.
+   * </pre>
+   *
+   * <code>repeated string email_addresses = 3;</code>
+   *
+   * @return The count of emailAddresses.
+   */
+  public int getEmailAddressesCount() {
+    return emailAddresses_.size();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Contains only valid RFC 2822 E-mail addresses.
+   * </pre>
+   *
+   * <code>repeated string email_addresses = 3;</code>
+   *
+   * @param index The index of the element to return.
+   * @return The emailAddresses at the given index.
+   */
+  public java.lang.String getEmailAddresses(int index) {
+    return emailAddresses_.get(index);
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Contains only valid RFC 2822 E-mail addresses.
+   * </pre>
+   *
+   * <code>repeated string email_addresses = 3;</code>
+   *
+   * @param index The index of the value to return.
+   * @return The bytes of the emailAddresses at the given index.
+   */
+  public com.google.protobuf.ByteString getEmailAddressesBytes(int index) {
+    return emailAddresses_.getByteString(index);
+  }
+
+  public static final int IP_ADDRESSES_FIELD_NUMBER = 4;
+  private com.google.protobuf.LazyStringList ipAddresses_;
+  /**
+   *
+   *
+   * <pre>
+   * Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
+   * </pre>
+   *
+   * <code>repeated string ip_addresses = 4;</code>
+   *
+   * @return A list containing the ipAddresses.
+   */
+  public com.google.protobuf.ProtocolStringList getIpAddressesList() {
+    return ipAddresses_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
+   * </pre>
+   *
+   * <code>repeated string ip_addresses = 4;</code>
+   *
+   * @return The count of ipAddresses.
+   */
+  public int getIpAddressesCount() {
+    return ipAddresses_.size();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
+   * </pre>
+   *
+   * <code>repeated string ip_addresses = 4;</code>
+   *
+   * @param index The index of the element to return.
+   * @return The ipAddresses at the given index.
+   */
+  public java.lang.String getIpAddresses(int index) {
+    return ipAddresses_.get(index);
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
+   * </pre>
+   *
+   * <code>repeated string ip_addresses = 4;</code>
+   *
+   * @param index The index of the value to return.
+   * @return The bytes of the ipAddresses at the given index.
+   */
+  public com.google.protobuf.ByteString getIpAddressesBytes(int index) {
+    return ipAddresses_.getByteString(index);
+  }
+
+  public static final int CUSTOM_SANS_FIELD_NUMBER = 5;
+  private java.util.List<com.google.cloud.security.privateca.v1.X509Extension> customSans_;
+  /**
+   *
+   *
+   * <pre>
+   * Contains additional subject alternative name values.
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5;</code>
+   */
+  @java.lang.Override
+  public java.util.List<com.google.cloud.security.privateca.v1.X509Extension> getCustomSansList() {
+    return customSans_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Contains additional subject alternative name values.
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5;</code>
+   */
+  @java.lang.Override
+  public java.util.List<? extends com.google.cloud.security.privateca.v1.X509ExtensionOrBuilder>
+      getCustomSansOrBuilderList() {
+    return customSans_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Contains additional subject alternative name values.
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5;</code>
+   */
+  @java.lang.Override
+  public int getCustomSansCount() {
+    return customSans_.size();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Contains additional subject alternative name values.
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5;</code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.X509Extension getCustomSans(int index) {
+    return customSans_.get(index);
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Contains additional subject alternative name values.
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5;</code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.X509ExtensionOrBuilder getCustomSansOrBuilder(
+      int index) {
+    return customSans_.get(index);
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    for (int i = 0; i < dnsNames_.size(); i++) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, dnsNames_.getRaw(i));
+    }
+    for (int i = 0; i < uris_.size(); i++) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 2, uris_.getRaw(i));
+    }
+    for (int i = 0; i < emailAddresses_.size(); i++) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 3, emailAddresses_.getRaw(i));
+    }
+    for (int i = 0; i < ipAddresses_.size(); i++) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 4, ipAddresses_.getRaw(i));
+    }
+    for (int i = 0; i < customSans_.size(); i++) {
+      output.writeMessage(5, customSans_.get(i));
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    {
+      int dataSize = 0;
+      for (int i = 0; i < dnsNames_.size(); i++) {
+        dataSize += computeStringSizeNoTag(dnsNames_.getRaw(i));
+      }
+      size += dataSize;
+      size += 1 * getDnsNamesList().size();
+    }
+    {
+      int dataSize = 0;
+      for (int i = 0; i < uris_.size(); i++) {
+        dataSize += computeStringSizeNoTag(uris_.getRaw(i));
+      }
+      size += dataSize;
+      size += 1 * getUrisList().size();
+    }
+    {
+      int dataSize = 0;
+      for (int i = 0; i < emailAddresses_.size(); i++) {
+        dataSize += computeStringSizeNoTag(emailAddresses_.getRaw(i));
+      }
+      size += dataSize;
+      size += 1 * getEmailAddressesList().size();
+    }
+    {
+      int dataSize = 0;
+      for (int i = 0; i < ipAddresses_.size(); i++) {
+        dataSize += computeStringSizeNoTag(ipAddresses_.getRaw(i));
+      }
+      size += dataSize;
+      size += 1 * getIpAddressesList().size();
+    }
+    for (int i = 0; i < customSans_.size(); i++) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(5, customSans_.get(i));
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.security.privateca.v1.SubjectAltNames)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.SubjectAltNames other =
+        (com.google.cloud.security.privateca.v1.SubjectAltNames) obj;
+
+    if (!getDnsNamesList().equals(other.getDnsNamesList())) return false;
+    if (!getUrisList().equals(other.getUrisList())) return false;
+    if (!getEmailAddressesList().equals(other.getEmailAddressesList())) return false;
+    if (!getIpAddressesList().equals(other.getIpAddressesList())) return false;
+    if (!getCustomSansList().equals(other.getCustomSansList())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    if (getDnsNamesCount() > 0) {
+      hash = (37 * hash) + DNS_NAMES_FIELD_NUMBER;
+      hash = (53 * hash) + getDnsNamesList().hashCode();
+    }
+    if (getUrisCount() > 0) {
+      hash = (37 * hash) + URIS_FIELD_NUMBER;
+      hash = (53 * hash) + getUrisList().hashCode();
+    }
+    if (getEmailAddressesCount() > 0) {
+      hash = (37 * hash) + EMAIL_ADDRESSES_FIELD_NUMBER;
+      hash = (53 * hash) + getEmailAddressesList().hashCode();
+    }
+    if (getIpAddressesCount() > 0) {
+      hash = (37 * hash) + IP_ADDRESSES_FIELD_NUMBER;
+      hash = (53 * hash) + getIpAddressesList().hashCode();
+    }
+    if (getCustomSansCount() > 0) {
+      hash = (37 * hash) + CUSTOM_SANS_FIELD_NUMBER;
+      hash = (53 * hash) + getCustomSansList().hashCode();
+    }
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.SubjectAltNames parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.SubjectAltNames parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.SubjectAltNames parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.SubjectAltNames parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.SubjectAltNames parseFrom(byte[] data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.SubjectAltNames parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.SubjectAltNames parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.SubjectAltNames parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.SubjectAltNames parseDelimitedFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.SubjectAltNames parseDelimitedFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.SubjectAltNames parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.SubjectAltNames parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.SubjectAltNames prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] corresponds to a more modern way of listing what
+   * the asserted identity is in a certificate (i.e., compared to the "common
+   * name" in the distinguished name).
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.SubjectAltNames}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.SubjectAltNames)
+      com.google.cloud.security.privateca.v1.SubjectAltNamesOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_SubjectAltNames_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_SubjectAltNames_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.SubjectAltNames.class,
+              com.google.cloud.security.privateca.v1.SubjectAltNames.Builder.class);
+    }
+
+    // Construct using com.google.cloud.security.privateca.v1.SubjectAltNames.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {
+        getCustomSansFieldBuilder();
+      }
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      dnsNames_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000001);
+      uris_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000002);
+      emailAddresses_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000004);
+      ipAddresses_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000008);
+      if (customSansBuilder_ == null) {
+        customSans_ = java.util.Collections.emptyList();
+        bitField0_ = (bitField0_ & ~0x00000010);
+      } else {
+        customSansBuilder_.clear();
+      }
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_SubjectAltNames_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.SubjectAltNames getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.SubjectAltNames.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.SubjectAltNames build() {
+      com.google.cloud.security.privateca.v1.SubjectAltNames result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.SubjectAltNames buildPartial() {
+      com.google.cloud.security.privateca.v1.SubjectAltNames result =
+          new com.google.cloud.security.privateca.v1.SubjectAltNames(this);
+      int from_bitField0_ = bitField0_;
+      if (((bitField0_ & 0x00000001) != 0)) {
+        dnsNames_ = dnsNames_.getUnmodifiableView();
+        bitField0_ = (bitField0_ & ~0x00000001);
+      }
+      result.dnsNames_ = dnsNames_;
+      if (((bitField0_ & 0x00000002) != 0)) {
+        uris_ = uris_.getUnmodifiableView();
+        bitField0_ = (bitField0_ & ~0x00000002);
+      }
+      result.uris_ = uris_;
+      if (((bitField0_ & 0x00000004) != 0)) {
+        emailAddresses_ = emailAddresses_.getUnmodifiableView();
+        bitField0_ = (bitField0_ & ~0x00000004);
+      }
+      result.emailAddresses_ = emailAddresses_;
+      if (((bitField0_ & 0x00000008) != 0)) {
+        ipAddresses_ = ipAddresses_.getUnmodifiableView();
+        bitField0_ = (bitField0_ & ~0x00000008);
+      }
+      result.ipAddresses_ = ipAddresses_;
+      if (customSansBuilder_ == null) {
+        if (((bitField0_ & 0x00000010) != 0)) {
+          customSans_ = java.util.Collections.unmodifiableList(customSans_);
+          bitField0_ = (bitField0_ & ~0x00000010);
+        }
+        result.customSans_ = customSans_;
+      } else {
+        result.customSans_ = customSansBuilder_.build();
+      }
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.security.privateca.v1.SubjectAltNames) {
+        return mergeFrom((com.google.cloud.security.privateca.v1.SubjectAltNames) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(com.google.cloud.security.privateca.v1.SubjectAltNames other) {
+      if (other == com.google.cloud.security.privateca.v1.SubjectAltNames.getDefaultInstance())
+        return this;
+      if (!other.dnsNames_.isEmpty()) {
+        if (dnsNames_.isEmpty()) {
+          dnsNames_ = other.dnsNames_;
+          bitField0_ = (bitField0_ & ~0x00000001);
+        } else {
+          ensureDnsNamesIsMutable();
+          dnsNames_.addAll(other.dnsNames_);
+        }
+        onChanged();
+      }
+      if (!other.uris_.isEmpty()) {
+        if (uris_.isEmpty()) {
+          uris_ = other.uris_;
+          bitField0_ = (bitField0_ & ~0x00000002);
+        } else {
+          ensureUrisIsMutable();
+          uris_.addAll(other.uris_);
+        }
+        onChanged();
+      }
+      if (!other.emailAddresses_.isEmpty()) {
+        if (emailAddresses_.isEmpty()) {
+          emailAddresses_ = other.emailAddresses_;
+          bitField0_ = (bitField0_ & ~0x00000004);
+        } else {
+          ensureEmailAddressesIsMutable();
+          emailAddresses_.addAll(other.emailAddresses_);
+        }
+        onChanged();
+      }
+      if (!other.ipAddresses_.isEmpty()) {
+        if (ipAddresses_.isEmpty()) {
+          ipAddresses_ = other.ipAddresses_;
+          bitField0_ = (bitField0_ & ~0x00000008);
+        } else {
+          ensureIpAddressesIsMutable();
+          ipAddresses_.addAll(other.ipAddresses_);
+        }
+        onChanged();
+      }
+      if (customSansBuilder_ == null) {
+        if (!other.customSans_.isEmpty()) {
+          if (customSans_.isEmpty()) {
+            customSans_ = other.customSans_;
+            bitField0_ = (bitField0_ & ~0x00000010);
+          } else {
+            ensureCustomSansIsMutable();
+            customSans_.addAll(other.customSans_);
+          }
+          onChanged();
+        }
+      } else {
+        if (!other.customSans_.isEmpty()) {
+          if (customSansBuilder_.isEmpty()) {
+            customSansBuilder_.dispose();
+            customSansBuilder_ = null;
+            customSans_ = other.customSans_;
+            bitField0_ = (bitField0_ & ~0x00000010);
+            customSansBuilder_ =
+                com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders
+                    ? getCustomSansFieldBuilder()
+                    : null;
+          } else {
+            customSansBuilder_.addAllMessages(other.customSans_);
+          }
+        }
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.SubjectAltNames parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.SubjectAltNames) e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private int bitField0_;
+
+    private com.google.protobuf.LazyStringList dnsNames_ =
+        com.google.protobuf.LazyStringArrayList.EMPTY;
+
+    private void ensureDnsNamesIsMutable() {
+      if (!((bitField0_ & 0x00000001) != 0)) {
+        dnsNames_ = new com.google.protobuf.LazyStringArrayList(dnsNames_);
+        bitField0_ |= 0x00000001;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains only valid, fully-qualified host names.
+     * </pre>
+     *
+     * <code>repeated string dns_names = 1;</code>
+     *
+     * @return A list containing the dnsNames.
+     */
+    public com.google.protobuf.ProtocolStringList getDnsNamesList() {
+      return dnsNames_.getUnmodifiableView();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains only valid, fully-qualified host names.
+     * </pre>
+     *
+     * <code>repeated string dns_names = 1;</code>
+     *
+     * @return The count of dnsNames.
+     */
+    public int getDnsNamesCount() {
+      return dnsNames_.size();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains only valid, fully-qualified host names.
+     * </pre>
+     *
+     * <code>repeated string dns_names = 1;</code>
+     *
+     * @param index The index of the element to return.
+     * @return The dnsNames at the given index.
+     */
+    public java.lang.String getDnsNames(int index) {
+      return dnsNames_.get(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains only valid, fully-qualified host names.
+     * </pre>
+     *
+     * <code>repeated string dns_names = 1;</code>
+     *
+     * @param index The index of the value to return.
+     * @return The bytes of the dnsNames at the given index.
+     */
+    public com.google.protobuf.ByteString getDnsNamesBytes(int index) {
+      return dnsNames_.getByteString(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains only valid, fully-qualified host names.
+     * </pre>
+     *
+     * <code>repeated string dns_names = 1;</code>
+     *
+     * @param index The index to set the value at.
+     * @param value The dnsNames to set.
+     * @return This builder for chaining.
+     */
+    public Builder setDnsNames(int index, java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensureDnsNamesIsMutable();
+      dnsNames_.set(index, value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains only valid, fully-qualified host names.
+     * </pre>
+     *
+     * <code>repeated string dns_names = 1;</code>
+     *
+     * @param value The dnsNames to add.
+     * @return This builder for chaining.
+     */
+    public Builder addDnsNames(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensureDnsNamesIsMutable();
+      dnsNames_.add(value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains only valid, fully-qualified host names.
+     * </pre>
+     *
+     * <code>repeated string dns_names = 1;</code>
+     *
+     * @param values The dnsNames to add.
+     * @return This builder for chaining.
+     */
+    public Builder addAllDnsNames(java.lang.Iterable<java.lang.String> values) {
+      ensureDnsNamesIsMutable();
+      com.google.protobuf.AbstractMessageLite.Builder.addAll(values, dnsNames_);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains only valid, fully-qualified host names.
+     * </pre>
+     *
+     * <code>repeated string dns_names = 1;</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearDnsNames() {
+      dnsNames_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000001);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains only valid, fully-qualified host names.
+     * </pre>
+     *
+     * <code>repeated string dns_names = 1;</code>
+     *
+     * @param value The bytes of the dnsNames to add.
+     * @return This builder for chaining.
+     */
+    public Builder addDnsNamesBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+      ensureDnsNamesIsMutable();
+      dnsNames_.add(value);
+      onChanged();
+      return this;
+    }
+
+    private com.google.protobuf.LazyStringList uris_ =
+        com.google.protobuf.LazyStringArrayList.EMPTY;
+
+    private void ensureUrisIsMutable() {
+      if (!((bitField0_ & 0x00000002) != 0)) {
+        uris_ = new com.google.protobuf.LazyStringArrayList(uris_);
+        bitField0_ |= 0x00000002;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains only valid RFC 3986 URIs.
+     * </pre>
+     *
+     * <code>repeated string uris = 2;</code>
+     *
+     * @return A list containing the uris.
+     */
+    public com.google.protobuf.ProtocolStringList getUrisList() {
+      return uris_.getUnmodifiableView();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains only valid RFC 3986 URIs.
+     * </pre>
+     *
+     * <code>repeated string uris = 2;</code>
+     *
+     * @return The count of uris.
+     */
+    public int getUrisCount() {
+      return uris_.size();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains only valid RFC 3986 URIs.
+     * </pre>
+     *
+     * <code>repeated string uris = 2;</code>
+     *
+     * @param index The index of the element to return.
+     * @return The uris at the given index.
+     */
+    public java.lang.String getUris(int index) {
+      return uris_.get(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains only valid RFC 3986 URIs.
+     * </pre>
+     *
+     * <code>repeated string uris = 2;</code>
+     *
+     * @param index The index of the value to return.
+     * @return The bytes of the uris at the given index.
+     */
+    public com.google.protobuf.ByteString getUrisBytes(int index) {
+      return uris_.getByteString(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains only valid RFC 3986 URIs.
+     * </pre>
+     *
+     * <code>repeated string uris = 2;</code>
+     *
+     * @param index The index to set the value at.
+     * @param value The uris to set.
+     * @return This builder for chaining.
+     */
+    public Builder setUris(int index, java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensureUrisIsMutable();
+      uris_.set(index, value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains only valid RFC 3986 URIs.
+     * </pre>
+     *
+     * <code>repeated string uris = 2;</code>
+     *
+     * @param value The uris to add.
+     * @return This builder for chaining.
+     */
+    public Builder addUris(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensureUrisIsMutable();
+      uris_.add(value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains only valid RFC 3986 URIs.
+     * </pre>
+     *
+     * <code>repeated string uris = 2;</code>
+     *
+     * @param values The uris to add.
+     * @return This builder for chaining.
+     */
+    public Builder addAllUris(java.lang.Iterable<java.lang.String> values) {
+      ensureUrisIsMutable();
+      com.google.protobuf.AbstractMessageLite.Builder.addAll(values, uris_);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains only valid RFC 3986 URIs.
+     * </pre>
+     *
+     * <code>repeated string uris = 2;</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearUris() {
+      uris_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000002);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains only valid RFC 3986 URIs.
+     * </pre>
+     *
+     * <code>repeated string uris = 2;</code>
+     *
+     * @param value The bytes of the uris to add.
+     * @return This builder for chaining.
+     */
+    public Builder addUrisBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+      ensureUrisIsMutable();
+      uris_.add(value);
+      onChanged();
+      return this;
+    }
+
+    private com.google.protobuf.LazyStringList emailAddresses_ =
+        com.google.protobuf.LazyStringArrayList.EMPTY;
+
+    private void ensureEmailAddressesIsMutable() {
+      if (!((bitField0_ & 0x00000004) != 0)) {
+        emailAddresses_ = new com.google.protobuf.LazyStringArrayList(emailAddresses_);
+        bitField0_ |= 0x00000004;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains only valid RFC 2822 E-mail addresses.
+     * </pre>
+     *
+     * <code>repeated string email_addresses = 3;</code>
+     *
+     * @return A list containing the emailAddresses.
+     */
+    public com.google.protobuf.ProtocolStringList getEmailAddressesList() {
+      return emailAddresses_.getUnmodifiableView();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains only valid RFC 2822 E-mail addresses.
+     * </pre>
+     *
+     * <code>repeated string email_addresses = 3;</code>
+     *
+     * @return The count of emailAddresses.
+     */
+    public int getEmailAddressesCount() {
+      return emailAddresses_.size();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains only valid RFC 2822 E-mail addresses.
+     * </pre>
+     *
+     * <code>repeated string email_addresses = 3;</code>
+     *
+     * @param index The index of the element to return.
+     * @return The emailAddresses at the given index.
+     */
+    public java.lang.String getEmailAddresses(int index) {
+      return emailAddresses_.get(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains only valid RFC 2822 E-mail addresses.
+     * </pre>
+     *
+     * <code>repeated string email_addresses = 3;</code>
+     *
+     * @param index The index of the value to return.
+     * @return The bytes of the emailAddresses at the given index.
+     */
+    public com.google.protobuf.ByteString getEmailAddressesBytes(int index) {
+      return emailAddresses_.getByteString(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains only valid RFC 2822 E-mail addresses.
+     * </pre>
+     *
+     * <code>repeated string email_addresses = 3;</code>
+     *
+     * @param index The index to set the value at.
+     * @param value The emailAddresses to set.
+     * @return This builder for chaining.
+     */
+    public Builder setEmailAddresses(int index, java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensureEmailAddressesIsMutable();
+      emailAddresses_.set(index, value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains only valid RFC 2822 E-mail addresses.
+     * </pre>
+     *
+     * <code>repeated string email_addresses = 3;</code>
+     *
+     * @param value The emailAddresses to add.
+     * @return This builder for chaining.
+     */
+    public Builder addEmailAddresses(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensureEmailAddressesIsMutable();
+      emailAddresses_.add(value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains only valid RFC 2822 E-mail addresses.
+     * </pre>
+     *
+     * <code>repeated string email_addresses = 3;</code>
+     *
+     * @param values The emailAddresses to add.
+     * @return This builder for chaining.
+     */
+    public Builder addAllEmailAddresses(java.lang.Iterable<java.lang.String> values) {
+      ensureEmailAddressesIsMutable();
+      com.google.protobuf.AbstractMessageLite.Builder.addAll(values, emailAddresses_);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains only valid RFC 2822 E-mail addresses.
+     * </pre>
+     *
+     * <code>repeated string email_addresses = 3;</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearEmailAddresses() {
+      emailAddresses_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000004);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains only valid RFC 2822 E-mail addresses.
+     * </pre>
+     *
+     * <code>repeated string email_addresses = 3;</code>
+     *
+     * @param value The bytes of the emailAddresses to add.
+     * @return This builder for chaining.
+     */
+    public Builder addEmailAddressesBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+      ensureEmailAddressesIsMutable();
+      emailAddresses_.add(value);
+      onChanged();
+      return this;
+    }
+
+    private com.google.protobuf.LazyStringList ipAddresses_ =
+        com.google.protobuf.LazyStringArrayList.EMPTY;
+
+    private void ensureIpAddressesIsMutable() {
+      if (!((bitField0_ & 0x00000008) != 0)) {
+        ipAddresses_ = new com.google.protobuf.LazyStringArrayList(ipAddresses_);
+        bitField0_ |= 0x00000008;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
+     * </pre>
+     *
+     * <code>repeated string ip_addresses = 4;</code>
+     *
+     * @return A list containing the ipAddresses.
+     */
+    public com.google.protobuf.ProtocolStringList getIpAddressesList() {
+      return ipAddresses_.getUnmodifiableView();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
+     * </pre>
+     *
+     * <code>repeated string ip_addresses = 4;</code>
+     *
+     * @return The count of ipAddresses.
+     */
+    public int getIpAddressesCount() {
+      return ipAddresses_.size();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
+     * </pre>
+     *
+     * <code>repeated string ip_addresses = 4;</code>
+     *
+     * @param index The index of the element to return.
+     * @return The ipAddresses at the given index.
+     */
+    public java.lang.String getIpAddresses(int index) {
+      return ipAddresses_.get(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
+     * </pre>
+     *
+     * <code>repeated string ip_addresses = 4;</code>
+     *
+     * @param index The index of the value to return.
+     * @return The bytes of the ipAddresses at the given index.
+     */
+    public com.google.protobuf.ByteString getIpAddressesBytes(int index) {
+      return ipAddresses_.getByteString(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
+     * </pre>
+     *
+     * <code>repeated string ip_addresses = 4;</code>
+     *
+     * @param index The index to set the value at.
+     * @param value The ipAddresses to set.
+     * @return This builder for chaining.
+     */
+    public Builder setIpAddresses(int index, java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensureIpAddressesIsMutable();
+      ipAddresses_.set(index, value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
+     * </pre>
+     *
+     * <code>repeated string ip_addresses = 4;</code>
+     *
+     * @param value The ipAddresses to add.
+     * @return This builder for chaining.
+     */
+    public Builder addIpAddresses(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensureIpAddressesIsMutable();
+      ipAddresses_.add(value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
+     * </pre>
+     *
+     * <code>repeated string ip_addresses = 4;</code>
+     *
+     * @param values The ipAddresses to add.
+     * @return This builder for chaining.
+     */
+    public Builder addAllIpAddresses(java.lang.Iterable<java.lang.String> values) {
+      ensureIpAddressesIsMutable();
+      com.google.protobuf.AbstractMessageLite.Builder.addAll(values, ipAddresses_);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
+     * </pre>
+     *
+     * <code>repeated string ip_addresses = 4;</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearIpAddresses() {
+      ipAddresses_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000008);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
+     * </pre>
+     *
+     * <code>repeated string ip_addresses = 4;</code>
+     *
+     * @param value The bytes of the ipAddresses to add.
+     * @return This builder for chaining.
+     */
+    public Builder addIpAddressesBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+      ensureIpAddressesIsMutable();
+      ipAddresses_.add(value);
+      onChanged();
+      return this;
+    }
+
+    private java.util.List<com.google.cloud.security.privateca.v1.X509Extension> customSans_ =
+        java.util.Collections.emptyList();
+
+    private void ensureCustomSansIsMutable() {
+      if (!((bitField0_ & 0x00000010) != 0)) {
+        customSans_ =
+            new java.util.ArrayList<com.google.cloud.security.privateca.v1.X509Extension>(
+                customSans_);
+        bitField0_ |= 0x00000010;
+      }
+    }
+
+    private com.google.protobuf.RepeatedFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.X509Extension,
+            com.google.cloud.security.privateca.v1.X509Extension.Builder,
+            com.google.cloud.security.privateca.v1.X509ExtensionOrBuilder>
+        customSansBuilder_;
+
+    /**
+     *
+     *
+     * <pre>
+     * Contains additional subject alternative name values.
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5;</code>
+     */
+    public java.util.List<com.google.cloud.security.privateca.v1.X509Extension>
+        getCustomSansList() {
+      if (customSansBuilder_ == null) {
+        return java.util.Collections.unmodifiableList(customSans_);
+      } else {
+        return customSansBuilder_.getMessageList();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains additional subject alternative name values.
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5;</code>
+     */
+    public int getCustomSansCount() {
+      if (customSansBuilder_ == null) {
+        return customSans_.size();
+      } else {
+        return customSansBuilder_.getCount();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains additional subject alternative name values.
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5;</code>
+     */
+    public com.google.cloud.security.privateca.v1.X509Extension getCustomSans(int index) {
+      if (customSansBuilder_ == null) {
+        return customSans_.get(index);
+      } else {
+        return customSansBuilder_.getMessage(index);
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains additional subject alternative name values.
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5;</code>
+     */
+    public Builder setCustomSans(
+        int index, com.google.cloud.security.privateca.v1.X509Extension value) {
+      if (customSansBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureCustomSansIsMutable();
+        customSans_.set(index, value);
+        onChanged();
+      } else {
+        customSansBuilder_.setMessage(index, value);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains additional subject alternative name values.
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5;</code>
+     */
+    public Builder setCustomSans(
+        int index, com.google.cloud.security.privateca.v1.X509Extension.Builder builderForValue) {
+      if (customSansBuilder_ == null) {
+        ensureCustomSansIsMutable();
+        customSans_.set(index, builderForValue.build());
+        onChanged();
+      } else {
+        customSansBuilder_.setMessage(index, builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains additional subject alternative name values.
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5;</code>
+     */
+    public Builder addCustomSans(com.google.cloud.security.privateca.v1.X509Extension value) {
+      if (customSansBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureCustomSansIsMutable();
+        customSans_.add(value);
+        onChanged();
+      } else {
+        customSansBuilder_.addMessage(value);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains additional subject alternative name values.
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5;</code>
+     */
+    public Builder addCustomSans(
+        int index, com.google.cloud.security.privateca.v1.X509Extension value) {
+      if (customSansBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureCustomSansIsMutable();
+        customSans_.add(index, value);
+        onChanged();
+      } else {
+        customSansBuilder_.addMessage(index, value);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains additional subject alternative name values.
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5;</code>
+     */
+    public Builder addCustomSans(
+        com.google.cloud.security.privateca.v1.X509Extension.Builder builderForValue) {
+      if (customSansBuilder_ == null) {
+        ensureCustomSansIsMutable();
+        customSans_.add(builderForValue.build());
+        onChanged();
+      } else {
+        customSansBuilder_.addMessage(builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains additional subject alternative name values.
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5;</code>
+     */
+    public Builder addCustomSans(
+        int index, com.google.cloud.security.privateca.v1.X509Extension.Builder builderForValue) {
+      if (customSansBuilder_ == null) {
+        ensureCustomSansIsMutable();
+        customSans_.add(index, builderForValue.build());
+        onChanged();
+      } else {
+        customSansBuilder_.addMessage(index, builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains additional subject alternative name values.
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5;</code>
+     */
+    public Builder addAllCustomSans(
+        java.lang.Iterable<? extends com.google.cloud.security.privateca.v1.X509Extension> values) {
+      if (customSansBuilder_ == null) {
+        ensureCustomSansIsMutable();
+        com.google.protobuf.AbstractMessageLite.Builder.addAll(values, customSans_);
+        onChanged();
+      } else {
+        customSansBuilder_.addAllMessages(values);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains additional subject alternative name values.
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5;</code>
+     */
+    public Builder clearCustomSans() {
+      if (customSansBuilder_ == null) {
+        customSans_ = java.util.Collections.emptyList();
+        bitField0_ = (bitField0_ & ~0x00000010);
+        onChanged();
+      } else {
+        customSansBuilder_.clear();
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains additional subject alternative name values.
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5;</code>
+     */
+    public Builder removeCustomSans(int index) {
+      if (customSansBuilder_ == null) {
+        ensureCustomSansIsMutable();
+        customSans_.remove(index);
+        onChanged();
+      } else {
+        customSansBuilder_.remove(index);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains additional subject alternative name values.
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5;</code>
+     */
+    public com.google.cloud.security.privateca.v1.X509Extension.Builder getCustomSansBuilder(
+        int index) {
+      return getCustomSansFieldBuilder().getBuilder(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains additional subject alternative name values.
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5;</code>
+     */
+    public com.google.cloud.security.privateca.v1.X509ExtensionOrBuilder getCustomSansOrBuilder(
+        int index) {
+      if (customSansBuilder_ == null) {
+        return customSans_.get(index);
+      } else {
+        return customSansBuilder_.getMessageOrBuilder(index);
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains additional subject alternative name values.
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5;</code>
+     */
+    public java.util.List<? extends com.google.cloud.security.privateca.v1.X509ExtensionOrBuilder>
+        getCustomSansOrBuilderList() {
+      if (customSansBuilder_ != null) {
+        return customSansBuilder_.getMessageOrBuilderList();
+      } else {
+        return java.util.Collections.unmodifiableList(customSans_);
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains additional subject alternative name values.
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5;</code>
+     */
+    public com.google.cloud.security.privateca.v1.X509Extension.Builder addCustomSansBuilder() {
+      return getCustomSansFieldBuilder()
+          .addBuilder(com.google.cloud.security.privateca.v1.X509Extension.getDefaultInstance());
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains additional subject alternative name values.
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5;</code>
+     */
+    public com.google.cloud.security.privateca.v1.X509Extension.Builder addCustomSansBuilder(
+        int index) {
+      return getCustomSansFieldBuilder()
+          .addBuilder(
+              index, com.google.cloud.security.privateca.v1.X509Extension.getDefaultInstance());
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Contains additional subject alternative name values.
+     * </pre>
+     *
+     * <code>repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5;</code>
+     */
+    public java.util.List<com.google.cloud.security.privateca.v1.X509Extension.Builder>
+        getCustomSansBuilderList() {
+      return getCustomSansFieldBuilder().getBuilderList();
+    }
+
+    private com.google.protobuf.RepeatedFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.X509Extension,
+            com.google.cloud.security.privateca.v1.X509Extension.Builder,
+            com.google.cloud.security.privateca.v1.X509ExtensionOrBuilder>
+        getCustomSansFieldBuilder() {
+      if (customSansBuilder_ == null) {
+        customSansBuilder_ =
+            new com.google.protobuf.RepeatedFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.X509Extension,
+                com.google.cloud.security.privateca.v1.X509Extension.Builder,
+                com.google.cloud.security.privateca.v1.X509ExtensionOrBuilder>(
+                customSans_, ((bitField0_ & 0x00000010) != 0), getParentForChildren(), isClean());
+        customSans_ = null;
+      }
+      return customSansBuilder_;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.SubjectAltNames)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.SubjectAltNames)
+  private static final com.google.cloud.security.privateca.v1.SubjectAltNames DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.SubjectAltNames();
+  }
+
+  public static com.google.cloud.security.privateca.v1.SubjectAltNames getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<SubjectAltNames> PARSER =
+      new com.google.protobuf.AbstractParser<SubjectAltNames>() {
+        @java.lang.Override
+        public SubjectAltNames parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new SubjectAltNames(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<SubjectAltNames> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<SubjectAltNames> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.SubjectAltNames getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/SubjectAltNamesOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/SubjectAltNamesOrBuilder.java
new file mode 100644
index 00000000..892115a4
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/SubjectAltNamesOrBuilder.java
@@ -0,0 +1,281 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/resources.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface SubjectAltNamesOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.SubjectAltNames)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Contains only valid, fully-qualified host names.
+   * </pre>
+   *
+   * <code>repeated string dns_names = 1;</code>
+   *
+   * @return A list containing the dnsNames.
+   */
+  java.util.List<java.lang.String> getDnsNamesList();
+  /**
+   *
+   *
+   * <pre>
+   * Contains only valid, fully-qualified host names.
+   * </pre>
+   *
+   * <code>repeated string dns_names = 1;</code>
+   *
+   * @return The count of dnsNames.
+   */
+  int getDnsNamesCount();
+  /**
+   *
+   *
+   * <pre>
+   * Contains only valid, fully-qualified host names.
+   * </pre>
+   *
+   * <code>repeated string dns_names = 1;</code>
+   *
+   * @param index The index of the element to return.
+   * @return The dnsNames at the given index.
+   */
+  java.lang.String getDnsNames(int index);
+  /**
+   *
+   *
+   * <pre>
+   * Contains only valid, fully-qualified host names.
+   * </pre>
+   *
+   * <code>repeated string dns_names = 1;</code>
+   *
+   * @param index The index of the value to return.
+   * @return The bytes of the dnsNames at the given index.
+   */
+  com.google.protobuf.ByteString getDnsNamesBytes(int index);
+
+  /**
+   *
+   *
+   * <pre>
+   * Contains only valid RFC 3986 URIs.
+   * </pre>
+   *
+   * <code>repeated string uris = 2;</code>
+   *
+   * @return A list containing the uris.
+   */
+  java.util.List<java.lang.String> getUrisList();
+  /**
+   *
+   *
+   * <pre>
+   * Contains only valid RFC 3986 URIs.
+   * </pre>
+   *
+   * <code>repeated string uris = 2;</code>
+   *
+   * @return The count of uris.
+   */
+  int getUrisCount();
+  /**
+   *
+   *
+   * <pre>
+   * Contains only valid RFC 3986 URIs.
+   * </pre>
+   *
+   * <code>repeated string uris = 2;</code>
+   *
+   * @param index The index of the element to return.
+   * @return The uris at the given index.
+   */
+  java.lang.String getUris(int index);
+  /**
+   *
+   *
+   * <pre>
+   * Contains only valid RFC 3986 URIs.
+   * </pre>
+   *
+   * <code>repeated string uris = 2;</code>
+   *
+   * @param index The index of the value to return.
+   * @return The bytes of the uris at the given index.
+   */
+  com.google.protobuf.ByteString getUrisBytes(int index);
+
+  /**
+   *
+   *
+   * <pre>
+   * Contains only valid RFC 2822 E-mail addresses.
+   * </pre>
+   *
+   * <code>repeated string email_addresses = 3;</code>
+   *
+   * @return A list containing the emailAddresses.
+   */
+  java.util.List<java.lang.String> getEmailAddressesList();
+  /**
+   *
+   *
+   * <pre>
+   * Contains only valid RFC 2822 E-mail addresses.
+   * </pre>
+   *
+   * <code>repeated string email_addresses = 3;</code>
+   *
+   * @return The count of emailAddresses.
+   */
+  int getEmailAddressesCount();
+  /**
+   *
+   *
+   * <pre>
+   * Contains only valid RFC 2822 E-mail addresses.
+   * </pre>
+   *
+   * <code>repeated string email_addresses = 3;</code>
+   *
+   * @param index The index of the element to return.
+   * @return The emailAddresses at the given index.
+   */
+  java.lang.String getEmailAddresses(int index);
+  /**
+   *
+   *
+   * <pre>
+   * Contains only valid RFC 2822 E-mail addresses.
+   * </pre>
+   *
+   * <code>repeated string email_addresses = 3;</code>
+   *
+   * @param index The index of the value to return.
+   * @return The bytes of the emailAddresses at the given index.
+   */
+  com.google.protobuf.ByteString getEmailAddressesBytes(int index);
+
+  /**
+   *
+   *
+   * <pre>
+   * Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
+   * </pre>
+   *
+   * <code>repeated string ip_addresses = 4;</code>
+   *
+   * @return A list containing the ipAddresses.
+   */
+  java.util.List<java.lang.String> getIpAddressesList();
+  /**
+   *
+   *
+   * <pre>
+   * Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
+   * </pre>
+   *
+   * <code>repeated string ip_addresses = 4;</code>
+   *
+   * @return The count of ipAddresses.
+   */
+  int getIpAddressesCount();
+  /**
+   *
+   *
+   * <pre>
+   * Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
+   * </pre>
+   *
+   * <code>repeated string ip_addresses = 4;</code>
+   *
+   * @param index The index of the element to return.
+   * @return The ipAddresses at the given index.
+   */
+  java.lang.String getIpAddresses(int index);
+  /**
+   *
+   *
+   * <pre>
+   * Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
+   * </pre>
+   *
+   * <code>repeated string ip_addresses = 4;</code>
+   *
+   * @param index The index of the value to return.
+   * @return The bytes of the ipAddresses at the given index.
+   */
+  com.google.protobuf.ByteString getIpAddressesBytes(int index);
+
+  /**
+   *
+   *
+   * <pre>
+   * Contains additional subject alternative name values.
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5;</code>
+   */
+  java.util.List<com.google.cloud.security.privateca.v1.X509Extension> getCustomSansList();
+  /**
+   *
+   *
+   * <pre>
+   * Contains additional subject alternative name values.
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5;</code>
+   */
+  com.google.cloud.security.privateca.v1.X509Extension getCustomSans(int index);
+  /**
+   *
+   *
+   * <pre>
+   * Contains additional subject alternative name values.
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5;</code>
+   */
+  int getCustomSansCount();
+  /**
+   *
+   *
+   * <pre>
+   * Contains additional subject alternative name values.
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5;</code>
+   */
+  java.util.List<? extends com.google.cloud.security.privateca.v1.X509ExtensionOrBuilder>
+      getCustomSansOrBuilderList();
+  /**
+   *
+   *
+   * <pre>
+   * Contains additional subject alternative name values.
+   * </pre>
+   *
+   * <code>repeated .google.cloud.security.privateca.v1.X509Extension custom_sans = 5;</code>
+   */
+  com.google.cloud.security.privateca.v1.X509ExtensionOrBuilder getCustomSansOrBuilder(int index);
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/SubjectOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/SubjectOrBuilder.java
new file mode 100644
index 00000000..b76f9ad3
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/SubjectOrBuilder.java
@@ -0,0 +1,225 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/resources.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface SubjectOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.Subject)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * The "common name" of the subject.
+   * </pre>
+   *
+   * <code>string common_name = 1;</code>
+   *
+   * @return The commonName.
+   */
+  java.lang.String getCommonName();
+  /**
+   *
+   *
+   * <pre>
+   * The "common name" of the subject.
+   * </pre>
+   *
+   * <code>string common_name = 1;</code>
+   *
+   * @return The bytes for commonName.
+   */
+  com.google.protobuf.ByteString getCommonNameBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * The country code of the subject.
+   * </pre>
+   *
+   * <code>string country_code = 2;</code>
+   *
+   * @return The countryCode.
+   */
+  java.lang.String getCountryCode();
+  /**
+   *
+   *
+   * <pre>
+   * The country code of the subject.
+   * </pre>
+   *
+   * <code>string country_code = 2;</code>
+   *
+   * @return The bytes for countryCode.
+   */
+  com.google.protobuf.ByteString getCountryCodeBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * The organization of the subject.
+   * </pre>
+   *
+   * <code>string organization = 3;</code>
+   *
+   * @return The organization.
+   */
+  java.lang.String getOrganization();
+  /**
+   *
+   *
+   * <pre>
+   * The organization of the subject.
+   * </pre>
+   *
+   * <code>string organization = 3;</code>
+   *
+   * @return The bytes for organization.
+   */
+  com.google.protobuf.ByteString getOrganizationBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * The organizational_unit of the subject.
+   * </pre>
+   *
+   * <code>string organizational_unit = 4;</code>
+   *
+   * @return The organizationalUnit.
+   */
+  java.lang.String getOrganizationalUnit();
+  /**
+   *
+   *
+   * <pre>
+   * The organizational_unit of the subject.
+   * </pre>
+   *
+   * <code>string organizational_unit = 4;</code>
+   *
+   * @return The bytes for organizationalUnit.
+   */
+  com.google.protobuf.ByteString getOrganizationalUnitBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * The locality or city of the subject.
+   * </pre>
+   *
+   * <code>string locality = 5;</code>
+   *
+   * @return The locality.
+   */
+  java.lang.String getLocality();
+  /**
+   *
+   *
+   * <pre>
+   * The locality or city of the subject.
+   * </pre>
+   *
+   * <code>string locality = 5;</code>
+   *
+   * @return The bytes for locality.
+   */
+  com.google.protobuf.ByteString getLocalityBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * The province, territory, or regional state of the subject.
+   * </pre>
+   *
+   * <code>string province = 6;</code>
+   *
+   * @return The province.
+   */
+  java.lang.String getProvince();
+  /**
+   *
+   *
+   * <pre>
+   * The province, territory, or regional state of the subject.
+   * </pre>
+   *
+   * <code>string province = 6;</code>
+   *
+   * @return The bytes for province.
+   */
+  com.google.protobuf.ByteString getProvinceBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * The street address of the subject.
+   * </pre>
+   *
+   * <code>string street_address = 7;</code>
+   *
+   * @return The streetAddress.
+   */
+  java.lang.String getStreetAddress();
+  /**
+   *
+   *
+   * <pre>
+   * The street address of the subject.
+   * </pre>
+   *
+   * <code>string street_address = 7;</code>
+   *
+   * @return The bytes for streetAddress.
+   */
+  com.google.protobuf.ByteString getStreetAddressBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * The postal code of the subject.
+   * </pre>
+   *
+   * <code>string postal_code = 8;</code>
+   *
+   * @return The postalCode.
+   */
+  java.lang.String getPostalCode();
+  /**
+   *
+   *
+   * <pre>
+   * The postal code of the subject.
+   * </pre>
+   *
+   * <code>string postal_code = 8;</code>
+   *
+   * @return The bytes for postalCode.
+   */
+  com.google.protobuf.ByteString getPostalCodeBytes();
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/SubjectRequestMode.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/SubjectRequestMode.java
new file mode 100644
index 00000000..a039ed31
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/SubjectRequestMode.java
@@ -0,0 +1,197 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/resources.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Describes the way in which a [Certificate][google.cloud.security.privateca.v1.Certificate]'s [Subject][google.cloud.security.privateca.v1.Subject] and/or
+ * [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] will be resolved.
+ * </pre>
+ *
+ * Protobuf enum {@code google.cloud.security.privateca.v1.SubjectRequestMode}
+ */
+public enum SubjectRequestMode implements com.google.protobuf.ProtocolMessageEnum {
+  /**
+   *
+   *
+   * <pre>
+   * Not specified.
+   * </pre>
+   *
+   * <code>SUBJECT_REQUEST_MODE_UNSPECIFIED = 0;</code>
+   */
+  SUBJECT_REQUEST_MODE_UNSPECIFIED(0),
+  /**
+   *
+   *
+   * <pre>
+   * The default mode used in most cases. Indicates that the certificate's
+   * [Subject][google.cloud.security.privateca.v1.Subject] and/or [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] are specified in the certificate
+   * request. This mode requires the caller to have the
+   * `privateca.certificates.create` permission.
+   * </pre>
+   *
+   * <code>DEFAULT = 1;</code>
+   */
+  DEFAULT(1),
+  /**
+   *
+   *
+   * <pre>
+   * A mode reserved for special cases. Indicates that the certificate should
+   * have one or more SPIFFE [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] set by the service based
+   * on the caller's identity. This mode will ignore any explicitly specified
+   * [Subject][google.cloud.security.privateca.v1.Subject] and/or [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] in the certificate request.
+   * This mode requires the caller to have the
+   * `privateca.certificates.createReflected` permission.
+   * </pre>
+   *
+   * <code>REFLECTED_SPIFFE = 2;</code>
+   */
+  REFLECTED_SPIFFE(2),
+  UNRECOGNIZED(-1),
+  ;
+
+  /**
+   *
+   *
+   * <pre>
+   * Not specified.
+   * </pre>
+   *
+   * <code>SUBJECT_REQUEST_MODE_UNSPECIFIED = 0;</code>
+   */
+  public static final int SUBJECT_REQUEST_MODE_UNSPECIFIED_VALUE = 0;
+  /**
+   *
+   *
+   * <pre>
+   * The default mode used in most cases. Indicates that the certificate's
+   * [Subject][google.cloud.security.privateca.v1.Subject] and/or [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] are specified in the certificate
+   * request. This mode requires the caller to have the
+   * `privateca.certificates.create` permission.
