public sealed class IssuancePolicy : IMessage<CaPool.Types.IssuancePolicy>, IEquatable<CaPool.Types.IssuancePolicy>, IDeepCloneable<CaPool.Types.IssuancePolicy>, IBufferMessage, IMessage
Reference documentation and code samples for the Certificate Authority v1 API class CaPool.Types.IssuancePolicy.
Defines controls over all certificate issuance within a [CaPool][google.cloud.security.privateca.v1.CaPool].
Implements
IMessage<CaPool.Types.IssuancePolicy>, IEquatable<CaPool.Types.IssuancePolicy>, IDeepCloneable<CaPool.Types.IssuancePolicy>, IBufferMessage, IMessageNamespace
Google.Cloud.Security.PrivateCA.V1Assembly
Google.Cloud.Security.PrivateCA.V1.dll
Constructors
IssuancePolicy()
public IssuancePolicy()
IssuancePolicy(CaPool.Types.IssuancePolicy)
public IssuancePolicy(CaPool.Types.IssuancePolicy other)
Parameter | |
---|---|
Name | Description |
other | CaPool.Types.IssuancePolicy |
Properties
AllowedIssuanceModes
public CaPool.Types.IssuancePolicy.Types.IssuanceModes AllowedIssuanceModes { get; set; }
Optional. If specified, then only methods allowed in the [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes] may be used to issue [Certificates][google.cloud.security.privateca.v1.Certificate].
Property Value | |
---|---|
Type | Description |
CaPool.Types.IssuancePolicy.Types.IssuanceModes |
AllowedKeyTypes
public RepeatedField<CaPool.Types.IssuancePolicy.Types.AllowedKeyType> AllowedKeyTypes { get; }
Optional. If any [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.
Property Value | |
---|---|
Type | Description |
RepeatedField<CaPool.Types.IssuancePolicy.Types.AllowedKeyType> |
BaselineValues
public X509Parameters BaselineValues { get; set; }
Optional. A set of X.509 values that will be applied to all certificates issued through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] that defines conflicting [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] for the same properties, the certificate issuance request will fail.
Property Value | |
---|---|
Type | Description |
X509Parameters |
IdentityConstraints
public CertificateIdentityConstraints IdentityConstraints { get; set; }
Optional. Describes constraints on identities that may appear in [Certificates][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If this is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a certificate's identity.
Property Value | |
---|---|
Type | Description |
CertificateIdentityConstraints |
MaximumLifetime
public Duration MaximumLifetime { get; set; }
Optional. The maximum lifetime allowed for issued [Certificates][google.cloud.security.privateca.v1.Certificate]. Note that if the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] expires before a [Certificate][google.cloud.security.privateca.v1.Certificate]'s requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
Property Value | |
---|---|
Type | Description |
Duration |
PassthroughExtensions
public CertificateExtensionConstraints PassthroughExtensions { get; set; }
Optional. Describes the set of X.509 extensions that may appear in a [Certificate][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request sets extensions that don't appear in the [passthrough_extensions][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.passthrough_extensions], those extensions will be dropped. If a certificate request uses a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] that don't appear here, the certificate issuance request will fail. If this is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this [CaPool][google.cloud.security.privateca.v1.CaPool]'s [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values].
Property Value | |
---|---|
Type | Description |
CertificateExtensionConstraints |