Class CaPool.Types.IssuancePolicy

public sealed class IssuancePolicy : IMessage<CaPool.Types.IssuancePolicy>, IEquatable<CaPool.Types.IssuancePolicy>, IDeepCloneable<CaPool.Types.IssuancePolicy>, IBufferMessage, IMessage

Defines controls over all certificate issuance within a [CaPool][google.cloud.security.privateca.v1.CaPool].

Inheritance

Object > CaPool.Types.IssuancePolicy

Namespace

Google.Cloud.Security.PrivateCA.V1

Assembly

Google.Cloud.Security.PrivateCA.V1.dll

Constructors

IssuancePolicy()

public IssuancePolicy()

IssuancePolicy(CaPool.Types.IssuancePolicy)

public IssuancePolicy(CaPool.Types.IssuancePolicy other)
Parameter
TypeNameDescription
CaPool.Types.IssuancePolicyother

Properties

AllowedIssuanceModes

public CaPool.Types.IssuancePolicy.Types.IssuanceModes AllowedIssuanceModes { get; set; }

Optional. If specified, then only methods allowed in the [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes] may be used to issue [Certificates][google.cloud.security.privateca.v1.Certificate].

Property Value
TypeDescription
CaPool.Types.IssuancePolicy.Types.IssuanceModes

AllowedKeyTypes

public RepeatedField<CaPool.Types.IssuancePolicy.Types.AllowedKeyType> AllowedKeyTypes { get; }

Optional. If any [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType] is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.

Property Value
TypeDescription
RepeatedField<CaPool.Types.IssuancePolicy.Types.AllowedKeyType>

BaselineValues

public X509Parameters BaselineValues { get; set; }

Optional. A set of X.509 values that will be applied to all certificates issued through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] that defines conflicting [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] for the same properties, the certificate issuance request will fail.

Property Value
TypeDescription
X509Parameters

IdentityConstraints

public CertificateIdentityConstraints IdentityConstraints { get; set; }

Optional. Describes constraints on identities that may appear in [Certificates][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If this is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a certificate's identity.

Property Value
TypeDescription
CertificateIdentityConstraints

MaximumLifetime

public Duration MaximumLifetime { get; set; }

Optional. The maximum lifetime allowed for issued [Certificates][google.cloud.security.privateca.v1.Certificate]. Note that if the issuing [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority] expires before a [Certificate][google.cloud.security.privateca.v1.Certificate]'s requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.

Property Value
TypeDescription
Duration

PassthroughExtensions

public CertificateExtensionConstraints PassthroughExtensions { get; set; }

Optional. Describes the set of X.509 extensions that may appear in a [Certificate][google.cloud.security.privateca.v1.Certificate] issued through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a certificate request sets extensions that don't appear in the [passthrough_extensions][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.passthrough_extensions], those extensions will be dropped. If a certificate request uses a [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate] with [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values] that don't appear here, the certificate issuance request will fail. If this is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool] will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this [CaPool][google.cloud.security.privateca.v1.CaPool]'s [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values].

Property Value
TypeDescription
CertificateExtensionConstraints