+   * </pre>
+   *
+   * <code>DEFAULT = 1;</code>
+   */
+  public static final int DEFAULT_VALUE = 1;
+  /**
+   *
+   *
+   * <pre>
+   * A mode reserved for special cases. Indicates that the certificate should
+   * have one or more SPIFFE [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] set by the service based
+   * on the caller's identity. This mode will ignore any explicitly specified
+   * [Subject][google.cloud.security.privateca.v1.Subject] and/or [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] in the certificate request.
+   * This mode requires the caller to have the
+   * `privateca.certificates.createReflected` permission.
+   * </pre>
+   *
+   * <code>REFLECTED_SPIFFE = 2;</code>
+   */
+  public static final int REFLECTED_SPIFFE_VALUE = 2;
+
+  public final int getNumber() {
+    if (this == UNRECOGNIZED) {
+      throw new java.lang.IllegalArgumentException(
+          "Can't get the number of an unknown enum value.");
+    }
+    return value;
+  }
+
+  /**
+   * @param value The numeric wire value of the corresponding enum entry.
+   * @return The enum associated with the given numeric wire value.
+   * @deprecated Use {@link #forNumber(int)} instead.
+   */
+  @java.lang.Deprecated
+  public static SubjectRequestMode valueOf(int value) {
+    return forNumber(value);
+  }
+
+  /**
+   * @param value The numeric wire value of the corresponding enum entry.
+   * @return The enum associated with the given numeric wire value.
+   */
+  public static SubjectRequestMode forNumber(int value) {
+    switch (value) {
+      case 0:
+        return SUBJECT_REQUEST_MODE_UNSPECIFIED;
+      case 1:
+        return DEFAULT;
+      case 2:
+        return REFLECTED_SPIFFE;
+      default:
+        return null;
+    }
+  }
+
+  public static com.google.protobuf.Internal.EnumLiteMap<SubjectRequestMode> internalGetValueMap() {
+    return internalValueMap;
+  }
+
+  private static final com.google.protobuf.Internal.EnumLiteMap<SubjectRequestMode>
+      internalValueMap =
+          new com.google.protobuf.Internal.EnumLiteMap<SubjectRequestMode>() {
+            public SubjectRequestMode findValueByNumber(int number) {
+              return SubjectRequestMode.forNumber(number);
+            }
+          };
+
+  public final com.google.protobuf.Descriptors.EnumValueDescriptor getValueDescriptor() {
+    if (this == UNRECOGNIZED) {
+      throw new java.lang.IllegalStateException(
+          "Can't get the descriptor of an unrecognized enum value.");
+    }
+    return getDescriptor().getValues().get(ordinal());
+  }
+
+  public final com.google.protobuf.Descriptors.EnumDescriptor getDescriptorForType() {
+    return getDescriptor();
+  }
+
+  public static final com.google.protobuf.Descriptors.EnumDescriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto.getDescriptor()
+        .getEnumTypes()
+        .get(1);
+  }
+
+  private static final SubjectRequestMode[] VALUES = values();
+
+  public static SubjectRequestMode valueOf(
+      com.google.protobuf.Descriptors.EnumValueDescriptor desc) {
+    if (desc.getType() != getDescriptor()) {
+      throw new java.lang.IllegalArgumentException("EnumValueDescriptor is not for this type.");
+    }
+    if (desc.getIndex() == -1) {
+      return UNRECOGNIZED;
+    }
+    return VALUES[desc.getIndex()];
+  }
+
+  private final int value;
+
+  private SubjectRequestMode(int value) {
+    this.value = value;
+  }
+
+  // @@protoc_insertion_point(enum_scope:google.cloud.security.privateca.v1.SubjectRequestMode)
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/SubordinateConfig.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/SubordinateConfig.java
new file mode 100644
index 00000000..92db171a
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/SubordinateConfig.java
@@ -0,0 +1,2034 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/resources.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Describes a subordinate CA's issuers. This is either a resource name to a
+ * known issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], or a PEM issuer certificate chain.
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.SubordinateConfig}
+ */
+public final class SubordinateConfig extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.SubordinateConfig)
+    SubordinateConfigOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use SubordinateConfig.newBuilder() to construct.
+  private SubordinateConfig(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private SubordinateConfig() {}
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new SubordinateConfig();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private SubordinateConfig(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+              subordinateConfigCase_ = 1;
+              subordinateConfig_ = s;
+              break;
+            }
+          case 18:
+            {
+              com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain
+                      .Builder
+                  subBuilder = null;
+              if (subordinateConfigCase_ == 2) {
+                subBuilder =
+                    ((com.google.cloud.security.privateca.v1.SubordinateConfig
+                                .SubordinateConfigChain)
+                            subordinateConfig_)
+                        .toBuilder();
+              }
+              subordinateConfig_ =
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.SubordinateConfig
+                          .SubordinateConfigChain.parser(),
+                      extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(
+                    (com.google.cloud.security.privateca.v1.SubordinateConfig
+                            .SubordinateConfigChain)
+                        subordinateConfig_);
+                subordinateConfig_ = subBuilder.buildPartial();
+              }
+              subordinateConfigCase_ = 2;
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+        .internal_static_google_cloud_security_privateca_v1_SubordinateConfig_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+        .internal_static_google_cloud_security_privateca_v1_SubordinateConfig_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.SubordinateConfig.class,
+            com.google.cloud.security.privateca.v1.SubordinateConfig.Builder.class);
+  }
+
+  public interface SubordinateConfigChainOrBuilder
+      extends
+      // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain)
+      com.google.protobuf.MessageOrBuilder {
+
+    /**
+     *
+     *
+     * <pre>
+     * Required. Expected to be in leaf-to-root order according to RFC 5246.
+     * </pre>
+     *
+     * <code>repeated string pem_certificates = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return A list containing the pemCertificates.
+     */
+    java.util.List<java.lang.String> getPemCertificatesList();
+    /**
+     *
+     *
+     * <pre>
+     * Required. Expected to be in leaf-to-root order according to RFC 5246.
+     * </pre>
+     *
+     * <code>repeated string pem_certificates = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The count of pemCertificates.
+     */
+    int getPemCertificatesCount();
+    /**
+     *
+     *
+     * <pre>
+     * Required. Expected to be in leaf-to-root order according to RFC 5246.
+     * </pre>
+     *
+     * <code>repeated string pem_certificates = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @param index The index of the element to return.
+     * @return The pemCertificates at the given index.
+     */
+    java.lang.String getPemCertificates(int index);
+    /**
+     *
+     *
+     * <pre>
+     * Required. Expected to be in leaf-to-root order according to RFC 5246.
+     * </pre>
+     *
+     * <code>repeated string pem_certificates = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @param index The index of the value to return.
+     * @return The bytes of the pemCertificates at the given index.
+     */
+    com.google.protobuf.ByteString getPemCertificatesBytes(int index);
+  }
+  /**
+   *
+   *
+   * <pre>
+   * This message describes a subordinate CA's issuer certificate chain. This
+   * wrapper exists for compatibility reasons.
+   * </pre>
+   *
+   * Protobuf type {@code
+   * google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain}
+   */
+  public static final class SubordinateConfigChain extends com.google.protobuf.GeneratedMessageV3
+      implements
+      // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain)
+      SubordinateConfigChainOrBuilder {
+    private static final long serialVersionUID = 0L;
+    // Use SubordinateConfigChain.newBuilder() to construct.
+    private SubordinateConfigChain(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+      super(builder);
+    }
+
+    private SubordinateConfigChain() {
+      pemCertificates_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+    }
+
+    @java.lang.Override
+    @SuppressWarnings({"unused"})
+    protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+      return new SubordinateConfigChain();
+    }
+
+    @java.lang.Override
+    public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+      return this.unknownFields;
+    }
+
+    private SubordinateConfigChain(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      this();
+      if (extensionRegistry == null) {
+        throw new java.lang.NullPointerException();
+      }
+      int mutable_bitField0_ = 0;
+      com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+          com.google.protobuf.UnknownFieldSet.newBuilder();
+      try {
+        boolean done = false;
+        while (!done) {
+          int tag = input.readTag();
+          switch (tag) {
+            case 0:
+              done = true;
+              break;
+            case 10:
+              {
+                java.lang.String s = input.readStringRequireUtf8();
+                if (!((mutable_bitField0_ & 0x00000001) != 0)) {
+                  pemCertificates_ = new com.google.protobuf.LazyStringArrayList();
+                  mutable_bitField0_ |= 0x00000001;
+                }
+                pemCertificates_.add(s);
+                break;
+              }
+            default:
+              {
+                if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                  done = true;
+                }
+                break;
+              }
+          }
+        }
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        throw e.setUnfinishedMessage(this);
+      } catch (java.io.IOException e) {
+        throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+      } finally {
+        if (((mutable_bitField0_ & 0x00000001) != 0)) {
+          pemCertificates_ = pemCertificates_.getUnmodifiableView();
+        }
+        this.unknownFields = unknownFields.build();
+        makeExtensionsImmutable();
+      }
+    }
+
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_SubordinateConfig_SubordinateConfigChain_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_SubordinateConfig_SubordinateConfigChain_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain.class,
+              com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain
+                  .Builder.class);
+    }
+
+    public static final int PEM_CERTIFICATES_FIELD_NUMBER = 1;
+    private com.google.protobuf.LazyStringList pemCertificates_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. Expected to be in leaf-to-root order according to RFC 5246.
+     * </pre>
+     *
+     * <code>repeated string pem_certificates = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return A list containing the pemCertificates.
+     */
+    public com.google.protobuf.ProtocolStringList getPemCertificatesList() {
+      return pemCertificates_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Expected to be in leaf-to-root order according to RFC 5246.
+     * </pre>
+     *
+     * <code>repeated string pem_certificates = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The count of pemCertificates.
+     */
+    public int getPemCertificatesCount() {
+      return pemCertificates_.size();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Expected to be in leaf-to-root order according to RFC 5246.
+     * </pre>
+     *
+     * <code>repeated string pem_certificates = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @param index The index of the element to return.
+     * @return The pemCertificates at the given index.
+     */
+    public java.lang.String getPemCertificates(int index) {
+      return pemCertificates_.get(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Expected to be in leaf-to-root order according to RFC 5246.
+     * </pre>
+     *
+     * <code>repeated string pem_certificates = 1 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @param index The index of the value to return.
+     * @return The bytes of the pemCertificates at the given index.
+     */
+    public com.google.protobuf.ByteString getPemCertificatesBytes(int index) {
+      return pemCertificates_.getByteString(index);
+    }
+
+    private byte memoizedIsInitialized = -1;
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      byte isInitialized = memoizedIsInitialized;
+      if (isInitialized == 1) return true;
+      if (isInitialized == 0) return false;
+
+      memoizedIsInitialized = 1;
+      return true;
+    }
+
+    @java.lang.Override
+    public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+      for (int i = 0; i < pemCertificates_.size(); i++) {
+        com.google.protobuf.GeneratedMessageV3.writeString(output, 1, pemCertificates_.getRaw(i));
+      }
+      unknownFields.writeTo(output);
+    }
+
+    @java.lang.Override
+    public int getSerializedSize() {
+      int size = memoizedSize;
+      if (size != -1) return size;
+
+      size = 0;
+      {
+        int dataSize = 0;
+        for (int i = 0; i < pemCertificates_.size(); i++) {
+          dataSize += computeStringSizeNoTag(pemCertificates_.getRaw(i));
+        }
+        size += dataSize;
+        size += 1 * getPemCertificatesList().size();
+      }
+      size += unknownFields.getSerializedSize();
+      memoizedSize = size;
+      return size;
+    }
+
+    @java.lang.Override
+    public boolean equals(final java.lang.Object obj) {
+      if (obj == this) {
+        return true;
+      }
+      if (!(obj
+          instanceof
+          com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain)) {
+        return super.equals(obj);
+      }
+      com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain other =
+          (com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain) obj;
+
+      if (!getPemCertificatesList().equals(other.getPemCertificatesList())) return false;
+      if (!unknownFields.equals(other.unknownFields)) return false;
+      return true;
+    }
+
+    @java.lang.Override
+    public int hashCode() {
+      if (memoizedHashCode != 0) {
+        return memoizedHashCode;
+      }
+      int hash = 41;
+      hash = (19 * hash) + getDescriptor().hashCode();
+      if (getPemCertificatesCount() > 0) {
+        hash = (37 * hash) + PEM_CERTIFICATES_FIELD_NUMBER;
+        hash = (53 * hash) + getPemCertificatesList().hashCode();
+      }
+      hash = (29 * hash) + unknownFields.hashCode();
+      memoizedHashCode = hash;
+      return hash;
+    }
+
+    public static com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain
+        parseFrom(java.nio.ByteBuffer data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain
+        parseFrom(
+            java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain
+        parseFrom(com.google.protobuf.ByteString data)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain
+        parseFrom(
+            com.google.protobuf.ByteString data,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain
+        parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain
+        parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain
+        parseFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain
+        parseFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain
+        parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain
+        parseDelimitedFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain
+        parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain
+        parseFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    @java.lang.Override
+    public Builder newBuilderForType() {
+      return newBuilder();
+    }
+
+    public static Builder newBuilder() {
+      return DEFAULT_INSTANCE.toBuilder();
+    }
+
+    public static Builder newBuilder(
+        com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain prototype) {
+      return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+    }
+
+    @java.lang.Override
+    public Builder toBuilder() {
+      return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+    }
+
+    @java.lang.Override
+    protected Builder newBuilderForType(
+        com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      Builder builder = new Builder(parent);
+      return builder;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * This message describes a subordinate CA's issuer certificate chain. This
+     * wrapper exists for compatibility reasons.
+     * </pre>
+     *
+     * Protobuf type {@code
+     * google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain}
+     */
+    public static final class Builder
+        extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+        implements
+        // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain)
+        com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChainOrBuilder {
+      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_SubordinateConfig_SubordinateConfigChain_descriptor;
+      }
+
+      @java.lang.Override
+      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+          internalGetFieldAccessorTable() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_SubordinateConfig_SubordinateConfigChain_fieldAccessorTable
+            .ensureFieldAccessorsInitialized(
+                com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain
+                    .class,
+                com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain
+                    .Builder.class);
+      }
+
+      // Construct using
+      // com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain.newBuilder()
+      private Builder() {
+        maybeForceBuilderInitialization();
+      }
+
+      private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+        super(parent);
+        maybeForceBuilderInitialization();
+      }
+
+      private void maybeForceBuilderInitialization() {
+        if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+      }
+
+      @java.lang.Override
+      public Builder clear() {
+        super.clear();
+        pemCertificates_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+        bitField0_ = (bitField0_ & ~0x00000001);
+        return this;
+      }
+
+      @java.lang.Override
+      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_SubordinateConfig_SubordinateConfigChain_descriptor;
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain
+          getDefaultInstanceForType() {
+        return com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain
+            .getDefaultInstance();
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain
+          build() {
+        com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain result =
+            buildPartial();
+        if (!result.isInitialized()) {
+          throw newUninitializedMessageException(result);
+        }
+        return result;
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain
+          buildPartial() {
+        com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain result =
+            new com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain(
+                this);
+        int from_bitField0_ = bitField0_;
+        if (((bitField0_ & 0x00000001) != 0)) {
+          pemCertificates_ = pemCertificates_.getUnmodifiableView();
+          bitField0_ = (bitField0_ & ~0x00000001);
+        }
+        result.pemCertificates_ = pemCertificates_;
+        onBuilt();
+        return result;
+      }
+
+      @java.lang.Override
+      public Builder clone() {
+        return super.clone();
+      }
+
+      @java.lang.Override
+      public Builder setField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.setField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+        return super.clearField(field);
+      }
+
+      @java.lang.Override
+      public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+        return super.clearOneof(oneof);
+      }
+
+      @java.lang.Override
+      public Builder setRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field,
+          int index,
+          java.lang.Object value) {
+        return super.setRepeatedField(field, index, value);
+      }
+
+      @java.lang.Override
+      public Builder addRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.addRepeatedField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(com.google.protobuf.Message other) {
+        if (other
+            instanceof
+            com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain) {
+          return mergeFrom(
+              (com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain)
+                  other);
+        } else {
+          super.mergeFrom(other);
+          return this;
+        }
+      }
+
+      public Builder mergeFrom(
+          com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain other) {
+        if (other
+            == com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain
+                .getDefaultInstance()) return this;
+        if (!other.pemCertificates_.isEmpty()) {
+          if (pemCertificates_.isEmpty()) {
+            pemCertificates_ = other.pemCertificates_;
+            bitField0_ = (bitField0_ & ~0x00000001);
+          } else {
+            ensurePemCertificatesIsMutable();
+            pemCertificates_.addAll(other.pemCertificates_);
+          }
+          onChanged();
+        }
+        this.mergeUnknownFields(other.unknownFields);
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final boolean isInitialized() {
+        return true;
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+        com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain
+            parsedMessage = null;
+        try {
+          parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+        } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+          parsedMessage =
+              (com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain)
+                  e.getUnfinishedMessage();
+          throw e.unwrapIOException();
+        } finally {
+          if (parsedMessage != null) {
+            mergeFrom(parsedMessage);
+          }
+        }
+        return this;
+      }
+
+      private int bitField0_;
+
+      private com.google.protobuf.LazyStringList pemCertificates_ =
+          com.google.protobuf.LazyStringArrayList.EMPTY;
+
+      private void ensurePemCertificatesIsMutable() {
+        if (!((bitField0_ & 0x00000001) != 0)) {
+          pemCertificates_ = new com.google.protobuf.LazyStringArrayList(pemCertificates_);
+          bitField0_ |= 0x00000001;
+        }
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. Expected to be in leaf-to-root order according to RFC 5246.
+       * </pre>
+       *
+       * <code>repeated string pem_certificates = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       *
+       * @return A list containing the pemCertificates.
+       */
+      public com.google.protobuf.ProtocolStringList getPemCertificatesList() {
+        return pemCertificates_.getUnmodifiableView();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. Expected to be in leaf-to-root order according to RFC 5246.
+       * </pre>
+       *
+       * <code>repeated string pem_certificates = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       *
+       * @return The count of pemCertificates.
+       */
+      public int getPemCertificatesCount() {
+        return pemCertificates_.size();
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. Expected to be in leaf-to-root order according to RFC 5246.
+       * </pre>
+       *
+       * <code>repeated string pem_certificates = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       *
+       * @param index The index of the element to return.
+       * @return The pemCertificates at the given index.
+       */
+      public java.lang.String getPemCertificates(int index) {
+        return pemCertificates_.get(index);
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. Expected to be in leaf-to-root order according to RFC 5246.
+       * </pre>
+       *
+       * <code>repeated string pem_certificates = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       *
+       * @param index The index of the value to return.
+       * @return The bytes of the pemCertificates at the given index.
+       */
+      public com.google.protobuf.ByteString getPemCertificatesBytes(int index) {
+        return pemCertificates_.getByteString(index);
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. Expected to be in leaf-to-root order according to RFC 5246.
+       * </pre>
+       *
+       * <code>repeated string pem_certificates = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       *
+       * @param index The index to set the value at.
+       * @param value The pemCertificates to set.
+       * @return This builder for chaining.
+       */
+      public Builder setPemCertificates(int index, java.lang.String value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensurePemCertificatesIsMutable();
+        pemCertificates_.set(index, value);
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. Expected to be in leaf-to-root order according to RFC 5246.
+       * </pre>
+       *
+       * <code>repeated string pem_certificates = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       *
+       * @param value The pemCertificates to add.
+       * @return This builder for chaining.
+       */
+      public Builder addPemCertificates(java.lang.String value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensurePemCertificatesIsMutable();
+        pemCertificates_.add(value);
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. Expected to be in leaf-to-root order according to RFC 5246.
+       * </pre>
+       *
+       * <code>repeated string pem_certificates = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       *
+       * @param values The pemCertificates to add.
+       * @return This builder for chaining.
+       */
+      public Builder addAllPemCertificates(java.lang.Iterable<java.lang.String> values) {
+        ensurePemCertificatesIsMutable();
+        com.google.protobuf.AbstractMessageLite.Builder.addAll(values, pemCertificates_);
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. Expected to be in leaf-to-root order according to RFC 5246.
+       * </pre>
+       *
+       * <code>repeated string pem_certificates = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearPemCertificates() {
+        pemCertificates_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+        bitField0_ = (bitField0_ & ~0x00000001);
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Required. Expected to be in leaf-to-root order according to RFC 5246.
+       * </pre>
+       *
+       * <code>repeated string pem_certificates = 1 [(.google.api.field_behavior) = REQUIRED];
+       * </code>
+       *
+       * @param value The bytes of the pemCertificates to add.
+       * @return This builder for chaining.
+       */
+      public Builder addPemCertificatesBytes(com.google.protobuf.ByteString value) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        checkByteStringIsUtf8(value);
+        ensurePemCertificatesIsMutable();
+        pemCertificates_.add(value);
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final Builder setUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.setUnknownFields(unknownFields);
+      }
+
+      @java.lang.Override
+      public final Builder mergeUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.mergeUnknownFields(unknownFields);
+      }
+
+      // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain)
+    }
+
+    // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain)
+    private static final com.google.cloud.security.privateca.v1.SubordinateConfig
+            .SubordinateConfigChain
+        DEFAULT_INSTANCE;
+
+    static {
+      DEFAULT_INSTANCE =
+          new com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain();
+    }
+
+    public static com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain
+        getDefaultInstance() {
+      return DEFAULT_INSTANCE;
+    }
+
+    private static final com.google.protobuf.Parser<SubordinateConfigChain> PARSER =
+        new com.google.protobuf.AbstractParser<SubordinateConfigChain>() {
+          @java.lang.Override
+          public SubordinateConfigChain parsePartialFrom(
+              com.google.protobuf.CodedInputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+            return new SubordinateConfigChain(input, extensionRegistry);
+          }
+        };
+
+    public static com.google.protobuf.Parser<SubordinateConfigChain> parser() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Parser<SubordinateConfigChain> getParserForType() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain
+        getDefaultInstanceForType() {
+      return DEFAULT_INSTANCE;
+    }
+  }
+
+  private int subordinateConfigCase_ = 0;
+  private java.lang.Object subordinateConfig_;
+
+  public enum SubordinateConfigCase
+      implements
+          com.google.protobuf.Internal.EnumLite,
+          com.google.protobuf.AbstractMessage.InternalOneOfEnum {
+    CERTIFICATE_AUTHORITY(1),
+    PEM_ISSUER_CHAIN(2),
+    SUBORDINATECONFIG_NOT_SET(0);
+    private final int value;
+
+    private SubordinateConfigCase(int value) {
+      this.value = value;
+    }
+    /**
+     * @param value The number of the enum to look for.
+     * @return The enum associated with the given number.
+     * @deprecated Use {@link #forNumber(int)} instead.
+     */
+    @java.lang.Deprecated
+    public static SubordinateConfigCase valueOf(int value) {
+      return forNumber(value);
+    }
+
+    public static SubordinateConfigCase forNumber(int value) {
+      switch (value) {
+        case 1:
+          return CERTIFICATE_AUTHORITY;
+        case 2:
+          return PEM_ISSUER_CHAIN;
+        case 0:
+          return SUBORDINATECONFIG_NOT_SET;
+        default:
+          return null;
+      }
+    }
+
+    public int getNumber() {
+      return this.value;
+    }
+  };
+
+  public SubordinateConfigCase getSubordinateConfigCase() {
+    return SubordinateConfigCase.forNumber(subordinateConfigCase_);
+  }
+
+  public static final int CERTIFICATE_AUTHORITY_FIELD_NUMBER = 1;
+  /**
+   *
+   *
+   * <pre>
+   * Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the same project that
+   * was used to create a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field
+   * is used for information and usability purposes only. The resource name
+   * is in the format
+   * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string certificate_authority = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return Whether the certificateAuthority field is set.
+   */
+  public boolean hasCertificateAuthority() {
+    return subordinateConfigCase_ == 1;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the same project that
+   * was used to create a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field
+   * is used for information and usability purposes only. The resource name
+   * is in the format
+   * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string certificate_authority = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The certificateAuthority.
+   */
+  public java.lang.String getCertificateAuthority() {
+    java.lang.Object ref = "";
+    if (subordinateConfigCase_ == 1) {
+      ref = subordinateConfig_;
+    }
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      if (subordinateConfigCase_ == 1) {
+        subordinateConfig_ = s;
+      }
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the same project that
+   * was used to create a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field
+   * is used for information and usability purposes only. The resource name
+   * is in the format
+   * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string certificate_authority = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for certificateAuthority.
+   */
+  public com.google.protobuf.ByteString getCertificateAuthorityBytes() {
+    java.lang.Object ref = "";
+    if (subordinateConfigCase_ == 1) {
+      ref = subordinateConfig_;
+    }
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      if (subordinateConfigCase_ == 1) {
+        subordinateConfig_ = b;
+      }
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int PEM_ISSUER_CHAIN_FIELD_NUMBER = 2;
+  /**
+   *
+   *
+   * <pre>
+   * Required. Contains the PEM certificate chain for the issuers of this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], but not pem certificate for this CA itself.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain pem_issuer_chain = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return Whether the pemIssuerChain field is set.
+   */
+  @java.lang.Override
+  public boolean hasPemIssuerChain() {
+    return subordinateConfigCase_ == 2;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. Contains the PEM certificate chain for the issuers of this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], but not pem certificate for this CA itself.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain pem_issuer_chain = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The pemIssuerChain.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain
+      getPemIssuerChain() {
+    if (subordinateConfigCase_ == 2) {
+      return (com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain)
+          subordinateConfig_;
+    }
+    return com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain
+        .getDefaultInstance();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. Contains the PEM certificate chain for the issuers of this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], but not pem certificate for this CA itself.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain pem_issuer_chain = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChainOrBuilder
+      getPemIssuerChainOrBuilder() {
+    if (subordinateConfigCase_ == 2) {
+      return (com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain)
+          subordinateConfig_;
+    }
+    return com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain
+        .getDefaultInstance();
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (subordinateConfigCase_ == 1) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, subordinateConfig_);
+    }
+    if (subordinateConfigCase_ == 2) {
+      output.writeMessage(
+          2,
+          (com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain)
+              subordinateConfig_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (subordinateConfigCase_ == 1) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, subordinateConfig_);
+    }
+    if (subordinateConfigCase_ == 2) {
+      size +=
+          com.google.protobuf.CodedOutputStream.computeMessageSize(
+              2,
+              (com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain)
+                  subordinateConfig_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.security.privateca.v1.SubordinateConfig)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.SubordinateConfig other =
+        (com.google.cloud.security.privateca.v1.SubordinateConfig) obj;
+
+    if (!getSubordinateConfigCase().equals(other.getSubordinateConfigCase())) return false;
+    switch (subordinateConfigCase_) {
+      case 1:
+        if (!getCertificateAuthority().equals(other.getCertificateAuthority())) return false;
+        break;
+      case 2:
+        if (!getPemIssuerChain().equals(other.getPemIssuerChain())) return false;
+        break;
+      case 0:
+      default:
+    }
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    switch (subordinateConfigCase_) {
+      case 1:
+        hash = (37 * hash) + CERTIFICATE_AUTHORITY_FIELD_NUMBER;
+        hash = (53 * hash) + getCertificateAuthority().hashCode();
+        break;
+      case 2:
+        hash = (37 * hash) + PEM_ISSUER_CHAIN_FIELD_NUMBER;
+        hash = (53 * hash) + getPemIssuerChain().hashCode();
+        break;
+      case 0:
+      default:
+    }
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.SubordinateConfig parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.SubordinateConfig parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.SubordinateConfig parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.SubordinateConfig parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.SubordinateConfig parseFrom(byte[] data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.SubordinateConfig parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.SubordinateConfig parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.SubordinateConfig parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.SubordinateConfig parseDelimitedFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.SubordinateConfig parseDelimitedFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.SubordinateConfig parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.SubordinateConfig parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.SubordinateConfig prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Describes a subordinate CA's issuers. This is either a resource name to a
+   * known issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], or a PEM issuer certificate chain.
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.SubordinateConfig}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.SubordinateConfig)
+      com.google.cloud.security.privateca.v1.SubordinateConfigOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_SubordinateConfig_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_SubordinateConfig_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.SubordinateConfig.class,
+              com.google.cloud.security.privateca.v1.SubordinateConfig.Builder.class);
+    }
+
+    // Construct using com.google.cloud.security.privateca.v1.SubordinateConfig.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      subordinateConfigCase_ = 0;
+      subordinateConfig_ = null;
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_SubordinateConfig_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.SubordinateConfig getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.SubordinateConfig.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.SubordinateConfig build() {
+      com.google.cloud.security.privateca.v1.SubordinateConfig result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.SubordinateConfig buildPartial() {
+      com.google.cloud.security.privateca.v1.SubordinateConfig result =
+          new com.google.cloud.security.privateca.v1.SubordinateConfig(this);
+      if (subordinateConfigCase_ == 1) {
+        result.subordinateConfig_ = subordinateConfig_;
+      }
+      if (subordinateConfigCase_ == 2) {
+        if (pemIssuerChainBuilder_ == null) {
+          result.subordinateConfig_ = subordinateConfig_;
+        } else {
+          result.subordinateConfig_ = pemIssuerChainBuilder_.build();
+        }
+      }
+      result.subordinateConfigCase_ = subordinateConfigCase_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.security.privateca.v1.SubordinateConfig) {
+        return mergeFrom((com.google.cloud.security.privateca.v1.SubordinateConfig) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(com.google.cloud.security.privateca.v1.SubordinateConfig other) {
+      if (other == com.google.cloud.security.privateca.v1.SubordinateConfig.getDefaultInstance())
+        return this;
+      switch (other.getSubordinateConfigCase()) {
+        case CERTIFICATE_AUTHORITY:
+          {
+            subordinateConfigCase_ = 1;
+            subordinateConfig_ = other.subordinateConfig_;
+            onChanged();
+            break;
+          }
+        case PEM_ISSUER_CHAIN:
+          {
+            mergePemIssuerChain(other.getPemIssuerChain());
+            break;
+          }
+        case SUBORDINATECONFIG_NOT_SET:
+          {
+            break;
+          }
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.SubordinateConfig parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.SubordinateConfig) e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private int subordinateConfigCase_ = 0;
+    private java.lang.Object subordinateConfig_;
+
+    public SubordinateConfigCase getSubordinateConfigCase() {
+      return SubordinateConfigCase.forNumber(subordinateConfigCase_);
+    }
+
+    public Builder clearSubordinateConfig() {
+      subordinateConfigCase_ = 0;
+      subordinateConfig_ = null;
+      onChanged();
+      return this;
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the same project that
+     * was used to create a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field
+     * is used for information and usability purposes only. The resource name
+     * is in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string certificate_authority = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return Whether the certificateAuthority field is set.
+     */
+    @java.lang.Override
+    public boolean hasCertificateAuthority() {
+      return subordinateConfigCase_ == 1;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the same project that
+     * was used to create a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field
+     * is used for information and usability purposes only. The resource name
+     * is in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string certificate_authority = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The certificateAuthority.
+     */
+    @java.lang.Override
+    public java.lang.String getCertificateAuthority() {
+      java.lang.Object ref = "";
+      if (subordinateConfigCase_ == 1) {
+        ref = subordinateConfig_;
+      }
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        if (subordinateConfigCase_ == 1) {
+          subordinateConfig_ = s;
+        }
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the same project that
+     * was used to create a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field
+     * is used for information and usability purposes only. The resource name
+     * is in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string certificate_authority = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for certificateAuthority.
+     */
+    @java.lang.Override
+    public com.google.protobuf.ByteString getCertificateAuthorityBytes() {
+      java.lang.Object ref = "";
+      if (subordinateConfigCase_ == 1) {
+        ref = subordinateConfig_;
+      }
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        if (subordinateConfigCase_ == 1) {
+          subordinateConfig_ = b;
+        }
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the same project that
+     * was used to create a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field
+     * is used for information and usability purposes only. The resource name
+     * is in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string certificate_authority = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The certificateAuthority to set.
+     * @return This builder for chaining.
+     */
+    public Builder setCertificateAuthority(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      subordinateConfigCase_ = 1;
+      subordinateConfig_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the same project that
+     * was used to create a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field
+     * is used for information and usability purposes only. The resource name
+     * is in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string certificate_authority = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearCertificateAuthority() {
+      if (subordinateConfigCase_ == 1) {
+        subordinateConfigCase_ = 0;
+        subordinateConfig_ = null;
+        onChanged();
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the same project that
+     * was used to create a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field
+     * is used for information and usability purposes only. The resource name
+     * is in the format
+     * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string certificate_authority = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The bytes for certificateAuthority to set.
+     * @return This builder for chaining.
+     */
+    public Builder setCertificateAuthorityBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+      subordinateConfigCase_ = 1;
+      subordinateConfig_ = value;
+      onChanged();
+      return this;
+    }
+
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain,
+            com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain.Builder,
+            com.google.cloud.security.privateca.v1.SubordinateConfig
+                .SubordinateConfigChainOrBuilder>
+        pemIssuerChainBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. Contains the PEM certificate chain for the issuers of this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], but not pem certificate for this CA itself.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain pem_issuer_chain = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return Whether the pemIssuerChain field is set.
+     */
+    @java.lang.Override
+    public boolean hasPemIssuerChain() {
+      return subordinateConfigCase_ == 2;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Contains the PEM certificate chain for the issuers of this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], but not pem certificate for this CA itself.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain pem_issuer_chain = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The pemIssuerChain.
+     */
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain
+        getPemIssuerChain() {
+      if (pemIssuerChainBuilder_ == null) {
+        if (subordinateConfigCase_ == 2) {
+          return (com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain)
+              subordinateConfig_;
+        }
+        return com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain
+            .getDefaultInstance();
+      } else {
+        if (subordinateConfigCase_ == 2) {
+          return pemIssuerChainBuilder_.getMessage();
+        }
+        return com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain
+            .getDefaultInstance();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Contains the PEM certificate chain for the issuers of this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], but not pem certificate for this CA itself.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain pem_issuer_chain = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setPemIssuerChain(
+        com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain value) {
+      if (pemIssuerChainBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        subordinateConfig_ = value;
+        onChanged();
+      } else {
+        pemIssuerChainBuilder_.setMessage(value);
+      }
+      subordinateConfigCase_ = 2;
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Contains the PEM certificate chain for the issuers of this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], but not pem certificate for this CA itself.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain pem_issuer_chain = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setPemIssuerChain(
+        com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain.Builder
+            builderForValue) {
+      if (pemIssuerChainBuilder_ == null) {
+        subordinateConfig_ = builderForValue.build();
+        onChanged();
+      } else {
+        pemIssuerChainBuilder_.setMessage(builderForValue.build());
+      }
+      subordinateConfigCase_ = 2;
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Contains the PEM certificate chain for the issuers of this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], but not pem certificate for this CA itself.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain pem_issuer_chain = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder mergePemIssuerChain(
+        com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain value) {
+      if (pemIssuerChainBuilder_ == null) {
+        if (subordinateConfigCase_ == 2
+            && subordinateConfig_
+                != com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain
+                    .getDefaultInstance()) {
+          subordinateConfig_ =
+              com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain
+                  .newBuilder(
+                      (com.google.cloud.security.privateca.v1.SubordinateConfig
+                              .SubordinateConfigChain)
+                          subordinateConfig_)
+                  .mergeFrom(value)
+                  .buildPartial();
+        } else {
+          subordinateConfig_ = value;
+        }
+        onChanged();
+      } else {
+        if (subordinateConfigCase_ == 2) {
+          pemIssuerChainBuilder_.mergeFrom(value);
+        }
+        pemIssuerChainBuilder_.setMessage(value);
+      }
+      subordinateConfigCase_ = 2;
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Contains the PEM certificate chain for the issuers of this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], but not pem certificate for this CA itself.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain pem_issuer_chain = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder clearPemIssuerChain() {
+      if (pemIssuerChainBuilder_ == null) {
+        if (subordinateConfigCase_ == 2) {
+          subordinateConfigCase_ = 0;
+          subordinateConfig_ = null;
+          onChanged();
+        }
+      } else {
+        if (subordinateConfigCase_ == 2) {
+          subordinateConfigCase_ = 0;
+          subordinateConfig_ = null;
+        }
+        pemIssuerChainBuilder_.clear();
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Contains the PEM certificate chain for the issuers of this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], but not pem certificate for this CA itself.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain pem_issuer_chain = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain.Builder
+        getPemIssuerChainBuilder() {
+      return getPemIssuerChainFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Contains the PEM certificate chain for the issuers of this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], but not pem certificate for this CA itself.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain pem_issuer_chain = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChainOrBuilder
+        getPemIssuerChainOrBuilder() {
+      if ((subordinateConfigCase_ == 2) && (pemIssuerChainBuilder_ != null)) {
+        return pemIssuerChainBuilder_.getMessageOrBuilder();
+      } else {
+        if (subordinateConfigCase_ == 2) {
+          return (com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain)
+              subordinateConfig_;
+        }
+        return com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain
+            .getDefaultInstance();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Contains the PEM certificate chain for the issuers of this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], but not pem certificate for this CA itself.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain pem_issuer_chain = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain,
+            com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain.Builder,
+            com.google.cloud.security.privateca.v1.SubordinateConfig
+                .SubordinateConfigChainOrBuilder>
+        getPemIssuerChainFieldBuilder() {
+      if (pemIssuerChainBuilder_ == null) {
+        if (!(subordinateConfigCase_ == 2)) {
+          subordinateConfig_ =
+              com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain
+                  .getDefaultInstance();
+        }
+        pemIssuerChainBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain,
+                com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain
+                    .Builder,
+                com.google.cloud.security.privateca.v1.SubordinateConfig
+                    .SubordinateConfigChainOrBuilder>(
+                (com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain)
+                    subordinateConfig_,
+                getParentForChildren(),
+                isClean());
+        subordinateConfig_ = null;
+      }
+      subordinateConfigCase_ = 2;
+      onChanged();
+      ;
+      return pemIssuerChainBuilder_;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.SubordinateConfig)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.SubordinateConfig)
+  private static final com.google.cloud.security.privateca.v1.SubordinateConfig DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.SubordinateConfig();
+  }
+
+  public static com.google.cloud.security.privateca.v1.SubordinateConfig getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<SubordinateConfig> PARSER =
+      new com.google.protobuf.AbstractParser<SubordinateConfig>() {
+        @java.lang.Override
+        public SubordinateConfig parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new SubordinateConfig(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<SubordinateConfig> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<SubordinateConfig> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.SubordinateConfig getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/SubordinateConfigOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/SubordinateConfigOrBuilder.java
new file mode 100644
index 00000000..16b55db4
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/SubordinateConfigOrBuilder.java
@@ -0,0 +1,129 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/resources.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface SubordinateConfigOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.SubordinateConfig)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the same project that
+   * was used to create a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field
+   * is used for information and usability purposes only. The resource name
+   * is in the format
+   * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string certificate_authority = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return Whether the certificateAuthority field is set.
+   */
+  boolean hasCertificateAuthority();
+  /**
+   *
+   *
+   * <pre>
+   * Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the same project that
+   * was used to create a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field
+   * is used for information and usability purposes only. The resource name
+   * is in the format
+   * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string certificate_authority = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The certificateAuthority.
+   */
+  java.lang.String getCertificateAuthority();
+  /**
+   *
+   *
+   * <pre>
+   * Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the same project that
+   * was used to create a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field
+   * is used for information and usability purposes only. The resource name
+   * is in the format
+   * `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string certificate_authority = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for certificateAuthority.
+   */
+  com.google.protobuf.ByteString getCertificateAuthorityBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. Contains the PEM certificate chain for the issuers of this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], but not pem certificate for this CA itself.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain pem_issuer_chain = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return Whether the pemIssuerChain field is set.
+   */
+  boolean hasPemIssuerChain();
+  /**
+   *
+   *
+   * <pre>
+   * Required. Contains the PEM certificate chain for the issuers of this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], but not pem certificate for this CA itself.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain pem_issuer_chain = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The pemIssuerChain.
+   */
+  com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain
+      getPemIssuerChain();
+  /**
+   *
+   *
+   * <pre>
+   * Required. Contains the PEM certificate chain for the issuers of this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], but not pem certificate for this CA itself.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChain pem_issuer_chain = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigChainOrBuilder
+      getPemIssuerChainOrBuilder();
+
+  public com.google.cloud.security.privateca.v1.SubordinateConfig.SubordinateConfigCase
+      getSubordinateConfigCase();
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UndeleteCertificateAuthorityRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UndeleteCertificateAuthorityRequest.java
new file mode 100644
index 00000000..d6de64ad
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UndeleteCertificateAuthorityRequest.java
@@ -0,0 +1,942 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Request message for
+ * [CertificateAuthorityService.UndeleteCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.UndeleteCertificateAuthority].
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest}
+ */
+public final class UndeleteCertificateAuthorityRequest
+    extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest)
+    UndeleteCertificateAuthorityRequestOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use UndeleteCertificateAuthorityRequest.newBuilder() to construct.
+  private UndeleteCertificateAuthorityRequest(
+      com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private UndeleteCertificateAuthorityRequest() {
+    name_ = "";
+    requestId_ = "";
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new UndeleteCertificateAuthorityRequest();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private UndeleteCertificateAuthorityRequest(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              name_ = s;
+              break;
+            }
+          case 18:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              requestId_ = s;
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_UndeleteCertificateAuthorityRequest_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_UndeleteCertificateAuthorityRequest_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest.class,
+            com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest.Builder
+                .class);
+  }
+
+  public static final int NAME_FIELD_NUMBER = 1;
+  private volatile java.lang.Object name_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The name.
+   */
+  @java.lang.Override
+  public java.lang.String getName() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      name_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for name.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getNameBytes() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      name_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int REQUEST_ID_FIELD_NUMBER = 2;
+  private volatile java.lang.Object requestId_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The requestId.
+   */
+  @java.lang.Override
+  public java.lang.String getRequestId() {
+    java.lang.Object ref = requestId_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      requestId_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for requestId.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getRequestIdBytes() {
+    java.lang.Object ref = requestId_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      requestId_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!getNameBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, name_);
+    }
+    if (!getRequestIdBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 2, requestId_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!getNameBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, name_);
+    }
+    if (!getRequestIdBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(2, requestId_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj
+        instanceof com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest other =
+        (com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest) obj;
+
+    if (!getName().equals(other.getName())) return false;
+    if (!getRequestId().equals(other.getRequestId())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + NAME_FIELD_NUMBER;
+    hash = (53 * hash) + getName().hashCode();
+    hash = (37 * hash) + REQUEST_ID_FIELD_NUMBER;
+    hash = (53 * hash) + getRequestId().hashCode();
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest
+      parseFrom(java.nio.ByteBuffer data)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest
+      parseFrom(
+          java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest
+      parseFrom(com.google.protobuf.ByteString data)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest
+      parseFrom(
+          com.google.protobuf.ByteString data,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest
+      parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest
+      parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest
+      parseFrom(java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest
+      parseFrom(
+          java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest
+      parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest
+      parseDelimitedFrom(
+          java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest
+      parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest
+      parseFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Request message for
+   * [CertificateAuthorityService.UndeleteCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.UndeleteCertificateAuthority].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest)
+      com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequestOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_UndeleteCertificateAuthorityRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_UndeleteCertificateAuthorityRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest.class,
+              com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest.Builder
+                  .class);
+    }
+
+    // Construct using
+    // com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      name_ = "";
+
+      requestId_ = "";
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_UndeleteCertificateAuthorityRequest_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest
+        getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest
+          .getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest build() {
+      com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest result =
+          buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest
+        buildPartial() {
+      com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest result =
+          new com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest(this);
+      result.name_ = name_;
+      result.requestId_ = requestId_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other
+          instanceof com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest) {
+        return mergeFrom(
+            (com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(
+        com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest other) {
+      if (other
+          == com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest
+              .getDefaultInstance()) return this;
+      if (!other.getName().isEmpty()) {
+        name_ = other.name_;
+        onChanged();
+      }
+      if (!other.getRequestId().isEmpty()) {
+        requestId_ = other.requestId_;
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest parsedMessage =
+          null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest)
+                e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private java.lang.Object name_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The name.
+     */
+    public java.lang.String getName() {
+      java.lang.Object ref = name_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        name_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for name.
+     */
+    public com.google.protobuf.ByteString getNameBytes() {
+      java.lang.Object ref = name_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        name_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The name to set.
+     * @return This builder for chaining.
+     */
+    public Builder setName(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearName() {
+
+      name_ = getDefaultInstance().getName();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The resource name for this
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+     * </pre>
+     *
+     * <code>
+     * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The bytes for name to set.
+     * @return This builder for chaining.
+     */
+    public Builder setNameBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object requestId_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The requestId.
+     */
+    public java.lang.String getRequestId() {
+      java.lang.Object ref = requestId_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        requestId_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for requestId.
+     */
+    public com.google.protobuf.ByteString getRequestIdBytes() {
+      java.lang.Object ref = requestId_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        requestId_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The requestId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setRequestId(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      requestId_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearRequestId() {
+
+      requestId_ = getDefaultInstance().getRequestId();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The bytes for requestId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setRequestIdBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      requestId_ = value;
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest)
+  private static final com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest
+      DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE =
+        new com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest();
+  }
+
+  public static com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest
+      getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<UndeleteCertificateAuthorityRequest> PARSER =
+      new com.google.protobuf.AbstractParser<UndeleteCertificateAuthorityRequest>() {
+        @java.lang.Override
+        public UndeleteCertificateAuthorityRequest parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new UndeleteCertificateAuthorityRequest(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<UndeleteCertificateAuthorityRequest> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<UndeleteCertificateAuthorityRequest> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest
+      getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UndeleteCertificateAuthorityRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UndeleteCertificateAuthorityRequestOrBuilder.java
new file mode 100644
index 00000000..96a1a612
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UndeleteCertificateAuthorityRequestOrBuilder.java
@@ -0,0 +1,103 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface UndeleteCertificateAuthorityRequestOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The name.
+   */
+  java.lang.String getName();
+  /**
+   *
+   *
+   * <pre>
+   * Required. The resource name for this
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * in the format `projects/&#42;&#47;locations/&#42;&#47;caPools/&#42;&#47;certificateAuthorities/&#42;`.
+   * </pre>
+   *
+   * <code>
+   * string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for name.
+   */
+  com.google.protobuf.ByteString getNameBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The requestId.
+   */
+  java.lang.String getRequestId();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for requestId.
