Reference documentation and code samples for the Google Certificate Authority Service V1 Client class IssuancePolicy.
Defines controls over all certificate issuance within a CaPool.
Generated from protobuf message google.cloud.security.privateca.v1.CaPool.IssuancePolicy
Methods
__construct
Constructor.
| Parameters | |
|---|---|
| Name | Description |
data |
array
Optional. Data for populating the Message object. |
↳ allowed_key_types |
array<Google\Cloud\Security\PrivateCA\V1\CaPool\IssuancePolicy\AllowedKeyType>
Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used. |
↳ maximum_lifetime |
Google\Protobuf\Duration
Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it. |
↳ allowed_issuance_modes |
Google\Cloud\Security\PrivateCA\V1\CaPool\IssuancePolicy\IssuanceModes
Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates. |
↳ baseline_values |
Google\Cloud\Security\PrivateCA\V1\X509Parameters
Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail. |
↳ identity_constraints |
Google\Cloud\Security\PrivateCA\V1\CertificateIdentityConstraints
Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity. |
↳ passthrough_extensions |
Google\Cloud\Security\PrivateCA\V1\CertificateExtensionConstraints
Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values. |
getAllowedKeyTypes
Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.
| Returns | |
|---|---|
| Type | Description |
Google\Protobuf\Internal\RepeatedField | |
setAllowedKeyTypes
Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.
| Parameter | |
|---|---|
| Name | Description |
var |
array<Google\Cloud\Security\PrivateCA\V1\CaPool\IssuancePolicy\AllowedKeyType>
|
| Returns | |
|---|---|
| Type | Description |
$this | |
getMaximumLifetime
Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
| Returns | |
|---|---|
| Type | Description |
Google\Protobuf\Duration|null | |
hasMaximumLifetime
clearMaximumLifetime
setMaximumLifetime
Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.
| Parameter | |
|---|---|
| Name | Description |
var |
Google\Protobuf\Duration
|
| Returns | |
|---|---|
| Type | Description |
$this | |
getAllowedIssuanceModes
Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
| Returns | |
|---|---|
| Type | Description |
Google\Cloud\Security\PrivateCA\V1\CaPool\IssuancePolicy\IssuanceModes|null | |
hasAllowedIssuanceModes
clearAllowedIssuanceModes
setAllowedIssuanceModes
Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.
| Parameter | |
|---|---|
| Name | Description |
var |
Google\Cloud\Security\PrivateCA\V1\CaPool\IssuancePolicy\IssuanceModes
|
| Returns | |
|---|---|
| Type | Description |
$this | |
getBaselineValues
Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool.
If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.
| Returns | |
|---|---|
| Type | Description |
Google\Cloud\Security\PrivateCA\V1\X509Parameters|null | |
hasBaselineValues
clearBaselineValues
setBaselineValues
Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool.
If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.
| Parameter | |
|---|---|
| Name | Description |
var |
Google\Cloud\Security\PrivateCA\V1\X509Parameters
|
| Returns | |
|---|---|
| Type | Description |
$this | |
getIdentityConstraints
Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.
| Returns | |
|---|---|
| Type | Description |
Google\Cloud\Security\PrivateCA\V1\CertificateIdentityConstraints|null | |
hasIdentityConstraints
clearIdentityConstraints
setIdentityConstraints
Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.
| Parameter | |
|---|---|
| Name | Description |
var |
Google\Cloud\Security\PrivateCA\V1\CertificateIdentityConstraints
|
| Returns | |
|---|---|
| Type | Description |
$this | |
getPassthroughExtensions
Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.
| Returns | |
|---|---|
| Type | Description |
Google\Cloud\Security\PrivateCA\V1\CertificateExtensionConstraints|null | |
hasPassthroughExtensions
clearPassthroughExtensions
setPassthroughExtensions
Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.
| Parameter | |
|---|---|
| Name | Description |
var |
Google\Cloud\Security\PrivateCA\V1\CertificateExtensionConstraints
|
| Returns | |
|---|---|
| Type | Description |
$this | |