+   */
+  com.google.protobuf.ByteString getRequestIdBytes();
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCaPoolRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCaPoolRequest.java
new file mode 100644
index 00000000..4c10c2ae
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCaPoolRequest.java
@@ -0,0 +1,1307 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Request message for
+ * [CertificateAuthorityService.UpdateCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCaPool].
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.UpdateCaPoolRequest}
+ */
+public final class UpdateCaPoolRequest extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.UpdateCaPoolRequest)
+    UpdateCaPoolRequestOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use UpdateCaPoolRequest.newBuilder() to construct.
+  private UpdateCaPoolRequest(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private UpdateCaPoolRequest() {
+    requestId_ = "";
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new UpdateCaPoolRequest();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private UpdateCaPoolRequest(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              com.google.cloud.security.privateca.v1.CaPool.Builder subBuilder = null;
+              if (caPool_ != null) {
+                subBuilder = caPool_.toBuilder();
+              }
+              caPool_ =
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.CaPool.parser(), extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(caPool_);
+                caPool_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 18:
+            {
+              com.google.protobuf.FieldMask.Builder subBuilder = null;
+              if (updateMask_ != null) {
+                subBuilder = updateMask_.toBuilder();
+              }
+              updateMask_ =
+                  input.readMessage(com.google.protobuf.FieldMask.parser(), extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(updateMask_);
+                updateMask_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 26:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              requestId_ = s;
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_UpdateCaPoolRequest_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_UpdateCaPoolRequest_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.UpdateCaPoolRequest.class,
+            com.google.cloud.security.privateca.v1.UpdateCaPoolRequest.Builder.class);
+  }
+
+  public static final int CA_POOL_FIELD_NUMBER = 1;
+  private com.google.cloud.security.privateca.v1.CaPool caPool_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
+   * values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CaPool ca_pool = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return Whether the caPool field is set.
+   */
+  @java.lang.Override
+  public boolean hasCaPool() {
+    return caPool_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
+   * values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CaPool ca_pool = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The caPool.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CaPool getCaPool() {
+    return caPool_ == null
+        ? com.google.cloud.security.privateca.v1.CaPool.getDefaultInstance()
+        : caPool_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
+   * values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CaPool ca_pool = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CaPoolOrBuilder getCaPoolOrBuilder() {
+    return getCaPool();
+  }
+
+  public static final int UPDATE_MASK_FIELD_NUMBER = 2;
+  private com.google.protobuf.FieldMask updateMask_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. A list of fields to be updated in this request.
+   * </pre>
+   *
+   * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return Whether the updateMask field is set.
+   */
+  @java.lang.Override
+  public boolean hasUpdateMask() {
+    return updateMask_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. A list of fields to be updated in this request.
+   * </pre>
+   *
+   * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The updateMask.
+   */
+  @java.lang.Override
+  public com.google.protobuf.FieldMask getUpdateMask() {
+    return updateMask_ == null ? com.google.protobuf.FieldMask.getDefaultInstance() : updateMask_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. A list of fields to be updated in this request.
+   * </pre>
+   *
+   * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.protobuf.FieldMaskOrBuilder getUpdateMaskOrBuilder() {
+    return getUpdateMask();
+  }
+
+  public static final int REQUEST_ID_FIELD_NUMBER = 3;
+  private volatile java.lang.Object requestId_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The requestId.
+   */
+  @java.lang.Override
+  public java.lang.String getRequestId() {
+    java.lang.Object ref = requestId_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      requestId_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for requestId.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getRequestIdBytes() {
+    java.lang.Object ref = requestId_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      requestId_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (caPool_ != null) {
+      output.writeMessage(1, getCaPool());
+    }
+    if (updateMask_ != null) {
+      output.writeMessage(2, getUpdateMask());
+    }
+    if (!getRequestIdBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 3, requestId_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (caPool_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(1, getCaPool());
+    }
+    if (updateMask_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(2, getUpdateMask());
+    }
+    if (!getRequestIdBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(3, requestId_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.security.privateca.v1.UpdateCaPoolRequest)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.UpdateCaPoolRequest other =
+        (com.google.cloud.security.privateca.v1.UpdateCaPoolRequest) obj;
+
+    if (hasCaPool() != other.hasCaPool()) return false;
+    if (hasCaPool()) {
+      if (!getCaPool().equals(other.getCaPool())) return false;
+    }
+    if (hasUpdateMask() != other.hasUpdateMask()) return false;
+    if (hasUpdateMask()) {
+      if (!getUpdateMask().equals(other.getUpdateMask())) return false;
+    }
+    if (!getRequestId().equals(other.getRequestId())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    if (hasCaPool()) {
+      hash = (37 * hash) + CA_POOL_FIELD_NUMBER;
+      hash = (53 * hash) + getCaPool().hashCode();
+    }
+    if (hasUpdateMask()) {
+      hash = (37 * hash) + UPDATE_MASK_FIELD_NUMBER;
+      hash = (53 * hash) + getUpdateMask().hashCode();
+    }
+    hash = (37 * hash) + REQUEST_ID_FIELD_NUMBER;
+    hash = (53 * hash) + getRequestId().hashCode();
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCaPoolRequest parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCaPoolRequest parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCaPoolRequest parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCaPoolRequest parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCaPoolRequest parseFrom(byte[] data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCaPoolRequest parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCaPoolRequest parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCaPoolRequest parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCaPoolRequest parseDelimitedFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCaPoolRequest parseDelimitedFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCaPoolRequest parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCaPoolRequest parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.UpdateCaPoolRequest prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Request message for
+   * [CertificateAuthorityService.UpdateCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCaPool].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.UpdateCaPoolRequest}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.UpdateCaPoolRequest)
+      com.google.cloud.security.privateca.v1.UpdateCaPoolRequestOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_UpdateCaPoolRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_UpdateCaPoolRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.UpdateCaPoolRequest.class,
+              com.google.cloud.security.privateca.v1.UpdateCaPoolRequest.Builder.class);
+    }
+
+    // Construct using com.google.cloud.security.privateca.v1.UpdateCaPoolRequest.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      if (caPoolBuilder_ == null) {
+        caPool_ = null;
+      } else {
+        caPool_ = null;
+        caPoolBuilder_ = null;
+      }
+      if (updateMaskBuilder_ == null) {
+        updateMask_ = null;
+      } else {
+        updateMask_ = null;
+        updateMaskBuilder_ = null;
+      }
+      requestId_ = "";
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_UpdateCaPoolRequest_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.UpdateCaPoolRequest getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.UpdateCaPoolRequest.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.UpdateCaPoolRequest build() {
+      com.google.cloud.security.privateca.v1.UpdateCaPoolRequest result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.UpdateCaPoolRequest buildPartial() {
+      com.google.cloud.security.privateca.v1.UpdateCaPoolRequest result =
+          new com.google.cloud.security.privateca.v1.UpdateCaPoolRequest(this);
+      if (caPoolBuilder_ == null) {
+        result.caPool_ = caPool_;
+      } else {
+        result.caPool_ = caPoolBuilder_.build();
+      }
+      if (updateMaskBuilder_ == null) {
+        result.updateMask_ = updateMask_;
+      } else {
+        result.updateMask_ = updateMaskBuilder_.build();
+      }
+      result.requestId_ = requestId_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.security.privateca.v1.UpdateCaPoolRequest) {
+        return mergeFrom((com.google.cloud.security.privateca.v1.UpdateCaPoolRequest) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(com.google.cloud.security.privateca.v1.UpdateCaPoolRequest other) {
+      if (other == com.google.cloud.security.privateca.v1.UpdateCaPoolRequest.getDefaultInstance())
+        return this;
+      if (other.hasCaPool()) {
+        mergeCaPool(other.getCaPool());
+      }
+      if (other.hasUpdateMask()) {
+        mergeUpdateMask(other.getUpdateMask());
+      }
+      if (!other.getRequestId().isEmpty()) {
+        requestId_ = other.requestId_;
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.UpdateCaPoolRequest parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.UpdateCaPoolRequest) e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private com.google.cloud.security.privateca.v1.CaPool caPool_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CaPool,
+            com.google.cloud.security.privateca.v1.CaPool.Builder,
+            com.google.cloud.security.privateca.v1.CaPoolOrBuilder>
+        caPoolBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
+     * values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool ca_pool = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return Whether the caPool field is set.
+     */
+    public boolean hasCaPool() {
+      return caPoolBuilder_ != null || caPool_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
+     * values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool ca_pool = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The caPool.
+     */
+    public com.google.cloud.security.privateca.v1.CaPool getCaPool() {
+      if (caPoolBuilder_ == null) {
+        return caPool_ == null
+            ? com.google.cloud.security.privateca.v1.CaPool.getDefaultInstance()
+            : caPool_;
+      } else {
+        return caPoolBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
+     * values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool ca_pool = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setCaPool(com.google.cloud.security.privateca.v1.CaPool value) {
+      if (caPoolBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        caPool_ = value;
+        onChanged();
+      } else {
+        caPoolBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
+     * values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool ca_pool = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setCaPool(
+        com.google.cloud.security.privateca.v1.CaPool.Builder builderForValue) {
+      if (caPoolBuilder_ == null) {
+        caPool_ = builderForValue.build();
+        onChanged();
+      } else {
+        caPoolBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
+     * values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool ca_pool = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder mergeCaPool(com.google.cloud.security.privateca.v1.CaPool value) {
+      if (caPoolBuilder_ == null) {
+        if (caPool_ != null) {
+          caPool_ =
+              com.google.cloud.security.privateca.v1.CaPool.newBuilder(caPool_)
+                  .mergeFrom(value)
+                  .buildPartial();
+        } else {
+          caPool_ = value;
+        }
+        onChanged();
+      } else {
+        caPoolBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
+     * values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool ca_pool = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder clearCaPool() {
+      if (caPoolBuilder_ == null) {
+        caPool_ = null;
+        onChanged();
+      } else {
+        caPool_ = null;
+        caPoolBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
+     * values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool ca_pool = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CaPool.Builder getCaPoolBuilder() {
+
+      onChanged();
+      return getCaPoolFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
+     * values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool ca_pool = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CaPoolOrBuilder getCaPoolOrBuilder() {
+      if (caPoolBuilder_ != null) {
+        return caPoolBuilder_.getMessageOrBuilder();
+      } else {
+        return caPool_ == null
+            ? com.google.cloud.security.privateca.v1.CaPool.getDefaultInstance()
+            : caPool_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
+     * values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CaPool ca_pool = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CaPool,
+            com.google.cloud.security.privateca.v1.CaPool.Builder,
+            com.google.cloud.security.privateca.v1.CaPoolOrBuilder>
+        getCaPoolFieldBuilder() {
+      if (caPoolBuilder_ == null) {
+        caPoolBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.CaPool,
+                com.google.cloud.security.privateca.v1.CaPool.Builder,
+                com.google.cloud.security.privateca.v1.CaPoolOrBuilder>(
+                getCaPool(), getParentForChildren(), isClean());
+        caPool_ = null;
+      }
+      return caPoolBuilder_;
+    }
+
+    private com.google.protobuf.FieldMask updateMask_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.FieldMask,
+            com.google.protobuf.FieldMask.Builder,
+            com.google.protobuf.FieldMaskOrBuilder>
+        updateMaskBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return Whether the updateMask field is set.
+     */
+    public boolean hasUpdateMask() {
+      return updateMaskBuilder_ != null || updateMask_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The updateMask.
+     */
+    public com.google.protobuf.FieldMask getUpdateMask() {
+      if (updateMaskBuilder_ == null) {
+        return updateMask_ == null
+            ? com.google.protobuf.FieldMask.getDefaultInstance()
+            : updateMask_;
+      } else {
+        return updateMaskBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setUpdateMask(com.google.protobuf.FieldMask value) {
+      if (updateMaskBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        updateMask_ = value;
+        onChanged();
+      } else {
+        updateMaskBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setUpdateMask(com.google.protobuf.FieldMask.Builder builderForValue) {
+      if (updateMaskBuilder_ == null) {
+        updateMask_ = builderForValue.build();
+        onChanged();
+      } else {
+        updateMaskBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder mergeUpdateMask(com.google.protobuf.FieldMask value) {
+      if (updateMaskBuilder_ == null) {
+        if (updateMask_ != null) {
+          updateMask_ =
+              com.google.protobuf.FieldMask.newBuilder(updateMask_).mergeFrom(value).buildPartial();
+        } else {
+          updateMask_ = value;
+        }
+        onChanged();
+      } else {
+        updateMaskBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder clearUpdateMask() {
+      if (updateMaskBuilder_ == null) {
+        updateMask_ = null;
+        onChanged();
+      } else {
+        updateMask_ = null;
+        updateMaskBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public com.google.protobuf.FieldMask.Builder getUpdateMaskBuilder() {
+
+      onChanged();
+      return getUpdateMaskFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public com.google.protobuf.FieldMaskOrBuilder getUpdateMaskOrBuilder() {
+      if (updateMaskBuilder_ != null) {
+        return updateMaskBuilder_.getMessageOrBuilder();
+      } else {
+        return updateMask_ == null
+            ? com.google.protobuf.FieldMask.getDefaultInstance()
+            : updateMask_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.FieldMask,
+            com.google.protobuf.FieldMask.Builder,
+            com.google.protobuf.FieldMaskOrBuilder>
+        getUpdateMaskFieldBuilder() {
+      if (updateMaskBuilder_ == null) {
+        updateMaskBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.protobuf.FieldMask,
+                com.google.protobuf.FieldMask.Builder,
+                com.google.protobuf.FieldMaskOrBuilder>(
+                getUpdateMask(), getParentForChildren(), isClean());
+        updateMask_ = null;
+      }
+      return updateMaskBuilder_;
+    }
+
+    private java.lang.Object requestId_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The requestId.
+     */
+    public java.lang.String getRequestId() {
+      java.lang.Object ref = requestId_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        requestId_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for requestId.
+     */
+    public com.google.protobuf.ByteString getRequestIdBytes() {
+      java.lang.Object ref = requestId_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        requestId_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The requestId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setRequestId(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      requestId_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearRequestId() {
+
+      requestId_ = getDefaultInstance().getRequestId();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The bytes for requestId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setRequestIdBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      requestId_ = value;
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.UpdateCaPoolRequest)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.UpdateCaPoolRequest)
+  private static final com.google.cloud.security.privateca.v1.UpdateCaPoolRequest DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.UpdateCaPoolRequest();
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCaPoolRequest getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<UpdateCaPoolRequest> PARSER =
+      new com.google.protobuf.AbstractParser<UpdateCaPoolRequest>() {
+        @java.lang.Override
+        public UpdateCaPoolRequest parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new UpdateCaPoolRequest(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<UpdateCaPoolRequest> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<UpdateCaPoolRequest> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.UpdateCaPoolRequest getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCaPoolRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCaPoolRequestOrBuilder.java
new file mode 100644
index 00000000..6b893762
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCaPoolRequestOrBuilder.java
@@ -0,0 +1,152 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface UpdateCaPoolRequestOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.UpdateCaPoolRequest)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
+   * values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CaPool ca_pool = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return Whether the caPool field is set.
+   */
+  boolean hasCaPool();
+  /**
+   *
+   *
+   * <pre>
+   * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
+   * values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CaPool ca_pool = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The caPool.
+   */
+  com.google.cloud.security.privateca.v1.CaPool getCaPool();
+  /**
+   *
+   *
+   * <pre>
+   * Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
+   * values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CaPool ca_pool = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.CaPoolOrBuilder getCaPoolOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. A list of fields to be updated in this request.
+   * </pre>
+   *
+   * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return Whether the updateMask field is set.
+   */
+  boolean hasUpdateMask();
+  /**
+   *
+   *
+   * <pre>
+   * Required. A list of fields to be updated in this request.
+   * </pre>
+   *
+   * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The updateMask.
+   */
+  com.google.protobuf.FieldMask getUpdateMask();
+  /**
+   *
+   *
+   * <pre>
+   * Required. A list of fields to be updated in this request.
+   * </pre>
+   *
+   * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   */
+  com.google.protobuf.FieldMaskOrBuilder getUpdateMaskOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The requestId.
+   */
+  java.lang.String getRequestId();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for requestId.
+   */
+  com.google.protobuf.ByteString getRequestIdBytes();
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateAuthorityRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateAuthorityRequest.java
new file mode 100644
index 00000000..24de29c6
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateAuthorityRequest.java
@@ -0,0 +1,1344 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Request message for
+ * [CertificateAuthorityService.UpdateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificateAuthority].
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest}
+ */
+public final class UpdateCertificateAuthorityRequest extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest)
+    UpdateCertificateAuthorityRequestOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use UpdateCertificateAuthorityRequest.newBuilder() to construct.
+  private UpdateCertificateAuthorityRequest(
+      com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private UpdateCertificateAuthorityRequest() {
+    requestId_ = "";
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new UpdateCertificateAuthorityRequest();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private UpdateCertificateAuthorityRequest(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              com.google.cloud.security.privateca.v1.CertificateAuthority.Builder subBuilder = null;
+              if (certificateAuthority_ != null) {
+                subBuilder = certificateAuthority_.toBuilder();
+              }
+              certificateAuthority_ =
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.CertificateAuthority.parser(),
+                      extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(certificateAuthority_);
+                certificateAuthority_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 18:
+            {
+              com.google.protobuf.FieldMask.Builder subBuilder = null;
+              if (updateMask_ != null) {
+                subBuilder = updateMask_.toBuilder();
+              }
+              updateMask_ =
+                  input.readMessage(com.google.protobuf.FieldMask.parser(), extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(updateMask_);
+                updateMask_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 26:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              requestId_ = s;
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_UpdateCertificateAuthorityRequest_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_UpdateCertificateAuthorityRequest_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest.class,
+            com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest.Builder.class);
+  }
+
+  public static final int CERTIFICATE_AUTHORITY_FIELD_NUMBER = 1;
+  private com.google.cloud.security.privateca.v1.CertificateAuthority certificateAuthority_;
+  /**
+   *
+   *
+   * <pre>
+   * Required.
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * with updated values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateAuthority certificate_authority = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return Whether the certificateAuthority field is set.
+   */
+  @java.lang.Override
+  public boolean hasCertificateAuthority() {
+    return certificateAuthority_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required.
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * with updated values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateAuthority certificate_authority = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The certificateAuthority.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateAuthority getCertificateAuthority() {
+    return certificateAuthority_ == null
+        ? com.google.cloud.security.privateca.v1.CertificateAuthority.getDefaultInstance()
+        : certificateAuthority_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required.
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * with updated values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateAuthority certificate_authority = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateAuthorityOrBuilder
+      getCertificateAuthorityOrBuilder() {
+    return getCertificateAuthority();
+  }
+
+  public static final int UPDATE_MASK_FIELD_NUMBER = 2;
+  private com.google.protobuf.FieldMask updateMask_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. A list of fields to be updated in this request.
+   * </pre>
+   *
+   * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return Whether the updateMask field is set.
+   */
+  @java.lang.Override
+  public boolean hasUpdateMask() {
+    return updateMask_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. A list of fields to be updated in this request.
+   * </pre>
+   *
+   * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The updateMask.
+   */
+  @java.lang.Override
+  public com.google.protobuf.FieldMask getUpdateMask() {
+    return updateMask_ == null ? com.google.protobuf.FieldMask.getDefaultInstance() : updateMask_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. A list of fields to be updated in this request.
+   * </pre>
+   *
+   * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.protobuf.FieldMaskOrBuilder getUpdateMaskOrBuilder() {
+    return getUpdateMask();
+  }
+
+  public static final int REQUEST_ID_FIELD_NUMBER = 3;
+  private volatile java.lang.Object requestId_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The requestId.
+   */
+  @java.lang.Override
+  public java.lang.String getRequestId() {
+    java.lang.Object ref = requestId_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      requestId_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for requestId.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getRequestIdBytes() {
+    java.lang.Object ref = requestId_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      requestId_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (certificateAuthority_ != null) {
+      output.writeMessage(1, getCertificateAuthority());
+    }
+    if (updateMask_ != null) {
+      output.writeMessage(2, getUpdateMask());
+    }
+    if (!getRequestIdBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 3, requestId_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (certificateAuthority_ != null) {
+      size +=
+          com.google.protobuf.CodedOutputStream.computeMessageSize(1, getCertificateAuthority());
+    }
+    if (updateMask_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(2, getUpdateMask());
+    }
+    if (!getRequestIdBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(3, requestId_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj
+        instanceof com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest other =
+        (com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest) obj;
+
+    if (hasCertificateAuthority() != other.hasCertificateAuthority()) return false;
+    if (hasCertificateAuthority()) {
+      if (!getCertificateAuthority().equals(other.getCertificateAuthority())) return false;
+    }
+    if (hasUpdateMask() != other.hasUpdateMask()) return false;
+    if (hasUpdateMask()) {
+      if (!getUpdateMask().equals(other.getUpdateMask())) return false;
+    }
+    if (!getRequestId().equals(other.getRequestId())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    if (hasCertificateAuthority()) {
+      hash = (37 * hash) + CERTIFICATE_AUTHORITY_FIELD_NUMBER;
+      hash = (53 * hash) + getCertificateAuthority().hashCode();
+    }
+    if (hasUpdateMask()) {
+      hash = (37 * hash) + UPDATE_MASK_FIELD_NUMBER;
+      hash = (53 * hash) + getUpdateMask().hashCode();
+    }
+    hash = (37 * hash) + REQUEST_ID_FIELD_NUMBER;
+    hash = (53 * hash) + getRequestId().hashCode();
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest parseFrom(
+      byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest
+      parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest
+      parseDelimitedFrom(
+          java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Request message for
+   * [CertificateAuthorityService.UpdateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificateAuthority].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest)
+      com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequestOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_UpdateCertificateAuthorityRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_UpdateCertificateAuthorityRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest.class,
+              com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest.Builder
+                  .class);
+    }
+
+    // Construct using
+    // com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      if (certificateAuthorityBuilder_ == null) {
+        certificateAuthority_ = null;
+      } else {
+        certificateAuthority_ = null;
+        certificateAuthorityBuilder_ = null;
+      }
+      if (updateMaskBuilder_ == null) {
+        updateMask_ = null;
+      } else {
+        updateMask_ = null;
+        updateMaskBuilder_ = null;
+      }
+      requestId_ = "";
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_UpdateCertificateAuthorityRequest_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest
+        getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest
+          .getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest build() {
+      com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest result =
+          buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest buildPartial() {
+      com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest result =
+          new com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest(this);
+      if (certificateAuthorityBuilder_ == null) {
+        result.certificateAuthority_ = certificateAuthority_;
+      } else {
+        result.certificateAuthority_ = certificateAuthorityBuilder_.build();
+      }
+      if (updateMaskBuilder_ == null) {
+        result.updateMask_ = updateMask_;
+      } else {
+        result.updateMask_ = updateMaskBuilder_.build();
+      }
+      result.requestId_ = requestId_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other
+          instanceof com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest) {
+        return mergeFrom(
+            (com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(
+        com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest other) {
+      if (other
+          == com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest
+              .getDefaultInstance()) return this;
+      if (other.hasCertificateAuthority()) {
+        mergeCertificateAuthority(other.getCertificateAuthority());
+      }
+      if (other.hasUpdateMask()) {
+        mergeUpdateMask(other.getUpdateMask());
+      }
+      if (!other.getRequestId().isEmpty()) {
+        requestId_ = other.requestId_;
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest)
+                e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private com.google.cloud.security.privateca.v1.CertificateAuthority certificateAuthority_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateAuthority,
+            com.google.cloud.security.privateca.v1.CertificateAuthority.Builder,
+            com.google.cloud.security.privateca.v1.CertificateAuthorityOrBuilder>
+        certificateAuthorityBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Required.
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * with updated values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority certificate_authority = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return Whether the certificateAuthority field is set.
+     */
+    public boolean hasCertificateAuthority() {
+      return certificateAuthorityBuilder_ != null || certificateAuthority_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required.
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * with updated values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority certificate_authority = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The certificateAuthority.
+     */
+    public com.google.cloud.security.privateca.v1.CertificateAuthority getCertificateAuthority() {
+      if (certificateAuthorityBuilder_ == null) {
+        return certificateAuthority_ == null
+            ? com.google.cloud.security.privateca.v1.CertificateAuthority.getDefaultInstance()
+            : certificateAuthority_;
+      } else {
+        return certificateAuthorityBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required.
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * with updated values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority certificate_authority = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setCertificateAuthority(
+        com.google.cloud.security.privateca.v1.CertificateAuthority value) {
+      if (certificateAuthorityBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        certificateAuthority_ = value;
+        onChanged();
+      } else {
+        certificateAuthorityBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required.
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * with updated values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority certificate_authority = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setCertificateAuthority(
+        com.google.cloud.security.privateca.v1.CertificateAuthority.Builder builderForValue) {
+      if (certificateAuthorityBuilder_ == null) {
+        certificateAuthority_ = builderForValue.build();
+        onChanged();
+      } else {
+        certificateAuthorityBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required.
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * with updated values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority certificate_authority = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder mergeCertificateAuthority(
+        com.google.cloud.security.privateca.v1.CertificateAuthority value) {
+      if (certificateAuthorityBuilder_ == null) {
+        if (certificateAuthority_ != null) {
+          certificateAuthority_ =
+              com.google.cloud.security.privateca.v1.CertificateAuthority.newBuilder(
+                      certificateAuthority_)
+                  .mergeFrom(value)
+                  .buildPartial();
+        } else {
+          certificateAuthority_ = value;
+        }
+        onChanged();
+      } else {
+        certificateAuthorityBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required.
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * with updated values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority certificate_authority = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder clearCertificateAuthority() {
+      if (certificateAuthorityBuilder_ == null) {
+        certificateAuthority_ = null;
+        onChanged();
+      } else {
+        certificateAuthority_ = null;
+        certificateAuthorityBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required.
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * with updated values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority certificate_authority = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateAuthority.Builder
+        getCertificateAuthorityBuilder() {
+
+      onChanged();
+      return getCertificateAuthorityFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required.
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * with updated values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority certificate_authority = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateAuthorityOrBuilder
+        getCertificateAuthorityOrBuilder() {
+      if (certificateAuthorityBuilder_ != null) {
+        return certificateAuthorityBuilder_.getMessageOrBuilder();
+      } else {
+        return certificateAuthority_ == null
+            ? com.google.cloud.security.privateca.v1.CertificateAuthority.getDefaultInstance()
+            : certificateAuthority_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required.
+     * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+     * with updated values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateAuthority certificate_authority = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateAuthority,
+            com.google.cloud.security.privateca.v1.CertificateAuthority.Builder,
+            com.google.cloud.security.privateca.v1.CertificateAuthorityOrBuilder>
+        getCertificateAuthorityFieldBuilder() {
+      if (certificateAuthorityBuilder_ == null) {
+        certificateAuthorityBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.CertificateAuthority,
+                com.google.cloud.security.privateca.v1.CertificateAuthority.Builder,
+                com.google.cloud.security.privateca.v1.CertificateAuthorityOrBuilder>(
+                getCertificateAuthority(), getParentForChildren(), isClean());
+        certificateAuthority_ = null;
+      }
+      return certificateAuthorityBuilder_;
+    }
+
+    private com.google.protobuf.FieldMask updateMask_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.FieldMask,
+            com.google.protobuf.FieldMask.Builder,
+            com.google.protobuf.FieldMaskOrBuilder>
+        updateMaskBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return Whether the updateMask field is set.
+     */
+    public boolean hasUpdateMask() {
+      return updateMaskBuilder_ != null || updateMask_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The updateMask.
+     */
+    public com.google.protobuf.FieldMask getUpdateMask() {
+      if (updateMaskBuilder_ == null) {
+        return updateMask_ == null
+            ? com.google.protobuf.FieldMask.getDefaultInstance()
+            : updateMask_;
+      } else {
+        return updateMaskBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setUpdateMask(com.google.protobuf.FieldMask value) {
+      if (updateMaskBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        updateMask_ = value;
+        onChanged();
+      } else {
+        updateMaskBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setUpdateMask(com.google.protobuf.FieldMask.Builder builderForValue) {
+      if (updateMaskBuilder_ == null) {
+        updateMask_ = builderForValue.build();
+        onChanged();
+      } else {
+        updateMaskBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder mergeUpdateMask(com.google.protobuf.FieldMask value) {
+      if (updateMaskBuilder_ == null) {
+        if (updateMask_ != null) {
+          updateMask_ =
+              com.google.protobuf.FieldMask.newBuilder(updateMask_).mergeFrom(value).buildPartial();
+        } else {
+          updateMask_ = value;
+        }
+        onChanged();
+      } else {
+        updateMaskBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder clearUpdateMask() {
+      if (updateMaskBuilder_ == null) {
+        updateMask_ = null;
+        onChanged();
+      } else {
+        updateMask_ = null;
+        updateMaskBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public com.google.protobuf.FieldMask.Builder getUpdateMaskBuilder() {
+
+      onChanged();
+      return getUpdateMaskFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public com.google.protobuf.FieldMaskOrBuilder getUpdateMaskOrBuilder() {
+      if (updateMaskBuilder_ != null) {
+        return updateMaskBuilder_.getMessageOrBuilder();
+      } else {
+        return updateMask_ == null
+            ? com.google.protobuf.FieldMask.getDefaultInstance()
+            : updateMask_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.FieldMask,
+            com.google.protobuf.FieldMask.Builder,
+            com.google.protobuf.FieldMaskOrBuilder>
+        getUpdateMaskFieldBuilder() {
+      if (updateMaskBuilder_ == null) {
+        updateMaskBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.protobuf.FieldMask,
+                com.google.protobuf.FieldMask.Builder,
+                com.google.protobuf.FieldMaskOrBuilder>(
+                getUpdateMask(), getParentForChildren(), isClean());
+        updateMask_ = null;
+      }
+      return updateMaskBuilder_;
+    }
+
+    private java.lang.Object requestId_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The requestId.
+     */
+    public java.lang.String getRequestId() {
+      java.lang.Object ref = requestId_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        requestId_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for requestId.
+     */
+    public com.google.protobuf.ByteString getRequestIdBytes() {
+      java.lang.Object ref = requestId_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        requestId_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The requestId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setRequestId(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      requestId_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearRequestId() {
+
+      requestId_ = getDefaultInstance().getRequestId();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The bytes for requestId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setRequestIdBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      requestId_ = value;
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest)
+  private static final com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest
+      DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE =
+        new com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest();
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest
+      getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<UpdateCertificateAuthorityRequest> PARSER =
+      new com.google.protobuf.AbstractParser<UpdateCertificateAuthorityRequest>() {
+        @java.lang.Override
+        public UpdateCertificateAuthorityRequest parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new UpdateCertificateAuthorityRequest(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<UpdateCertificateAuthorityRequest> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<UpdateCertificateAuthorityRequest> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest
+      getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateAuthorityRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateAuthorityRequestOrBuilder.java
new file mode 100644
index 00000000..fb0ae590
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateAuthorityRequestOrBuilder.java
@@ -0,0 +1,156 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface UpdateCertificateAuthorityRequestOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Required.
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * with updated values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateAuthority certificate_authority = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return Whether the certificateAuthority field is set.
+   */
+  boolean hasCertificateAuthority();
+  /**
+   *
+   *
+   * <pre>
+   * Required.
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * with updated values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateAuthority certificate_authority = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The certificateAuthority.
+   */
+  com.google.cloud.security.privateca.v1.CertificateAuthority getCertificateAuthority();
+  /**
+   *
+   *
+   * <pre>
+   * Required.
+   * [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+   * with updated values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateAuthority certificate_authority = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.CertificateAuthorityOrBuilder
+      getCertificateAuthorityOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. A list of fields to be updated in this request.
+   * </pre>
+   *
+   * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return Whether the updateMask field is set.
+   */
+  boolean hasUpdateMask();
+  /**
+   *
+   *
+   * <pre>
+   * Required. A list of fields to be updated in this request.
+   * </pre>
+   *
+   * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The updateMask.
+   */
+  com.google.protobuf.FieldMask getUpdateMask();
+  /**
+   *
+   *
+   * <pre>
+   * Required. A list of fields to be updated in this request.
+   * </pre>
+   *
+   * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   */
+  com.google.protobuf.FieldMaskOrBuilder getUpdateMaskOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The requestId.
+   */
+  java.lang.String getRequestId();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for requestId.
+   */
+  com.google.protobuf.ByteString getRequestIdBytes();
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateRequest.java
new file mode 100644
index 00000000..2ce92af5
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateRequest.java
@@ -0,0 +1,1315 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Request message for
+ * [CertificateAuthorityService.UpdateCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificate].
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.UpdateCertificateRequest}
+ */
+public final class UpdateCertificateRequest extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.UpdateCertificateRequest)
+    UpdateCertificateRequestOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use UpdateCertificateRequest.newBuilder() to construct.
+  private UpdateCertificateRequest(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private UpdateCertificateRequest() {
+    requestId_ = "";
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new UpdateCertificateRequest();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private UpdateCertificateRequest(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              com.google.cloud.security.privateca.v1.Certificate.Builder subBuilder = null;
+              if (certificate_ != null) {
+                subBuilder = certificate_.toBuilder();
+              }
+              certificate_ =
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.Certificate.parser(),
+                      extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(certificate_);
+                certificate_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 18:
+            {
+              com.google.protobuf.FieldMask.Builder subBuilder = null;
+              if (updateMask_ != null) {
+                subBuilder = updateMask_.toBuilder();
+              }
+              updateMask_ =
+                  input.readMessage(com.google.protobuf.FieldMask.parser(), extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(updateMask_);
+                updateMask_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 26:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              requestId_ = s;
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_UpdateCertificateRequest_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_UpdateCertificateRequest_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.UpdateCertificateRequest.class,
+            com.google.cloud.security.privateca.v1.UpdateCertificateRequest.Builder.class);
+  }
+
+  public static final int CERTIFICATE_FIELD_NUMBER = 1;
+  private com.google.cloud.security.privateca.v1.Certificate certificate_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
+   * with updated values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.Certificate certificate = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return Whether the certificate field is set.
+   */
+  @java.lang.Override
+  public boolean hasCertificate() {
+    return certificate_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
+   * with updated values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.Certificate certificate = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The certificate.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.Certificate getCertificate() {
+    return certificate_ == null
+        ? com.google.cloud.security.privateca.v1.Certificate.getDefaultInstance()
+        : certificate_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
+   * with updated values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.Certificate certificate = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateOrBuilder getCertificateOrBuilder() {
+    return getCertificate();
+  }
+
+  public static final int UPDATE_MASK_FIELD_NUMBER = 2;
+  private com.google.protobuf.FieldMask updateMask_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. A list of fields to be updated in this request.
+   * </pre>
+   *
+   * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return Whether the updateMask field is set.
+   */
+  @java.lang.Override
+  public boolean hasUpdateMask() {
+    return updateMask_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. A list of fields to be updated in this request.
+   * </pre>
+   *
+   * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The updateMask.
+   */
+  @java.lang.Override
+  public com.google.protobuf.FieldMask getUpdateMask() {
+    return updateMask_ == null ? com.google.protobuf.FieldMask.getDefaultInstance() : updateMask_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. A list of fields to be updated in this request.
+   * </pre>
+   *
+   * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.protobuf.FieldMaskOrBuilder getUpdateMaskOrBuilder() {
+    return getUpdateMask();
+  }
+
+  public static final int REQUEST_ID_FIELD_NUMBER = 3;
+  private volatile java.lang.Object requestId_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The requestId.
+   */
+  @java.lang.Override
+  public java.lang.String getRequestId() {
+    java.lang.Object ref = requestId_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      requestId_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for requestId.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getRequestIdBytes() {
+    java.lang.Object ref = requestId_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      requestId_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (certificate_ != null) {
+      output.writeMessage(1, getCertificate());
+    }
+    if (updateMask_ != null) {
+      output.writeMessage(2, getUpdateMask());
+    }
+    if (!getRequestIdBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 3, requestId_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (certificate_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(1, getCertificate());
+    }
+    if (updateMask_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(2, getUpdateMask());
+    }
+    if (!getRequestIdBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(3, requestId_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.security.privateca.v1.UpdateCertificateRequest)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.UpdateCertificateRequest other =
+        (com.google.cloud.security.privateca.v1.UpdateCertificateRequest) obj;
+
+    if (hasCertificate() != other.hasCertificate()) return false;
+    if (hasCertificate()) {
+      if (!getCertificate().equals(other.getCertificate())) return false;
+    }
+    if (hasUpdateMask() != other.hasUpdateMask()) return false;
+    if (hasUpdateMask()) {
+      if (!getUpdateMask().equals(other.getUpdateMask())) return false;
+    }
+    if (!getRequestId().equals(other.getRequestId())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    if (hasCertificate()) {
+      hash = (37 * hash) + CERTIFICATE_FIELD_NUMBER;
+      hash = (53 * hash) + getCertificate().hashCode();
+    }
+    if (hasUpdateMask()) {
+      hash = (37 * hash) + UPDATE_MASK_FIELD_NUMBER;
+      hash = (53 * hash) + getUpdateMask().hashCode();
+    }
+    hash = (37 * hash) + REQUEST_ID_FIELD_NUMBER;
+    hash = (53 * hash) + getRequestId().hashCode();
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateRequest parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateRequest parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateRequest parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateRequest parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateRequest parseFrom(
+      byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateRequest parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateRequest parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateRequest parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateRequest parseDelimitedFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateRequest parseDelimitedFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateRequest parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateRequest parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.UpdateCertificateRequest prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Request message for
+   * [CertificateAuthorityService.UpdateCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificate].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.UpdateCertificateRequest}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.UpdateCertificateRequest)
+      com.google.cloud.security.privateca.v1.UpdateCertificateRequestOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_UpdateCertificateRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_UpdateCertificateRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.UpdateCertificateRequest.class,
+              com.google.cloud.security.privateca.v1.UpdateCertificateRequest.Builder.class);
+    }
+
+    // Construct using com.google.cloud.security.privateca.v1.UpdateCertificateRequest.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      if (certificateBuilder_ == null) {
+        certificate_ = null;
+      } else {
+        certificate_ = null;
+        certificateBuilder_ = null;
+      }
+      if (updateMaskBuilder_ == null) {
+        updateMask_ = null;
+      } else {
+        updateMask_ = null;
+        updateMaskBuilder_ = null;
+      }
+      requestId_ = "";
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_UpdateCertificateRequest_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.UpdateCertificateRequest
+        getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.UpdateCertificateRequest.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.UpdateCertificateRequest build() {
+      com.google.cloud.security.privateca.v1.UpdateCertificateRequest result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.UpdateCertificateRequest buildPartial() {
+      com.google.cloud.security.privateca.v1.UpdateCertificateRequest result =
+          new com.google.cloud.security.privateca.v1.UpdateCertificateRequest(this);
+      if (certificateBuilder_ == null) {
+        result.certificate_ = certificate_;
+      } else {
+        result.certificate_ = certificateBuilder_.build();
+      }
+      if (updateMaskBuilder_ == null) {
+        result.updateMask_ = updateMask_;
+      } else {
+        result.updateMask_ = updateMaskBuilder_.build();
+      }
+      result.requestId_ = requestId_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.security.privateca.v1.UpdateCertificateRequest) {
+        return mergeFrom((com.google.cloud.security.privateca.v1.UpdateCertificateRequest) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(
+        com.google.cloud.security.privateca.v1.UpdateCertificateRequest other) {
+      if (other
+          == com.google.cloud.security.privateca.v1.UpdateCertificateRequest.getDefaultInstance())
+        return this;
+      if (other.hasCertificate()) {
+        mergeCertificate(other.getCertificate());
+      }
+      if (other.hasUpdateMask()) {
+        mergeUpdateMask(other.getUpdateMask());
+      }
+      if (!other.getRequestId().isEmpty()) {
+        requestId_ = other.requestId_;
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.UpdateCertificateRequest parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.UpdateCertificateRequest)
+                e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private com.google.cloud.security.privateca.v1.Certificate certificate_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.Certificate,
+            com.google.cloud.security.privateca.v1.Certificate.Builder,
+            com.google.cloud.security.privateca.v1.CertificateOrBuilder>
+        certificateBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
+     * with updated values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.Certificate certificate = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return Whether the certificate field is set.
+     */
+    public boolean hasCertificate() {
+      return certificateBuilder_ != null || certificate_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
+     * with updated values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.Certificate certificate = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The certificate.
+     */
+    public com.google.cloud.security.privateca.v1.Certificate getCertificate() {
+      if (certificateBuilder_ == null) {
+        return certificate_ == null
+            ? com.google.cloud.security.privateca.v1.Certificate.getDefaultInstance()
+            : certificate_;
+      } else {
+        return certificateBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
+     * with updated values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.Certificate certificate = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setCertificate(com.google.cloud.security.privateca.v1.Certificate value) {
+      if (certificateBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        certificate_ = value;
+        onChanged();
+      } else {
+        certificateBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
+     * with updated values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.Certificate certificate = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setCertificate(
+        com.google.cloud.security.privateca.v1.Certificate.Builder builderForValue) {
+      if (certificateBuilder_ == null) {
+        certificate_ = builderForValue.build();
+        onChanged();
+      } else {
+        certificateBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
+     * with updated values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.Certificate certificate = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder mergeCertificate(com.google.cloud.security.privateca.v1.Certificate value) {
+      if (certificateBuilder_ == null) {
+        if (certificate_ != null) {
+          certificate_ =
+              com.google.cloud.security.privateca.v1.Certificate.newBuilder(certificate_)
+                  .mergeFrom(value)
+                  .buildPartial();
+        } else {
+          certificate_ = value;
+        }
+        onChanged();
+      } else {
+        certificateBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
+     * with updated values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.Certificate certificate = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder clearCertificate() {
+      if (certificateBuilder_ == null) {
+        certificate_ = null;
+        onChanged();
+      } else {
+        certificate_ = null;
+        certificateBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
+     * with updated values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.Certificate certificate = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.Certificate.Builder getCertificateBuilder() {
+
+      onChanged();
+      return getCertificateFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
+     * with updated values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.Certificate certificate = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateOrBuilder getCertificateOrBuilder() {
+      if (certificateBuilder_ != null) {
+        return certificateBuilder_.getMessageOrBuilder();
+      } else {
+        return certificate_ == null
+            ? com.google.cloud.security.privateca.v1.Certificate.getDefaultInstance()
+            : certificate_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
+     * with updated values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.Certificate certificate = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.Certificate,
+            com.google.cloud.security.privateca.v1.Certificate.Builder,
+            com.google.cloud.security.privateca.v1.CertificateOrBuilder>
+        getCertificateFieldBuilder() {
+      if (certificateBuilder_ == null) {
+        certificateBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.Certificate,
+                com.google.cloud.security.privateca.v1.Certificate.Builder,
+                com.google.cloud.security.privateca.v1.CertificateOrBuilder>(
+                getCertificate(), getParentForChildren(), isClean());
+        certificate_ = null;
+      }
+      return certificateBuilder_;
+    }
+
+    private com.google.protobuf.FieldMask updateMask_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.FieldMask,
+            com.google.protobuf.FieldMask.Builder,
+            com.google.protobuf.FieldMaskOrBuilder>
+        updateMaskBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return Whether the updateMask field is set.
+     */
+    public boolean hasUpdateMask() {
+      return updateMaskBuilder_ != null || updateMask_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The updateMask.
+     */
+    public com.google.protobuf.FieldMask getUpdateMask() {
+      if (updateMaskBuilder_ == null) {
+        return updateMask_ == null
+            ? com.google.protobuf.FieldMask.getDefaultInstance()
+            : updateMask_;
+      } else {
+        return updateMaskBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setUpdateMask(com.google.protobuf.FieldMask value) {
+      if (updateMaskBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        updateMask_ = value;
+        onChanged();
+      } else {
+        updateMaskBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setUpdateMask(com.google.protobuf.FieldMask.Builder builderForValue) {
+      if (updateMaskBuilder_ == null) {
+        updateMask_ = builderForValue.build();
+        onChanged();
+      } else {
+        updateMaskBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder mergeUpdateMask(com.google.protobuf.FieldMask value) {
+      if (updateMaskBuilder_ == null) {
+        if (updateMask_ != null) {
+          updateMask_ =
+              com.google.protobuf.FieldMask.newBuilder(updateMask_).mergeFrom(value).buildPartial();
+        } else {
+          updateMask_ = value;
+        }
+        onChanged();
+      } else {
+        updateMaskBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder clearUpdateMask() {
+      if (updateMaskBuilder_ == null) {
+        updateMask_ = null;
+        onChanged();
+      } else {
+        updateMask_ = null;
+        updateMaskBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public com.google.protobuf.FieldMask.Builder getUpdateMaskBuilder() {
+
+      onChanged();
+      return getUpdateMaskFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public com.google.protobuf.FieldMaskOrBuilder getUpdateMaskOrBuilder() {
+      if (updateMaskBuilder_ != null) {
+        return updateMaskBuilder_.getMessageOrBuilder();
+      } else {
+        return updateMask_ == null
+            ? com.google.protobuf.FieldMask.getDefaultInstance()
+            : updateMask_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.FieldMask,
+            com.google.protobuf.FieldMask.Builder,
+            com.google.protobuf.FieldMaskOrBuilder>
+        getUpdateMaskFieldBuilder() {
+      if (updateMaskBuilder_ == null) {
+        updateMaskBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.protobuf.FieldMask,
+                com.google.protobuf.FieldMask.Builder,
+                com.google.protobuf.FieldMaskOrBuilder>(
+                getUpdateMask(), getParentForChildren(), isClean());
+        updateMask_ = null;
+      }
+      return updateMaskBuilder_;
+    }
+
+    private java.lang.Object requestId_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The requestId.
+     */
+    public java.lang.String getRequestId() {
+      java.lang.Object ref = requestId_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        requestId_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for requestId.
+     */
+    public com.google.protobuf.ByteString getRequestIdBytes() {
+      java.lang.Object ref = requestId_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        requestId_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The requestId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setRequestId(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      requestId_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearRequestId() {
+
+      requestId_ = getDefaultInstance().getRequestId();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The bytes for requestId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setRequestIdBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      requestId_ = value;
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.UpdateCertificateRequest)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.UpdateCertificateRequest)
+  private static final com.google.cloud.security.privateca.v1.UpdateCertificateRequest
+      DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.UpdateCertificateRequest();
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateRequest
+      getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<UpdateCertificateRequest> PARSER =
+      new com.google.protobuf.AbstractParser<UpdateCertificateRequest>() {
+        @java.lang.Override
+        public UpdateCertificateRequest parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new UpdateCertificateRequest(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<UpdateCertificateRequest> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<UpdateCertificateRequest> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.UpdateCertificateRequest
+      getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateRequestOrBuilder.java
new file mode 100644
index 00000000..193c5c55
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateRequestOrBuilder.java
@@ -0,0 +1,152 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface UpdateCertificateRequestOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.UpdateCertificateRequest)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
+   * with updated values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.Certificate certificate = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return Whether the certificate field is set.
+   */
+  boolean hasCertificate();
+  /**
+   *
+   *
+   * <pre>
+   * Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
+   * with updated values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.Certificate certificate = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The certificate.
+   */
+  com.google.cloud.security.privateca.v1.Certificate getCertificate();
+  /**
+   *
+   *
+   * <pre>
+   * Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
+   * with updated values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.Certificate certificate = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.CertificateOrBuilder getCertificateOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. A list of fields to be updated in this request.
+   * </pre>
+   *
+   * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return Whether the updateMask field is set.
+   */
+  boolean hasUpdateMask();
+  /**
+   *
+   *
+   * <pre>
+   * Required. A list of fields to be updated in this request.
+   * </pre>
+   *
+   * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The updateMask.
+   */
+  com.google.protobuf.FieldMask getUpdateMask();
+  /**
+   *
+   *
+   * <pre>
+   * Required. A list of fields to be updated in this request.
+   * </pre>
+   *
+   * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   */
+  com.google.protobuf.FieldMaskOrBuilder getUpdateMaskOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The requestId.
+   */
+  java.lang.String getRequestId();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for requestId.
+   */
+  com.google.protobuf.ByteString getRequestIdBytes();
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateRevocationListRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateRevocationListRequest.java
new file mode 100644
index 00000000..c0cd3a35
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateRevocationListRequest.java
@@ -0,0 +1,1361 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Request message for
+ * [CertificateAuthorityService.UpdateCertificateRevocationList][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificateRevocationList].
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest}
+ */
+public final class UpdateCertificateRevocationListRequest
+    extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest)
+    UpdateCertificateRevocationListRequestOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use UpdateCertificateRevocationListRequest.newBuilder() to construct.
+  private UpdateCertificateRevocationListRequest(
+      com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private UpdateCertificateRevocationListRequest() {
+    requestId_ = "";
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new UpdateCertificateRevocationListRequest();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private UpdateCertificateRevocationListRequest(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              com.google.cloud.security.privateca.v1.CertificateRevocationList.Builder subBuilder =
+                  null;
+              if (certificateRevocationList_ != null) {
+                subBuilder = certificateRevocationList_.toBuilder();
+              }
+              certificateRevocationList_ =
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.CertificateRevocationList.parser(),
+                      extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(certificateRevocationList_);
+                certificateRevocationList_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 18:
+            {
+              com.google.protobuf.FieldMask.Builder subBuilder = null;
+              if (updateMask_ != null) {
+                subBuilder = updateMask_.toBuilder();
+              }
+              updateMask_ =
+                  input.readMessage(com.google.protobuf.FieldMask.parser(), extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(updateMask_);
+                updateMask_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 26:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              requestId_ = s;
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_UpdateCertificateRevocationListRequest_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_UpdateCertificateRevocationListRequest_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest.class,
+            com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest.Builder
+                .class);
+  }
+
+  public static final int CERTIFICATE_REVOCATION_LIST_FIELD_NUMBER = 1;
+  private com.google.cloud.security.privateca.v1.CertificateRevocationList
+      certificateRevocationList_;
+  /**
+   *
+   *
+   * <pre>
+   * Required.
+   * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+   * with updated values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_list = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return Whether the certificateRevocationList field is set.
+   */
+  @java.lang.Override
+  public boolean hasCertificateRevocationList() {
+    return certificateRevocationList_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required.
+   * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+   * with updated values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_list = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The certificateRevocationList.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateRevocationList
+      getCertificateRevocationList() {
+    return certificateRevocationList_ == null
+        ? com.google.cloud.security.privateca.v1.CertificateRevocationList.getDefaultInstance()
+        : certificateRevocationList_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required.
+   * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+   * with updated values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_list = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateRevocationListOrBuilder
+      getCertificateRevocationListOrBuilder() {
+    return getCertificateRevocationList();
+  }
+
+  public static final int UPDATE_MASK_FIELD_NUMBER = 2;
+  private com.google.protobuf.FieldMask updateMask_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. A list of fields to be updated in this request.
+   * </pre>
+   *
+   * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return Whether the updateMask field is set.
+   */
+  @java.lang.Override
+  public boolean hasUpdateMask() {
+    return updateMask_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. A list of fields to be updated in this request.
+   * </pre>
+   *
+   * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The updateMask.
+   */
+  @java.lang.Override
+  public com.google.protobuf.FieldMask getUpdateMask() {
+    return updateMask_ == null ? com.google.protobuf.FieldMask.getDefaultInstance() : updateMask_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. A list of fields to be updated in this request.
+   * </pre>
+   *
+   * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.protobuf.FieldMaskOrBuilder getUpdateMaskOrBuilder() {
+    return getUpdateMask();
+  }
+
+  public static final int REQUEST_ID_FIELD_NUMBER = 3;
+  private volatile java.lang.Object requestId_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The requestId.
+   */
+  @java.lang.Override
+  public java.lang.String getRequestId() {
+    java.lang.Object ref = requestId_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      requestId_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for requestId.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getRequestIdBytes() {
+    java.lang.Object ref = requestId_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      requestId_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (certificateRevocationList_ != null) {
+      output.writeMessage(1, getCertificateRevocationList());
+    }
+    if (updateMask_ != null) {
+      output.writeMessage(2, getUpdateMask());
+    }
+    if (!getRequestIdBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 3, requestId_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (certificateRevocationList_ != null) {
+      size +=
+          com.google.protobuf.CodedOutputStream.computeMessageSize(
+              1, getCertificateRevocationList());
+    }
+    if (updateMask_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(2, getUpdateMask());
+    }
+    if (!getRequestIdBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(3, requestId_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj
+        instanceof com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest other =
+        (com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest) obj;
+
+    if (hasCertificateRevocationList() != other.hasCertificateRevocationList()) return false;
+    if (hasCertificateRevocationList()) {
+      if (!getCertificateRevocationList().equals(other.getCertificateRevocationList()))
+        return false;
+    }
+    if (hasUpdateMask() != other.hasUpdateMask()) return false;
+    if (hasUpdateMask()) {
+      if (!getUpdateMask().equals(other.getUpdateMask())) return false;
+    }
+    if (!getRequestId().equals(other.getRequestId())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    if (hasCertificateRevocationList()) {
+      hash = (37 * hash) + CERTIFICATE_REVOCATION_LIST_FIELD_NUMBER;
+      hash = (53 * hash) + getCertificateRevocationList().hashCode();
+    }
+    if (hasUpdateMask()) {
+      hash = (37 * hash) + UPDATE_MASK_FIELD_NUMBER;
+      hash = (53 * hash) + getUpdateMask().hashCode();
+    }
+    hash = (37 * hash) + REQUEST_ID_FIELD_NUMBER;
+    hash = (53 * hash) + getRequestId().hashCode();
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest
+      parseFrom(java.nio.ByteBuffer data)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest
+      parseFrom(
+          java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest
+      parseFrom(com.google.protobuf.ByteString data)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest
+      parseFrom(
+          com.google.protobuf.ByteString data,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest
+      parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest
+      parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest
+      parseFrom(java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest
+      parseFrom(
+          java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest
+      parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest
+      parseDelimitedFrom(
+          java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest
+      parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest
+      parseFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Request message for
+   * [CertificateAuthorityService.UpdateCertificateRevocationList][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificateRevocationList].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest)
+      com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequestOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_UpdateCertificateRevocationListRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_UpdateCertificateRevocationListRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest.class,
+              com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest.Builder
+                  .class);
+    }
+
+    // Construct using
+    // com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      if (certificateRevocationListBuilder_ == null) {
+        certificateRevocationList_ = null;
+      } else {
+        certificateRevocationList_ = null;
+        certificateRevocationListBuilder_ = null;
+      }
+      if (updateMaskBuilder_ == null) {
+        updateMask_ = null;
+      } else {
+        updateMask_ = null;
+        updateMaskBuilder_ = null;
+      }
+      requestId_ = "";
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_UpdateCertificateRevocationListRequest_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest
+        getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest
+          .getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest build() {
+      com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest result =
+          buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest
+        buildPartial() {
+      com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest result =
+          new com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest(this);
+      if (certificateRevocationListBuilder_ == null) {
+        result.certificateRevocationList_ = certificateRevocationList_;
+      } else {
+        result.certificateRevocationList_ = certificateRevocationListBuilder_.build();
+      }
+      if (updateMaskBuilder_ == null) {
+        result.updateMask_ = updateMask_;
+      } else {
+        result.updateMask_ = updateMaskBuilder_.build();
+      }
+      result.requestId_ = requestId_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other
+          instanceof
+          com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest) {
+        return mergeFrom(
+            (com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(
+        com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest other) {
+      if (other
+          == com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest
+              .getDefaultInstance()) return this;
+      if (other.hasCertificateRevocationList()) {
+        mergeCertificateRevocationList(other.getCertificateRevocationList());
+      }
+      if (other.hasUpdateMask()) {
+        mergeUpdateMask(other.getUpdateMask());
+      }
+      if (!other.getRequestId().isEmpty()) {
+        requestId_ = other.requestId_;
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest parsedMessage =
+          null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest)
+                e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private com.google.cloud.security.privateca.v1.CertificateRevocationList
+        certificateRevocationList_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateRevocationList,
+            com.google.cloud.security.privateca.v1.CertificateRevocationList.Builder,
+            com.google.cloud.security.privateca.v1.CertificateRevocationListOrBuilder>
+        certificateRevocationListBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Required.
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * with updated values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_list = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return Whether the certificateRevocationList field is set.
+     */
+    public boolean hasCertificateRevocationList() {
+      return certificateRevocationListBuilder_ != null || certificateRevocationList_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required.
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * with updated values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_list = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The certificateRevocationList.
+     */
+    public com.google.cloud.security.privateca.v1.CertificateRevocationList
+        getCertificateRevocationList() {
+      if (certificateRevocationListBuilder_ == null) {
+        return certificateRevocationList_ == null
+            ? com.google.cloud.security.privateca.v1.CertificateRevocationList.getDefaultInstance()
+            : certificateRevocationList_;
+      } else {
+        return certificateRevocationListBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required.
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * with updated values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_list = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setCertificateRevocationList(
+        com.google.cloud.security.privateca.v1.CertificateRevocationList value) {
+      if (certificateRevocationListBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        certificateRevocationList_ = value;
+        onChanged();
+      } else {
+        certificateRevocationListBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required.
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * with updated values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_list = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setCertificateRevocationList(
+        com.google.cloud.security.privateca.v1.CertificateRevocationList.Builder builderForValue) {
+      if (certificateRevocationListBuilder_ == null) {
+        certificateRevocationList_ = builderForValue.build();
+        onChanged();
+      } else {
+        certificateRevocationListBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required.
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * with updated values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_list = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder mergeCertificateRevocationList(
+        com.google.cloud.security.privateca.v1.CertificateRevocationList value) {
+      if (certificateRevocationListBuilder_ == null) {
+        if (certificateRevocationList_ != null) {
+          certificateRevocationList_ =
+              com.google.cloud.security.privateca.v1.CertificateRevocationList.newBuilder(
+                      certificateRevocationList_)
+                  .mergeFrom(value)
+                  .buildPartial();
+        } else {
+          certificateRevocationList_ = value;
+        }
+        onChanged();
+      } else {
+        certificateRevocationListBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required.
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * with updated values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_list = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder clearCertificateRevocationList() {
+      if (certificateRevocationListBuilder_ == null) {
+        certificateRevocationList_ = null;
+        onChanged();
+      } else {
+        certificateRevocationList_ = null;
+        certificateRevocationListBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required.
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * with updated values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_list = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateRevocationList.Builder
+        getCertificateRevocationListBuilder() {
+
+      onChanged();
+      return getCertificateRevocationListFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required.
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * with updated values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_list = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateRevocationListOrBuilder
+        getCertificateRevocationListOrBuilder() {
+      if (certificateRevocationListBuilder_ != null) {
+        return certificateRevocationListBuilder_.getMessageOrBuilder();
+      } else {
+        return certificateRevocationList_ == null
+            ? com.google.cloud.security.privateca.v1.CertificateRevocationList.getDefaultInstance()
+            : certificateRevocationList_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required.
+     * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+     * with updated values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_list = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateRevocationList,
+            com.google.cloud.security.privateca.v1.CertificateRevocationList.Builder,
+            com.google.cloud.security.privateca.v1.CertificateRevocationListOrBuilder>
+        getCertificateRevocationListFieldBuilder() {
+      if (certificateRevocationListBuilder_ == null) {
+        certificateRevocationListBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.CertificateRevocationList,
+                com.google.cloud.security.privateca.v1.CertificateRevocationList.Builder,
+                com.google.cloud.security.privateca.v1.CertificateRevocationListOrBuilder>(
+                getCertificateRevocationList(), getParentForChildren(), isClean());
+        certificateRevocationList_ = null;
+      }
+      return certificateRevocationListBuilder_;
+    }
+
+    private com.google.protobuf.FieldMask updateMask_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.FieldMask,
+            com.google.protobuf.FieldMask.Builder,
+            com.google.protobuf.FieldMaskOrBuilder>
+        updateMaskBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return Whether the updateMask field is set.
+     */
+    public boolean hasUpdateMask() {
+      return updateMaskBuilder_ != null || updateMask_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The updateMask.
+     */
+    public com.google.protobuf.FieldMask getUpdateMask() {
+      if (updateMaskBuilder_ == null) {
+        return updateMask_ == null
+            ? com.google.protobuf.FieldMask.getDefaultInstance()
+            : updateMask_;
+      } else {
+        return updateMaskBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setUpdateMask(com.google.protobuf.FieldMask value) {
+      if (updateMaskBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        updateMask_ = value;
+        onChanged();
+      } else {
+        updateMaskBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setUpdateMask(com.google.protobuf.FieldMask.Builder builderForValue) {
+      if (updateMaskBuilder_ == null) {
+        updateMask_ = builderForValue.build();
+        onChanged();
+      } else {
+        updateMaskBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder mergeUpdateMask(com.google.protobuf.FieldMask value) {
+      if (updateMaskBuilder_ == null) {
+        if (updateMask_ != null) {
+          updateMask_ =
+              com.google.protobuf.FieldMask.newBuilder(updateMask_).mergeFrom(value).buildPartial();
+        } else {
+          updateMask_ = value;
+        }
+        onChanged();
+      } else {
+        updateMaskBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder clearUpdateMask() {
+      if (updateMaskBuilder_ == null) {
+        updateMask_ = null;
+        onChanged();
+      } else {
+        updateMask_ = null;
+        updateMaskBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public com.google.protobuf.FieldMask.Builder getUpdateMaskBuilder() {
+
+      onChanged();
+      return getUpdateMaskFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public com.google.protobuf.FieldMaskOrBuilder getUpdateMaskOrBuilder() {
+      if (updateMaskBuilder_ != null) {
+        return updateMaskBuilder_.getMessageOrBuilder();
+      } else {
+        return updateMask_ == null
+            ? com.google.protobuf.FieldMask.getDefaultInstance()
+            : updateMask_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.FieldMask,
+            com.google.protobuf.FieldMask.Builder,
+            com.google.protobuf.FieldMaskOrBuilder>
+        getUpdateMaskFieldBuilder() {
+      if (updateMaskBuilder_ == null) {
+        updateMaskBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.protobuf.FieldMask,
+                com.google.protobuf.FieldMask.Builder,
+                com.google.protobuf.FieldMaskOrBuilder>(
+                getUpdateMask(), getParentForChildren(), isClean());
+        updateMask_ = null;
+      }
+      return updateMaskBuilder_;
+    }
+
+    private java.lang.Object requestId_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The requestId.
+     */
+    public java.lang.String getRequestId() {
+      java.lang.Object ref = requestId_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        requestId_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for requestId.
+     */
+    public com.google.protobuf.ByteString getRequestIdBytes() {
+      java.lang.Object ref = requestId_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        requestId_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The requestId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setRequestId(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      requestId_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearRequestId() {
+
+      requestId_ = getDefaultInstance().getRequestId();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The bytes for requestId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setRequestIdBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      requestId_ = value;
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest)
+  private static final com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest
+      DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE =
+        new com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest();
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest
+      getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<UpdateCertificateRevocationListRequest> PARSER =
+      new com.google.protobuf.AbstractParser<UpdateCertificateRevocationListRequest>() {
+        @java.lang.Override
+        public UpdateCertificateRevocationListRequest parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new UpdateCertificateRevocationListRequest(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<UpdateCertificateRevocationListRequest> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<UpdateCertificateRevocationListRequest> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest
+      getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateRevocationListRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateRevocationListRequestOrBuilder.java
new file mode 100644
index 00000000..d8296d2c
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateRevocationListRequestOrBuilder.java
@@ -0,0 +1,156 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface UpdateCertificateRevocationListRequestOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.UpdateCertificateRevocationListRequest)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Required.
+   * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+   * with updated values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_list = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return Whether the certificateRevocationList field is set.
+   */
+  boolean hasCertificateRevocationList();
+  /**
+   *
+   *
+   * <pre>
+   * Required.
+   * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+   * with updated values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_list = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The certificateRevocationList.
+   */
+  com.google.cloud.security.privateca.v1.CertificateRevocationList getCertificateRevocationList();
+  /**
+   *
+   *
+   * <pre>
+   * Required.
+   * [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+   * with updated values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateRevocationList certificate_revocation_list = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.CertificateRevocationListOrBuilder
+      getCertificateRevocationListOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. A list of fields to be updated in this request.
+   * </pre>
+   *
+   * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return Whether the updateMask field is set.
+   */
+  boolean hasUpdateMask();
+  /**
+   *
+   *
+   * <pre>
+   * Required. A list of fields to be updated in this request.
+   * </pre>
+   *
+   * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The updateMask.
+   */
+  com.google.protobuf.FieldMask getUpdateMask();
+  /**
+   *
+   *
+   * <pre>
+   * Required. A list of fields to be updated in this request.
+   * </pre>
+   *
+   * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   */
+  com.google.protobuf.FieldMaskOrBuilder getUpdateMaskOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The requestId.
+   */
+  java.lang.String getRequestId();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for requestId.
+   */
+  com.google.protobuf.ByteString getRequestIdBytes();
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateTemplateRequest.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateTemplateRequest.java
new file mode 100644
index 00000000..c6c06491
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateTemplateRequest.java
@@ -0,0 +1,1342 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * Request message for
+ * [CertificateAuthorityService.UpdateCertificateTemplate][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificateTemplate].
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest}
+ */
+public final class UpdateCertificateTemplateRequest extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest)
+    UpdateCertificateTemplateRequestOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use UpdateCertificateTemplateRequest.newBuilder() to construct.
+  private UpdateCertificateTemplateRequest(
+      com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private UpdateCertificateTemplateRequest() {
+    requestId_ = "";
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new UpdateCertificateTemplateRequest();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private UpdateCertificateTemplateRequest(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              com.google.cloud.security.privateca.v1.CertificateTemplate.Builder subBuilder = null;
+              if (certificateTemplate_ != null) {
+                subBuilder = certificateTemplate_.toBuilder();
+              }
+              certificateTemplate_ =
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.CertificateTemplate.parser(),
+                      extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(certificateTemplate_);
+                certificateTemplate_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 18:
+            {
+              com.google.protobuf.FieldMask.Builder subBuilder = null;
+              if (updateMask_ != null) {
+                subBuilder = updateMask_.toBuilder();
+              }
+              updateMask_ =
+                  input.readMessage(com.google.protobuf.FieldMask.parser(), extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(updateMask_);
+                updateMask_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 26:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              requestId_ = s;
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_UpdateCertificateTemplateRequest_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaProto
+        .internal_static_google_cloud_security_privateca_v1_UpdateCertificateTemplateRequest_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest.class,
+            com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest.Builder.class);
+  }
+
+  public static final int CERTIFICATE_TEMPLATE_FIELD_NUMBER = 1;
+  private com.google.cloud.security.privateca.v1.CertificateTemplate certificateTemplate_;
+  /**
+   *
+   *
+   * <pre>
+   * Required.
+   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+   * with updated values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateTemplate certificate_template = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return Whether the certificateTemplate field is set.
+   */
+  @java.lang.Override
+  public boolean hasCertificateTemplate() {
+    return certificateTemplate_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required.
+   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+   * with updated values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateTemplate certificate_template = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The certificateTemplate.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateTemplate getCertificateTemplate() {
+    return certificateTemplate_ == null
+        ? com.google.cloud.security.privateca.v1.CertificateTemplate.getDefaultInstance()
+        : certificateTemplate_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required.
+   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+   * with updated values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateTemplate certificate_template = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.CertificateTemplateOrBuilder
+      getCertificateTemplateOrBuilder() {
+    return getCertificateTemplate();
+  }
+
+  public static final int UPDATE_MASK_FIELD_NUMBER = 2;
+  private com.google.protobuf.FieldMask updateMask_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. A list of fields to be updated in this request.
+   * </pre>
+   *
+   * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return Whether the updateMask field is set.
+   */
+  @java.lang.Override
+  public boolean hasUpdateMask() {
+    return updateMask_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. A list of fields to be updated in this request.
+   * </pre>
+   *
+   * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The updateMask.
+   */
+  @java.lang.Override
+  public com.google.protobuf.FieldMask getUpdateMask() {
+    return updateMask_ == null ? com.google.protobuf.FieldMask.getDefaultInstance() : updateMask_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. A list of fields to be updated in this request.
+   * </pre>
+   *
+   * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.protobuf.FieldMaskOrBuilder getUpdateMaskOrBuilder() {
+    return getUpdateMask();
+  }
+
+  public static final int REQUEST_ID_FIELD_NUMBER = 3;
+  private volatile java.lang.Object requestId_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The requestId.
+   */
+  @java.lang.Override
+  public java.lang.String getRequestId() {
+    java.lang.Object ref = requestId_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      requestId_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for requestId.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getRequestIdBytes() {
+    java.lang.Object ref = requestId_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      requestId_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (certificateTemplate_ != null) {
+      output.writeMessage(1, getCertificateTemplate());
+    }
+    if (updateMask_ != null) {
+      output.writeMessage(2, getUpdateMask());
+    }
+    if (!getRequestIdBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 3, requestId_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (certificateTemplate_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(1, getCertificateTemplate());
+    }
+    if (updateMask_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(2, getUpdateMask());
+    }
+    if (!getRequestIdBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(3, requestId_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest other =
+        (com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest) obj;
+
+    if (hasCertificateTemplate() != other.hasCertificateTemplate()) return false;
+    if (hasCertificateTemplate()) {
+      if (!getCertificateTemplate().equals(other.getCertificateTemplate())) return false;
+    }
+    if (hasUpdateMask() != other.hasUpdateMask()) return false;
+    if (hasUpdateMask()) {
+      if (!getUpdateMask().equals(other.getUpdateMask())) return false;
+    }
+    if (!getRequestId().equals(other.getRequestId())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    if (hasCertificateTemplate()) {
+      hash = (37 * hash) + CERTIFICATE_TEMPLATE_FIELD_NUMBER;
+      hash = (53 * hash) + getCertificateTemplate().hashCode();
+    }
+    if (hasUpdateMask()) {
+      hash = (37 * hash) + UPDATE_MASK_FIELD_NUMBER;
+      hash = (53 * hash) + getUpdateMask().hashCode();
+    }
+    hash = (37 * hash) + REQUEST_ID_FIELD_NUMBER;
+    hash = (53 * hash) + getRequestId().hashCode();
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest parseFrom(
+      byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest
+      parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest
+      parseDelimitedFrom(
+          java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Request message for
+   * [CertificateAuthorityService.UpdateCertificateTemplate][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificateTemplate].
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest)
+      com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequestOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_UpdateCertificateTemplateRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_UpdateCertificateTemplateRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest.class,
+              com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest.Builder
+                  .class);
+    }
+
+    // Construct using
+    // com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      if (certificateTemplateBuilder_ == null) {
+        certificateTemplate_ = null;
+      } else {
+        certificateTemplate_ = null;
+        certificateTemplateBuilder_ = null;
+      }
+      if (updateMaskBuilder_ == null) {
+        updateMask_ = null;
+      } else {
+        updateMask_ = null;
+        updateMaskBuilder_ = null;
+      }
+      requestId_ = "";
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaProto
+          .internal_static_google_cloud_security_privateca_v1_UpdateCertificateTemplateRequest_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest
+        getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest
+          .getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest build() {
+      com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest result =
+          buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest buildPartial() {
+      com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest result =
+          new com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest(this);
+      if (certificateTemplateBuilder_ == null) {
+        result.certificateTemplate_ = certificateTemplate_;
+      } else {
+        result.certificateTemplate_ = certificateTemplateBuilder_.build();
+      }
+      if (updateMaskBuilder_ == null) {
+        result.updateMask_ = updateMask_;
+      } else {
+        result.updateMask_ = updateMaskBuilder_.build();
+      }
+      result.requestId_ = requestId_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other
+          instanceof com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest) {
+        return mergeFrom(
+            (com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(
+        com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest other) {
+      if (other
+          == com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest
+              .getDefaultInstance()) return this;
+      if (other.hasCertificateTemplate()) {
+        mergeCertificateTemplate(other.getCertificateTemplate());
+      }
+      if (other.hasUpdateMask()) {
+        mergeUpdateMask(other.getUpdateMask());
+      }
+      if (!other.getRequestId().isEmpty()) {
+        requestId_ = other.requestId_;
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest)
+                e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private com.google.cloud.security.privateca.v1.CertificateTemplate certificateTemplate_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateTemplate,
+            com.google.cloud.security.privateca.v1.CertificateTemplate.Builder,
+            com.google.cloud.security.privateca.v1.CertificateTemplateOrBuilder>
+        certificateTemplateBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Required.
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * with updated values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateTemplate certificate_template = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return Whether the certificateTemplate field is set.
+     */
+    public boolean hasCertificateTemplate() {
+      return certificateTemplateBuilder_ != null || certificateTemplate_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required.
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * with updated values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateTemplate certificate_template = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The certificateTemplate.
+     */
+    public com.google.cloud.security.privateca.v1.CertificateTemplate getCertificateTemplate() {
+      if (certificateTemplateBuilder_ == null) {
+        return certificateTemplate_ == null
+            ? com.google.cloud.security.privateca.v1.CertificateTemplate.getDefaultInstance()
+            : certificateTemplate_;
+      } else {
+        return certificateTemplateBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required.
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * with updated values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateTemplate certificate_template = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setCertificateTemplate(
+        com.google.cloud.security.privateca.v1.CertificateTemplate value) {
+      if (certificateTemplateBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        certificateTemplate_ = value;
+        onChanged();
+      } else {
+        certificateTemplateBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required.
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * with updated values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateTemplate certificate_template = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setCertificateTemplate(
+        com.google.cloud.security.privateca.v1.CertificateTemplate.Builder builderForValue) {
+      if (certificateTemplateBuilder_ == null) {
+        certificateTemplate_ = builderForValue.build();
+        onChanged();
+      } else {
+        certificateTemplateBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required.
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * with updated values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateTemplate certificate_template = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder mergeCertificateTemplate(
+        com.google.cloud.security.privateca.v1.CertificateTemplate value) {
+      if (certificateTemplateBuilder_ == null) {
+        if (certificateTemplate_ != null) {
+          certificateTemplate_ =
+              com.google.cloud.security.privateca.v1.CertificateTemplate.newBuilder(
+                      certificateTemplate_)
+                  .mergeFrom(value)
+                  .buildPartial();
+        } else {
+          certificateTemplate_ = value;
+        }
+        onChanged();
+      } else {
+        certificateTemplateBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required.
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * with updated values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateTemplate certificate_template = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder clearCertificateTemplate() {
+      if (certificateTemplateBuilder_ == null) {
+        certificateTemplate_ = null;
+        onChanged();
+      } else {
+        certificateTemplate_ = null;
+        certificateTemplateBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required.
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * with updated values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateTemplate certificate_template = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateTemplate.Builder
+        getCertificateTemplateBuilder() {
+
+      onChanged();
+      return getCertificateTemplateFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required.
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * with updated values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateTemplate certificate_template = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.CertificateTemplateOrBuilder
+        getCertificateTemplateOrBuilder() {
+      if (certificateTemplateBuilder_ != null) {
+        return certificateTemplateBuilder_.getMessageOrBuilder();
+      } else {
+        return certificateTemplate_ == null
+            ? com.google.cloud.security.privateca.v1.CertificateTemplate.getDefaultInstance()
+            : certificateTemplate_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required.
+     * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+     * with updated values.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.CertificateTemplate certificate_template = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.CertificateTemplate,
+            com.google.cloud.security.privateca.v1.CertificateTemplate.Builder,
+            com.google.cloud.security.privateca.v1.CertificateTemplateOrBuilder>
+        getCertificateTemplateFieldBuilder() {
+      if (certificateTemplateBuilder_ == null) {
+        certificateTemplateBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.CertificateTemplate,
+                com.google.cloud.security.privateca.v1.CertificateTemplate.Builder,
+                com.google.cloud.security.privateca.v1.CertificateTemplateOrBuilder>(
+                getCertificateTemplate(), getParentForChildren(), isClean());
+        certificateTemplate_ = null;
+      }
+      return certificateTemplateBuilder_;
+    }
+
+    private com.google.protobuf.FieldMask updateMask_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.FieldMask,
+            com.google.protobuf.FieldMask.Builder,
+            com.google.protobuf.FieldMaskOrBuilder>
+        updateMaskBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return Whether the updateMask field is set.
+     */
+    public boolean hasUpdateMask() {
+      return updateMaskBuilder_ != null || updateMask_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The updateMask.
+     */
+    public com.google.protobuf.FieldMask getUpdateMask() {
+      if (updateMaskBuilder_ == null) {
+        return updateMask_ == null
+            ? com.google.protobuf.FieldMask.getDefaultInstance()
+            : updateMask_;
+      } else {
+        return updateMaskBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setUpdateMask(com.google.protobuf.FieldMask value) {
+      if (updateMaskBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        updateMask_ = value;
+        onChanged();
+      } else {
+        updateMaskBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setUpdateMask(com.google.protobuf.FieldMask.Builder builderForValue) {
+      if (updateMaskBuilder_ == null) {
+        updateMask_ = builderForValue.build();
+        onChanged();
+      } else {
+        updateMaskBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder mergeUpdateMask(com.google.protobuf.FieldMask value) {
+      if (updateMaskBuilder_ == null) {
+        if (updateMask_ != null) {
+          updateMask_ =
+              com.google.protobuf.FieldMask.newBuilder(updateMask_).mergeFrom(value).buildPartial();
+        } else {
+          updateMask_ = value;
+        }
+        onChanged();
+      } else {
+        updateMaskBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder clearUpdateMask() {
+      if (updateMaskBuilder_ == null) {
+        updateMask_ = null;
+        onChanged();
+      } else {
+        updateMask_ = null;
+        updateMaskBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public com.google.protobuf.FieldMask.Builder getUpdateMaskBuilder() {
+
+      onChanged();
+      return getUpdateMaskFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public com.google.protobuf.FieldMaskOrBuilder getUpdateMaskOrBuilder() {
+      if (updateMaskBuilder_ != null) {
+        return updateMaskBuilder_.getMessageOrBuilder();
+      } else {
+        return updateMask_ == null
+            ? com.google.protobuf.FieldMask.getDefaultInstance()
+            : updateMask_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. A list of fields to be updated in this request.
+     * </pre>
+     *
+     * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.FieldMask,
+            com.google.protobuf.FieldMask.Builder,
+            com.google.protobuf.FieldMaskOrBuilder>
+        getUpdateMaskFieldBuilder() {
+      if (updateMaskBuilder_ == null) {
+        updateMaskBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.protobuf.FieldMask,
+                com.google.protobuf.FieldMask.Builder,
+                com.google.protobuf.FieldMaskOrBuilder>(
+                getUpdateMask(), getParentForChildren(), isClean());
+        updateMask_ = null;
+      }
+      return updateMaskBuilder_;
+    }
+
+    private java.lang.Object requestId_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The requestId.
+     */
+    public java.lang.String getRequestId() {
+      java.lang.Object ref = requestId_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        requestId_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The bytes for requestId.
+     */
+    public com.google.protobuf.ByteString getRequestIdBytes() {
+      java.lang.Object ref = requestId_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        requestId_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The requestId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setRequestId(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      requestId_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearRequestId() {
+
+      requestId_ = getDefaultInstance().getRequestId();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. An ID to identify requests. Specify a unique request ID so that
+     * if you must retry your request, the server will know to ignore the request
+     * if it has already been completed. The server will guarantee that for at
+     * least 60 minutes since the first request.
+     * For example, consider a situation where you make an initial request and t
+     * he request times out. If you make the request again with the same request
+     * ID, the server can check if original operation with the same request ID
+     * was received, and if so, will ignore the second request. This prevents
+     * clients from accidentally creating duplicate commitments.
+     * The request ID must be a valid UUID with the exception that zero UUID is
+     * not supported (00000000-0000-0000-0000-000000000000).
+     * </pre>
+     *
+     * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The bytes for requestId to set.
+     * @return This builder for chaining.
+     */
+    public Builder setRequestIdBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      requestId_ = value;
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest)
+  private static final com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest
+      DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE =
+        new com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest();
+  }
+
+  public static com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest
+      getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<UpdateCertificateTemplateRequest> PARSER =
+      new com.google.protobuf.AbstractParser<UpdateCertificateTemplateRequest>() {
+        @java.lang.Override
+        public UpdateCertificateTemplateRequest parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new UpdateCertificateTemplateRequest(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<UpdateCertificateTemplateRequest> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<UpdateCertificateTemplateRequest> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest
+      getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateTemplateRequestOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateTemplateRequestOrBuilder.java
new file mode 100644
index 00000000..eb9c7ae7
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/UpdateCertificateTemplateRequestOrBuilder.java
@@ -0,0 +1,156 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/service.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface UpdateCertificateTemplateRequestOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Required.
+   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+   * with updated values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateTemplate certificate_template = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return Whether the certificateTemplate field is set.
+   */
+  boolean hasCertificateTemplate();
+  /**
+   *
+   *
+   * <pre>
+   * Required.
+   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+   * with updated values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateTemplate certificate_template = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The certificateTemplate.
+   */
+  com.google.cloud.security.privateca.v1.CertificateTemplate getCertificateTemplate();
+  /**
+   *
+   *
+   * <pre>
+   * Required.
+   * [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+   * with updated values.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.CertificateTemplate certificate_template = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.CertificateTemplateOrBuilder
+      getCertificateTemplateOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. A list of fields to be updated in this request.
+   * </pre>
+   *
+   * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return Whether the updateMask field is set.
+   */
+  boolean hasUpdateMask();
+  /**
+   *
+   *
+   * <pre>
+   * Required. A list of fields to be updated in this request.
+   * </pre>
+   *
+   * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The updateMask.
+   */
+  com.google.protobuf.FieldMask getUpdateMask();
+  /**
+   *
+   *
+   * <pre>
+   * Required. A list of fields to be updated in this request.
+   * </pre>
+   *
+   * <code>.google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   */
+  com.google.protobuf.FieldMaskOrBuilder getUpdateMaskOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The requestId.
+   */
+  java.lang.String getRequestId();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. An ID to identify requests. Specify a unique request ID so that
+   * if you must retry your request, the server will know to ignore the request
+   * if it has already been completed. The server will guarantee that for at
+   * least 60 minutes since the first request.
+   * For example, consider a situation where you make an initial request and t
+   * he request times out. If you make the request again with the same request
+   * ID, the server can check if original operation with the same request ID
+   * was received, and if so, will ignore the second request. This prevents
+   * clients from accidentally creating duplicate commitments.
+   * The request ID must be a valid UUID with the exception that zero UUID is
+   * not supported (00000000-0000-0000-0000-000000000000).
+   * </pre>
+   *
+   * <code>string request_id = 3 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The bytes for requestId.
+   */
+  com.google.protobuf.ByteString getRequestIdBytes();
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/X509Extension.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/X509Extension.java
new file mode 100644
index 00000000..033e41e1
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/X509Extension.java
@@ -0,0 +1,953 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/resources.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * An [X509Extension][google.cloud.security.privateca.v1.X509Extension] specifies an X.509 extension, which may be used in
+ * different parts of X.509 objects like certificates, CSRs, and CRLs.
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.X509Extension}
+ */
+public final class X509Extension extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.X509Extension)
+    X509ExtensionOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use X509Extension.newBuilder() to construct.
+  private X509Extension(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private X509Extension() {
+    value_ = com.google.protobuf.ByteString.EMPTY;
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new X509Extension();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private X509Extension(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              com.google.cloud.security.privateca.v1.ObjectId.Builder subBuilder = null;
+              if (objectId_ != null) {
+                subBuilder = objectId_.toBuilder();
+              }
+              objectId_ =
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.ObjectId.parser(), extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(objectId_);
+                objectId_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 16:
+            {
+              critical_ = input.readBool();
+              break;
+            }
+          case 26:
+            {
+              value_ = input.readBytes();
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+        .internal_static_google_cloud_security_privateca_v1_X509Extension_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+        .internal_static_google_cloud_security_privateca_v1_X509Extension_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.X509Extension.class,
+            com.google.cloud.security.privateca.v1.X509Extension.Builder.class);
+  }
+
+  public static final int OBJECT_ID_FIELD_NUMBER = 1;
+  private com.google.cloud.security.privateca.v1.ObjectId objectId_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. The OID for this X.509 extension.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.ObjectId object_id = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return Whether the objectId field is set.
+   */
+  @java.lang.Override
+  public boolean hasObjectId() {
+    return objectId_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. The OID for this X.509 extension.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.ObjectId object_id = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The objectId.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.ObjectId getObjectId() {
+    return objectId_ == null
+        ? com.google.cloud.security.privateca.v1.ObjectId.getDefaultInstance()
+        : objectId_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Required. The OID for this X.509 extension.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.ObjectId object_id = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.ObjectIdOrBuilder getObjectIdOrBuilder() {
+    return getObjectId();
+  }
+
+  public static final int CRITICAL_FIELD_NUMBER = 2;
+  private boolean critical_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. Indicates whether or not this extension is critical (i.e., if the client
+   * does not know how to handle this extension, the client should consider this
+   * to be an error).
+   * </pre>
+   *
+   * <code>bool critical = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+   *
+   * @return The critical.
+   */
+  @java.lang.Override
+  public boolean getCritical() {
+    return critical_;
+  }
+
+  public static final int VALUE_FIELD_NUMBER = 3;
+  private com.google.protobuf.ByteString value_;
+  /**
+   *
+   *
+   * <pre>
+   * Required. The value of this X.509 extension.
+   * </pre>
+   *
+   * <code>bytes value = 3 [(.google.api.field_behavior) = REQUIRED];</code>
+   *
+   * @return The value.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getValue() {
+    return value_;
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (objectId_ != null) {
+      output.writeMessage(1, getObjectId());
+    }
+    if (critical_ != false) {
+      output.writeBool(2, critical_);
+    }
+    if (!value_.isEmpty()) {
+      output.writeBytes(3, value_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (objectId_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(1, getObjectId());
+    }
+    if (critical_ != false) {
+      size += com.google.protobuf.CodedOutputStream.computeBoolSize(2, critical_);
+    }
+    if (!value_.isEmpty()) {
+      size += com.google.protobuf.CodedOutputStream.computeBytesSize(3, value_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.security.privateca.v1.X509Extension)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.X509Extension other =
+        (com.google.cloud.security.privateca.v1.X509Extension) obj;
+
+    if (hasObjectId() != other.hasObjectId()) return false;
+    if (hasObjectId()) {
+      if (!getObjectId().equals(other.getObjectId())) return false;
+    }
+    if (getCritical() != other.getCritical()) return false;
+    if (!getValue().equals(other.getValue())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    if (hasObjectId()) {
+      hash = (37 * hash) + OBJECT_ID_FIELD_NUMBER;
+      hash = (53 * hash) + getObjectId().hashCode();
+    }
+    hash = (37 * hash) + CRITICAL_FIELD_NUMBER;
+    hash = (53 * hash) + com.google.protobuf.Internal.hashBoolean(getCritical());
+    hash = (37 * hash) + VALUE_FIELD_NUMBER;
+    hash = (53 * hash) + getValue().hashCode();
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.X509Extension parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.X509Extension parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.X509Extension parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.X509Extension parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.X509Extension parseFrom(byte[] data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.X509Extension parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.X509Extension parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.X509Extension parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.X509Extension parseDelimitedFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.X509Extension parseDelimitedFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.X509Extension parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.X509Extension parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(com.google.cloud.security.privateca.v1.X509Extension prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * An [X509Extension][google.cloud.security.privateca.v1.X509Extension] specifies an X.509 extension, which may be used in
+   * different parts of X.509 objects like certificates, CSRs, and CRLs.
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.X509Extension}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.X509Extension)
+      com.google.cloud.security.privateca.v1.X509ExtensionOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_X509Extension_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_X509Extension_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.X509Extension.class,
+              com.google.cloud.security.privateca.v1.X509Extension.Builder.class);
+    }
+
+    // Construct using com.google.cloud.security.privateca.v1.X509Extension.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      if (objectIdBuilder_ == null) {
+        objectId_ = null;
+      } else {
+        objectId_ = null;
+        objectIdBuilder_ = null;
+      }
+      critical_ = false;
+
+      value_ = com.google.protobuf.ByteString.EMPTY;
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_X509Extension_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.X509Extension getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.X509Extension.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.X509Extension build() {
+      com.google.cloud.security.privateca.v1.X509Extension result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.X509Extension buildPartial() {
+      com.google.cloud.security.privateca.v1.X509Extension result =
+          new com.google.cloud.security.privateca.v1.X509Extension(this);
+      if (objectIdBuilder_ == null) {
+        result.objectId_ = objectId_;
+      } else {
+        result.objectId_ = objectIdBuilder_.build();
+      }
+      result.critical_ = critical_;
+      result.value_ = value_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.security.privateca.v1.X509Extension) {
+        return mergeFrom((com.google.cloud.security.privateca.v1.X509Extension) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(com.google.cloud.security.privateca.v1.X509Extension other) {
+      if (other == com.google.cloud.security.privateca.v1.X509Extension.getDefaultInstance())
+        return this;
+      if (other.hasObjectId()) {
+        mergeObjectId(other.getObjectId());
+      }
+      if (other.getCritical() != false) {
+        setCritical(other.getCritical());
+      }
+      if (other.getValue() != com.google.protobuf.ByteString.EMPTY) {
+        setValue(other.getValue());
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.X509Extension parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.X509Extension) e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private com.google.cloud.security.privateca.v1.ObjectId objectId_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.ObjectId,
+            com.google.cloud.security.privateca.v1.ObjectId.Builder,
+            com.google.cloud.security.privateca.v1.ObjectIdOrBuilder>
+        objectIdBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. The OID for this X.509 extension.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.ObjectId object_id = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return Whether the objectId field is set.
+     */
+    public boolean hasObjectId() {
+      return objectIdBuilder_ != null || objectId_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The OID for this X.509 extension.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.ObjectId object_id = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     *
+     * @return The objectId.
+     */
+    public com.google.cloud.security.privateca.v1.ObjectId getObjectId() {
+      if (objectIdBuilder_ == null) {
+        return objectId_ == null
+            ? com.google.cloud.security.privateca.v1.ObjectId.getDefaultInstance()
+            : objectId_;
+      } else {
+        return objectIdBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The OID for this X.509 extension.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.ObjectId object_id = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setObjectId(com.google.cloud.security.privateca.v1.ObjectId value) {
+      if (objectIdBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        objectId_ = value;
+        onChanged();
+      } else {
+        objectIdBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The OID for this X.509 extension.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.ObjectId object_id = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder setObjectId(
+        com.google.cloud.security.privateca.v1.ObjectId.Builder builderForValue) {
+      if (objectIdBuilder_ == null) {
+        objectId_ = builderForValue.build();
+        onChanged();
+      } else {
+        objectIdBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The OID for this X.509 extension.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.ObjectId object_id = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder mergeObjectId(com.google.cloud.security.privateca.v1.ObjectId value) {
+      if (objectIdBuilder_ == null) {
+        if (objectId_ != null) {
+          objectId_ =
+              com.google.cloud.security.privateca.v1.ObjectId.newBuilder(objectId_)
+                  .mergeFrom(value)
+                  .buildPartial();
+        } else {
+          objectId_ = value;
+        }
+        onChanged();
+      } else {
+        objectIdBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The OID for this X.509 extension.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.ObjectId object_id = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public Builder clearObjectId() {
+      if (objectIdBuilder_ == null) {
+        objectId_ = null;
+        onChanged();
+      } else {
+        objectId_ = null;
+        objectIdBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The OID for this X.509 extension.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.ObjectId object_id = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.ObjectId.Builder getObjectIdBuilder() {
+
+      onChanged();
+      return getObjectIdFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The OID for this X.509 extension.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.ObjectId object_id = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.ObjectIdOrBuilder getObjectIdOrBuilder() {
+      if (objectIdBuilder_ != null) {
+        return objectIdBuilder_.getMessageOrBuilder();
+      } else {
+        return objectId_ == null
+            ? com.google.cloud.security.privateca.v1.ObjectId.getDefaultInstance()
+            : objectId_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The OID for this X.509 extension.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.ObjectId object_id = 1 [(.google.api.field_behavior) = REQUIRED];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.ObjectId,
+            com.google.cloud.security.privateca.v1.ObjectId.Builder,
+            com.google.cloud.security.privateca.v1.ObjectIdOrBuilder>
+        getObjectIdFieldBuilder() {
+      if (objectIdBuilder_ == null) {
+        objectIdBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.ObjectId,
+                com.google.cloud.security.privateca.v1.ObjectId.Builder,
+                com.google.cloud.security.privateca.v1.ObjectIdOrBuilder>(
+                getObjectId(), getParentForChildren(), isClean());
+        objectId_ = null;
+      }
+      return objectIdBuilder_;
+    }
+
+    private boolean critical_;
+    /**
+     *
+     *
+     * <pre>
+     * Required. Indicates whether or not this extension is critical (i.e., if the client
+     * does not know how to handle this extension, the client should consider this
+     * to be an error).
+     * </pre>
+     *
+     * <code>bool critical = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The critical.
+     */
+    @java.lang.Override
+    public boolean getCritical() {
+      return critical_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Indicates whether or not this extension is critical (i.e., if the client
+     * does not know how to handle this extension, the client should consider this
+     * to be an error).
+     * </pre>
+     *
+     * <code>bool critical = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @param value The critical to set.
+     * @return This builder for chaining.
+     */
+    public Builder setCritical(boolean value) {
+
+      critical_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. Indicates whether or not this extension is critical (i.e., if the client
+     * does not know how to handle this extension, the client should consider this
+     * to be an error).
+     * </pre>
+     *
+     * <code>bool critical = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearCritical() {
+
+      critical_ = false;
+      onChanged();
+      return this;
+    }
+
+    private com.google.protobuf.ByteString value_ = com.google.protobuf.ByteString.EMPTY;
+    /**
+     *
+     *
+     * <pre>
+     * Required. The value of this X.509 extension.
+     * </pre>
+     *
+     * <code>bytes value = 3 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return The value.
+     */
+    @java.lang.Override
+    public com.google.protobuf.ByteString getValue() {
+      return value_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The value of this X.509 extension.
+     * </pre>
+     *
+     * <code>bytes value = 3 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @param value The value to set.
+     * @return This builder for chaining.
+     */
+    public Builder setValue(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      value_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Required. The value of this X.509 extension.
+     * </pre>
+     *
+     * <code>bytes value = 3 [(.google.api.field_behavior) = REQUIRED];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearValue() {
+
+      value_ = getDefaultInstance().getValue();
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.X509Extension)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.X509Extension)
+  private static final com.google.cloud.security.privateca.v1.X509Extension DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.X509Extension();
+  }
+
+  public static com.google.cloud.security.privateca.v1.X509Extension getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<X509Extension> PARSER =
+      new com.google.protobuf.AbstractParser<X509Extension>() {
+        @java.lang.Override
+        public X509Extension parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new X509Extension(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<X509Extension> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<X509Extension> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.X509Extension getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/X509ExtensionOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/X509ExtensionOrBuilder.java
new file mode 100644
index 00000000..bb6b8077
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/X509ExtensionOrBuilder.java
@@ -0,0 +1,94 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/resources.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface X509ExtensionOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.X509Extension)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. The OID for this X.509 extension.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.ObjectId object_id = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return Whether the objectId field is set.
+   */
+  boolean hasObjectId();
+  /**
+   *
+   *
+   * <pre>
+   * Required. The OID for this X.509 extension.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.ObjectId object_id = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   *
+   * @return The objectId.
+   */
+  com.google.cloud.security.privateca.v1.ObjectId getObjectId();
+  /**
+   *
+   *
+   * <pre>
+   * Required. The OID for this X.509 extension.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.ObjectId object_id = 1 [(.google.api.field_behavior) = REQUIRED];
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.ObjectIdOrBuilder getObjectIdOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. Indicates whether or not this extension is critical (i.e., if the client
+   * does not know how to handle this extension, the client should consider this
+   * to be an error).
+   * </pre>
+   *
+   * <code>bool critical = 2 [(.google.api.field_behavior) = REQUIRED];</code>
+   *
+   * @return The critical.
+   */
+  boolean getCritical();
+
+  /**
+   *
+   *
+   * <pre>
+   * Required. The value of this X.509 extension.
+   * </pre>
+   *
+   * <code>bytes value = 3 [(.google.api.field_behavior) = REQUIRED];</code>
+   *
+   * @return The value.
+   */
+  com.google.protobuf.ByteString getValue();
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/X509Parameters.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/X509Parameters.java
new file mode 100644
index 00000000..6bb15d7e
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/X509Parameters.java
@@ -0,0 +1,3326 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/resources.proto
+
+package com.google.cloud.security.privateca.v1;
+
+/**
+ *
+ *
+ * <pre>
+ * An [X509Parameters][google.cloud.security.privateca.v1.X509Parameters] is used to describe certain fields of an
+ * X.509 certificate, such as the key usage fields, fields specific to CA
+ * certificates, certificate policy extensions and custom extensions.
+ * </pre>
+ *
+ * Protobuf type {@code google.cloud.security.privateca.v1.X509Parameters}
+ */
+public final class X509Parameters extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.X509Parameters)
+    X509ParametersOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use X509Parameters.newBuilder() to construct.
+  private X509Parameters(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private X509Parameters() {
+    policyIds_ = java.util.Collections.emptyList();
+    aiaOcspServers_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+    additionalExtensions_ = java.util.Collections.emptyList();
+  }
+
+  @java.lang.Override
+  @SuppressWarnings({"unused"})
+  protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+    return new X509Parameters();
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private X509Parameters(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    int mutable_bitField0_ = 0;
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              com.google.cloud.security.privateca.v1.KeyUsage.Builder subBuilder = null;
+              if (keyUsage_ != null) {
+                subBuilder = keyUsage_.toBuilder();
+              }
+              keyUsage_ =
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.KeyUsage.parser(), extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(keyUsage_);
+                keyUsage_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 18:
+            {
+              com.google.cloud.security.privateca.v1.X509Parameters.CaOptions.Builder subBuilder =
+                  null;
+              if (caOptions_ != null) {
+                subBuilder = caOptions_.toBuilder();
+              }
+              caOptions_ =
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.X509Parameters.CaOptions.parser(),
+                      extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(caOptions_);
+                caOptions_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          case 26:
+            {
+              if (!((mutable_bitField0_ & 0x00000001) != 0)) {
+                policyIds_ =
+                    new java.util.ArrayList<com.google.cloud.security.privateca.v1.ObjectId>();
+                mutable_bitField0_ |= 0x00000001;
+              }
+              policyIds_.add(
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.ObjectId.parser(), extensionRegistry));
+              break;
+            }
+          case 34:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+              if (!((mutable_bitField0_ & 0x00000002) != 0)) {
+                aiaOcspServers_ = new com.google.protobuf.LazyStringArrayList();
+                mutable_bitField0_ |= 0x00000002;
+              }
+              aiaOcspServers_.add(s);
+              break;
+            }
+          case 42:
+            {
+              if (!((mutable_bitField0_ & 0x00000004) != 0)) {
+                additionalExtensions_ =
+                    new java.util.ArrayList<com.google.cloud.security.privateca.v1.X509Extension>();
+                mutable_bitField0_ |= 0x00000004;
+              }
+              additionalExtensions_.add(
+                  input.readMessage(
+                      com.google.cloud.security.privateca.v1.X509Extension.parser(),
+                      extensionRegistry));
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      if (((mutable_bitField0_ & 0x00000001) != 0)) {
+        policyIds_ = java.util.Collections.unmodifiableList(policyIds_);
+      }
+      if (((mutable_bitField0_ & 0x00000002) != 0)) {
+        aiaOcspServers_ = aiaOcspServers_.getUnmodifiableView();
+      }
+      if (((mutable_bitField0_ & 0x00000004) != 0)) {
+        additionalExtensions_ = java.util.Collections.unmodifiableList(additionalExtensions_);
+      }
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+        .internal_static_google_cloud_security_privateca_v1_X509Parameters_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+        .internal_static_google_cloud_security_privateca_v1_X509Parameters_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.security.privateca.v1.X509Parameters.class,
+            com.google.cloud.security.privateca.v1.X509Parameters.Builder.class);
+  }
+
+  public interface CaOptionsOrBuilder
+      extends
+      // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.X509Parameters.CaOptions)
+      com.google.protobuf.MessageOrBuilder {
+
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this
+     * value is missing, the extension will be omitted from the CA certificate.
+     * </pre>
+     *
+     * <code>bool is_ca = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return Whether the isCa field is set.
+     */
+    boolean hasIsCa();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this
+     * value is missing, the extension will be omitted from the CA certificate.
+     * </pre>
+     *
+     * <code>bool is_ca = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The isCa.
+     */
+    boolean getIsCa();
+
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Refers to the path length restriction X.509 extension. For a CA
+     * certificate, this value describes the depth of subordinate CA
+     * certificates that are allowed.
+     * If this value is less than 0, the request will fail.
+     * If this value is missing, the max path length will be omitted from the
+     * CA certificate.
+     * </pre>
+     *
+     * <code>int32 max_issuer_path_length = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return Whether the maxIssuerPathLength field is set.
+     */
+    boolean hasMaxIssuerPathLength();
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Refers to the path length restriction X.509 extension. For a CA
+     * certificate, this value describes the depth of subordinate CA
+     * certificates that are allowed.
+     * If this value is less than 0, the request will fail.
+     * If this value is missing, the max path length will be omitted from the
+     * CA certificate.
+     * </pre>
+     *
+     * <code>int32 max_issuer_path_length = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The maxIssuerPathLength.
+     */
+    int getMaxIssuerPathLength();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Describes values that are relevant in a CA certificate.
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.X509Parameters.CaOptions}
+   */
+  public static final class CaOptions extends com.google.protobuf.GeneratedMessageV3
+      implements
+      // @@protoc_insertion_point(message_implements:google.cloud.security.privateca.v1.X509Parameters.CaOptions)
+      CaOptionsOrBuilder {
+    private static final long serialVersionUID = 0L;
+    // Use CaOptions.newBuilder() to construct.
+    private CaOptions(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+      super(builder);
+    }
+
+    private CaOptions() {}
+
+    @java.lang.Override
+    @SuppressWarnings({"unused"})
+    protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
+      return new CaOptions();
+    }
+
+    @java.lang.Override
+    public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+      return this.unknownFields;
+    }
+
+    private CaOptions(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      this();
+      if (extensionRegistry == null) {
+        throw new java.lang.NullPointerException();
+      }
+      int mutable_bitField0_ = 0;
+      com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+          com.google.protobuf.UnknownFieldSet.newBuilder();
+      try {
+        boolean done = false;
+        while (!done) {
+          int tag = input.readTag();
+          switch (tag) {
+            case 0:
+              done = true;
+              break;
+            case 8:
+              {
+                bitField0_ |= 0x00000001;
+                isCa_ = input.readBool();
+                break;
+              }
+            case 16:
+              {
+                bitField0_ |= 0x00000002;
+                maxIssuerPathLength_ = input.readInt32();
+                break;
+              }
+            default:
+              {
+                if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
+                  done = true;
+                }
+                break;
+              }
+          }
+        }
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        throw e.setUnfinishedMessage(this);
+      } catch (java.io.IOException e) {
+        throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+      } finally {
+        this.unknownFields = unknownFields.build();
+        makeExtensionsImmutable();
+      }
+    }
+
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_X509Parameters_CaOptions_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_X509Parameters_CaOptions_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.X509Parameters.CaOptions.class,
+              com.google.cloud.security.privateca.v1.X509Parameters.CaOptions.Builder.class);
+    }
+
+    private int bitField0_;
+    public static final int IS_CA_FIELD_NUMBER = 1;
+    private boolean isCa_;
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this
+     * value is missing, the extension will be omitted from the CA certificate.
+     * </pre>
+     *
+     * <code>bool is_ca = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return Whether the isCa field is set.
+     */
+    @java.lang.Override
+    public boolean hasIsCa() {
+      return ((bitField0_ & 0x00000001) != 0);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this
+     * value is missing, the extension will be omitted from the CA certificate.
+     * </pre>
+     *
+     * <code>bool is_ca = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The isCa.
+     */
+    @java.lang.Override
+    public boolean getIsCa() {
+      return isCa_;
+    }
+
+    public static final int MAX_ISSUER_PATH_LENGTH_FIELD_NUMBER = 2;
+    private int maxIssuerPathLength_;
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Refers to the path length restriction X.509 extension. For a CA
+     * certificate, this value describes the depth of subordinate CA
+     * certificates that are allowed.
+     * If this value is less than 0, the request will fail.
+     * If this value is missing, the max path length will be omitted from the
+     * CA certificate.
+     * </pre>
+     *
+     * <code>int32 max_issuer_path_length = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return Whether the maxIssuerPathLength field is set.
+     */
+    @java.lang.Override
+    public boolean hasMaxIssuerPathLength() {
+      return ((bitField0_ & 0x00000002) != 0);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Refers to the path length restriction X.509 extension. For a CA
+     * certificate, this value describes the depth of subordinate CA
+     * certificates that are allowed.
+     * If this value is less than 0, the request will fail.
+     * If this value is missing, the max path length will be omitted from the
+     * CA certificate.
+     * </pre>
+     *
+     * <code>int32 max_issuer_path_length = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The maxIssuerPathLength.
+     */
+    @java.lang.Override
+    public int getMaxIssuerPathLength() {
+      return maxIssuerPathLength_;
+    }
+
+    private byte memoizedIsInitialized = -1;
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      byte isInitialized = memoizedIsInitialized;
+      if (isInitialized == 1) return true;
+      if (isInitialized == 0) return false;
+
+      memoizedIsInitialized = 1;
+      return true;
+    }
+
+    @java.lang.Override
+    public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+      if (((bitField0_ & 0x00000001) != 0)) {
+        output.writeBool(1, isCa_);
+      }
+      if (((bitField0_ & 0x00000002) != 0)) {
+        output.writeInt32(2, maxIssuerPathLength_);
+      }
+      unknownFields.writeTo(output);
+    }
+
+    @java.lang.Override
+    public int getSerializedSize() {
+      int size = memoizedSize;
+      if (size != -1) return size;
+
+      size = 0;
+      if (((bitField0_ & 0x00000001) != 0)) {
+        size += com.google.protobuf.CodedOutputStream.computeBoolSize(1, isCa_);
+      }
+      if (((bitField0_ & 0x00000002) != 0)) {
+        size += com.google.protobuf.CodedOutputStream.computeInt32Size(2, maxIssuerPathLength_);
+      }
+      size += unknownFields.getSerializedSize();
+      memoizedSize = size;
+      return size;
+    }
+
+    @java.lang.Override
+    public boolean equals(final java.lang.Object obj) {
+      if (obj == this) {
+        return true;
+      }
+      if (!(obj instanceof com.google.cloud.security.privateca.v1.X509Parameters.CaOptions)) {
+        return super.equals(obj);
+      }
+      com.google.cloud.security.privateca.v1.X509Parameters.CaOptions other =
+          (com.google.cloud.security.privateca.v1.X509Parameters.CaOptions) obj;
+
+      if (hasIsCa() != other.hasIsCa()) return false;
+      if (hasIsCa()) {
+        if (getIsCa() != other.getIsCa()) return false;
+      }
+      if (hasMaxIssuerPathLength() != other.hasMaxIssuerPathLength()) return false;
+      if (hasMaxIssuerPathLength()) {
+        if (getMaxIssuerPathLength() != other.getMaxIssuerPathLength()) return false;
+      }
+      if (!unknownFields.equals(other.unknownFields)) return false;
+      return true;
+    }
+
+    @java.lang.Override
+    public int hashCode() {
+      if (memoizedHashCode != 0) {
+        return memoizedHashCode;
+      }
+      int hash = 41;
+      hash = (19 * hash) + getDescriptor().hashCode();
+      if (hasIsCa()) {
+        hash = (37 * hash) + IS_CA_FIELD_NUMBER;
+        hash = (53 * hash) + com.google.protobuf.Internal.hashBoolean(getIsCa());
+      }
+      if (hasMaxIssuerPathLength()) {
+        hash = (37 * hash) + MAX_ISSUER_PATH_LENGTH_FIELD_NUMBER;
+        hash = (53 * hash) + getMaxIssuerPathLength();
+      }
+      hash = (29 * hash) + unknownFields.hashCode();
+      memoizedHashCode = hash;
+      return hash;
+    }
+
+    public static com.google.cloud.security.privateca.v1.X509Parameters.CaOptions parseFrom(
+        java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.X509Parameters.CaOptions parseFrom(
+        java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.X509Parameters.CaOptions parseFrom(
+        com.google.protobuf.ByteString data)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.X509Parameters.CaOptions parseFrom(
+        com.google.protobuf.ByteString data,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.X509Parameters.CaOptions parseFrom(
+        byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data);
+    }
+
+    public static com.google.cloud.security.privateca.v1.X509Parameters.CaOptions parseFrom(
+        byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      return PARSER.parseFrom(data, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.X509Parameters.CaOptions parseFrom(
+        java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.X509Parameters.CaOptions parseFrom(
+        java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.X509Parameters.CaOptions
+        parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.X509Parameters.CaOptions
+        parseDelimitedFrom(
+            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    public static com.google.cloud.security.privateca.v1.X509Parameters.CaOptions parseFrom(
+        com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+    }
+
+    public static com.google.cloud.security.privateca.v1.X509Parameters.CaOptions parseFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+          PARSER, input, extensionRegistry);
+    }
+
+    @java.lang.Override
+    public Builder newBuilderForType() {
+      return newBuilder();
+    }
+
+    public static Builder newBuilder() {
+      return DEFAULT_INSTANCE.toBuilder();
+    }
+
+    public static Builder newBuilder(
+        com.google.cloud.security.privateca.v1.X509Parameters.CaOptions prototype) {
+      return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+    }
+
+    @java.lang.Override
+    public Builder toBuilder() {
+      return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+    }
+
+    @java.lang.Override
+    protected Builder newBuilderForType(
+        com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      Builder builder = new Builder(parent);
+      return builder;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Describes values that are relevant in a CA certificate.
+     * </pre>
+     *
+     * Protobuf type {@code google.cloud.security.privateca.v1.X509Parameters.CaOptions}
+     */
+    public static final class Builder
+        extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+        implements
+        // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.X509Parameters.CaOptions)
+        com.google.cloud.security.privateca.v1.X509Parameters.CaOptionsOrBuilder {
+      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_X509Parameters_CaOptions_descriptor;
+      }
+
+      @java.lang.Override
+      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+          internalGetFieldAccessorTable() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_X509Parameters_CaOptions_fieldAccessorTable
+            .ensureFieldAccessorsInitialized(
+                com.google.cloud.security.privateca.v1.X509Parameters.CaOptions.class,
+                com.google.cloud.security.privateca.v1.X509Parameters.CaOptions.Builder.class);
+      }
+
+      // Construct using
+      // com.google.cloud.security.privateca.v1.X509Parameters.CaOptions.newBuilder()
+      private Builder() {
+        maybeForceBuilderInitialization();
+      }
+
+      private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+        super(parent);
+        maybeForceBuilderInitialization();
+      }
+
+      private void maybeForceBuilderInitialization() {
+        if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+      }
+
+      @java.lang.Override
+      public Builder clear() {
+        super.clear();
+        isCa_ = false;
+        bitField0_ = (bitField0_ & ~0x00000001);
+        maxIssuerPathLength_ = 0;
+        bitField0_ = (bitField0_ & ~0x00000002);
+        return this;
+      }
+
+      @java.lang.Override
+      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+        return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+            .internal_static_google_cloud_security_privateca_v1_X509Parameters_CaOptions_descriptor;
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.X509Parameters.CaOptions
+          getDefaultInstanceForType() {
+        return com.google.cloud.security.privateca.v1.X509Parameters.CaOptions.getDefaultInstance();
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.X509Parameters.CaOptions build() {
+        com.google.cloud.security.privateca.v1.X509Parameters.CaOptions result = buildPartial();
+        if (!result.isInitialized()) {
+          throw newUninitializedMessageException(result);
+        }
+        return result;
+      }
+
+      @java.lang.Override
+      public com.google.cloud.security.privateca.v1.X509Parameters.CaOptions buildPartial() {
+        com.google.cloud.security.privateca.v1.X509Parameters.CaOptions result =
+            new com.google.cloud.security.privateca.v1.X509Parameters.CaOptions(this);
+        int from_bitField0_ = bitField0_;
+        int to_bitField0_ = 0;
+        if (((from_bitField0_ & 0x00000001) != 0)) {
+          result.isCa_ = isCa_;
+          to_bitField0_ |= 0x00000001;
+        }
+        if (((from_bitField0_ & 0x00000002) != 0)) {
+          result.maxIssuerPathLength_ = maxIssuerPathLength_;
+          to_bitField0_ |= 0x00000002;
+        }
+        result.bitField0_ = to_bitField0_;
+        onBuilt();
+        return result;
+      }
+
+      @java.lang.Override
+      public Builder clone() {
+        return super.clone();
+      }
+
+      @java.lang.Override
+      public Builder setField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.setField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+        return super.clearField(field);
+      }
+
+      @java.lang.Override
+      public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+        return super.clearOneof(oneof);
+      }
+
+      @java.lang.Override
+      public Builder setRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field,
+          int index,
+          java.lang.Object value) {
+        return super.setRepeatedField(field, index, value);
+      }
+
+      @java.lang.Override
+      public Builder addRepeatedField(
+          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+        return super.addRepeatedField(field, value);
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(com.google.protobuf.Message other) {
+        if (other instanceof com.google.cloud.security.privateca.v1.X509Parameters.CaOptions) {
+          return mergeFrom((com.google.cloud.security.privateca.v1.X509Parameters.CaOptions) other);
+        } else {
+          super.mergeFrom(other);
+          return this;
+        }
+      }
+
+      public Builder mergeFrom(
+          com.google.cloud.security.privateca.v1.X509Parameters.CaOptions other) {
+        if (other
+            == com.google.cloud.security.privateca.v1.X509Parameters.CaOptions.getDefaultInstance())
+          return this;
+        if (other.hasIsCa()) {
+          setIsCa(other.getIsCa());
+        }
+        if (other.hasMaxIssuerPathLength()) {
+          setMaxIssuerPathLength(other.getMaxIssuerPathLength());
+        }
+        this.mergeUnknownFields(other.unknownFields);
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final boolean isInitialized() {
+        return true;
+      }
+
+      @java.lang.Override
+      public Builder mergeFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+        com.google.cloud.security.privateca.v1.X509Parameters.CaOptions parsedMessage = null;
+        try {
+          parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+        } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+          parsedMessage =
+              (com.google.cloud.security.privateca.v1.X509Parameters.CaOptions)
+                  e.getUnfinishedMessage();
+          throw e.unwrapIOException();
+        } finally {
+          if (parsedMessage != null) {
+            mergeFrom(parsedMessage);
+          }
+        }
+        return this;
+      }
+
+      private int bitField0_;
+
+      private boolean isCa_;
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this
+       * value is missing, the extension will be omitted from the CA certificate.
+       * </pre>
+       *
+       * <code>bool is_ca = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+       *
+       * @return Whether the isCa field is set.
+       */
+      @java.lang.Override
+      public boolean hasIsCa() {
+        return ((bitField0_ & 0x00000001) != 0);
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this
+       * value is missing, the extension will be omitted from the CA certificate.
+       * </pre>
+       *
+       * <code>bool is_ca = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+       *
+       * @return The isCa.
+       */
+      @java.lang.Override
+      public boolean getIsCa() {
+        return isCa_;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this
+       * value is missing, the extension will be omitted from the CA certificate.
+       * </pre>
+       *
+       * <code>bool is_ca = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+       *
+       * @param value The isCa to set.
+       * @return This builder for chaining.
+       */
+      public Builder setIsCa(boolean value) {
+        bitField0_ |= 0x00000001;
+        isCa_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this
+       * value is missing, the extension will be omitted from the CA certificate.
+       * </pre>
+       *
+       * <code>bool is_ca = 1 [(.google.api.field_behavior) = OPTIONAL];</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearIsCa() {
+        bitField0_ = (bitField0_ & ~0x00000001);
+        isCa_ = false;
+        onChanged();
+        return this;
+      }
+
+      private int maxIssuerPathLength_;
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Refers to the path length restriction X.509 extension. For a CA
+       * certificate, this value describes the depth of subordinate CA
+       * certificates that are allowed.
+       * If this value is less than 0, the request will fail.
+       * If this value is missing, the max path length will be omitted from the
+       * CA certificate.
+       * </pre>
+       *
+       * <code>int32 max_issuer_path_length = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+       *
+       * @return Whether the maxIssuerPathLength field is set.
+       */
+      @java.lang.Override
+      public boolean hasMaxIssuerPathLength() {
+        return ((bitField0_ & 0x00000002) != 0);
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Refers to the path length restriction X.509 extension. For a CA
+       * certificate, this value describes the depth of subordinate CA
+       * certificates that are allowed.
+       * If this value is less than 0, the request will fail.
+       * If this value is missing, the max path length will be omitted from the
+       * CA certificate.
+       * </pre>
+       *
+       * <code>int32 max_issuer_path_length = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+       *
+       * @return The maxIssuerPathLength.
+       */
+      @java.lang.Override
+      public int getMaxIssuerPathLength() {
+        return maxIssuerPathLength_;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Refers to the path length restriction X.509 extension. For a CA
+       * certificate, this value describes the depth of subordinate CA
+       * certificates that are allowed.
+       * If this value is less than 0, the request will fail.
+       * If this value is missing, the max path length will be omitted from the
+       * CA certificate.
+       * </pre>
+       *
+       * <code>int32 max_issuer_path_length = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+       *
+       * @param value The maxIssuerPathLength to set.
+       * @return This builder for chaining.
+       */
+      public Builder setMaxIssuerPathLength(int value) {
+        bitField0_ |= 0x00000002;
+        maxIssuerPathLength_ = value;
+        onChanged();
+        return this;
+      }
+      /**
+       *
+       *
+       * <pre>
+       * Optional. Refers to the path length restriction X.509 extension. For a CA
+       * certificate, this value describes the depth of subordinate CA
+       * certificates that are allowed.
+       * If this value is less than 0, the request will fail.
+       * If this value is missing, the max path length will be omitted from the
+       * CA certificate.
+       * </pre>
+       *
+       * <code>int32 max_issuer_path_length = 2 [(.google.api.field_behavior) = OPTIONAL];</code>
+       *
+       * @return This builder for chaining.
+       */
+      public Builder clearMaxIssuerPathLength() {
+        bitField0_ = (bitField0_ & ~0x00000002);
+        maxIssuerPathLength_ = 0;
+        onChanged();
+        return this;
+      }
+
+      @java.lang.Override
+      public final Builder setUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.setUnknownFields(unknownFields);
+      }
+
+      @java.lang.Override
+      public final Builder mergeUnknownFields(
+          final com.google.protobuf.UnknownFieldSet unknownFields) {
+        return super.mergeUnknownFields(unknownFields);
+      }
+
+      // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.X509Parameters.CaOptions)
+    }
+
+    // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.X509Parameters.CaOptions)
+    private static final com.google.cloud.security.privateca.v1.X509Parameters.CaOptions
+        DEFAULT_INSTANCE;
+
+    static {
+      DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.X509Parameters.CaOptions();
+    }
+
+    public static com.google.cloud.security.privateca.v1.X509Parameters.CaOptions
+        getDefaultInstance() {
+      return DEFAULT_INSTANCE;
+    }
+
+    private static final com.google.protobuf.Parser<CaOptions> PARSER =
+        new com.google.protobuf.AbstractParser<CaOptions>() {
+          @java.lang.Override
+          public CaOptions parsePartialFrom(
+              com.google.protobuf.CodedInputStream input,
+              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+              throws com.google.protobuf.InvalidProtocolBufferException {
+            return new CaOptions(input, extensionRegistry);
+          }
+        };
+
+    public static com.google.protobuf.Parser<CaOptions> parser() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Parser<CaOptions> getParserForType() {
+      return PARSER;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.X509Parameters.CaOptions
+        getDefaultInstanceForType() {
+      return DEFAULT_INSTANCE;
+    }
+  }
+
+  public static final int KEY_USAGE_FIELD_NUMBER = 1;
+  private com.google.cloud.security.privateca.v1.KeyUsage keyUsage_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Indicates the intended use for keys that correspond to a certificate.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.KeyUsage key_usage = 1 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return Whether the keyUsage field is set.
+   */
+  @java.lang.Override
+  public boolean hasKeyUsage() {
+    return keyUsage_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Indicates the intended use for keys that correspond to a certificate.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.KeyUsage key_usage = 1 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return The keyUsage.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.KeyUsage getKeyUsage() {
+    return keyUsage_ == null
+        ? com.google.cloud.security.privateca.v1.KeyUsage.getDefaultInstance()
+        : keyUsage_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Indicates the intended use for keys that correspond to a certificate.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.KeyUsage key_usage = 1 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.KeyUsageOrBuilder getKeyUsageOrBuilder() {
+    return getKeyUsage();
+  }
+
+  public static final int CA_OPTIONS_FIELD_NUMBER = 2;
+  private com.google.cloud.security.privateca.v1.X509Parameters.CaOptions caOptions_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes options in this [X509Parameters][google.cloud.security.privateca.v1.X509Parameters] that are relevant in a CA
+   * certificate.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.X509Parameters.CaOptions ca_options = 2 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return Whether the caOptions field is set.
+   */
+  @java.lang.Override
+  public boolean hasCaOptions() {
+    return caOptions_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes options in this [X509Parameters][google.cloud.security.privateca.v1.X509Parameters] that are relevant in a CA
+   * certificate.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.X509Parameters.CaOptions ca_options = 2 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return The caOptions.
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.X509Parameters.CaOptions getCaOptions() {
+    return caOptions_ == null
+        ? com.google.cloud.security.privateca.v1.X509Parameters.CaOptions.getDefaultInstance()
+        : caOptions_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes options in this [X509Parameters][google.cloud.security.privateca.v1.X509Parameters] that are relevant in a CA
+   * certificate.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.X509Parameters.CaOptions ca_options = 2 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.X509Parameters.CaOptionsOrBuilder
+      getCaOptionsOrBuilder() {
+    return getCaOptions();
+  }
+
+  public static final int POLICY_IDS_FIELD_NUMBER = 3;
+  private java.util.List<com.google.cloud.security.privateca.v1.ObjectId> policyIds_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes the X.509 certificate policy object identifiers, per
+   * https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.ObjectId policy_ids = 3 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  @java.lang.Override
+  public java.util.List<com.google.cloud.security.privateca.v1.ObjectId> getPolicyIdsList() {
+    return policyIds_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes the X.509 certificate policy object identifiers, per
+   * https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.ObjectId policy_ids = 3 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  @java.lang.Override
+  public java.util.List<? extends com.google.cloud.security.privateca.v1.ObjectIdOrBuilder>
+      getPolicyIdsOrBuilderList() {
+    return policyIds_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes the X.509 certificate policy object identifiers, per
+   * https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.ObjectId policy_ids = 3 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  @java.lang.Override
+  public int getPolicyIdsCount() {
+    return policyIds_.size();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes the X.509 certificate policy object identifiers, per
+   * https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.ObjectId policy_ids = 3 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.ObjectId getPolicyIds(int index) {
+    return policyIds_.get(index);
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes the X.509 certificate policy object identifiers, per
+   * https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.ObjectId policy_ids = 3 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.ObjectIdOrBuilder getPolicyIdsOrBuilder(int index) {
+    return policyIds_.get(index);
+  }
+
+  public static final int AIA_OCSP_SERVERS_FIELD_NUMBER = 4;
+  private com.google.protobuf.LazyStringList aiaOcspServers_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses
+   * that appear in the "Authority Information Access" extension in the
+   * certificate.
+   * </pre>
+   *
+   * <code>repeated string aia_ocsp_servers = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return A list containing the aiaOcspServers.
+   */
+  public com.google.protobuf.ProtocolStringList getAiaOcspServersList() {
+    return aiaOcspServers_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses
+   * that appear in the "Authority Information Access" extension in the
+   * certificate.
+   * </pre>
+   *
+   * <code>repeated string aia_ocsp_servers = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The count of aiaOcspServers.
+   */
+  public int getAiaOcspServersCount() {
+    return aiaOcspServers_.size();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses
+   * that appear in the "Authority Information Access" extension in the
+   * certificate.
+   * </pre>
+   *
+   * <code>repeated string aia_ocsp_servers = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @param index The index of the element to return.
+   * @return The aiaOcspServers at the given index.
+   */
+  public java.lang.String getAiaOcspServers(int index) {
+    return aiaOcspServers_.get(index);
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses
+   * that appear in the "Authority Information Access" extension in the
+   * certificate.
+   * </pre>
+   *
+   * <code>repeated string aia_ocsp_servers = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @param index The index of the value to return.
+   * @return The bytes of the aiaOcspServers at the given index.
+   */
+  public com.google.protobuf.ByteString getAiaOcspServersBytes(int index) {
+    return aiaOcspServers_.getByteString(index);
+  }
+
+  public static final int ADDITIONAL_EXTENSIONS_FIELD_NUMBER = 5;
+  private java.util.List<com.google.cloud.security.privateca.v1.X509Extension>
+      additionalExtensions_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes custom X.509 extensions.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.X509Extension additional_extensions = 5 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  @java.lang.Override
+  public java.util.List<com.google.cloud.security.privateca.v1.X509Extension>
+      getAdditionalExtensionsList() {
+    return additionalExtensions_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes custom X.509 extensions.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.X509Extension additional_extensions = 5 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  @java.lang.Override
+  public java.util.List<? extends com.google.cloud.security.privateca.v1.X509ExtensionOrBuilder>
+      getAdditionalExtensionsOrBuilderList() {
+    return additionalExtensions_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes custom X.509 extensions.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.X509Extension additional_extensions = 5 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  @java.lang.Override
+  public int getAdditionalExtensionsCount() {
+    return additionalExtensions_.size();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes custom X.509 extensions.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.X509Extension additional_extensions = 5 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.X509Extension getAdditionalExtensions(int index) {
+    return additionalExtensions_.get(index);
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes custom X.509 extensions.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.X509Extension additional_extensions = 5 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.X509ExtensionOrBuilder
+      getAdditionalExtensionsOrBuilder(int index) {
+    return additionalExtensions_.get(index);
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (keyUsage_ != null) {
+      output.writeMessage(1, getKeyUsage());
+    }
+    if (caOptions_ != null) {
+      output.writeMessage(2, getCaOptions());
+    }
+    for (int i = 0; i < policyIds_.size(); i++) {
+      output.writeMessage(3, policyIds_.get(i));
+    }
+    for (int i = 0; i < aiaOcspServers_.size(); i++) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 4, aiaOcspServers_.getRaw(i));
+    }
+    for (int i = 0; i < additionalExtensions_.size(); i++) {
+      output.writeMessage(5, additionalExtensions_.get(i));
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (keyUsage_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(1, getKeyUsage());
+    }
+    if (caOptions_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(2, getCaOptions());
+    }
+    for (int i = 0; i < policyIds_.size(); i++) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(3, policyIds_.get(i));
+    }
+    {
+      int dataSize = 0;
+      for (int i = 0; i < aiaOcspServers_.size(); i++) {
+        dataSize += computeStringSizeNoTag(aiaOcspServers_.getRaw(i));
+      }
+      size += dataSize;
+      size += 1 * getAiaOcspServersList().size();
+    }
+    for (int i = 0; i < additionalExtensions_.size(); i++) {
+      size +=
+          com.google.protobuf.CodedOutputStream.computeMessageSize(5, additionalExtensions_.get(i));
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.security.privateca.v1.X509Parameters)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.security.privateca.v1.X509Parameters other =
+        (com.google.cloud.security.privateca.v1.X509Parameters) obj;
+
+    if (hasKeyUsage() != other.hasKeyUsage()) return false;
+    if (hasKeyUsage()) {
+      if (!getKeyUsage().equals(other.getKeyUsage())) return false;
+    }
+    if (hasCaOptions() != other.hasCaOptions()) return false;
+    if (hasCaOptions()) {
+      if (!getCaOptions().equals(other.getCaOptions())) return false;
+    }
+    if (!getPolicyIdsList().equals(other.getPolicyIdsList())) return false;
+    if (!getAiaOcspServersList().equals(other.getAiaOcspServersList())) return false;
+    if (!getAdditionalExtensionsList().equals(other.getAdditionalExtensionsList())) return false;
+    if (!unknownFields.equals(other.unknownFields)) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    if (hasKeyUsage()) {
+      hash = (37 * hash) + KEY_USAGE_FIELD_NUMBER;
+      hash = (53 * hash) + getKeyUsage().hashCode();
+    }
+    if (hasCaOptions()) {
+      hash = (37 * hash) + CA_OPTIONS_FIELD_NUMBER;
+      hash = (53 * hash) + getCaOptions().hashCode();
+    }
+    if (getPolicyIdsCount() > 0) {
+      hash = (37 * hash) + POLICY_IDS_FIELD_NUMBER;
+      hash = (53 * hash) + getPolicyIdsList().hashCode();
+    }
+    if (getAiaOcspServersCount() > 0) {
+      hash = (37 * hash) + AIA_OCSP_SERVERS_FIELD_NUMBER;
+      hash = (53 * hash) + getAiaOcspServersList().hashCode();
+    }
+    if (getAdditionalExtensionsCount() > 0) {
+      hash = (37 * hash) + ADDITIONAL_EXTENSIONS_FIELD_NUMBER;
+      hash = (53 * hash) + getAdditionalExtensionsList().hashCode();
+    }
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.security.privateca.v1.X509Parameters parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.X509Parameters parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.X509Parameters parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.X509Parameters parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.X509Parameters parseFrom(byte[] data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.security.privateca.v1.X509Parameters parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.X509Parameters parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.X509Parameters parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.X509Parameters parseDelimitedFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.X509Parameters parseDelimitedFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.security.privateca.v1.X509Parameters parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.security.privateca.v1.X509Parameters parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.security.privateca.v1.X509Parameters prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * An [X509Parameters][google.cloud.security.privateca.v1.X509Parameters] is used to describe certain fields of an
+   * X.509 certificate, such as the key usage fields, fields specific to CA
+   * certificates, certificate policy extensions and custom extensions.
+   * </pre>
+   *
+   * Protobuf type {@code google.cloud.security.privateca.v1.X509Parameters}
+   */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.cloud.security.privateca.v1.X509Parameters)
+      com.google.cloud.security.privateca.v1.X509ParametersOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_X509Parameters_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_X509Parameters_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.security.privateca.v1.X509Parameters.class,
+              com.google.cloud.security.privateca.v1.X509Parameters.Builder.class);
+    }
+
+    // Construct using com.google.cloud.security.privateca.v1.X509Parameters.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {
+        getPolicyIdsFieldBuilder();
+        getAdditionalExtensionsFieldBuilder();
+      }
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      if (keyUsageBuilder_ == null) {
+        keyUsage_ = null;
+      } else {
+        keyUsage_ = null;
+        keyUsageBuilder_ = null;
+      }
+      if (caOptionsBuilder_ == null) {
+        caOptions_ = null;
+      } else {
+        caOptions_ = null;
+        caOptionsBuilder_ = null;
+      }
+      if (policyIdsBuilder_ == null) {
+        policyIds_ = java.util.Collections.emptyList();
+        bitField0_ = (bitField0_ & ~0x00000001);
+      } else {
+        policyIdsBuilder_.clear();
+      }
+      aiaOcspServers_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000002);
+      if (additionalExtensionsBuilder_ == null) {
+        additionalExtensions_ = java.util.Collections.emptyList();
+        bitField0_ = (bitField0_ & ~0x00000004);
+      } else {
+        additionalExtensionsBuilder_.clear();
+      }
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.security.privateca.v1.PrivateCaResourcesProto
+          .internal_static_google_cloud_security_privateca_v1_X509Parameters_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.X509Parameters getDefaultInstanceForType() {
+      return com.google.cloud.security.privateca.v1.X509Parameters.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.X509Parameters build() {
+      com.google.cloud.security.privateca.v1.X509Parameters result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.security.privateca.v1.X509Parameters buildPartial() {
+      com.google.cloud.security.privateca.v1.X509Parameters result =
+          new com.google.cloud.security.privateca.v1.X509Parameters(this);
+      int from_bitField0_ = bitField0_;
+      if (keyUsageBuilder_ == null) {
+        result.keyUsage_ = keyUsage_;
+      } else {
+        result.keyUsage_ = keyUsageBuilder_.build();
+      }
+      if (caOptionsBuilder_ == null) {
+        result.caOptions_ = caOptions_;
+      } else {
+        result.caOptions_ = caOptionsBuilder_.build();
+      }
+      if (policyIdsBuilder_ == null) {
+        if (((bitField0_ & 0x00000001) != 0)) {
+          policyIds_ = java.util.Collections.unmodifiableList(policyIds_);
+          bitField0_ = (bitField0_ & ~0x00000001);
+        }
+        result.policyIds_ = policyIds_;
+      } else {
+        result.policyIds_ = policyIdsBuilder_.build();
+      }
+      if (((bitField0_ & 0x00000002) != 0)) {
+        aiaOcspServers_ = aiaOcspServers_.getUnmodifiableView();
+        bitField0_ = (bitField0_ & ~0x00000002);
+      }
+      result.aiaOcspServers_ = aiaOcspServers_;
+      if (additionalExtensionsBuilder_ == null) {
+        if (((bitField0_ & 0x00000004) != 0)) {
+          additionalExtensions_ = java.util.Collections.unmodifiableList(additionalExtensions_);
+          bitField0_ = (bitField0_ & ~0x00000004);
+        }
+        result.additionalExtensions_ = additionalExtensions_;
+      } else {
+        result.additionalExtensions_ = additionalExtensionsBuilder_.build();
+      }
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.security.privateca.v1.X509Parameters) {
+        return mergeFrom((com.google.cloud.security.privateca.v1.X509Parameters) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(com.google.cloud.security.privateca.v1.X509Parameters other) {
+      if (other == com.google.cloud.security.privateca.v1.X509Parameters.getDefaultInstance())
+        return this;
+      if (other.hasKeyUsage()) {
+        mergeKeyUsage(other.getKeyUsage());
+      }
+      if (other.hasCaOptions()) {
+        mergeCaOptions(other.getCaOptions());
+      }
+      if (policyIdsBuilder_ == null) {
+        if (!other.policyIds_.isEmpty()) {
+          if (policyIds_.isEmpty()) {
+            policyIds_ = other.policyIds_;
+            bitField0_ = (bitField0_ & ~0x00000001);
+          } else {
+            ensurePolicyIdsIsMutable();
+            policyIds_.addAll(other.policyIds_);
+          }
+          onChanged();
+        }
+      } else {
+        if (!other.policyIds_.isEmpty()) {
+          if (policyIdsBuilder_.isEmpty()) {
+            policyIdsBuilder_.dispose();
+            policyIdsBuilder_ = null;
+            policyIds_ = other.policyIds_;
+            bitField0_ = (bitField0_ & ~0x00000001);
+            policyIdsBuilder_ =
+                com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders
+                    ? getPolicyIdsFieldBuilder()
+                    : null;
+          } else {
+            policyIdsBuilder_.addAllMessages(other.policyIds_);
+          }
+        }
+      }
+      if (!other.aiaOcspServers_.isEmpty()) {
+        if (aiaOcspServers_.isEmpty()) {
+          aiaOcspServers_ = other.aiaOcspServers_;
+          bitField0_ = (bitField0_ & ~0x00000002);
+        } else {
+          ensureAiaOcspServersIsMutable();
+          aiaOcspServers_.addAll(other.aiaOcspServers_);
+        }
+        onChanged();
+      }
+      if (additionalExtensionsBuilder_ == null) {
+        if (!other.additionalExtensions_.isEmpty()) {
+          if (additionalExtensions_.isEmpty()) {
+            additionalExtensions_ = other.additionalExtensions_;
+            bitField0_ = (bitField0_ & ~0x00000004);
+          } else {
+            ensureAdditionalExtensionsIsMutable();
+            additionalExtensions_.addAll(other.additionalExtensions_);
+          }
+          onChanged();
+        }
+      } else {
+        if (!other.additionalExtensions_.isEmpty()) {
+          if (additionalExtensionsBuilder_.isEmpty()) {
+            additionalExtensionsBuilder_.dispose();
+            additionalExtensionsBuilder_ = null;
+            additionalExtensions_ = other.additionalExtensions_;
+            bitField0_ = (bitField0_ & ~0x00000004);
+            additionalExtensionsBuilder_ =
+                com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders
+                    ? getAdditionalExtensionsFieldBuilder()
+                    : null;
+          } else {
+            additionalExtensionsBuilder_.addAllMessages(other.additionalExtensions_);
+          }
+        }
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.security.privateca.v1.X509Parameters parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.security.privateca.v1.X509Parameters) e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private int bitField0_;
+
+    private com.google.cloud.security.privateca.v1.KeyUsage keyUsage_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.KeyUsage,
+            com.google.cloud.security.privateca.v1.KeyUsage.Builder,
+            com.google.cloud.security.privateca.v1.KeyUsageOrBuilder>
+        keyUsageBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Indicates the intended use for keys that correspond to a certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.KeyUsage key_usage = 1 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return Whether the keyUsage field is set.
+     */
+    public boolean hasKeyUsage() {
+      return keyUsageBuilder_ != null || keyUsage_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Indicates the intended use for keys that correspond to a certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.KeyUsage key_usage = 1 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return The keyUsage.
+     */
+    public com.google.cloud.security.privateca.v1.KeyUsage getKeyUsage() {
+      if (keyUsageBuilder_ == null) {
+        return keyUsage_ == null
+            ? com.google.cloud.security.privateca.v1.KeyUsage.getDefaultInstance()
+            : keyUsage_;
+      } else {
+        return keyUsageBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Indicates the intended use for keys that correspond to a certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.KeyUsage key_usage = 1 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder setKeyUsage(com.google.cloud.security.privateca.v1.KeyUsage value) {
+      if (keyUsageBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        keyUsage_ = value;
+        onChanged();
+      } else {
+        keyUsageBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Indicates the intended use for keys that correspond to a certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.KeyUsage key_usage = 1 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder setKeyUsage(
+        com.google.cloud.security.privateca.v1.KeyUsage.Builder builderForValue) {
+      if (keyUsageBuilder_ == null) {
+        keyUsage_ = builderForValue.build();
+        onChanged();
+      } else {
+        keyUsageBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Indicates the intended use for keys that correspond to a certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.KeyUsage key_usage = 1 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder mergeKeyUsage(com.google.cloud.security.privateca.v1.KeyUsage value) {
+      if (keyUsageBuilder_ == null) {
+        if (keyUsage_ != null) {
+          keyUsage_ =
+              com.google.cloud.security.privateca.v1.KeyUsage.newBuilder(keyUsage_)
+                  .mergeFrom(value)
+                  .buildPartial();
+        } else {
+          keyUsage_ = value;
+        }
+        onChanged();
+      } else {
+        keyUsageBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Indicates the intended use for keys that correspond to a certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.KeyUsage key_usage = 1 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder clearKeyUsage() {
+      if (keyUsageBuilder_ == null) {
+        keyUsage_ = null;
+        onChanged();
+      } else {
+        keyUsage_ = null;
+        keyUsageBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Indicates the intended use for keys that correspond to a certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.KeyUsage key_usage = 1 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.KeyUsage.Builder getKeyUsageBuilder() {
+
+      onChanged();
+      return getKeyUsageFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Indicates the intended use for keys that correspond to a certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.KeyUsage key_usage = 1 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.KeyUsageOrBuilder getKeyUsageOrBuilder() {
+      if (keyUsageBuilder_ != null) {
+        return keyUsageBuilder_.getMessageOrBuilder();
+      } else {
+        return keyUsage_ == null
+            ? com.google.cloud.security.privateca.v1.KeyUsage.getDefaultInstance()
+            : keyUsage_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Indicates the intended use for keys that correspond to a certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.KeyUsage key_usage = 1 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.KeyUsage,
+            com.google.cloud.security.privateca.v1.KeyUsage.Builder,
+            com.google.cloud.security.privateca.v1.KeyUsageOrBuilder>
+        getKeyUsageFieldBuilder() {
+      if (keyUsageBuilder_ == null) {
+        keyUsageBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.KeyUsage,
+                com.google.cloud.security.privateca.v1.KeyUsage.Builder,
+                com.google.cloud.security.privateca.v1.KeyUsageOrBuilder>(
+                getKeyUsage(), getParentForChildren(), isClean());
+        keyUsage_ = null;
+      }
+      return keyUsageBuilder_;
+    }
+
+    private com.google.cloud.security.privateca.v1.X509Parameters.CaOptions caOptions_;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.X509Parameters.CaOptions,
+            com.google.cloud.security.privateca.v1.X509Parameters.CaOptions.Builder,
+            com.google.cloud.security.privateca.v1.X509Parameters.CaOptionsOrBuilder>
+        caOptionsBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes options in this [X509Parameters][google.cloud.security.privateca.v1.X509Parameters] that are relevant in a CA
+     * certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.X509Parameters.CaOptions ca_options = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return Whether the caOptions field is set.
+     */
+    public boolean hasCaOptions() {
+      return caOptionsBuilder_ != null || caOptions_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes options in this [X509Parameters][google.cloud.security.privateca.v1.X509Parameters] that are relevant in a CA
+     * certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.X509Parameters.CaOptions ca_options = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     *
+     * @return The caOptions.
+     */
+    public com.google.cloud.security.privateca.v1.X509Parameters.CaOptions getCaOptions() {
+      if (caOptionsBuilder_ == null) {
+        return caOptions_ == null
+            ? com.google.cloud.security.privateca.v1.X509Parameters.CaOptions.getDefaultInstance()
+            : caOptions_;
+      } else {
+        return caOptionsBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes options in this [X509Parameters][google.cloud.security.privateca.v1.X509Parameters] that are relevant in a CA
+     * certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.X509Parameters.CaOptions ca_options = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder setCaOptions(
+        com.google.cloud.security.privateca.v1.X509Parameters.CaOptions value) {
+      if (caOptionsBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        caOptions_ = value;
+        onChanged();
+      } else {
+        caOptionsBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes options in this [X509Parameters][google.cloud.security.privateca.v1.X509Parameters] that are relevant in a CA
+     * certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.X509Parameters.CaOptions ca_options = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder setCaOptions(
+        com.google.cloud.security.privateca.v1.X509Parameters.CaOptions.Builder builderForValue) {
+      if (caOptionsBuilder_ == null) {
+        caOptions_ = builderForValue.build();
+        onChanged();
+      } else {
+        caOptionsBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes options in this [X509Parameters][google.cloud.security.privateca.v1.X509Parameters] that are relevant in a CA
+     * certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.X509Parameters.CaOptions ca_options = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder mergeCaOptions(
+        com.google.cloud.security.privateca.v1.X509Parameters.CaOptions value) {
+      if (caOptionsBuilder_ == null) {
+        if (caOptions_ != null) {
+          caOptions_ =
+              com.google.cloud.security.privateca.v1.X509Parameters.CaOptions.newBuilder(caOptions_)
+                  .mergeFrom(value)
+                  .buildPartial();
+        } else {
+          caOptions_ = value;
+        }
+        onChanged();
+      } else {
+        caOptionsBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes options in this [X509Parameters][google.cloud.security.privateca.v1.X509Parameters] that are relevant in a CA
+     * certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.X509Parameters.CaOptions ca_options = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder clearCaOptions() {
+      if (caOptionsBuilder_ == null) {
+        caOptions_ = null;
+        onChanged();
+      } else {
+        caOptions_ = null;
+        caOptionsBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes options in this [X509Parameters][google.cloud.security.privateca.v1.X509Parameters] that are relevant in a CA
+     * certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.X509Parameters.CaOptions ca_options = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.X509Parameters.CaOptions.Builder
+        getCaOptionsBuilder() {
+
+      onChanged();
+      return getCaOptionsFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes options in this [X509Parameters][google.cloud.security.privateca.v1.X509Parameters] that are relevant in a CA
+     * certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.X509Parameters.CaOptions ca_options = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.X509Parameters.CaOptionsOrBuilder
+        getCaOptionsOrBuilder() {
+      if (caOptionsBuilder_ != null) {
+        return caOptionsBuilder_.getMessageOrBuilder();
+      } else {
+        return caOptions_ == null
+            ? com.google.cloud.security.privateca.v1.X509Parameters.CaOptions.getDefaultInstance()
+            : caOptions_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes options in this [X509Parameters][google.cloud.security.privateca.v1.X509Parameters] that are relevant in a CA
+     * certificate.
+     * </pre>
+     *
+     * <code>
+     * .google.cloud.security.privateca.v1.X509Parameters.CaOptions ca_options = 2 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.X509Parameters.CaOptions,
+            com.google.cloud.security.privateca.v1.X509Parameters.CaOptions.Builder,
+            com.google.cloud.security.privateca.v1.X509Parameters.CaOptionsOrBuilder>
+        getCaOptionsFieldBuilder() {
+      if (caOptionsBuilder_ == null) {
+        caOptionsBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.X509Parameters.CaOptions,
+                com.google.cloud.security.privateca.v1.X509Parameters.CaOptions.Builder,
+                com.google.cloud.security.privateca.v1.X509Parameters.CaOptionsOrBuilder>(
+                getCaOptions(), getParentForChildren(), isClean());
+        caOptions_ = null;
+      }
+      return caOptionsBuilder_;
+    }
+
+    private java.util.List<com.google.cloud.security.privateca.v1.ObjectId> policyIds_ =
+        java.util.Collections.emptyList();
+
+    private void ensurePolicyIdsIsMutable() {
+      if (!((bitField0_ & 0x00000001) != 0)) {
+        policyIds_ =
+            new java.util.ArrayList<com.google.cloud.security.privateca.v1.ObjectId>(policyIds_);
+        bitField0_ |= 0x00000001;
+      }
+    }
+
+    private com.google.protobuf.RepeatedFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.ObjectId,
+            com.google.cloud.security.privateca.v1.ObjectId.Builder,
+            com.google.cloud.security.privateca.v1.ObjectIdOrBuilder>
+        policyIdsBuilder_;
+
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes the X.509 certificate policy object identifiers, per
+     * https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.ObjectId policy_ids = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public java.util.List<com.google.cloud.security.privateca.v1.ObjectId> getPolicyIdsList() {
+      if (policyIdsBuilder_ == null) {
+        return java.util.Collections.unmodifiableList(policyIds_);
+      } else {
+        return policyIdsBuilder_.getMessageList();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes the X.509 certificate policy object identifiers, per
+     * https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.ObjectId policy_ids = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public int getPolicyIdsCount() {
+      if (policyIdsBuilder_ == null) {
+        return policyIds_.size();
+      } else {
+        return policyIdsBuilder_.getCount();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes the X.509 certificate policy object identifiers, per
+     * https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.ObjectId policy_ids = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.ObjectId getPolicyIds(int index) {
+      if (policyIdsBuilder_ == null) {
+        return policyIds_.get(index);
+      } else {
+        return policyIdsBuilder_.getMessage(index);
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes the X.509 certificate policy object identifiers, per
+     * https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.ObjectId policy_ids = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder setPolicyIds(int index, com.google.cloud.security.privateca.v1.ObjectId value) {
+      if (policyIdsBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensurePolicyIdsIsMutable();
+        policyIds_.set(index, value);
+        onChanged();
+      } else {
+        policyIdsBuilder_.setMessage(index, value);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes the X.509 certificate policy object identifiers, per
+     * https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.ObjectId policy_ids = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder setPolicyIds(
+        int index, com.google.cloud.security.privateca.v1.ObjectId.Builder builderForValue) {
+      if (policyIdsBuilder_ == null) {
+        ensurePolicyIdsIsMutable();
+        policyIds_.set(index, builderForValue.build());
+        onChanged();
+      } else {
+        policyIdsBuilder_.setMessage(index, builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes the X.509 certificate policy object identifiers, per
+     * https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.ObjectId policy_ids = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder addPolicyIds(com.google.cloud.security.privateca.v1.ObjectId value) {
+      if (policyIdsBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensurePolicyIdsIsMutable();
+        policyIds_.add(value);
+        onChanged();
+      } else {
+        policyIdsBuilder_.addMessage(value);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes the X.509 certificate policy object identifiers, per
+     * https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.ObjectId policy_ids = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder addPolicyIds(int index, com.google.cloud.security.privateca.v1.ObjectId value) {
+      if (policyIdsBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensurePolicyIdsIsMutable();
+        policyIds_.add(index, value);
+        onChanged();
+      } else {
+        policyIdsBuilder_.addMessage(index, value);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes the X.509 certificate policy object identifiers, per
+     * https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.ObjectId policy_ids = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder addPolicyIds(
+        com.google.cloud.security.privateca.v1.ObjectId.Builder builderForValue) {
+      if (policyIdsBuilder_ == null) {
+        ensurePolicyIdsIsMutable();
+        policyIds_.add(builderForValue.build());
+        onChanged();
+      } else {
+        policyIdsBuilder_.addMessage(builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes the X.509 certificate policy object identifiers, per
+     * https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.ObjectId policy_ids = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder addPolicyIds(
+        int index, com.google.cloud.security.privateca.v1.ObjectId.Builder builderForValue) {
+      if (policyIdsBuilder_ == null) {
+        ensurePolicyIdsIsMutable();
+        policyIds_.add(index, builderForValue.build());
+        onChanged();
+      } else {
+        policyIdsBuilder_.addMessage(index, builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes the X.509 certificate policy object identifiers, per
+     * https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.ObjectId policy_ids = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder addAllPolicyIds(
+        java.lang.Iterable<? extends com.google.cloud.security.privateca.v1.ObjectId> values) {
+      if (policyIdsBuilder_ == null) {
+        ensurePolicyIdsIsMutable();
+        com.google.protobuf.AbstractMessageLite.Builder.addAll(values, policyIds_);
+        onChanged();
+      } else {
+        policyIdsBuilder_.addAllMessages(values);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes the X.509 certificate policy object identifiers, per
+     * https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.ObjectId policy_ids = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder clearPolicyIds() {
+      if (policyIdsBuilder_ == null) {
+        policyIds_ = java.util.Collections.emptyList();
+        bitField0_ = (bitField0_ & ~0x00000001);
+        onChanged();
+      } else {
+        policyIdsBuilder_.clear();
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes the X.509 certificate policy object identifiers, per
+     * https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.ObjectId policy_ids = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder removePolicyIds(int index) {
+      if (policyIdsBuilder_ == null) {
+        ensurePolicyIdsIsMutable();
+        policyIds_.remove(index);
+        onChanged();
+      } else {
+        policyIdsBuilder_.remove(index);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes the X.509 certificate policy object identifiers, per
+     * https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.ObjectId policy_ids = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.ObjectId.Builder getPolicyIdsBuilder(int index) {
+      return getPolicyIdsFieldBuilder().getBuilder(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes the X.509 certificate policy object identifiers, per
+     * https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.ObjectId policy_ids = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.ObjectIdOrBuilder getPolicyIdsOrBuilder(
+        int index) {
+      if (policyIdsBuilder_ == null) {
+        return policyIds_.get(index);
+      } else {
+        return policyIdsBuilder_.getMessageOrBuilder(index);
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes the X.509 certificate policy object identifiers, per
+     * https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.ObjectId policy_ids = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public java.util.List<? extends com.google.cloud.security.privateca.v1.ObjectIdOrBuilder>
+        getPolicyIdsOrBuilderList() {
+      if (policyIdsBuilder_ != null) {
+        return policyIdsBuilder_.getMessageOrBuilderList();
+      } else {
+        return java.util.Collections.unmodifiableList(policyIds_);
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes the X.509 certificate policy object identifiers, per
+     * https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.ObjectId policy_ids = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.ObjectId.Builder addPolicyIdsBuilder() {
+      return getPolicyIdsFieldBuilder()
+          .addBuilder(com.google.cloud.security.privateca.v1.ObjectId.getDefaultInstance());
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes the X.509 certificate policy object identifiers, per
+     * https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.ObjectId policy_ids = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.ObjectId.Builder addPolicyIdsBuilder(int index) {
+      return getPolicyIdsFieldBuilder()
+          .addBuilder(index, com.google.cloud.security.privateca.v1.ObjectId.getDefaultInstance());
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes the X.509 certificate policy object identifiers, per
+     * https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.ObjectId policy_ids = 3 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public java.util.List<com.google.cloud.security.privateca.v1.ObjectId.Builder>
+        getPolicyIdsBuilderList() {
+      return getPolicyIdsFieldBuilder().getBuilderList();
+    }
+
+    private com.google.protobuf.RepeatedFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.ObjectId,
+            com.google.cloud.security.privateca.v1.ObjectId.Builder,
+            com.google.cloud.security.privateca.v1.ObjectIdOrBuilder>
+        getPolicyIdsFieldBuilder() {
+      if (policyIdsBuilder_ == null) {
+        policyIdsBuilder_ =
+            new com.google.protobuf.RepeatedFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.ObjectId,
+                com.google.cloud.security.privateca.v1.ObjectId.Builder,
+                com.google.cloud.security.privateca.v1.ObjectIdOrBuilder>(
+                policyIds_, ((bitField0_ & 0x00000001) != 0), getParentForChildren(), isClean());
+        policyIds_ = null;
+      }
+      return policyIdsBuilder_;
+    }
+
+    private com.google.protobuf.LazyStringList aiaOcspServers_ =
+        com.google.protobuf.LazyStringArrayList.EMPTY;
+
+    private void ensureAiaOcspServersIsMutable() {
+      if (!((bitField0_ & 0x00000002) != 0)) {
+        aiaOcspServers_ = new com.google.protobuf.LazyStringArrayList(aiaOcspServers_);
+        bitField0_ |= 0x00000002;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses
+     * that appear in the "Authority Information Access" extension in the
+     * certificate.
+     * </pre>
+     *
+     * <code>repeated string aia_ocsp_servers = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return A list containing the aiaOcspServers.
+     */
+    public com.google.protobuf.ProtocolStringList getAiaOcspServersList() {
+      return aiaOcspServers_.getUnmodifiableView();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses
+     * that appear in the "Authority Information Access" extension in the
+     * certificate.
+     * </pre>
+     *
+     * <code>repeated string aia_ocsp_servers = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return The count of aiaOcspServers.
+     */
+    public int getAiaOcspServersCount() {
+      return aiaOcspServers_.size();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses
+     * that appear in the "Authority Information Access" extension in the
+     * certificate.
+     * </pre>
+     *
+     * <code>repeated string aia_ocsp_servers = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param index The index of the element to return.
+     * @return The aiaOcspServers at the given index.
+     */
+    public java.lang.String getAiaOcspServers(int index) {
+      return aiaOcspServers_.get(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses
+     * that appear in the "Authority Information Access" extension in the
+     * certificate.
+     * </pre>
+     *
+     * <code>repeated string aia_ocsp_servers = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param index The index of the value to return.
+     * @return The bytes of the aiaOcspServers at the given index.
+     */
+    public com.google.protobuf.ByteString getAiaOcspServersBytes(int index) {
+      return aiaOcspServers_.getByteString(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses
+     * that appear in the "Authority Information Access" extension in the
+     * certificate.
+     * </pre>
+     *
+     * <code>repeated string aia_ocsp_servers = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param index The index to set the value at.
+     * @param value The aiaOcspServers to set.
+     * @return This builder for chaining.
+     */
+    public Builder setAiaOcspServers(int index, java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensureAiaOcspServersIsMutable();
+      aiaOcspServers_.set(index, value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses
+     * that appear in the "Authority Information Access" extension in the
+     * certificate.
+     * </pre>
+     *
+     * <code>repeated string aia_ocsp_servers = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The aiaOcspServers to add.
+     * @return This builder for chaining.
+     */
+    public Builder addAiaOcspServers(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensureAiaOcspServersIsMutable();
+      aiaOcspServers_.add(value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses
+     * that appear in the "Authority Information Access" extension in the
+     * certificate.
+     * </pre>
+     *
+     * <code>repeated string aia_ocsp_servers = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param values The aiaOcspServers to add.
+     * @return This builder for chaining.
+     */
+    public Builder addAllAiaOcspServers(java.lang.Iterable<java.lang.String> values) {
+      ensureAiaOcspServersIsMutable();
+      com.google.protobuf.AbstractMessageLite.Builder.addAll(values, aiaOcspServers_);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses
+     * that appear in the "Authority Information Access" extension in the
+     * certificate.
+     * </pre>
+     *
+     * <code>repeated string aia_ocsp_servers = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearAiaOcspServers() {
+      aiaOcspServers_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000002);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses
+     * that appear in the "Authority Information Access" extension in the
+     * certificate.
+     * </pre>
+     *
+     * <code>repeated string aia_ocsp_servers = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+     *
+     * @param value The bytes of the aiaOcspServers to add.
+     * @return This builder for chaining.
+     */
+    public Builder addAiaOcspServersBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+      ensureAiaOcspServersIsMutable();
+      aiaOcspServers_.add(value);
+      onChanged();
+      return this;
+    }
+
+    private java.util.List<com.google.cloud.security.privateca.v1.X509Extension>
+        additionalExtensions_ = java.util.Collections.emptyList();
+
+    private void ensureAdditionalExtensionsIsMutable() {
+      if (!((bitField0_ & 0x00000004) != 0)) {
+        additionalExtensions_ =
+            new java.util.ArrayList<com.google.cloud.security.privateca.v1.X509Extension>(
+                additionalExtensions_);
+        bitField0_ |= 0x00000004;
+      }
+    }
+
+    private com.google.protobuf.RepeatedFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.X509Extension,
+            com.google.cloud.security.privateca.v1.X509Extension.Builder,
+            com.google.cloud.security.privateca.v1.X509ExtensionOrBuilder>
+        additionalExtensionsBuilder_;
+
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes custom X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.X509Extension additional_extensions = 5 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public java.util.List<com.google.cloud.security.privateca.v1.X509Extension>
+        getAdditionalExtensionsList() {
+      if (additionalExtensionsBuilder_ == null) {
+        return java.util.Collections.unmodifiableList(additionalExtensions_);
+      } else {
+        return additionalExtensionsBuilder_.getMessageList();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes custom X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.X509Extension additional_extensions = 5 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public int getAdditionalExtensionsCount() {
+      if (additionalExtensionsBuilder_ == null) {
+        return additionalExtensions_.size();
+      } else {
+        return additionalExtensionsBuilder_.getCount();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes custom X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.X509Extension additional_extensions = 5 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.X509Extension getAdditionalExtensions(int index) {
+      if (additionalExtensionsBuilder_ == null) {
+        return additionalExtensions_.get(index);
+      } else {
+        return additionalExtensionsBuilder_.getMessage(index);
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes custom X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.X509Extension additional_extensions = 5 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder setAdditionalExtensions(
+        int index, com.google.cloud.security.privateca.v1.X509Extension value) {
+      if (additionalExtensionsBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureAdditionalExtensionsIsMutable();
+        additionalExtensions_.set(index, value);
+        onChanged();
+      } else {
+        additionalExtensionsBuilder_.setMessage(index, value);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes custom X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.X509Extension additional_extensions = 5 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder setAdditionalExtensions(
+        int index, com.google.cloud.security.privateca.v1.X509Extension.Builder builderForValue) {
+      if (additionalExtensionsBuilder_ == null) {
+        ensureAdditionalExtensionsIsMutable();
+        additionalExtensions_.set(index, builderForValue.build());
+        onChanged();
+      } else {
+        additionalExtensionsBuilder_.setMessage(index, builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes custom X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.X509Extension additional_extensions = 5 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder addAdditionalExtensions(
+        com.google.cloud.security.privateca.v1.X509Extension value) {
+      if (additionalExtensionsBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureAdditionalExtensionsIsMutable();
+        additionalExtensions_.add(value);
+        onChanged();
+      } else {
+        additionalExtensionsBuilder_.addMessage(value);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes custom X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.X509Extension additional_extensions = 5 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder addAdditionalExtensions(
+        int index, com.google.cloud.security.privateca.v1.X509Extension value) {
+      if (additionalExtensionsBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureAdditionalExtensionsIsMutable();
+        additionalExtensions_.add(index, value);
+        onChanged();
+      } else {
+        additionalExtensionsBuilder_.addMessage(index, value);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes custom X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.X509Extension additional_extensions = 5 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder addAdditionalExtensions(
+        com.google.cloud.security.privateca.v1.X509Extension.Builder builderForValue) {
+      if (additionalExtensionsBuilder_ == null) {
+        ensureAdditionalExtensionsIsMutable();
+        additionalExtensions_.add(builderForValue.build());
+        onChanged();
+      } else {
+        additionalExtensionsBuilder_.addMessage(builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes custom X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.X509Extension additional_extensions = 5 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder addAdditionalExtensions(
+        int index, com.google.cloud.security.privateca.v1.X509Extension.Builder builderForValue) {
+      if (additionalExtensionsBuilder_ == null) {
+        ensureAdditionalExtensionsIsMutable();
+        additionalExtensions_.add(index, builderForValue.build());
+        onChanged();
+      } else {
+        additionalExtensionsBuilder_.addMessage(index, builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes custom X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.X509Extension additional_extensions = 5 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder addAllAdditionalExtensions(
+        java.lang.Iterable<? extends com.google.cloud.security.privateca.v1.X509Extension> values) {
+      if (additionalExtensionsBuilder_ == null) {
+        ensureAdditionalExtensionsIsMutable();
+        com.google.protobuf.AbstractMessageLite.Builder.addAll(values, additionalExtensions_);
+        onChanged();
+      } else {
+        additionalExtensionsBuilder_.addAllMessages(values);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes custom X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.X509Extension additional_extensions = 5 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder clearAdditionalExtensions() {
+      if (additionalExtensionsBuilder_ == null) {
+        additionalExtensions_ = java.util.Collections.emptyList();
+        bitField0_ = (bitField0_ & ~0x00000004);
+        onChanged();
+      } else {
+        additionalExtensionsBuilder_.clear();
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes custom X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.X509Extension additional_extensions = 5 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public Builder removeAdditionalExtensions(int index) {
+      if (additionalExtensionsBuilder_ == null) {
+        ensureAdditionalExtensionsIsMutable();
+        additionalExtensions_.remove(index);
+        onChanged();
+      } else {
+        additionalExtensionsBuilder_.remove(index);
+      }
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes custom X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.X509Extension additional_extensions = 5 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.X509Extension.Builder
+        getAdditionalExtensionsBuilder(int index) {
+      return getAdditionalExtensionsFieldBuilder().getBuilder(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes custom X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.X509Extension additional_extensions = 5 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.X509ExtensionOrBuilder
+        getAdditionalExtensionsOrBuilder(int index) {
+      if (additionalExtensionsBuilder_ == null) {
+        return additionalExtensions_.get(index);
+      } else {
+        return additionalExtensionsBuilder_.getMessageOrBuilder(index);
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes custom X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.X509Extension additional_extensions = 5 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public java.util.List<? extends com.google.cloud.security.privateca.v1.X509ExtensionOrBuilder>
+        getAdditionalExtensionsOrBuilderList() {
+      if (additionalExtensionsBuilder_ != null) {
+        return additionalExtensionsBuilder_.getMessageOrBuilderList();
+      } else {
+        return java.util.Collections.unmodifiableList(additionalExtensions_);
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes custom X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.X509Extension additional_extensions = 5 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.X509Extension.Builder
+        addAdditionalExtensionsBuilder() {
+      return getAdditionalExtensionsFieldBuilder()
+          .addBuilder(com.google.cloud.security.privateca.v1.X509Extension.getDefaultInstance());
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes custom X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.X509Extension additional_extensions = 5 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public com.google.cloud.security.privateca.v1.X509Extension.Builder
+        addAdditionalExtensionsBuilder(int index) {
+      return getAdditionalExtensionsFieldBuilder()
+          .addBuilder(
+              index, com.google.cloud.security.privateca.v1.X509Extension.getDefaultInstance());
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. Describes custom X.509 extensions.
+     * </pre>
+     *
+     * <code>
+     * repeated .google.cloud.security.privateca.v1.X509Extension additional_extensions = 5 [(.google.api.field_behavior) = OPTIONAL];
+     * </code>
+     */
+    public java.util.List<com.google.cloud.security.privateca.v1.X509Extension.Builder>
+        getAdditionalExtensionsBuilderList() {
+      return getAdditionalExtensionsFieldBuilder().getBuilderList();
+    }
+
+    private com.google.protobuf.RepeatedFieldBuilderV3<
+            com.google.cloud.security.privateca.v1.X509Extension,
+            com.google.cloud.security.privateca.v1.X509Extension.Builder,
+            com.google.cloud.security.privateca.v1.X509ExtensionOrBuilder>
+        getAdditionalExtensionsFieldBuilder() {
+      if (additionalExtensionsBuilder_ == null) {
+        additionalExtensionsBuilder_ =
+            new com.google.protobuf.RepeatedFieldBuilderV3<
+                com.google.cloud.security.privateca.v1.X509Extension,
+                com.google.cloud.security.privateca.v1.X509Extension.Builder,
+                com.google.cloud.security.privateca.v1.X509ExtensionOrBuilder>(
+                additionalExtensions_,
+                ((bitField0_ & 0x00000004) != 0),
+                getParentForChildren(),
+                isClean());
+        additionalExtensions_ = null;
+      }
+      return additionalExtensionsBuilder_;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFields(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.cloud.security.privateca.v1.X509Parameters)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.cloud.security.privateca.v1.X509Parameters)
+  private static final com.google.cloud.security.privateca.v1.X509Parameters DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.security.privateca.v1.X509Parameters();
+  }
+
+  public static com.google.cloud.security.privateca.v1.X509Parameters getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<X509Parameters> PARSER =
+      new com.google.protobuf.AbstractParser<X509Parameters>() {
+        @java.lang.Override
+        public X509Parameters parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new X509Parameters(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<X509Parameters> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<X509Parameters> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.security.privateca.v1.X509Parameters getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/X509ParametersOrBuilder.java b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/X509ParametersOrBuilder.java
new file mode 100644
index 00000000..7445acd2
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/java/com/google/cloud/security/privateca/v1/X509ParametersOrBuilder.java
@@ -0,0 +1,300 @@
+/*
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/cloud/security/privateca/v1/resources.proto
+
+package com.google.cloud.security.privateca.v1;
+
+public interface X509ParametersOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.cloud.security.privateca.v1.X509Parameters)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Indicates the intended use for keys that correspond to a certificate.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.KeyUsage key_usage = 1 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return Whether the keyUsage field is set.
+   */
+  boolean hasKeyUsage();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Indicates the intended use for keys that correspond to a certificate.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.KeyUsage key_usage = 1 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return The keyUsage.
+   */
+  com.google.cloud.security.privateca.v1.KeyUsage getKeyUsage();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Indicates the intended use for keys that correspond to a certificate.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.KeyUsage key_usage = 1 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.KeyUsageOrBuilder getKeyUsageOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes options in this [X509Parameters][google.cloud.security.privateca.v1.X509Parameters] that are relevant in a CA
+   * certificate.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.X509Parameters.CaOptions ca_options = 2 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return Whether the caOptions field is set.
+   */
+  boolean hasCaOptions();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes options in this [X509Parameters][google.cloud.security.privateca.v1.X509Parameters] that are relevant in a CA
+   * certificate.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.X509Parameters.CaOptions ca_options = 2 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   *
+   * @return The caOptions.
+   */
+  com.google.cloud.security.privateca.v1.X509Parameters.CaOptions getCaOptions();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes options in this [X509Parameters][google.cloud.security.privateca.v1.X509Parameters] that are relevant in a CA
+   * certificate.
+   * </pre>
+   *
+   * <code>
+   * .google.cloud.security.privateca.v1.X509Parameters.CaOptions ca_options = 2 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.X509Parameters.CaOptionsOrBuilder getCaOptionsOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes the X.509 certificate policy object identifiers, per
+   * https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.ObjectId policy_ids = 3 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  java.util.List<com.google.cloud.security.privateca.v1.ObjectId> getPolicyIdsList();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes the X.509 certificate policy object identifiers, per
+   * https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.ObjectId policy_ids = 3 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.ObjectId getPolicyIds(int index);
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes the X.509 certificate policy object identifiers, per
+   * https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.ObjectId policy_ids = 3 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  int getPolicyIdsCount();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes the X.509 certificate policy object identifiers, per
+   * https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.ObjectId policy_ids = 3 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  java.util.List<? extends com.google.cloud.security.privateca.v1.ObjectIdOrBuilder>
+      getPolicyIdsOrBuilderList();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes the X.509 certificate policy object identifiers, per
+   * https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.ObjectId policy_ids = 3 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.ObjectIdOrBuilder getPolicyIdsOrBuilder(int index);
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses
+   * that appear in the "Authority Information Access" extension in the
+   * certificate.
+   * </pre>
+   *
+   * <code>repeated string aia_ocsp_servers = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return A list containing the aiaOcspServers.
+   */
+  java.util.List<java.lang.String> getAiaOcspServersList();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses
+   * that appear in the "Authority Information Access" extension in the
+   * certificate.
+   * </pre>
+   *
+   * <code>repeated string aia_ocsp_servers = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @return The count of aiaOcspServers.
+   */
+  int getAiaOcspServersCount();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses
+   * that appear in the "Authority Information Access" extension in the
+   * certificate.
+   * </pre>
+   *
+   * <code>repeated string aia_ocsp_servers = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @param index The index of the element to return.
+   * @return The aiaOcspServers at the given index.
+   */
+  java.lang.String getAiaOcspServers(int index);
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses
+   * that appear in the "Authority Information Access" extension in the
+   * certificate.
+   * </pre>
+   *
+   * <code>repeated string aia_ocsp_servers = 4 [(.google.api.field_behavior) = OPTIONAL];</code>
+   *
+   * @param index The index of the value to return.
+   * @return The bytes of the aiaOcspServers at the given index.
+   */
+  com.google.protobuf.ByteString getAiaOcspServersBytes(int index);
+
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes custom X.509 extensions.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.X509Extension additional_extensions = 5 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  java.util.List<com.google.cloud.security.privateca.v1.X509Extension>
+      getAdditionalExtensionsList();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes custom X.509 extensions.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.X509Extension additional_extensions = 5 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.X509Extension getAdditionalExtensions(int index);
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes custom X.509 extensions.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.X509Extension additional_extensions = 5 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  int getAdditionalExtensionsCount();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes custom X.509 extensions.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.X509Extension additional_extensions = 5 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  java.util.List<? extends com.google.cloud.security.privateca.v1.X509ExtensionOrBuilder>
+      getAdditionalExtensionsOrBuilderList();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. Describes custom X.509 extensions.
+   * </pre>
+   *
+   * <code>
+   * repeated .google.cloud.security.privateca.v1.X509Extension additional_extensions = 5 [(.google.api.field_behavior) = OPTIONAL];
+   * </code>
+   */
+  com.google.cloud.security.privateca.v1.X509ExtensionOrBuilder getAdditionalExtensionsOrBuilder(
+      int index);
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/proto/google/cloud/security/privateca/v1/resources.proto b/proto-google-cloud-security-private-ca-v1/src/main/proto/google/cloud/security/privateca/v1/resources.proto
new file mode 100644
index 00000000..f0cd7a31
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/proto/google/cloud/security/privateca/v1/resources.proto
@@ -0,0 +1,1107 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.cloud.security.privateca.v1;
+
+import "google/api/field_behavior.proto";
+import "google/api/resource.proto";
+import "google/protobuf/duration.proto";
+import "google/protobuf/timestamp.proto";
+import "google/type/expr.proto";
+import "google/api/annotations.proto";
+
+option cc_enable_arenas = true;
+option csharp_namespace = "Google.Cloud.Security.PrivateCA.V1";
+option go_package = "google.golang.org/genproto/googleapis/cloud/security/privateca/v1;privateca";
+option java_multiple_files = true;
+option java_outer_classname = "PrivateCaResourcesProto";
+option java_package = "com.google.cloud.security.privateca.v1";
+option php_namespace = "Google\\Cloud\\Security\\PrivateCA\\V1";
+option ruby_package = "Google::Cloud::Security::PrivateCA::V1";
+
+// A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] represents an individual Certificate Authority.
+// A [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] can be used to create [Certificates][google.cloud.security.privateca.v1.Certificate].
+message CertificateAuthority {
+  option (google.api.resource) = {
+    type: "privateca.googleapis.com/CertificateAuthority"
+    pattern: "projects/{project}/locations/{location}/caPools/{ca_pool}/certificateAuthorities/{certificate_authority}"
+  };
+
+  // URLs where a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will publish content.
+  message AccessUrls {
+    // The URL where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate is
+    // published. This will only be set for CAs that have been activated.
+    string ca_certificate_access_url = 1;
+
+    // The URLs where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CRLs are published. This
+    // will only be set for CAs that have been activated.
+    repeated string crl_access_urls = 2;
+  }
+
+  // A Cloud KMS key configuration that a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will use.
+  message KeyVersionSpec {
+    oneof KeyVersion {
+      // The resource name for an existing Cloud KMS CryptoKeyVersion in the
+      // format
+      // `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
+      // This option enables full flexibility in the key's capabilities and
+      // properties.
+      string cloud_kms_key_version = 1;
+
+      // The algorithm to use for creating a managed Cloud KMS key for a for a
+      // simplified experience. All managed keys will be have their
+      // [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] as `HSM`.
+      SignHashAlgorithm algorithm = 2;
+    }
+  }
+
+  // The type of a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], indicating its issuing chain.
+  enum Type {
+    // Not specified.
+    TYPE_UNSPECIFIED = 0;
+
+    // Self-signed CA.
+    SELF_SIGNED = 1;
+
+    // Subordinate CA. Could be issued by a Private CA [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+    // or an unmanaged CA.
+    SUBORDINATE = 2;
+  }
+
+  // The state of a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], indicating if it can be used.
+  enum State {
+    // Not specified.
+    STATE_UNSPECIFIED = 0;
+
+    // Certificates can be issued from this CA. CRLs will be generated for this
+    // CA. The CA will be part of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, and will be
+    // used to issue certificates from the [CaPool][google.cloud.security.privateca.v1.CaPool].
+    ENABLED = 1;
+
+    // Certificates cannot be issued from this CA. CRLs will still be generated.
+    // The CA will be part of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, but will not be
+    // used to issue certificates from the [CaPool][google.cloud.security.privateca.v1.CaPool].
+    DISABLED = 2;
+
+    // Certificates can be issued from this CA. CRLs will be generated for this
+    // CA. The CA will be part of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, but will not
+    // be used to issue certificates from the [CaPool][google.cloud.security.privateca.v1.CaPool].
+    STAGED = 3;
+
+    // Certificates cannot be issued from this CA. CRLs will not be generated.
+    // The CA will not be part of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, and will not be
+    // used to issue certificates from the [CaPool][google.cloud.security.privateca.v1.CaPool].
+    AWAITING_USER_ACTIVATION = 4;
+
+    // Certificates cannot be issued from this CA. CRLs will not be generated.
+    // The CA may still be recovered by calling
+    // [CertificateAuthorityService.UndeleteCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.UndeleteCertificateAuthority] before
+    // [expire_time][google.cloud.security.privateca.v1.CertificateAuthority.expire_time].
+    // The CA will not be part of the [CaPool][google.cloud.security.privateca.v1.CaPool]'s trust anchor, and will not be
+    // used to issue certificates from the [CaPool][google.cloud.security.privateca.v1.CaPool].
+    DELETED = 5;
+  }
+
+  // The algorithm of a Cloud KMS CryptoKeyVersion of a
+  // [CryptoKey][google.cloud.kms.v1.CryptoKey] with the
+  // [CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose] value
+  // `ASYMMETRIC_SIGN`. These values correspond to the
+  // [CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm]
+  // values. For RSA signing algorithms, the PSS algorithms should be preferred,
+  // use PKCS1 algorithms if required for compatibility. For further
+  // recommandations, see
+  // https://cloud.google.com/kms/docs/algorithms#algorithm_recommendations.
+  enum SignHashAlgorithm {
+    // Not specified.
+    SIGN_HASH_ALGORITHM_UNSPECIFIED = 0;
+
+    // maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256
+    RSA_PSS_2048_SHA256 = 1;
+
+    // maps to CryptoKeyVersionAlgorithm. RSA_SIGN_PSS_3072_SHA256
+    RSA_PSS_3072_SHA256 = 2;
+
+    // maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_4096_SHA256
+    RSA_PSS_4096_SHA256 = 3;
+
+    // maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
+    RSA_PKCS1_2048_SHA256 = 6;
+
+    // maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_3072_SHA256
+    RSA_PKCS1_3072_SHA256 = 7;
+
+    // maps to CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256
+    RSA_PKCS1_4096_SHA256 = 8;
+
+    // maps to CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256
+    EC_P256_SHA256 = 4;
+
+    // maps to CryptoKeyVersionAlgorithm.EC_SIGN_P384_SHA384
+    EC_P384_SHA384 = 5;
+  }
+
+  // Output only. The resource name for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the
+  // format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+  string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Required. Immutable. The [Type][google.cloud.security.privateca.v1.CertificateAuthority.Type] of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+  Type type = 2 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.field_behavior) = IMMUTABLE
+  ];
+
+  // Required. Immutable. The config used to create a self-signed X.509 certificate or CSR.
+  CertificateConfig config = 3 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.field_behavior) = IMMUTABLE
+  ];
+
+  // Required. The desired lifetime of the CA certificate. Used to create the
+  // "not_before_time" and "not_after_time" fields inside an X.509
+  // certificate.
+  google.protobuf.Duration lifetime = 4 [(google.api.field_behavior) = REQUIRED];
+
+  // Required. Immutable. Used when issuing certificates for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. If this
+  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] is a self-signed CertificateAuthority, this key
+  // is also used to sign the self-signed CA certificate. Otherwise, it
+  // is used to sign a CSR.
+  KeyVersionSpec key_spec = 5 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.field_behavior) = IMMUTABLE
+  ];
+
+  // Optional. If this is a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], this field will be set
+  // with the subordinate configuration, which describes its issuers. This may
+  // be updated, but this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] must continue to validate.
+  SubordinateConfig subordinate_config = 6 [(google.api.field_behavior) = OPTIONAL];
+
+  // Output only. The [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier] of the [CaPool][google.cloud.security.privateca.v1.CaPool] that includes this
+  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+  CaPool.Tier tier = 7 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. The [State][google.cloud.security.privateca.v1.CertificateAuthority.State] for this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+  State state = 8 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. This [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate chain, including the current
+  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate. Ordered such that the root issuer
+  // is the final element (consistent with RFC 5246). For a self-signed CA, this
+  // will only list the current [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s certificate.
+  repeated string pem_ca_certificates = 9 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. A structured description of this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate
+  // and its issuers. Ordered as self-to-root.
+  repeated CertificateDescription ca_certificate_descriptions = 10 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Immutable. The name of a Cloud Storage bucket where this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will
+  // publish content, such as the CA certificate and CRLs. This must be a bucket
+  // name, without any prefixes (such as `gs://`) or suffixes (such as
+  // `.googleapis.com`). For example, to use a bucket named `my-bucket`, you
+  // would simply specify `my-bucket`. If not specified, a managed bucket will
+  // be created.
+  string gcs_bucket = 11 [(google.api.field_behavior) = IMMUTABLE];
+
+  // Output only. URLs for accessing content published by this CA, such as the CA certificate
+  // and CRLs.
+  AccessUrls access_urls = 12 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was created.
+  google.protobuf.Timestamp create_time = 13 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was last updated.
+  google.protobuf.Timestamp update_time = 14 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] was soft deleted, if
+  // it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+  google.protobuf.Timestamp delete_time = 15 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. The time at which this [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] will be permanently purged,
+  // if it is in the [DELETED][google.cloud.security.privateca.v1.CertificateAuthority.State.DELETED] state.
+  google.protobuf.Timestamp expire_time = 16 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Optional. Labels with user-defined metadata.
+  map<string, string> labels = 17 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// A [CaPool][google.cloud.security.privateca.v1.CaPool] represents a group of
+// [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority] that form a trust anchor. A
+// [CaPool][google.cloud.security.privateca.v1.CaPool] can be used to manage issuance policies for one or more
+// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] resources and to rotate CA certificates in and out
+// of the trust anchor.
+message CaPool {
+  option (google.api.resource) = {
+    type: "privateca.googleapis.com/CaPool"
+    pattern: "projects/{project}/locations/{location}/caPools/{ca_pool}"
+  };
+
+  // Options relating to the publication of each [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA
+  // certificate and CRLs and their inclusion as extensions in issued
+  // [Certificates][google.cloud.security.privateca.v1.Certificate]. The options set here apply to certificates
+  // issued by any [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the [CaPool][google.cloud.security.privateca.v1.CaPool].
+  message PublishingOptions {
+    // Required. When true, publishes each [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CA certificate and
+    // includes its URL in the "Authority Information Access" X.509 extension
+    // in all issued [Certificates][google.cloud.security.privateca.v1.Certificate]. If this is false, the CA
+    // certificate will not be published and the corresponding X.509 extension
+    // will not be written in issued certificates.
+    bool publish_ca_cert = 1 [(google.api.field_behavior) = REQUIRED];
+
+    // Required. When true, publishes each [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]'s CRL and includes its
+    // URL in the "CRL Distribution Points" X.509 extension in all issued
+    // [Certificates][google.cloud.security.privateca.v1.Certificate]. If this is false, CRLs will not be published
+    // and the corresponding X.509 extension will not be written in issued
+    // certificates.
+    // CRLs will expire 7 days from their creation. However, we will rebuild
+    // daily. CRLs are also rebuilt shortly after a certificate is revoked.
+    bool publish_crl = 2 [(google.api.field_behavior) = REQUIRED];
+  }
+
+  // Defines controls over all certificate issuance within a [CaPool][google.cloud.security.privateca.v1.CaPool].
+  message IssuancePolicy {
+    // Describes a "type" of key that may be used in a [Certificate][google.cloud.security.privateca.v1.Certificate] issued
+    // from a [CaPool][google.cloud.security.privateca.v1.CaPool].
+    // Note that a single [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] may refer to either a
+    // fully-qualified key algorithm, such as RSA 4096, or a family of key
+    // algorithms, such as any RSA key.
+    message AllowedKeyType {
+      // Describes an RSA key that may be used in a [Certificate][google.cloud.security.privateca.v1.Certificate] issued from
+      // a [CaPool][google.cloud.security.privateca.v1.CaPool].
+      message RsaKeyType {
+        // Optional. The minimum allowed RSA modulus size, in bits. If this is not set,
+        // or if set to zero, the service-level min RSA modulus size will
+        // continue to apply.
+        int64 min_modulus_size = 1 [(google.api.field_behavior) = OPTIONAL];
+
+        // Optional. The maximum allowed RSA modulus size, in bits. If this is not set,
+        // or if set to zero, the service will not enforce an explicit upper
+        // bound on RSA modulus sizes.
+        int64 max_modulus_size = 2 [(google.api.field_behavior) = OPTIONAL];
+      }
+
+      // Describes a named Elliptic Curve that may be used in a [Certificate][google.cloud.security.privateca.v1.Certificate]
+      // issued from a [CaPool][google.cloud.security.privateca.v1.CaPool].
+      enum NamedCurve {
+        // Not specified.
+        NAMED_CURVE_UNSPECIFIED = 0;
+
+        // Refers to the NIST P-256 curve.
+        ECDSA_P256 = 2;
+
+        // Refers to the NIST P-384 curve.
+        ECDSA_P384 = 3;
+
+        // Refers to the Ed25519 curve, as described in RFC 8410.
+        EDDSA_25519 = 4;
+      }
+
+      oneof key_type {
+        // Represents an allowed RSA key type.
+        RsaKeyType rsa = 1;
+
+        // Represents an allowed Elliptic Curve key type.
+        NamedCurve elliptic_curve = 2;
+      }
+    }
+
+    // [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes] specifies the allowed ways in which
+    // [Certificates][google.cloud.security.privateca.v1.Certificate] may be requested from this
+    // [CaPool][google.cloud.security.privateca.v1.CaPool].
+    message IssuanceModes {
+      // Required. When true, allows callers to create [Certificates][google.cloud.security.privateca.v1.Certificate] by
+      // specifying a CSR.
+      bool allow_csr_based_issuance = 1 [(google.api.field_behavior) = REQUIRED];
+
+      // Required. When true, allows callers to create [Certificates][google.cloud.security.privateca.v1.Certificate] by
+      // specifying a [CertificateConfig][google.cloud.security.privateca.v1.CertificateConfig].
+      bool allow_config_based_issuance = 2 [(google.api.field_behavior) = REQUIRED];
+    }
+
+    // Optional. If any [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] is specified, then the certificate request's
+    // public key must match one of the key types listed here. Otherwise,
+    // any key may be used.
+    repeated AllowedKeyType allowed_key_types = 1 [(google.api.field_behavior) = OPTIONAL];
+
+    // Optional. The maximum lifetime allowed for issued [Certificates][google.cloud.security.privateca.v1.Certificate]. Note
+    // that if the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] expires before a
+    // [Certificate][google.cloud.security.privateca.v1.Certificate]'s requested maximum_lifetime, the effective lifetime will
+    // be explicitly truncated to match it.
+    google.protobuf.Duration maximum_lifetime = 2 [(google.api.field_behavior) = OPTIONAL];
+
+    // Optional. If specified, then only methods allowed in the [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes] may be
+    // used to issue [Certificates][google.cloud.security.privateca.v1.Certificate].
+    IssuanceModes allowed_issuance_modes = 3 [(google.api.field_behavior) = OPTIONAL];
+
+    // Optional. A set of X.509 values that will be applied to all certificates issued
+    // through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request includes conflicting
+    // values for the same properties, they will be overwritten by the values
+    // defined here. If a certificate request uses a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+    // that defines conflicting
+    // [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] for the same
+    // properties, the certificate issuance request will fail.
+    X509Parameters baseline_values = 4 [(google.api.field_behavior) = OPTIONAL];
+
+    // Optional. Describes constraints on identities that may appear in
+    // [Certificates][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool].
+    // If this is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
+    // certificate's identity.
+    CertificateIdentityConstraints identity_constraints = 5 [(google.api.field_behavior) = OPTIONAL];
+
+    // Optional. Describes the set of X.509 extensions that may appear in a
+    // [Certificate][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request
+    // sets extensions that don't appear in the [passthrough_extensions][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.passthrough_extensions],
+    // those extensions will be dropped. If a certificate request uses a
+    // [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with
+    // [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] that don't
+    // appear here, the certificate issuance request will fail. If this is
+    // omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a
+    // certificate's X.509 extensions. These constraints do not apply to X.509
+    // extensions set in this [CaPool][google.cloud.security.privateca.v1.CaPool]'s [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values].
+    CertificateExtensionConstraints passthrough_extensions = 6 [(google.api.field_behavior) = OPTIONAL];
+  }
+
+  // The tier of a [CaPool][google.cloud.security.privateca.v1.CaPool], indicating its supported functionality and/or
+  // billing SKU.
+  enum Tier {
+    // Not specified.
+    TIER_UNSPECIFIED = 0;
+
+    // Enterprise tier.
+    ENTERPRISE = 1;
+
+    // DevOps tier.
+    DEVOPS = 2;
+  }
+
+  // Output only. The resource name for this [CaPool][google.cloud.security.privateca.v1.CaPool] in the
+  // format `projects/*/locations/*/caPools/*`.
+  string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Required. Immutable. The [Tier][google.cloud.security.privateca.v1.CaPool.Tier] of this [CaPool][google.cloud.security.privateca.v1.CaPool].
+  Tier tier = 2 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.field_behavior) = IMMUTABLE
+  ];
+
+  // Optional. The [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] to control how [Certificates][google.cloud.security.privateca.v1.Certificate]
+  // will be issued from this [CaPool][google.cloud.security.privateca.v1.CaPool].
+  IssuancePolicy issuance_policy = 3 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. The [PublishingOptions][google.cloud.security.privateca.v1.CaPool.PublishingOptions] to follow when issuing
+  // [Certificates][google.cloud.security.privateca.v1.Certificate] from any [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in this
+  // [CaPool][google.cloud.security.privateca.v1.CaPool].
+  PublishingOptions publishing_options = 4 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. Labels with user-defined metadata.
+  map<string, string> labels = 5 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// A [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] corresponds to a signed X.509 certificate
+// Revocation List (CRL). A CRL contains the serial numbers of certificates that
+// should no longer be trusted.
+message CertificateRevocationList {
+  option (google.api.resource) = {
+    type: "privateca.googleapis.com/CertificateRevocationList"
+    pattern: "projects/{project}/locations/{location}/caPools/{ca_pool}/certificateAuthorities/{certificate_authority}/certificateRevocationLists/{certificate_revocation_list}"
+  };
+
+  // Describes a revoked [Certificate][google.cloud.security.privateca.v1.Certificate].
+  message RevokedCertificate {
+    // The resource name for the [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+    // `projects/*/locations/*/caPools/*/certificates/*`.
+    string certificate = 1 [(google.api.resource_reference) = {
+                              type: "privateca.googleapis.com/Certificate"
+                            }];
+
+    // The serial number of the [Certificate][google.cloud.security.privateca.v1.Certificate].
+    string hex_serial_number = 2;
+
+    // The reason the [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+    RevocationReason revocation_reason = 3;
+  }
+
+  // The state of a [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList], indicating if it is current.
+  enum State {
+    // Not specified.
+    STATE_UNSPECIFIED = 0;
+
+    // The [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] is up to date.
+    ACTIVE = 1;
+
+    // The [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] is no longer current.
+    SUPERSEDED = 2;
+  }
+
+  // Output only. The resource name for this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] in
+  // the format
+  // `projects/*/locations/*/caPools/*certificateAuthorities/*/
+  //    certificateRevocationLists/*`.
+  string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. The CRL sequence number that appears in pem_crl.
+  int64 sequence_number = 2 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. The revoked serial numbers that appear in pem_crl.
+  repeated RevokedCertificate revoked_certificates = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. The PEM-encoded X.509 CRL.
+  string pem_crl = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. The location where 'pem_crl' can be accessed.
+  string access_url = 5 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. The [State][google.cloud.security.privateca.v1.CertificateRevocationList.State] for this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+  State state = 6 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was created.
+  google.protobuf.Timestamp create_time = 7 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. The time at which this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList] was updated.
+  google.protobuf.Timestamp update_time = 8 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. The revision ID of this [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]. A new revision is
+  // committed whenever a new CRL is published. The format is an 8-character
+  // hexadecimal string.
+  string revision_id = 9 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Optional. Labels with user-defined metadata.
+  map<string, string> labels = 10 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// A [Certificate][google.cloud.security.privateca.v1.Certificate] corresponds to a signed X.509 certificate issued by a
+// [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+message Certificate {
+  option (google.api.resource) = {
+    type: "privateca.googleapis.com/Certificate"
+    pattern: "projects/{project}/locations/{location}/caPools/{ca_pool}/certificates/{certificate}"
+  };
+
+  // Describes fields that are relavent to the revocation of a [Certificate][google.cloud.security.privateca.v1.Certificate].
+  message RevocationDetails {
+    // Indicates why a [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+    RevocationReason revocation_state = 1;
+
+    // The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was revoked.
+    google.protobuf.Timestamp revocation_time = 2;
+  }
+
+  // Output only. The resource name for this [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+  // `projects/*/locations/*/caPools/*/certificates/*`.
+  string name = 1 [
+    (google.api.field_behavior) = OUTPUT_ONLY,
+    (google.api.resource_reference) = {
+      type: "privateca.googleapis.com/Certificate"
+    }
+  ];
+
+  // The config used to create a signed X.509 certificate.
+  oneof certificate_config {
+    // Immutable. A pem-encoded X.509 certificate signing request (CSR).
+    string pem_csr = 2 [(google.api.field_behavior) = IMMUTABLE];
+
+    // Immutable. A description of the certificate and key that does not require X.509 or
+    // ASN.1.
+    CertificateConfig config = 3 [(google.api.field_behavior) = IMMUTABLE];
+  }
+
+  // Output only. The resource name of the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the format
+  // `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+  string issuer_certificate_authority = 4 [
+    (google.api.field_behavior) = OUTPUT_ONLY,
+    (google.api.resource_reference) = {
+      type: "privateca.googleapis.com/CertificateAuthority"
+    }
+  ];
+
+  // Required. Immutable. The desired lifetime of a certificate. Used to create the
+  // "not_before_time" and "not_after_time" fields inside an X.509
+  // certificate. Note that the lifetime may be truncated if it would extend
+  // past the life of any certificate authority in the issuing chain.
+  google.protobuf.Duration lifetime = 5 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.field_behavior) = IMMUTABLE
+  ];
+
+  // Immutable. The resource name for a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] used to issue this
+  // certificate, in the format
+  // `projects/*/locations/*/certificateTemplates/*`.
+  // If this is specified, the caller must have the necessary permission to
+  // use this template. If this is omitted, no template will be used.
+  // This template must be in the same location as the [Certificate][google.cloud.security.privateca.v1.Certificate].
+  string certificate_template = 6 [
+    (google.api.field_behavior) = IMMUTABLE,
+    (google.api.resource_reference) = {
+      type: "privateca.googleapis.com/CertificateTemplate"
+    }
+  ];
+
+  // Immutable. Specifies how the [Certificate][google.cloud.security.privateca.v1.Certificate]'s identity fields are to be decided.
+  // If this is omitted, the `DEFAULT` subject mode will be used.
+  SubjectRequestMode subject_mode = 7 [(google.api.field_behavior) = IMMUTABLE];
+
+  // Output only. Details regarding the revocation of this [Certificate][google.cloud.security.privateca.v1.Certificate]. This
+  // [Certificate][google.cloud.security.privateca.v1.Certificate] is considered revoked if and only if this field is present.
+  RevocationDetails revocation_details = 8 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. The pem-encoded, signed X.509 certificate.
+  string pem_certificate = 9 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. A structured description of the issued X.509 certificate.
+  CertificateDescription certificate_description = 10 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. The chain that may be used to verify the X.509 certificate. Expected to be
+  // in issuer-to-root order according to RFC 5246.
+  repeated string pem_certificate_chain = 11 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was created.
+  google.protobuf.Timestamp create_time = 12 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. The time at which this [Certificate][google.cloud.security.privateca.v1.Certificate] was updated.
+  google.protobuf.Timestamp update_time = 13 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Optional. Labels with user-defined metadata.
+  map<string, string> labels = 14 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// A [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] refers to a managed template for certificate
+// issuance.
+message CertificateTemplate {
+  option (google.api.resource) = {
+    type: "privateca.googleapis.com/CertificateTemplate"
+    pattern: "projects/{project}/locations/{location}/certificateTemplates/{certificate_template}"
+  };
+
+  // Output only. The resource name for this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] in the format
+  // `projects/*/locations/*/certificateTemplates/*`.
+  string name = 1 [
+    (google.api.field_behavior) = OUTPUT_ONLY,
+    (google.api.resource_reference) = {
+      type: "privateca.googleapis.com/CertificateTemplate"
+    }
+  ];
+
+  // Optional. A set of X.509 values that will be applied to all issued certificates that
+  // use this template. If the certificate request includes conflicting values
+  // for the same properties, they will be overwritten by the values defined
+  // here. If the issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy]
+  // defines conflicting
+  // [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] for the same
+  // properties, the certificate issuance request will fail.
+  X509Parameters predefined_values = 2 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. Describes constraints on identities that may be appear in
+  // [Certificates][google.cloud.security.privateca.v1.Certificate] issued using this template. If this is omitted,
+  // then this template will not add restrictions on a certificate's identity.
+  CertificateIdentityConstraints identity_constraints = 3 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. Describes the set of X.509 extensions that may appear in a
+  // [Certificate][google.cloud.security.privateca.v1.Certificate] issued using this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]. If a certificate
+  // request sets extensions that don't appear in the
+  // [passthrough_extensions][google.cloud.security.privateca.v1.CertificateTemplate.passthrough_extensions], those extensions will be dropped. If the
+  // issuing [CaPool][google.cloud.security.privateca.v1.CaPool]'s [IssuancePolicy][google.cloud.security.privateca.v1.CaPool.IssuancePolicy] defines
+  // [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values] that don't appear
+  // here, the certificate issuance request will fail. If this is omitted, then
+  // this template will not add restrictions on a certificate's X.509
+  // extensions. These constraints do not apply to X.509 extensions set in this
+  // [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]'s [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values].
+  CertificateExtensionConstraints passthrough_extensions = 4 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. A human-readable description of scenarios this template is intended for.
+  string description = 5 [(google.api.field_behavior) = OPTIONAL];
+
+  // Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was created.
+  google.protobuf.Timestamp create_time = 6 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. The time at which this [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] was updated.
+  google.protobuf.Timestamp update_time = 7 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Optional. Labels with user-defined metadata.
+  map<string, string> labels = 8 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// An [X509Parameters][google.cloud.security.privateca.v1.X509Parameters] is used to describe certain fields of an
+// X.509 certificate, such as the key usage fields, fields specific to CA
+// certificates, certificate policy extensions and custom extensions.
+message X509Parameters {
+  // Describes values that are relevant in a CA certificate.
+  message CaOptions {
+    // Optional. Refers to the "CA" X.509 extension, which is a boolean value. When this
+    // value is missing, the extension will be omitted from the CA certificate.
+    optional bool is_ca = 1 [(google.api.field_behavior) = OPTIONAL];
+
+    // Optional. Refers to the path length restriction X.509 extension. For a CA
+    // certificate, this value describes the depth of subordinate CA
+    // certificates that are allowed.
+    // If this value is less than 0, the request will fail.
+    // If this value is missing, the max path length will be omitted from the
+    // CA certificate.
+    optional int32 max_issuer_path_length = 2 [(google.api.field_behavior) = OPTIONAL];
+  }
+
+  // Optional. Indicates the intended use for keys that correspond to a certificate.
+  KeyUsage key_usage = 1 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. Describes options in this [X509Parameters][google.cloud.security.privateca.v1.X509Parameters] that are relevant in a CA
+  // certificate.
+  CaOptions ca_options = 2 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. Describes the X.509 certificate policy object identifiers, per
+  // https://tools.ietf.org/html/rfc5280#section-4.2.1.4.
+  repeated ObjectId policy_ids = 3 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses
+  // that appear in the "Authority Information Access" extension in the
+  // certificate.
+  repeated string aia_ocsp_servers = 4 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. Describes custom X.509 extensions.
+  repeated X509Extension additional_extensions = 5 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// Describes a subordinate CA's issuers. This is either a resource name to a
+// known issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], or a PEM issuer certificate chain.
+message SubordinateConfig {
+  // This message describes a subordinate CA's issuer certificate chain. This
+  // wrapper exists for compatibility reasons.
+  message SubordinateConfigChain {
+    // Required. Expected to be in leaf-to-root order according to RFC 5246.
+    repeated string pem_certificates = 1 [(google.api.field_behavior) = REQUIRED];
+  }
+
+  oneof subordinate_config {
+    // Required. This can refer to a [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] in the same project that
+    // was used to create a subordinate [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]. This field
+    // is used for information and usability purposes only. The resource name
+    // is in the format
+    // `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+    string certificate_authority = 1 [
+      (google.api.field_behavior) = REQUIRED,
+      (google.api.resource_reference) = {
+        type: "privateca.googleapis.com/CertificateAuthority"
+      }
+    ];
+
+    // Required. Contains the PEM certificate chain for the issuers of this
+    // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority], but not pem certificate for this CA itself.
+    SubordinateConfigChain pem_issuer_chain = 2 [(google.api.field_behavior) = REQUIRED];
+  }
+}
+
+// A [PublicKey][google.cloud.security.privateca.v1.PublicKey] describes a public key.
+message PublicKey {
+  // Types of public keys formats that are supported. Currently, only `PEM`
+  // format is supported.
+  enum KeyFormat {
+    // Default unspecified value.
+    KEY_FORMAT_UNSPECIFIED = 0;
+
+    // The key is PEM-encoded as defined in [RFC
+    // 7468](https://tools.ietf.org/html/rfc7468). It can be any of the
+    // following: a PEM-encoded PKCS#1/RFC 3447 RSAPublicKey
+    // structure, an RFC 5280
+    // [SubjectPublicKeyInfo](https://tools.ietf.org/html/rfc5280#section-4.1)
+    // or a PEM-encoded X.509 certificate signing request (CSR). If a
+    // [SubjectPublicKeyInfo](https://tools.ietf.org/html/rfc5280#section-4.1)
+    // is specified, it can contain a A PEM-encoded PKCS#1/RFC 3447 RSAPublicKey
+    // or a NIST P-256/secp256r1/prime256v1 or P-384 key. If a CSR is specified,
+    // it will used solely for the purpose of extracting the public key. When
+    // generated by the service, it will always be an RFC 5280
+    // [SubjectPublicKeyInfo](https://tools.ietf.org/html/rfc5280#section-4.1)
+    // structure containing an algorithm identifier and a key.
+    PEM = 1;
+  }
+
+  // Required. A public key. The padding and encoding
+  // must match with the `KeyFormat` value specified for the `format` field.
+  bytes key = 1 [(google.api.field_behavior) = REQUIRED];
+
+  // Required. The format of the public key.
+  KeyFormat format = 2 [(google.api.field_behavior) = REQUIRED];
+}
+
+// A [CertificateConfig][google.cloud.security.privateca.v1.CertificateConfig] describes an X.509 certificate or CSR that is to be
+// created, as an alternative to using ASN.1.
+message CertificateConfig {
+  // These values are used to create the distinguished name and subject
+  // alternative name fields in an X.509 certificate.
+  message SubjectConfig {
+    // Required. Contains distinguished name fields such as the common name, location and
+    // organization.
+    Subject subject = 1 [(google.api.field_behavior) = REQUIRED];
+
+    // Optional. The subject alternative name fields.
+    SubjectAltNames subject_alt_name = 2 [(google.api.field_behavior) = OPTIONAL];
+  }
+
+  // Required. Specifies some of the values in a certificate that are related to the
+  // subject.
+  SubjectConfig subject_config = 1 [(google.api.field_behavior) = REQUIRED];
+
+  // Required. Describes how some of the technical X.509 fields in a certificate should be
+  // populated.
+  X509Parameters x509_config = 2 [(google.api.field_behavior) = REQUIRED];
+
+  // Optional. The public key that corresponds to this config. This is, for example, used
+  // when issuing [Certificates][google.cloud.security.privateca.v1.Certificate], but not when creating a
+  // self-signed [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] or [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] CSR.
+  PublicKey public_key = 3 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// A [CertificateDescription][google.cloud.security.privateca.v1.CertificateDescription] describes an X.509 certificate or CSR that has
+// been issued, as an alternative to using ASN.1 / X.509.
+message CertificateDescription {
+  // These values describe fields in an issued X.509 certificate such as the
+  // distinguished name, subject alternative names, serial number, and lifetime.
+  message SubjectDescription {
+    // Contains distinguished name fields such as the common name, location and
+    // / organization.
+    Subject subject = 1;
+
+    // The subject alternative name fields.
+    SubjectAltNames subject_alt_name = 2;
+
+    // The serial number encoded in lowercase hexadecimal.
+    string hex_serial_number = 3;
+
+    // For convenience, the actual lifetime of an issued certificate.
+    // Corresponds to 'not_after_time' - 'not_before_time'.
+    google.protobuf.Duration lifetime = 4;
+
+    // The time at which the certificate becomes valid.
+    google.protobuf.Timestamp not_before_time = 5;
+
+    // The time at which the certificate expires.
+    google.protobuf.Timestamp not_after_time = 6;
+  }
+
+  // A KeyId identifies a specific public key, usually by hashing the public
+  // key.
+  message KeyId {
+    // Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most
+    // likely the 160 bit SHA-1 hash of the public key.
+    string key_id = 1 [(google.api.field_behavior) = OPTIONAL];
+  }
+
+  // A group of fingerprints for the x509 certificate.
+  message CertificateFingerprint {
+    // The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.
+    string sha256_hash = 1;
+  }
+
+  // Describes some of the values in a certificate that are related to the
+  // subject and lifetime.
+  SubjectDescription subject_description = 1;
+
+  // Describes some of the technical X.509 fields in a certificate.
+  X509Parameters x509_description = 2;
+
+  // The public key that corresponds to an issued certificate.
+  PublicKey public_key = 3;
+
+  // Provides a means of identifiying certificates that contain a particular
+  // public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.
+  KeyId subject_key_id = 4;
+
+  // Identifies the subject_key_id of the parent certificate, per
+  // https://tools.ietf.org/html/rfc5280#section-4.2.1.1
+  KeyId authority_key_id = 5;
+
+  // Describes a list of locations to obtain CRL information, i.e.
+  // the DistributionPoint.fullName described by
+  // https://tools.ietf.org/html/rfc5280#section-4.2.1.13
+  repeated string crl_distribution_points = 6;
+
+  // Describes lists of issuer CA certificate URLs that appear in the
+  // "Authority Information Access" extension in the certificate.
+  repeated string aia_issuing_certificate_urls = 7;
+
+  // The hash of the x.509 certificate.
+  CertificateFingerprint cert_fingerprint = 8;
+}
+
+// An [ObjectId][google.cloud.security.privateca.v1.ObjectId] specifies an object identifier (OID). These provide context
+// and describe types in ASN.1 messages.
+message ObjectId {
+  // Required. The parts of an OID path. The most significant parts of the path come
+  // first.
+  repeated int32 object_id_path = 1 [(google.api.field_behavior) = REQUIRED];
+}
+
+// An [X509Extension][google.cloud.security.privateca.v1.X509Extension] specifies an X.509 extension, which may be used in
+// different parts of X.509 objects like certificates, CSRs, and CRLs.
+message X509Extension {
+  // Required. The OID for this X.509 extension.
+  ObjectId object_id = 1 [(google.api.field_behavior) = REQUIRED];
+
+  // Required. Indicates whether or not this extension is critical (i.e., if the client
+  // does not know how to handle this extension, the client should consider this
+  // to be an error).
+  bool critical = 2 [(google.api.field_behavior) = REQUIRED];
+
+  // Required. The value of this X.509 extension.
+  bytes value = 3 [(google.api.field_behavior) = REQUIRED];
+}
+
+// A [KeyUsage][google.cloud.security.privateca.v1.KeyUsage] describes key usage values that may appear in an X.509
+// certificate.
+message KeyUsage {
+  // [KeyUsage.KeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.KeyUsageOptions] corresponds to the key usage values
+  // described in https://tools.ietf.org/html/rfc5280#section-4.2.1.3.
+  message KeyUsageOptions {
+    // The key may be used for digital signatures.
+    bool digital_signature = 1;
+
+    // The key may be used for cryptographic commitments. Note that this may
+    // also be referred to as "non-repudiation".
+    bool content_commitment = 2;
+
+    // The key may be used to encipher other keys.
+    bool key_encipherment = 3;
+
+    // The key may be used to encipher data.
+    bool data_encipherment = 4;
+
+    // The key may be used in a key agreement protocol.
+    bool key_agreement = 5;
+
+    // The key may be used to sign certificates.
+    bool cert_sign = 6;
+
+    // The key may be used sign certificate revocation lists.
+    bool crl_sign = 7;
+
+    // The key may be used to encipher only.
+    bool encipher_only = 8;
+
+    // The key may be used to decipher only.
+    bool decipher_only = 9;
+  }
+
+  // [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] has fields that correspond to
+  // certain common OIDs that could be specified as an extended key usage value.
+  message ExtendedKeyUsageOptions {
+    // Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as "TLS WWW
+    // server authentication", though regularly used for non-WWW TLS.
+    bool server_auth = 1;
+
+    // Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as "TLS WWW
+    // client authentication", though regularly used for non-WWW TLS.
+    bool client_auth = 2;
+
+    // Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as "Signing of
+    // downloadable executable code client authentication".
+    bool code_signing = 3;
+
+    // Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as "Email
+    // protection".
+    bool email_protection = 4;
+
+    // Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as "Binding
+    // the hash of an object to a time".
+    bool time_stamping = 5;
+
+    // Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as "Signing
+    // OCSP responses".
+    bool ocsp_signing = 6;
+  }
+
+  // Describes high-level ways in which a key may be used.
+  KeyUsageOptions base_key_usage = 1;
+
+  // Detailed scenarios in which a key may be used.
+  ExtendedKeyUsageOptions extended_key_usage = 2;
+
+  // Used to describe extended key usages that are not listed in the
+  // [KeyUsage.ExtendedKeyUsageOptions][google.cloud.security.privateca.v1.KeyUsage.ExtendedKeyUsageOptions] message.
+  repeated ObjectId unknown_extended_key_usages = 3;
+}
+
+// [Subject][google.cloud.security.privateca.v1.Subject] describes parts of a distinguished name that, in turn,
+// describes the subject of the certificate.
+message Subject {
+  // The "common name" of the subject.
+  string common_name = 1;
+
+  // The country code of the subject.
+  string country_code = 2;
+
+  // The organization of the subject.
+  string organization = 3;
+
+  // The organizational_unit of the subject.
+  string organizational_unit = 4;
+
+  // The locality or city of the subject.
+  string locality = 5;
+
+  // The province, territory, or regional state of the subject.
+  string province = 6;
+
+  // The street address of the subject.
+  string street_address = 7;
+
+  // The postal code of the subject.
+  string postal_code = 8;
+}
+
+// [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] corresponds to a more modern way of listing what
+// the asserted identity is in a certificate (i.e., compared to the "common
+// name" in the distinguished name).
+message SubjectAltNames {
+  // Contains only valid, fully-qualified host names.
+  repeated string dns_names = 1;
+
+  // Contains only valid RFC 3986 URIs.
+  repeated string uris = 2;
+
+  // Contains only valid RFC 2822 E-mail addresses.
+  repeated string email_addresses = 3;
+
+  // Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.
+  repeated string ip_addresses = 4;
+
+  // Contains additional subject alternative name values.
+  repeated X509Extension custom_sans = 5;
+}
+
+// Describes constraints on a [Certificate][google.cloud.security.privateca.v1.Certificate]'s [Subject][google.cloud.security.privateca.v1.Subject] and
+// [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames].
+message CertificateIdentityConstraints {
+  // Optional. A CEL expression that may be used to validate the resolved X.509 Subject
+  // and/or Subject Alternative Name before a certificate is signed.
+  // To see the full allowed syntax and some examples, see
+  // https://cloud.google.com/certificate-authority-service/docs/cel-guide
+  google.type.Expr cel_expression = 1 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. If this is set, the [Subject][google.cloud.security.privateca.v1.Subject] field may be copied from a certificate
+  // request into the signed certificate. Otherwise, the requested [Subject][google.cloud.security.privateca.v1.Subject]
+  // will be discarded.
+  bool allow_subject_passthrough = 2 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. If this is set, the [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] extension may be copied from a
+  // certificate request into the signed certificate. Otherwise, the requested
+  // [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] will be discarded.
+  bool allow_subject_alt_names_passthrough = 3 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// Describes a set of X.509 extensions that may be part of some certificate
+// issuance controls.
+message CertificateExtensionConstraints {
+  // Describes well-known X.509 extensions that can appear in a [Certificate][google.cloud.security.privateca.v1.Certificate],
+  // not including the [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] extension.
+  enum KnownCertificateExtension {
+    // Not specified.
+    KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED = 0;
+
+    // Refers to a certificate's Key Usage extension, as described in [RFC 5280
+    // section 4.2.1.3](https://tools.ietf.org/html/rfc5280#section-4.2.1.3).
+    // This corresponds to the [KeyUsage.base_key_usage][google.cloud.security.privateca.v1.KeyUsage.base_key_usage] field.
+    BASE_KEY_USAGE = 1;
+
+    // Refers to a certificate's Extended Key Usage extension, as described in
+    // [RFC 5280
+    // section 4.2.1.12](https://tools.ietf.org/html/rfc5280#section-4.2.1.12).
+    // This corresponds to the [KeyUsage.extended_key_usage][google.cloud.security.privateca.v1.KeyUsage.extended_key_usage] message.
+    EXTENDED_KEY_USAGE = 2;
+
+    // Refers to a certificate's Basic Constraints extension, as described in
+    // [RFC 5280
+    // section 4.2.1.9](https://tools.ietf.org/html/rfc5280#section-4.2.1.9).
+    // This corresponds to the [X509Parameters.ca_options][google.cloud.security.privateca.v1.X509Parameters.ca_options] field.
+    CA_OPTIONS = 3;
+
+    // Refers to a certificate's Policy object identifiers, as described in
+    // [RFC 5280
+    // section 4.2.1.4](https://tools.ietf.org/html/rfc5280#section-4.2.1.4).
+    // This corresponds to the [X509Parameters.policy_ids][google.cloud.security.privateca.v1.X509Parameters.policy_ids] field.
+    POLICY_IDS = 4;
+
+    // Refers to OCSP servers in a certificate's Authority Information Access
+    // extension, as described in
+    // [RFC 5280
+    // section 4.2.2.1](https://tools.ietf.org/html/rfc5280#section-4.2.2.1),
+    // This corresponds to the [X509Parameters.aia_ocsp_servers][google.cloud.security.privateca.v1.X509Parameters.aia_ocsp_servers] field.
+    AIA_OCSP_SERVERS = 5;
+  }
+
+  // Optional. A set of named X.509 extensions. Will be combined with
+  // [additional_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.additional_extensions] to determine the full set of X.509 extensions.
+  repeated KnownCertificateExtension known_extensions = 1 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. A set of [ObjectIds][google.cloud.security.privateca.v1.ObjectId] identifying custom X.509 extensions.
+  // Will be combined with [known_extensions][google.cloud.security.privateca.v1.CertificateExtensionConstraints.known_extensions] to determine the full set of
+  // X.509 extensions.
+  repeated ObjectId additional_extensions = 2 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// A [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] indicates whether a [Certificate][google.cloud.security.privateca.v1.Certificate] has been revoked,
+// and the reason for revocation. These correspond to standard revocation
+// reasons from RFC 5280. Note that the enum labels and values in this
+// definition are not the same ASN.1 values defined in RFC 5280. These values
+// will be translated to the correct ASN.1 values when a CRL is created.
+enum RevocationReason {
+  // Default unspecified value. This value does indicate that a [Certificate][google.cloud.security.privateca.v1.Certificate]
+  // has been revoked, but that a reason has not been recorded.
+  REVOCATION_REASON_UNSPECIFIED = 0;
+
+  // Key material for this [Certificate][google.cloud.security.privateca.v1.Certificate] may have leaked.
+  KEY_COMPROMISE = 1;
+
+  // The key material for a certificate authority in the issuing path may have
+  // leaked.
+  CERTIFICATE_AUTHORITY_COMPROMISE = 2;
+
+  // The subject or other attributes in this [Certificate][google.cloud.security.privateca.v1.Certificate] have changed.
+  AFFILIATION_CHANGED = 3;
+
+  // This [Certificate][google.cloud.security.privateca.v1.Certificate] has been superseded.
+  SUPERSEDED = 4;
+
+  // This [Certificate][google.cloud.security.privateca.v1.Certificate] or entities in the issuing path have ceased to
+  // operate.
+  CESSATION_OF_OPERATION = 5;
+
+  // This [Certificate][google.cloud.security.privateca.v1.Certificate] should not be considered valid, it is expected that it
+  // may become valid in the future.
+  CERTIFICATE_HOLD = 6;
+
+  // This [Certificate][google.cloud.security.privateca.v1.Certificate] no longer has permission to assert the listed
+  // attributes.
+  PRIVILEGE_WITHDRAWN = 7;
+
+  // The authority which determines appropriate attributes for a [Certificate][google.cloud.security.privateca.v1.Certificate]
+  // may have been compromised.
+  ATTRIBUTE_AUTHORITY_COMPROMISE = 8;
+}
+
+// Describes the way in which a [Certificate][google.cloud.security.privateca.v1.Certificate]'s [Subject][google.cloud.security.privateca.v1.Subject] and/or
+// [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] will be resolved.
+enum SubjectRequestMode {
+  // Not specified.
+  SUBJECT_REQUEST_MODE_UNSPECIFIED = 0;
+
+  // The default mode used in most cases. Indicates that the certificate's
+  // [Subject][google.cloud.security.privateca.v1.Subject] and/or [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] are specified in the certificate
+  // request. This mode requires the caller to have the
+  // `privateca.certificates.create` permission.
+  DEFAULT = 1;
+
+  // A mode reserved for special cases. Indicates that the certificate should
+  // have one or more SPIFFE [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] set by the service based
+  // on the caller's identity. This mode will ignore any explicitly specified
+  // [Subject][google.cloud.security.privateca.v1.Subject] and/or [SubjectAltNames][google.cloud.security.privateca.v1.SubjectAltNames] in the certificate request.
+  // This mode requires the caller to have the
+  // `privateca.certificates.createReflected` permission.
+  REFLECTED_SPIFFE = 2;
+}
diff --git a/proto-google-cloud-security-private-ca-v1/src/main/proto/google/cloud/security/privateca/v1/service.proto b/proto-google-cloud-security-private-ca-v1/src/main/proto/google/cloud/security/privateca/v1/service.proto
new file mode 100644
index 00000000..f98383ec
--- /dev/null
+++ b/proto-google-cloud-security-private-ca-v1/src/main/proto/google/cloud/security/privateca/v1/service.proto
@@ -0,0 +1,1417 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.cloud.security.privateca.v1;
+
+import "google/api/annotations.proto";
+import "google/api/client.proto";
+import "google/api/field_behavior.proto";
+import "google/api/resource.proto";
+import "google/cloud/security/privateca/v1/resources.proto";
+import "google/longrunning/operations.proto";
+import "google/protobuf/duration.proto";
+import "google/protobuf/field_mask.proto";
+import "google/protobuf/timestamp.proto";
+
+option cc_enable_arenas = true;
+option csharp_namespace = "Google.Cloud.Security.PrivateCA.V1";
+option go_package = "google.golang.org/genproto/googleapis/cloud/security/privateca/v1;privateca";
+option java_multiple_files = true;
+option java_outer_classname = "PrivateCaProto";
+option java_package = "com.google.cloud.security.privateca.v1";
+option php_namespace = "Google\\Cloud\\Security\\PrivateCA\\v1";
+option ruby_package = "Google::Cloud::Security::PrivateCA::v1";
+
+// [Certificate Authority
+// Service][google.cloud.security.privateca.v1.CertificateAuthorityService]
+// manages private certificate authorities and issued certificates.
+service CertificateAuthorityService {
+  option (google.api.default_host) = "privateca.googleapis.com";
+  option (google.api.oauth_scopes) =
+      "https://www.googleapis.com/auth/cloud-platform";
+
+  // Create a new [Certificate][google.cloud.security.privateca.v1.Certificate]
+  // in a given Project, Location from a particular
+  // [CaPool][google.cloud.security.privateca.v1.CaPool].
+  rpc CreateCertificate(CreateCertificateRequest) returns (Certificate) {
+    option (google.api.http) = {
+      post: "/v1/{parent=projects/*/locations/*/caPools/*}/certificates"
+      body: "certificate"
+    };
+    option (google.api.method_signature) = "parent,certificate,certificate_id";
+  }
+
+  // Returns a [Certificate][google.cloud.security.privateca.v1.Certificate].
+  rpc GetCertificate(GetCertificateRequest) returns (Certificate) {
+    option (google.api.http) = {
+      get: "/v1/{name=projects/*/locations/*/caPools/*/certificates/*}"
+    };
+    option (google.api.method_signature) = "name";
+  }
+
+  // Lists [Certificates][google.cloud.security.privateca.v1.Certificate].
+  rpc ListCertificates(ListCertificatesRequest)
+      returns (ListCertificatesResponse) {
+    option (google.api.http) = {
+      get: "/v1/{parent=projects/*/locations/*/caPools/*}/certificates"
+    };
+    option (google.api.method_signature) = "parent";
+  }
+
+  // Revoke a [Certificate][google.cloud.security.privateca.v1.Certificate].
+  rpc RevokeCertificate(RevokeCertificateRequest) returns (Certificate) {
+    option (google.api.http) = {
+      post: "/v1/{name=projects/*/locations/*/caPools/*/certificates/*}:revoke"
+      body: "*"
+    };
+    option (google.api.method_signature) = "name";
+  }
+
+  // Update a [Certificate][google.cloud.security.privateca.v1.Certificate].
+  // Currently, the only field you can update is the
+  // [labels][google.cloud.security.privateca.v1.Certificate.labels] field.
+  rpc UpdateCertificate(UpdateCertificateRequest) returns (Certificate) {
+    option (google.api.http) = {
+      patch: "/v1/{certificate.name=projects/*/locations/*/caPools/*/certificates/*}"
+      body: "certificate"
+    };
+    option (google.api.method_signature) = "certificate,update_mask";
+  }
+
+  // Activate a
+  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+  // that is in state
+  // [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
+  // and is of type
+  // [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+  // After the parent Certificate Authority signs a certificate signing request
+  // from
+  // [FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr],
+  // this method can complete the activation process.
+  rpc ActivateCertificateAuthority(ActivateCertificateAuthorityRequest)
+      returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      post: "/v1/{name=projects/*/locations/*/caPools/*/certificateAuthorities/*}:activate"
+      body: "*"
+    };
+    option (google.api.method_signature) = "name";
+    option (google.longrunning.operation_info) = {
+      response_type: "CertificateAuthority"
+      metadata_type: "OperationMetadata"
+    };
+  }
+
+  // Create a new
+  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+  // in a given Project and Location.
+  rpc CreateCertificateAuthority(CreateCertificateAuthorityRequest)
+      returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      post: "/v1/{parent=projects/*/locations/*/caPools/*}/certificateAuthorities"
+      body: "certificate_authority"
+    };
+    option (google.api.method_signature) =
+        "parent,certificate_authority,certificate_authority_id";
+    option (google.longrunning.operation_info) = {
+      response_type: "CertificateAuthority"
+      metadata_type: "OperationMetadata"
+    };
+  }
+
+  // Disable a
+  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+  rpc DisableCertificateAuthority(DisableCertificateAuthorityRequest)
+      returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      post: "/v1/{name=projects/*/locations/*/caPools/*/certificateAuthorities/*}:disable"
+      body: "*"
+    };
+    option (google.api.method_signature) = "name";
+    option (google.longrunning.operation_info) = {
+      response_type: "CertificateAuthority"
+      metadata_type: "OperationMetadata"
+    };
+  }
+
+  // Enable a
+  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+  rpc EnableCertificateAuthority(EnableCertificateAuthorityRequest)
+      returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      post: "/v1/{name=projects/*/locations/*/caPools/*/certificateAuthorities/*}:enable"
+      body: "*"
+    };
+    option (google.api.method_signature) = "name";
+    option (google.longrunning.operation_info) = {
+      response_type: "CertificateAuthority"
+      metadata_type: "OperationMetadata"
+    };
+  }
+
+  // Fetch a certificate signing request (CSR) from a
+  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+  // that is in state
+  // [AWAITING_USER_ACTIVATION][google.cloud.security.privateca.v1.CertificateAuthority.State.AWAITING_USER_ACTIVATION]
+  // and is of type
+  // [SUBORDINATE][google.cloud.security.privateca.v1.CertificateAuthority.Type.SUBORDINATE].
+  // The CSR must then be signed by the desired parent Certificate Authority,
+  // which could be another
+  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+  // resource, or could be an on-prem certificate authority. See also
+  // [ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
+  rpc FetchCertificateAuthorityCsr(FetchCertificateAuthorityCsrRequest)
+      returns (FetchCertificateAuthorityCsrResponse) {
+    option (google.api.http) = {
+      get: "/v1/{name=projects/*/locations/*/caPools/*/certificateAuthorities/*}:fetch"
+    };
+    option (google.api.method_signature) = "name";
+  }
+
+  // Returns a
+  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+  rpc GetCertificateAuthority(GetCertificateAuthorityRequest)
+      returns (CertificateAuthority) {
+    option (google.api.http) = {
+      get: "/v1/{name=projects/*/locations/*/caPools/*/certificateAuthorities/*}"
+    };
+    option (google.api.method_signature) = "name";
+  }
+
+  // Lists
+  // [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+  rpc ListCertificateAuthorities(ListCertificateAuthoritiesRequest)
+      returns (ListCertificateAuthoritiesResponse) {
+    option (google.api.http) = {
+      get: "/v1/{parent=projects/*/locations/*/caPools/*}/certificateAuthorities"
+    };
+    option (google.api.method_signature) = "parent";
+  }
+
+  // Undelete a
+  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+  // that has been deleted.
+  rpc UndeleteCertificateAuthority(UndeleteCertificateAuthorityRequest)
+      returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      post: "/v1/{name=projects/*/locations/*/caPools/*/certificateAuthorities/*}:undelete"
+      body: "*"
+    };
+    option (google.api.method_signature) = "name";
+    option (google.longrunning.operation_info) = {
+      response_type: "CertificateAuthority"
+      metadata_type: "OperationMetadata"
+    };
+  }
+
+  // Delete a
+  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+  rpc DeleteCertificateAuthority(DeleteCertificateAuthorityRequest)
+      returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      delete: "/v1/{name=projects/*/locations/*/caPools/*/certificateAuthorities/*}"
+    };
+    option (google.api.method_signature) = "name";
+    option (google.longrunning.operation_info) = {
+      response_type: "CertificateAuthority"
+      metadata_type: "OperationMetadata"
+    };
+  }
+
+  // Update a
+  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority].
+  rpc UpdateCertificateAuthority(UpdateCertificateAuthorityRequest)
+      returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      patch: "/v1/{certificate_authority.name=projects/*/locations/*/caPools/*/certificateAuthorities/*}"
+      body: "certificate_authority"
+    };
+    option (google.api.method_signature) = "certificate_authority,update_mask";
+    option (google.longrunning.operation_info) = {
+      response_type: "CertificateAuthority"
+      metadata_type: "OperationMetadata"
+    };
+  }
+
+  // Create a [CaPool][google.cloud.security.privateca.v1.CaPool].
+  rpc CreateCaPool(CreateCaPoolRequest) returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      post: "/v1/{parent=projects/*/locations/*}/caPools"
+      body: "ca_pool"
+    };
+    option (google.api.method_signature) = "parent,ca_pool,ca_pool_id";
+    option (google.longrunning.operation_info) = {
+      response_type: "CaPool"
+      metadata_type: "OperationMetadata"
+    };
+  }
+
+  // Update a [CaPool][google.cloud.security.privateca.v1.CaPool].
+  rpc UpdateCaPool(UpdateCaPoolRequest) returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      patch: "/v1/{ca_pool.name=projects/*/locations/*/caPools/*}"
+      body: "ca_pool"
+    };
+    option (google.api.method_signature) = "ca_pool,update_mask";
+    option (google.longrunning.operation_info) = {
+      response_type: "CaPool"
+      metadata_type: "OperationMetadata"
+    };
+  }
+
+  // Returns a [CaPool][google.cloud.security.privateca.v1.CaPool].
+  rpc GetCaPool(GetCaPoolRequest) returns (CaPool) {
+    option (google.api.http) = {
+      get: "/v1/{name=projects/*/locations/*/caPools/*}"
+    };
+    option (google.api.method_signature) = "name";
+  }
+
+  // Lists [CaPools][google.cloud.security.privateca.v1.CaPool].
+  rpc ListCaPools(ListCaPoolsRequest) returns (ListCaPoolsResponse) {
+    option (google.api.http) = {
+      get: "/v1/{parent=projects/*/locations/*}/caPools"
+    };
+    option (google.api.method_signature) = "parent";
+  }
+
+  // Delete a [CaPool][google.cloud.security.privateca.v1.CaPool].
+  rpc DeleteCaPool(DeleteCaPoolRequest) returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      delete: "/v1/{name=projects/*/locations/*/caPools/*}"
+    };
+    option (google.api.method_signature) = "name";
+    option (google.longrunning.operation_info) = {
+      response_type: "CaPool"
+      metadata_type: "OperationMetadata"
+    };
+  }
+
+  // FetchCaCerts returns the current trust anchor for the
+  // [CaPool][google.cloud.security.privateca.v1.CaPool]. This will include CA
+  // certificate chains for all ACTIVE
+  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+  // resources in the [CaPool][google.cloud.security.privateca.v1.CaPool].
+  rpc FetchCaCerts(FetchCaCertsRequest) returns (FetchCaCertsResponse) {
+    option (google.api.http) = {
+      post: "/v1/{ca_pool=projects/*/locations/*/caPools/*}:fetchCaCerts"
+      body: "*"
+    };
+    option (google.api.method_signature) = "ca_pool";
+  }
+
+  // Returns a
+  // [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+  rpc GetCertificateRevocationList(GetCertificateRevocationListRequest)
+      returns (CertificateRevocationList) {
+    option (google.api.http) = {
+      get: "/v1/{name=projects/*/locations/*/caPools/*/certificateAuthorities/*/certificateRevocationLists/*}"
+    };
+    option (google.api.method_signature) = "name";
+  }
+
+  // Lists
+  // [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+  rpc ListCertificateRevocationLists(ListCertificateRevocationListsRequest)
+      returns (ListCertificateRevocationListsResponse) {
+    option (google.api.http) = {
+      get: "/v1/{parent=projects/*/locations/*/caPools/*/certificateAuthorities/*}/certificateRevocationLists"
+    };
+    option (google.api.method_signature) = "parent";
+  }
+
+  // Update a
+  // [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList].
+  rpc UpdateCertificateRevocationList(UpdateCertificateRevocationListRequest)
+      returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      patch: "/v1/{certificate_revocation_list.name=projects/*/locations/*/caPools/*/certificateAuthorities/*/certificateRevocationLists/*}"
+      body: "certificate_revocation_list"
+    };
+    option (google.api.method_signature) =
+        "certificate_revocation_list,update_mask";
+    option (google.longrunning.operation_info) = {
+      response_type: "CertificateRevocationList"
+      metadata_type: "OperationMetadata"
+    };
+  }
+
+  // Create a new
+  // [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+  // in a given Project and Location.
+  rpc CreateCertificateTemplate(CreateCertificateTemplateRequest)
+      returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      post: "/v1/{parent=projects/*/locations/*}/certificateTemplates"
+      body: "certificate_template"
+    };
+    option (google.api.method_signature) =
+        "parent,certificate_template,certificate_template_id";
+    option (google.longrunning.operation_info) = {
+      response_type: "CertificateTemplate"
+      metadata_type: "OperationMetadata"
+    };
+  }
+
+  // DeleteCertificateTemplate deletes a
+  // [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+  rpc DeleteCertificateTemplate(DeleteCertificateTemplateRequest)
+      returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      delete: "/v1/{name=projects/*/locations/*/certificateTemplates/*}"
+    };
+    option (google.api.method_signature) = "name";
+    option (google.longrunning.operation_info) = {
+      response_type: "google.protobuf.Empty"
+      metadata_type: "google.cloud.security.privateca.v1.OperationMetadata"
+    };
+  }
+
+  // Returns a
+  // [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+  rpc GetCertificateTemplate(GetCertificateTemplateRequest)
+      returns (CertificateTemplate) {
+    option (google.api.http) = {
+      get: "/v1/{name=projects/*/locations/*/certificateTemplates/*}"
+    };
+    option (google.api.method_signature) = "name";
+  }
+
+  // Lists
+  // [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+  rpc ListCertificateTemplates(ListCertificateTemplatesRequest)
+      returns (ListCertificateTemplatesResponse) {
+    option (google.api.http) = {
+      get: "/v1/{parent=projects/*/locations/*}/certificateTemplates"
+    };
+    option (google.api.method_signature) = "parent";
+  }
+
+  // Update a
+  // [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate].
+  rpc UpdateCertificateTemplate(UpdateCertificateTemplateRequest)
+      returns (google.longrunning.Operation) {
+    option (google.api.http) = {
+      patch: "/v1/{certificate_template.name=projects/*/locations/*/certificateTemplates/*}"
+      body: "certificate_template"
+    };
+    option (google.api.method_signature) = "certificate_template,update_mask";
+    option (google.longrunning.operation_info) = {
+      response_type: "CertificateTemplate"
+      metadata_type: "OperationMetadata"
+    };
+  }
+}
+
+// Request message for
+// [CertificateAuthorityService.CreateCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificate].
+message CreateCertificateRequest {
+  // Required. The resource name of the
+  // [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+  // [Certificate][google.cloud.security.privateca.v1.Certificate], in the
+  // format `projects/*/locations/*/caPools/*`.
+  string parent = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "privateca.googleapis.com/CaPool"
+    }
+  ];
+
+  // Optional. It must be unique within a location and match the regular
+  // expression `[a-zA-Z0-9_-]{1,63}`. This field is required when using a
+  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+  // in the Enterprise
+  // [CaPool.Tier][google.cloud.security.privateca.v1.CaPool.Tier], but is
+  // optional and its value is ignored otherwise.
+  string certificate_id = 2 [(google.api.field_behavior) = OPTIONAL];
+
+  // Required. A [Certificate][google.cloud.security.privateca.v1.Certificate]
+  // with initial field values.
+  Certificate certificate = 3 [(google.api.field_behavior) = REQUIRED];
+
+  // Optional. An ID to identify requests. Specify a unique request ID so that
+  // if you must retry your request, the server will know to ignore the request
+  // if it has already been completed. The server will guarantee that for at
+  // least 60 minutes since the first request.
+  //
+  // For example, consider a situation where you make an initial request and t
+  // he request times out. If you make the request again with the same request
+  // ID, the server can check if original operation with the same request ID
+  // was received, and if so, will ignore the second request. This prevents
+  // clients from accidentally creating duplicate commitments.
+  //
+  // The request ID must be a valid UUID with the exception that zero UUID is
+  // not supported (00000000-0000-0000-0000-000000000000).
+  string request_id = 4 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. If this is true, no
+  // [Certificate][google.cloud.security.privateca.v1.Certificate] resource will
+  // be persisted regardless of the
+  // [CaPool][google.cloud.security.privateca.v1.CaPool]'s
+  // [tier][google.cloud.security.privateca.v1.CaPool.tier], and the returned
+  // [Certificate][google.cloud.security.privateca.v1.Certificate] will not
+  // contain the
+  // [pem_certificate][google.cloud.security.privateca.v1.Certificate.pem_certificate]
+  // field.
+  bool validate_only = 5 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. The resource ID of the
+  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+  // that should issue the certificate.  This optional field will ignore the
+  // load-balancing scheme of the Pool and directly issue the certificate from
+  // the CA with the specified ID, contained in the same
+  // [CaPool][google.cloud.security.privateca.v1.CaPool] referenced by `parent`.
+  // Per-CA quota rules apply. If left empty, a
+  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+  // will be chosen from the [CaPool][google.cloud.security.privateca.v1.CaPool]
+  // by the service. For example, to issue a
+  // [Certificate][google.cloud.security.privateca.v1.Certificate] from a
+  // Certificate Authority with resource name
+  // "projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca",
+  // you can set the
+  // [parent][google.cloud.security.privateca.v1.CreateCertificateRequest.parent]
+  // to "projects/my-project/locations/us-central1/caPools/my-pool" and the
+  // [issuing_certificate_authority_id][google.cloud.security.privateca.v1.CreateCertificateRequest.issuing_certificate_authority_id]
+  // to "my-ca".
+  string issuing_certificate_authority_id = 6
+      [(google.api.field_behavior) = OPTIONAL];
+}
+
+// Request message for
+// [CertificateAuthorityService.GetCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificate].
+message GetCertificateRequest {
+  // Required. The [name][google.cloud.security.privateca.v1.Certificate.name]
+  // of the [Certificate][google.cloud.security.privateca.v1.Certificate] to
+  // get.
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "privateca.googleapis.com/Certificate"
+    }
+  ];
+}
+
+// Request message for
+// [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificates].
+message ListCertificatesRequest {
+  // Required. The resource name of the location associated with the
+  // [Certificates][google.cloud.security.privateca.v1.Certificate], in the
+  // format `projects/*/locations/*/caPools/*`.
+  string parent = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "privateca.googleapis.com/CaPool"
+    }
+  ];
+
+  // Optional. Limit on the number of
+  // [Certificates][google.cloud.security.privateca.v1.Certificate] to include
+  // in the response. Further
+  // [Certificates][google.cloud.security.privateca.v1.Certificate] can
+  // subsequently be obtained by including the
+  // [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token]
+  // in a subsequent request. If unspecified, the server will pick an
+  // appropriate default.
+  int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. Pagination token, returned earlier via
+  // [ListCertificatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificatesResponse.next_page_token].
+  string page_token = 3 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. Only include resources that match the filter in the response. For
+  // details on supported filters and syntax, see [Certificates Filtering
+  // documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#filtering_support).
+  string filter = 4 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. Specify how the results should be sorted. For details on
+  // supported fields and syntax, see [Certificates Sorting
+  // documentation](https://cloud.google.com/certificate-authority-service/docs/sorting-filtering-certificates#sorting_support).
+  string order_by = 5 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// Response message for
+// [CertificateAuthorityService.ListCertificates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificates].
+message ListCertificatesResponse {
+  // The list of [Certificates][google.cloud.security.privateca.v1.Certificate].
+  repeated Certificate certificates = 1;
+
+  // A token to retrieve next page of results. Pass this value in
+  // [ListCertificatesRequest.next_page_token][] to retrieve the
+  // next page of results.
+  string next_page_token = 2;
+
+  // A list of locations (e.g. "us-west1") that could not be reached.
+  repeated string unreachable = 3;
+}
+
+// Request message for
+// [CertificateAuthorityService.RevokeCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.RevokeCertificate].
+message RevokeCertificateRequest {
+  // Required. The resource name for this
+  // [Certificate][google.cloud.security.privateca.v1.Certificate] in the format
+  // `projects/*/locations/*/caPools/*/certificates/*`.
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "privateca.googleapis.com/Certificate"
+    }
+  ];
+
+  // Required. The
+  // [RevocationReason][google.cloud.security.privateca.v1.RevocationReason] for
+  // revoking this certificate.
+  RevocationReason reason = 2 [(google.api.field_behavior) = REQUIRED];
+
+  // Optional. An ID to identify requests. Specify a unique request ID so that
+  // if you must retry your request, the server will know to ignore the request
+  // if it has already been completed. The server will guarantee that for at
+  // least 60 minutes since the first request.
+  //
+  // For example, consider a situation where you make an initial request and t
+  // he request times out. If you make the request again with the same request
+  // ID, the server can check if original operation with the same request ID
+  // was received, and if so, will ignore the second request. This prevents
+  // clients from accidentally creating duplicate commitments.
+  //
+  // The request ID must be a valid UUID with the exception that zero UUID is
+  // not supported (00000000-0000-0000-0000-000000000000).
+  string request_id = 3 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// Request message for
+// [CertificateAuthorityService.UpdateCertificate][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificate].
+message UpdateCertificateRequest {
+  // Required. [Certificate][google.cloud.security.privateca.v1.Certificate]
+  // with updated values.
+  Certificate certificate = 1 [(google.api.field_behavior) = REQUIRED];
+
+  // Required. A list of fields to be updated in this request.
+  google.protobuf.FieldMask update_mask = 2
+      [(google.api.field_behavior) = REQUIRED];
+
+  // Optional. An ID to identify requests. Specify a unique request ID so that
+  // if you must retry your request, the server will know to ignore the request
+  // if it has already been completed. The server will guarantee that for at
+  // least 60 minutes since the first request.
+  //
+  // For example, consider a situation where you make an initial request and t
+  // he request times out. If you make the request again with the same request
+  // ID, the server can check if original operation with the same request ID
+  // was received, and if so, will ignore the second request. This prevents
+  // clients from accidentally creating duplicate commitments.
+  //
+  // The request ID must be a valid UUID with the exception that zero UUID is
+  // not supported (00000000-0000-0000-0000-000000000000).
+  string request_id = 3 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// Request message for
+// [CertificateAuthorityService.ActivateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.ActivateCertificateAuthority].
+message ActivateCertificateAuthorityRequest {
+  // Required. The resource name for this
+  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+  // in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "privateca.googleapis.com/CertificateAuthority"
+    }
+  ];
+
+  // Required. The signed CA certificate issued from
+  // [FetchCertificateAuthorityCsrResponse.pem_csr][google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse.pem_csr].
+  string pem_ca_certificate = 2 [(google.api.field_behavior) = REQUIRED];
+
+  // Required. Must include information about the issuer of
+  // 'pem_ca_certificate', and any further issuers until the self-signed CA.
+  SubordinateConfig subordinate_config = 3
+      [(google.api.field_behavior) = REQUIRED];
+
+  // Optional. An ID to identify requests. Specify a unique request ID so that
+  // if you must retry your request, the server will know to ignore the request
+  // if it has already been completed. The server will guarantee that for at
+  // least 60 minutes since the first request.
+  //
+  // For example, consider a situation where you make an initial request and t
+  // he request times out. If you make the request again with the same request
+  // ID, the server can check if original operation with the same request ID
+  // was received, and if so, will ignore the second request. This prevents
+  // clients from accidentally creating duplicate commitments.
+  //
+  // The request ID must be a valid UUID with the exception that zero UUID is
+  // not supported (00000000-0000-0000-0000-000000000000).
+  string request_id = 4 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// Request message for
+// [CertificateAuthorityService.CreateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificateAuthority].
+message CreateCertificateAuthorityRequest {
+  // Required. The resource name of the
+  // [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+  // [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+  // in the format `projects/*/locations/*/caPools/*`.
+  string parent = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "privateca.googleapis.com/CaPool"
+    }
+  ];
+
+  // Required. It must be unique within a location and match the regular
+  // expression `[a-zA-Z0-9_-]{1,63}`
+  string certificate_authority_id = 2 [(google.api.field_behavior) = REQUIRED];
+
+  // Required. A
+  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+  // with initial field values.
+  CertificateAuthority certificate_authority = 3
+      [(google.api.field_behavior) = REQUIRED];
+
+  // Optional. An ID to identify requests. Specify a unique request ID so that
+  // if you must retry your request, the server will know to ignore the request
+  // if it has already been completed. The server will guarantee that for at
+  // least 60 minutes since the first request.
+  //
+  // For example, consider a situation where you make an initial request and t
+  // he request times out. If you make the request again with the same request
+  // ID, the server can check if original operation with the same request ID
+  // was received, and if so, will ignore the second request. This prevents
+  // clients from accidentally creating duplicate commitments.
+  //
+  // The request ID must be a valid UUID with the exception that zero UUID is
+  // not supported (00000000-0000-0000-0000-000000000000).
+  string request_id = 4 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// Request message for
+// [CertificateAuthorityService.DisableCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.DisableCertificateAuthority].
+message DisableCertificateAuthorityRequest {
+  // Required. The resource name for this
+  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+  // in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "privateca.googleapis.com/CertificateAuthority"
+    }
+  ];
+
+  // Optional. An ID to identify requests. Specify a unique request ID so that
+  // if you must retry your request, the server will know to ignore the request
+  // if it has already been completed. The server will guarantee that for at
+  // least 60 minutes since the first request.
+  //
+  // For example, consider a situation where you make an initial request and t
+  // he request times out. If you make the request again with the same request
+  // ID, the server can check if original operation with the same request ID
+  // was received, and if so, will ignore the second request. This prevents
+  // clients from accidentally creating duplicate commitments.
+  //
+  // The request ID must be a valid UUID with the exception that zero UUID is
+  // not supported (00000000-0000-0000-0000-000000000000).
+  string request_id = 2 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// Request message for
+// [CertificateAuthorityService.EnableCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.EnableCertificateAuthority].
+message EnableCertificateAuthorityRequest {
+  // Required. The resource name for this
+  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+  // in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "privateca.googleapis.com/CertificateAuthority"
+    }
+  ];
+
+  // Optional. An ID to identify requests. Specify a unique request ID so that
+  // if you must retry your request, the server will know to ignore the request
+  // if it has already been completed. The server will guarantee that for at
+  // least 60 minutes since the first request.
+  //
+  // For example, consider a situation where you make an initial request and t
+  // he request times out. If you make the request again with the same request
+  // ID, the server can check if original operation with the same request ID
+  // was received, and if so, will ignore the second request. This prevents
+  // clients from accidentally creating duplicate commitments.
+  //
+  // The request ID must be a valid UUID with the exception that zero UUID is
+  // not supported (00000000-0000-0000-0000-000000000000).
+  string request_id = 2 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// Request message for
+// [CertificateAuthorityService.FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr].
+message FetchCertificateAuthorityCsrRequest {
+  // Required. The resource name for this
+  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+  // in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "privateca.googleapis.com/CertificateAuthority"
+    }
+  ];
+}
+
+// Response message for
+// [CertificateAuthorityService.FetchCertificateAuthorityCsr][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCertificateAuthorityCsr].
+message FetchCertificateAuthorityCsrResponse {
+  // Output only. The PEM-encoded signed certificate signing request (CSR).
+  string pem_csr = 1 [(google.api.field_behavior) = OUTPUT_ONLY];
+}
+
+// Request message for
+// [CertificateAuthorityService.GetCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateAuthority].
+message GetCertificateAuthorityRequest {
+  // Required. The
+  // [name][google.cloud.security.privateca.v1.CertificateAuthority.name] of the
+  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+  // to get.
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "privateca.googleapis.com/CertificateAuthority"
+    }
+  ];
+}
+
+// Request message for
+// [CertificateAuthorityService.ListCertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateAuthorities].
+message ListCertificateAuthoritiesRequest {
+  // Required. The resource name of the
+  // [CaPool][google.cloud.security.privateca.v1.CaPool] associated with the
+  // [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority],
+  // in the format `projects/*/locations/*/caPools/*`.
+  string parent = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "privateca.googleapis.com/CaPool"
+    }
+  ];
+
+  // Optional. Limit on the number of
+  // [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
+  // to include in the response. Further
+  // [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority]
+  // can subsequently be obtained by including the
+  // [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token]
+  // in a subsequent request. If unspecified, the server will pick an
+  // appropriate default.
+  int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. Pagination token, returned earlier via
+  // [ListCertificateAuthoritiesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateAuthoritiesResponse.next_page_token].
+  string page_token = 3 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. Only include resources that match the filter in the response.
+  string filter = 4 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. Specify how the results should be sorted.
+  string order_by = 5 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// Response message for
+// [CertificateAuthorityService.ListCertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateAuthorities].
+message ListCertificateAuthoritiesResponse {
+  // The list of
+  // [CertificateAuthorities][google.cloud.security.privateca.v1.CertificateAuthority].
+  repeated CertificateAuthority certificate_authorities = 1;
+
+  // A token to retrieve next page of results. Pass this value in
+  // [ListCertificateAuthoritiesRequest.next_page_token][] to retrieve the next
+  // page of results.
+  string next_page_token = 2;
+
+  // A list of locations (e.g. "us-west1") that could not be reached.
+  repeated string unreachable = 3;
+}
+
+// Request message for
+// [CertificateAuthorityService.UndeleteCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.UndeleteCertificateAuthority].
+message UndeleteCertificateAuthorityRequest {
+  // Required. The resource name for this
+  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+  // in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "privateca.googleapis.com/CertificateAuthority"
+    }
+  ];
+
+  // Optional. An ID to identify requests. Specify a unique request ID so that
+  // if you must retry your request, the server will know to ignore the request
+  // if it has already been completed. The server will guarantee that for at
+  // least 60 minutes since the first request.
+  //
+  // For example, consider a situation where you make an initial request and t
+  // he request times out. If you make the request again with the same request
+  // ID, the server can check if original operation with the same request ID
+  // was received, and if so, will ignore the second request. This prevents
+  // clients from accidentally creating duplicate commitments.
+  //
+  // The request ID must be a valid UUID with the exception that zero UUID is
+  // not supported (00000000-0000-0000-0000-000000000000).
+  string request_id = 2 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// Request message for
+// [CertificateAuthorityService.DeleteCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.DeleteCertificateAuthority].
+message DeleteCertificateAuthorityRequest {
+  // Required. The resource name for this
+  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+  // in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "privateca.googleapis.com/CertificateAuthority"
+    }
+  ];
+
+  // Optional. An ID to identify requests. Specify a unique request ID so that
+  // if you must retry your request, the server will know to ignore the request
+  // if it has already been completed. The server will guarantee that for at
+  // least 60 minutes since the first request.
+  //
+  // For example, consider a situation where you make an initial request and t
+  // he request times out. If you make the request again with the same request
+  // ID, the server can check if original operation with the same request ID
+  // was received, and if so, will ignore the second request. This prevents
+  // clients from accidentally creating duplicate commitments.
+  //
+  // The request ID must be a valid UUID with the exception that zero UUID is
+  // not supported (00000000-0000-0000-0000-000000000000).
+  string request_id = 2 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. This field allows the CA to be deleted even if the CA has
+  // active certs. Active certs include both unrevoked and unexpired certs.
+  bool ignore_active_certificates = 4 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// Request message for
+// [CertificateAuthorityService.UpdateCertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificateAuthority].
+message UpdateCertificateAuthorityRequest {
+  // Required.
+  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+  // with updated values.
+  CertificateAuthority certificate_authority = 1
+      [(google.api.field_behavior) = REQUIRED];
+
+  // Required. A list of fields to be updated in this request.
+  google.protobuf.FieldMask update_mask = 2
+      [(google.api.field_behavior) = REQUIRED];
+
+  // Optional. An ID to identify requests. Specify a unique request ID so that
+  // if you must retry your request, the server will know to ignore the request
+  // if it has already been completed. The server will guarantee that for at
+  // least 60 minutes since the first request.
+  //
+  // For example, consider a situation where you make an initial request and t
+  // he request times out. If you make the request again with the same request
+  // ID, the server can check if original operation with the same request ID
+  // was received, and if so, will ignore the second request. This prevents
+  // clients from accidentally creating duplicate commitments.
+  //
+  // The request ID must be a valid UUID with the exception that zero UUID is
+  // not supported (00000000-0000-0000-0000-000000000000).
+  string request_id = 3 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// Request message for
+// [CertificateAuthorityService.CreateCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCaPool].
+message CreateCaPoolRequest {
+  // Required. The resource name of the location associated with the
+  // [CaPool][google.cloud.security.privateca.v1.CaPool], in the format
+  // `projects/*/locations/*`.
+  string parent = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "locations.googleapis.com/Location"
+    }
+  ];
+
+  // Required. It must be unique within a location and match the regular
+  // expression `[a-zA-Z0-9_-]{1,63}`
+  string ca_pool_id = 2 [(google.api.field_behavior) = REQUIRED];
+
+  // Required. A [CaPool][google.cloud.security.privateca.v1.CaPool] with
+  // initial field values.
+  CaPool ca_pool = 3 [(google.api.field_behavior) = REQUIRED];
+
+  // Optional. An ID to identify requests. Specify a unique request ID so that
+  // if you must retry your request, the server will know to ignore the request
+  // if it has already been completed. The server will guarantee that for at
+  // least 60 minutes since the first request.
+  //
+  // For example, consider a situation where you make an initial request and t
+  // he request times out. If you make the request again with the same request
+  // ID, the server can check if original operation with the same request ID
+  // was received, and if so, will ignore the second request. This prevents
+  // clients from accidentally creating duplicate commitments.
+  //
+  // The request ID must be a valid UUID with the exception that zero UUID is
+  // not supported (00000000-0000-0000-0000-000000000000).
+  string request_id = 4 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// Request message for
+// [CertificateAuthorityService.UpdateCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCaPool].
+message UpdateCaPoolRequest {
+  // Required. [CaPool][google.cloud.security.privateca.v1.CaPool] with updated
+  // values.
+  CaPool ca_pool = 1 [(google.api.field_behavior) = REQUIRED];
+
+  // Required. A list of fields to be updated in this request.
+  google.protobuf.FieldMask update_mask = 2
+      [(google.api.field_behavior) = REQUIRED];
+
+  // Optional. An ID to identify requests. Specify a unique request ID so that
+  // if you must retry your request, the server will know to ignore the request
+  // if it has already been completed. The server will guarantee that for at
+  // least 60 minutes since the first request.
+  //
+  // For example, consider a situation where you make an initial request and t
+  // he request times out. If you make the request again with the same request
+  // ID, the server can check if original operation with the same request ID
+  // was received, and if so, will ignore the second request. This prevents
+  // clients from accidentally creating duplicate commitments.
+  //
+  // The request ID must be a valid UUID with the exception that zero UUID is
+  // not supported (00000000-0000-0000-0000-000000000000).
+  string request_id = 3 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// Request message for
+// [CertificateAuthorityService.DeleteCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.DeleteCaPool].
+message DeleteCaPoolRequest {
+  // Required. The resource name for this
+  // [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+  // `projects/*/locations/*/caPools/*`.
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "privateca.googleapis.com/CaPool"
+    }
+  ];
+
+  // Optional. An ID to identify requests. Specify a unique request ID so that
+  // if you must retry your request, the server will know to ignore the request
+  // if it has already been completed. The server will guarantee that for at
+  // least 60 minutes since the first request.
+  //
+  // For example, consider a situation where you make an initial request and t
+  // he request times out. If you make the request again with the same request
+  // ID, the server can check if original operation with the same request ID
+  // was received, and if so, will ignore the second request. This prevents
+  // clients from accidentally creating duplicate commitments.
+  //
+  // The request ID must be a valid UUID with the exception that zero UUID is
+  // not supported (00000000-0000-0000-0000-000000000000).
+  string request_id = 2 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// Request message for
+// [CertificateAuthorityService.FetchCaCerts][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCaCerts].
+message FetchCaCertsRequest {
+  // Required. The resource name for the
+  // [CaPool][google.cloud.security.privateca.v1.CaPool] in the format
+  // `projects/*/locations/*/caPools/*`.
+  string ca_pool = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "privateca.googleapis.com/CaPool"
+    }
+  ];
+
+  // Optional. An ID to identify requests. Specify a unique request ID so that
+  // if you must retry your request, the server will know to ignore the request
+  // if it has already been completed. The server will guarantee that for at
+  // least 60 minutes since the first request.
+  //
+  // For example, consider a situation where you make an initial request and t
+  // he request times out. If you make the request again with the same request
+  // ID, the server can check if original operation with the same request ID
+  // was received, and if so, will ignore the second request. This prevents
+  // clients from accidentally creating duplicate commitments.
+  //
+  // The request ID must be a valid UUID with the exception that zero UUID is
+  // not supported (00000000-0000-0000-0000-000000000000).
+  string request_id = 2 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// Response message for
+// [CertificateAuthorityService.FetchCaCerts][google.cloud.security.privateca.v1.CertificateAuthorityService.FetchCaCerts].
+message FetchCaCertsResponse {
+  message CertChain {
+    // The certificates that form the CA chain, from leaf to root order.
+    repeated string certificates = 1;
+  }
+
+  // The PEM encoded CA certificate chains of all
+  // [ACTIVE][CertificateAuthority.State.ACTIVE]
+  // [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
+  // resources in this [CaPool][google.cloud.security.privateca.v1.CaPool].
+  repeated CertChain ca_certs = 1;
+}
+
+// Request message for
+// [CertificateAuthorityService.GetCaPool][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCaPool].
+message GetCaPoolRequest {
+  // Required. The [name][google.cloud.security.privateca.v1.CaPool.name] of the
+  // [CaPool][google.cloud.security.privateca.v1.CaPool] to get.
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "privateca.googleapis.com/CaPool"
+    }
+  ];
+}
+
+// Request message for
+// [CertificateAuthorityService.ListCaPools][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCaPools].
+message ListCaPoolsRequest {
+  // Required. The resource name of the location associated with the
+  // [CaPools][google.cloud.security.privateca.v1.CaPool], in the format
+  // `projects/*/locations/*`.
+  string parent = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "locations.googleapis.com/Location"
+    }
+  ];
+
+  // Optional. Limit on the number of
+  // [CaPools][google.cloud.security.privateca.v1.CaPool] to include in the
+  // response. Further [CaPools][google.cloud.security.privateca.v1.CaPool] can
+  // subsequently be obtained by including the
+  // [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token]
+  // in a subsequent request. If unspecified, the server will pick an
+  // appropriate default.
+  int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. Pagination token, returned earlier via
+  // [ListCaPoolsResponse.next_page_token][google.cloud.security.privateca.v1.ListCaPoolsResponse.next_page_token].
+  string page_token = 3 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. Only include resources that match the filter in the response.
+  string filter = 4 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. Specify how the results should be sorted.
+  string order_by = 5 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// Response message for
+// [CertificateAuthorityService.ListCaPools][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCaPools].
+message ListCaPoolsResponse {
+  // The list of [CaPools][google.cloud.security.privateca.v1.CaPool].
+  repeated CaPool ca_pools = 1;
+
+  // A token to retrieve next page of results. Pass this value in
+  // [ListCertificateAuthoritiesRequest.next_page_token][] to retrieve the next
+  // page of results.
+  string next_page_token = 2;
+
+  // A list of locations (e.g. "us-west1") that could not be reached.
+  repeated string unreachable = 3;
+}
+
+// Request message for
+// [CertificateAuthorityService.GetCertificateRevocationList][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateRevocationList].
+message GetCertificateRevocationListRequest {
+  // Required. The
+  // [name][google.cloud.security.privateca.v1.CertificateRevocationList.name]
+  // of the
+  // [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+  // to get.
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "privateca.googleapis.com/CertificateRevocationList"
+    }
+  ];
+}
+
+// Request message for
+// [CertificateAuthorityService.ListCertificateRevocationLists][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateRevocationLists].
+message ListCertificateRevocationListsRequest {
+  // Required. The resource name of the location associated with the
+  // [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList],
+  // in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.
+  string parent = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "privateca.googleapis.com/CertificateAuthority"
+    }
+  ];
+
+  // Optional. Limit on the number of
+  // [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
+  // to include in the response. Further
+  // [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList]
+  // can subsequently be obtained by including the
+  // [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token]
+  // in a subsequent request. If unspecified, the server will pick an
+  // appropriate default.
+  int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. Pagination token, returned earlier via
+  // [ListCertificateRevocationListsResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateRevocationListsResponse.next_page_token].
+  string page_token = 3 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. Only include resources that match the filter in the response.
+  string filter = 4 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. Specify how the results should be sorted.
+  string order_by = 5 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// Response message for
+// [CertificateAuthorityService.ListCertificateRevocationLists][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateRevocationLists].
+message ListCertificateRevocationListsResponse {
+  // The list of
+  // [CertificateRevocationLists][google.cloud.security.privateca.v1.CertificateRevocationList].
+  repeated CertificateRevocationList certificate_revocation_lists = 1;
+
+  // A token to retrieve next page of results. Pass this value in
+  // [ListCertificateRevocationListsRequest.next_page_token][] to retrieve the
+  // next page of results.
+  string next_page_token = 2;
+
+  // A list of locations (e.g. "us-west1") that could not be reached.
+  repeated string unreachable = 3;
+}
+
+// Request message for
+// [CertificateAuthorityService.UpdateCertificateRevocationList][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificateRevocationList].
+message UpdateCertificateRevocationListRequest {
+  // Required.
+  // [CertificateRevocationList][google.cloud.security.privateca.v1.CertificateRevocationList]
+  // with updated values.
+  CertificateRevocationList certificate_revocation_list = 1
+      [(google.api.field_behavior) = REQUIRED];
+
+  // Required. A list of fields to be updated in this request.
+  google.protobuf.FieldMask update_mask = 2
+      [(google.api.field_behavior) = REQUIRED];
+
+  // Optional. An ID to identify requests. Specify a unique request ID so that
+  // if you must retry your request, the server will know to ignore the request
+  // if it has already been completed. The server will guarantee that for at
+  // least 60 minutes since the first request.
+  //
+  // For example, consider a situation where you make an initial request and t
+  // he request times out. If you make the request again with the same request
+  // ID, the server can check if original operation with the same request ID
+  // was received, and if so, will ignore the second request. This prevents
+  // clients from accidentally creating duplicate commitments.
+  //
+  // The request ID must be a valid UUID with the exception that zero UUID is
+  // not supported (00000000-0000-0000-0000-000000000000).
+  string request_id = 3 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// Request message for
+// [CertificateAuthorityService.CreateCertificateTemplate][google.cloud.security.privateca.v1.CertificateAuthorityService.CreateCertificateTemplate].
+message CreateCertificateTemplateRequest {
+  // Required. The resource name of the location associated with the
+  // [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate],
+  // in the format `projects/*/locations/*`.
+  string parent = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "locations.googleapis.com/Location"
+    }
+  ];
+
+  // Required. It must be unique within a location and match the regular
+  // expression `[a-zA-Z0-9_-]{1,63}`
+  string certificate_template_id = 2 [(google.api.field_behavior) = REQUIRED];
+
+  // Required. A
+  // [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+  // with initial field values.
+  CertificateTemplate certificate_template = 3
+      [(google.api.field_behavior) = REQUIRED];
+
+  // Optional. An ID to identify requests. Specify a unique request ID so that
+  // if you must retry your request, the server will know to ignore the request
+  // if it has already been completed. The server will guarantee that for at
+  // least 60 minutes since the first request.
+  //
+  // For example, consider a situation where you make an initial request and t
+  // he request times out. If you make the request again with the same request
+  // ID, the server can check if original operation with the same request ID
+  // was received, and if so, will ignore the second request. This prevents
+  // clients from accidentally creating duplicate commitments.
+  //
+  // The request ID must be a valid UUID with the exception that zero UUID is
+  // not supported (00000000-0000-0000-0000-000000000000).
+  string request_id = 4 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// Request message for
+// [CertificateAuthorityService.DeleteCertificateTemplate][google.cloud.security.privateca.v1.CertificateAuthorityService.DeleteCertificateTemplate].
+message DeleteCertificateTemplateRequest {
+  // Required. The resource name for this
+  // [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+  // in the format `projects/*/locations/*/certificateTemplates/*`.
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "privateca.googleapis.com/CertificateTemplate"
+    }
+  ];
+
+  // Optional. An ID to identify requests. Specify a unique request ID so that
+  // if you must retry your request, the server will know to ignore the request
+  // if it has already been completed. The server will guarantee that for at
+  // least 60 minutes since the first request.
+  //
+  // For example, consider a situation where you make an initial request and t
+  // he request times out. If you make the request again with the same request
+  // ID, the server can check if original operation with the same request ID
+  // was received, and if so, will ignore the second request. This prevents
+  // clients from accidentally creating duplicate commitments.
+  //
+  // The request ID must be a valid UUID with the exception that zero UUID is
+  // not supported (00000000-0000-0000-0000-000000000000).
+  string request_id = 2 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// Request message for
+// [CertificateAuthorityService.GetCertificateTemplate][google.cloud.security.privateca.v1.CertificateAuthorityService.GetCertificateTemplate].
+message GetCertificateTemplateRequest {
+  // Required. The
+  // [name][google.cloud.security.privateca.v1.CertificateTemplate.name] of the
+  // [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+  // to get.
+  string name = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "privateca.googleapis.com/CertificateTemplate"
+    }
+  ];
+}
+
+// Request message for
+// [CertificateAuthorityService.ListCertificateTemplates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateTemplates].
+message ListCertificateTemplatesRequest {
+  // Required. The resource name of the location associated with the
+  // [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate],
+  // in the format `projects/*/locations/*`.
+  string parent = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "locations.googleapis.com/Location"
+    }
+  ];
+
+  // Optional. Limit on the number of
+  // [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]
+  // to include in the response. Further
+  // [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate]
+  // can subsequently be obtained by including the
+  // [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token]
+  // in a subsequent request. If unspecified, the server will pick an
+  // appropriate default.
+  int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. Pagination token, returned earlier via
+  // [ListCertificateTemplatesResponse.next_page_token][google.cloud.security.privateca.v1.ListCertificateTemplatesResponse.next_page_token].
+  string page_token = 3 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. Only include resources that match the filter in the response.
+  string filter = 4 [(google.api.field_behavior) = OPTIONAL];
+
+  // Optional. Specify how the results should be sorted.
+  string order_by = 5 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// Response message for
+// [CertificateAuthorityService.ListCertificateTemplates][google.cloud.security.privateca.v1.CertificateAuthorityService.ListCertificateTemplates].
+message ListCertificateTemplatesResponse {
+  // The list of
+  // [CertificateTemplates][google.cloud.security.privateca.v1.CertificateTemplate].
+  repeated CertificateTemplate certificate_templates = 1;
+
+  // A token to retrieve next page of results. Pass this value in
+  // [ListCertificateTemplatesRequest.next_page_token][] to retrieve
+  // the next page of results.
+  string next_page_token = 2;
+
+  // A list of locations (e.g. "us-west1") that could not be reached.
+  repeated string unreachable = 3;
+}
+
+// Request message for
+// [CertificateAuthorityService.UpdateCertificateTemplate][google.cloud.security.privateca.v1.CertificateAuthorityService.UpdateCertificateTemplate].
+message UpdateCertificateTemplateRequest {
+  // Required.
+  // [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
+  // with updated values.
+  CertificateTemplate certificate_template = 1
+      [(google.api.field_behavior) = REQUIRED];
+
+  // Required. A list of fields to be updated in this request.
+  google.protobuf.FieldMask update_mask = 2
+      [(google.api.field_behavior) = REQUIRED];
+
+  // Optional. An ID to identify requests. Specify a unique request ID so that
+  // if you must retry your request, the server will know to ignore the request
+  // if it has already been completed. The server will guarantee that for at
+  // least 60 minutes since the first request.
+  //
+  // For example, consider a situation where you make an initial request and t
+  // he request times out. If you make the request again with the same request
+  // ID, the server can check if original operation with the same request ID
+  // was received, and if so, will ignore the second request. This prevents
+  // clients from accidentally creating duplicate commitments.
+  //
+  // The request ID must be a valid UUID with the exception that zero UUID is
+  // not supported (00000000-0000-0000-0000-000000000000).
+  string request_id = 3 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// Represents the metadata of the long-running operation.
+message OperationMetadata {
+  // Output only. The time the operation was created.
+  google.protobuf.Timestamp create_time = 1
+      [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. The time the operation finished running.
+  google.protobuf.Timestamp end_time = 2
+      [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. Server-defined resource path for the target of the operation.
+  string target = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. Name of the verb executed by the operation.
+  string verb = 4 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. Human-readable status of the operation, if any.
+  string status_message = 5 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. Identifies whether the user has requested cancellation
+  // of the operation. Operations that have successfully been cancelled
+  // have [Operation.error][] value with a
+  // [google.rpc.Status.code][google.rpc.Status.code] of 1, corresponding to
+  // `Code.CANCELLED`.
+  bool requested_cancellation = 6 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. API version used to start the operation.
+  string api_version = 7 [(google.api.field_behavior) = OUTPUT_ONLY];
+}
diff --git a/synth.metadata b/synth.metadata
index c958130d..636f84c7 100644
--- a/synth.metadata
+++ b/synth.metadata
@@ -4,214 +4,8 @@
       "git": {
         "name": ".",
         "remote": "https://github.com/googleapis/java-security-private-ca.git",
-        "sha": "72420a3a8e47ccb42473d6ff7a4542b743c1c394"
-      }
-    },
-    {
-      "git": {
-        "name": "googleapis",
-        "remote": "https://github.com/googleapis/googleapis.git",
-        "sha": "1305ca41d554eb0725237561e34129373bb8cbc1",
-        "internalRef": "362856902"
-      }
-    },
-    {
-      "git": {
-        "name": "synthtool",
-        "remote": "https://github.com/googleapis/synthtool.git",
-        "sha": "8285c2b4cdbc3771d031ad91e1c4ec9e55fff45d"
-      }
-    }
-  ],
-  "destinations": [
-    {
-      "client": {
-        "source": "googleapis",
-        "apiName": "security-privateca",
-        "apiVersion": "v1beta1",
-        "language": "java",
-        "generator": "bazel"
+        "sha": "db53011a802c0b84a427f23f35be5cc23c6f736f"
       }
     }
-  ],
-  "generatedFiles": [
-    ".github/CODEOWNERS",
-    ".github/ISSUE_TEMPLATE/bug_report.md",
-    ".github/ISSUE_TEMPLATE/feature_request.md",
-    ".github/ISSUE_TEMPLATE/support_request.md",
-    ".github/PULL_REQUEST_TEMPLATE.md",
-    ".github/blunderbuss.yml",
-    ".github/generated-files-bot.yml",
-    ".github/readme/synth.py",
-    ".github/release-please.yml",
-    ".github/snippet-bot.yml",
-    ".github/sync-repo-settings.yaml",
-    ".github/trusted-contribution.yml",
-    ".github/workflows/approve-readme.yaml",
-    ".github/workflows/auto-release.yaml",
-    ".github/workflows/ci.yaml",
-    ".github/workflows/samples.yaml",
-    ".kokoro/build.bat",
-    ".kokoro/build.sh",
-    ".kokoro/coerce_logs.sh",
-    ".kokoro/common.cfg",
-    ".kokoro/common.sh",
-    ".kokoro/continuous/common.cfg",
-    ".kokoro/continuous/java8.cfg",
-    ".kokoro/continuous/readme.cfg",
-    ".kokoro/dependencies.sh",
-    ".kokoro/nightly/common.cfg",
-    ".kokoro/nightly/integration.cfg",
-    ".kokoro/nightly/java11.cfg",
-    ".kokoro/nightly/java7.cfg",
-    ".kokoro/nightly/java8-osx.cfg",
-    ".kokoro/nightly/java8-win.cfg",
-    ".kokoro/nightly/java8.cfg",
-    ".kokoro/nightly/samples.cfg",
-    ".kokoro/populate-secrets.sh",
-    ".kokoro/presubmit/clirr.cfg",
-    ".kokoro/presubmit/common.cfg",
-    ".kokoro/presubmit/dependencies.cfg",
-    ".kokoro/presubmit/integration.cfg",
-    ".kokoro/presubmit/java11.cfg",
-    ".kokoro/presubmit/java7.cfg",
-    ".kokoro/presubmit/java8-osx.cfg",
-    ".kokoro/presubmit/java8-win.cfg",
-    ".kokoro/presubmit/java8.cfg",
-    ".kokoro/presubmit/linkage-monitor.cfg",
-    ".kokoro/presubmit/lint.cfg",
-    ".kokoro/presubmit/samples.cfg",
-    ".kokoro/readme.sh",
-    ".kokoro/release/bump_snapshot.cfg",
-    ".kokoro/release/common.cfg",
-    ".kokoro/release/common.sh",
-    ".kokoro/release/drop.cfg",
-    ".kokoro/release/drop.sh",
-    ".kokoro/release/promote.cfg",
-    ".kokoro/release/promote.sh",
-    ".kokoro/release/publish_javadoc.cfg",
-    ".kokoro/release/publish_javadoc.sh",
-    ".kokoro/release/publish_javadoc11.cfg",
-    ".kokoro/release/publish_javadoc11.sh",
-    ".kokoro/release/snapshot.cfg",
-    ".kokoro/release/snapshot.sh",
-    ".kokoro/release/stage.cfg",
-    ".kokoro/release/stage.sh",
-    ".kokoro/trampoline.sh",
-    "CODE_OF_CONDUCT.md",
-    "CONTRIBUTING.md",
-    "LICENSE",
-    "codecov.yaml",
-    "google-cloud-security-private-ca/src/main/java/com/google/cloud/security/privateca/v1beta1/CertificateAuthorityServiceClient.java",
-    "google-cloud-security-private-ca/src/main/java/com/google/cloud/security/privateca/v1beta1/CertificateAuthorityServiceSettings.java",
-    "google-cloud-security-private-ca/src/main/java/com/google/cloud/security/privateca/v1beta1/gapic_metadata.json",
-    "google-cloud-security-private-ca/src/main/java/com/google/cloud/security/privateca/v1beta1/package-info.java",
-    "google-cloud-security-private-ca/src/main/java/com/google/cloud/security/privateca/v1beta1/stub/CertificateAuthorityServiceStub.java",
-    "google-cloud-security-private-ca/src/main/java/com/google/cloud/security/privateca/v1beta1/stub/CertificateAuthorityServiceStubSettings.java",
-    "google-cloud-security-private-ca/src/main/java/com/google/cloud/security/privateca/v1beta1/stub/GrpcCertificateAuthorityServiceCallableFactory.java",
-    "google-cloud-security-private-ca/src/main/java/com/google/cloud/security/privateca/v1beta1/stub/GrpcCertificateAuthorityServiceStub.java",
-    "google-cloud-security-private-ca/src/test/java/com/google/cloud/security/privateca/v1beta1/CertificateAuthorityServiceClientTest.java",
-    "google-cloud-security-private-ca/src/test/java/com/google/cloud/security/privateca/v1beta1/MockCertificateAuthorityService.java",
-    "google-cloud-security-private-ca/src/test/java/com/google/cloud/security/privateca/v1beta1/MockCertificateAuthorityServiceImpl.java",
-    "grpc-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/CertificateAuthorityServiceGrpc.java",
-    "java.header",
-    "license-checks.xml",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/ActivateCertificateAuthorityRequest.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/ActivateCertificateAuthorityRequestOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/Certificate.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/CertificateAuthority.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/CertificateAuthorityName.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/CertificateAuthorityOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/CertificateConfig.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/CertificateConfigOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/CertificateDescription.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/CertificateDescriptionOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/CertificateName.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/CertificateOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/CertificateRevocationList.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/CertificateRevocationListName.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/CertificateRevocationListOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/CreateCertificateAuthorityRequest.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/CreateCertificateAuthorityRequestOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/CreateCertificateRequest.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/CreateCertificateRequestOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/DisableCertificateAuthorityRequest.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/DisableCertificateAuthorityRequestOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/EnableCertificateAuthorityRequest.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/EnableCertificateAuthorityRequestOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/FetchCertificateAuthorityCsrRequest.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/FetchCertificateAuthorityCsrRequestOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/FetchCertificateAuthorityCsrResponse.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/FetchCertificateAuthorityCsrResponseOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/GetCertificateAuthorityRequest.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/GetCertificateAuthorityRequestOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/GetCertificateRequest.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/GetCertificateRequestOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/GetCertificateRevocationListRequest.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/GetCertificateRevocationListRequestOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/GetReusableConfigRequest.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/GetReusableConfigRequestOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/KeyUsage.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/KeyUsageOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/ListCertificateAuthoritiesRequest.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/ListCertificateAuthoritiesRequestOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/ListCertificateAuthoritiesResponse.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/ListCertificateAuthoritiesResponseOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/ListCertificateRevocationListsRequest.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/ListCertificateRevocationListsRequestOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/ListCertificateRevocationListsResponse.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/ListCertificateRevocationListsResponseOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/ListCertificatesRequest.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/ListCertificatesRequestOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/ListCertificatesResponse.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/ListCertificatesResponseOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/ListReusableConfigsRequest.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/ListReusableConfigsRequestOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/ListReusableConfigsResponse.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/ListReusableConfigsResponseOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/LocationName.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/ObjectId.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/ObjectIdOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/OperationMetadata.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/OperationMetadataOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/PrivateCaProto.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/PrivateCaResourcesProto.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/PublicKey.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/PublicKeyOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/RestoreCertificateAuthorityRequest.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/RestoreCertificateAuthorityRequestOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/ReusableConfig.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/ReusableConfigName.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/ReusableConfigOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/ReusableConfigValues.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/ReusableConfigValuesOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/ReusableConfigWrapper.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/ReusableConfigWrapperOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/RevocationReason.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/RevokeCertificateRequest.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/RevokeCertificateRequestOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/ScheduleDeleteCertificateAuthorityRequest.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/ScheduleDeleteCertificateAuthorityRequestOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/Subject.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/SubjectAltNames.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/SubjectAltNamesOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/SubjectOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/SubordinateConfig.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/SubordinateConfigOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/UpdateCertificateAuthorityRequest.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/UpdateCertificateAuthorityRequestOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/UpdateCertificateRequest.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/UpdateCertificateRequestOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/UpdateCertificateRevocationListRequest.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/UpdateCertificateRevocationListRequestOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/X509Extension.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/java/com/google/cloud/security/privateca/v1beta1/X509ExtensionOrBuilder.java",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/proto/google/cloud/security/privateca/v1beta1/resources.proto",
-    "proto-google-cloud-security-private-ca-v1beta1/src/main/proto/google/cloud/security/privateca/v1beta1/service.proto",
-    "renovate.json",
-    "samples/install-without-bom/pom.xml",
-    "samples/pom.xml",
-    "samples/snapshot/pom.xml",
-    "samples/snippets/pom.xml"
   ]
 }
\ No newline at end of file
diff --git a/synth.py b/synth.py
deleted file mode 100644
index 809af41f..00000000
--- a/synth.py
+++ /dev/null
@@ -1,33 +0,0 @@
-# Copyright 2020 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-"""This script is used to synthesize generated parts of this library."""
-
-import synthtool as s
-import synthtool.gcp as gcp
-import synthtool.languages.java as java
-
-service = 'security-privateca'
-versions = ['v1beta1']
-
-for version in versions:
-  java.bazel_library(
-      service=service,
-      version=version,
-      proto_path=f'google/cloud/security/privateca/{version}',
-      bazel_target=f'//google/cloud/security/privateca/{version}:google-cloud-{service}-{version}-java',
-      destination_name='security-private-ca',
-  )
-
-java.common_templates()
\ No newline at end of file
diff --git a/versions.txt b/versions.txt
index 6f678bdf..628bdc56 100644
--- a/versions.txt
+++ b/versions.txt
@@ -2,5 +2,7 @@
 # module:released-version:current-version
 
 google-cloud-security-private-ca:0.2.8:0.2.9-SNAPSHOT
+grpc-google-cloud-security-private-ca-v1beta1:0.2.8:0.2.9-SNAPSHOT
+grpc-google-cloud-security-private-ca-v1:0.2.8:0.2.9-SNAPSHOT
 proto-google-cloud-security-private-ca-v1beta1:0.2.8:0.2.9-SNAPSHOT
-grpc-google-cloud-security-private-ca-v1beta1:0.2.8:0.2.9-SNAPSHOT
\ No newline at end of file
+proto-google-cloud-security-private-ca-v1:0.2.8:0.2.9-SNAPSHOT