Google Certificate Authority Service V1 Client - Class IssuancePolicy (2.0.1)

Reference documentation and code samples for the Google Certificate Authority Service V1 Client class IssuancePolicy.

Defines controls over all certificate issuance within a CaPool.

Generated from protobuf message google.cloud.security.privateca.v1.CaPool.IssuancePolicy

Namespace

Google \ Cloud \ Security \ PrivateCA \ V1 \ CaPool

Methods

__construct

Constructor.

Parameters
Name Description
data array

Optional. Data for populating the Message object.

↳ allowed_key_types array<IssuancePolicy\AllowedKeyType>

Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.

↳ maximum_lifetime Google\Protobuf\Duration

Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate resource's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.

↳ allowed_issuance_modes IssuancePolicy\IssuanceModes

Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.

↳ baseline_values Google\Cloud\Security\PrivateCA\V1\X509Parameters

Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.

↳ identity_constraints Google\Cloud\Security\PrivateCA\V1\CertificateIdentityConstraints

Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.

↳ passthrough_extensions Google\Cloud\Security\PrivateCA\V1\CertificateExtensionConstraints

Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.

getAllowedKeyTypes

Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.

Returns
Type Description
Google\Protobuf\Internal\RepeatedField

setAllowedKeyTypes

Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.

Parameter
Name Description
var array<IssuancePolicy\AllowedKeyType>
Returns
Type Description
$this

getMaximumLifetime

Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate resource's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.

Returns
Type Description
Google\Protobuf\Duration|null

hasMaximumLifetime

clearMaximumLifetime

setMaximumLifetime

Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate resource's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.

Parameter
Name Description
var Google\Protobuf\Duration
Returns
Type Description
$this

getAllowedIssuanceModes

Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.

Returns
Type Description
IssuancePolicy\IssuanceModes|null

hasAllowedIssuanceModes

clearAllowedIssuanceModes

setAllowedIssuanceModes

Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.

Parameter
Name Description
var IssuancePolicy\IssuanceModes
Returns
Type Description
$this

getBaselineValues

Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool.

If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.

Returns
Type Description
Google\Cloud\Security\PrivateCA\V1\X509Parameters|null

hasBaselineValues

clearBaselineValues

setBaselineValues

Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool.

If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.

Parameter
Name Description
var Google\Cloud\Security\PrivateCA\V1\X509Parameters
Returns
Type Description
$this

getIdentityConstraints

Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.

Returns
Type Description
Google\Cloud\Security\PrivateCA\V1\CertificateIdentityConstraints|null

hasIdentityConstraints

clearIdentityConstraints

setIdentityConstraints

Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.

Parameter
Name Description
var Google\Cloud\Security\PrivateCA\V1\CertificateIdentityConstraints
Returns
Type Description
$this

getPassthroughExtensions

Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.

Returns
Type Description
Google\Cloud\Security\PrivateCA\V1\CertificateExtensionConstraints|null

hasPassthroughExtensions

clearPassthroughExtensions

setPassthroughExtensions

Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.

Parameter
Name Description
var Google\Cloud\Security\PrivateCA\V1\CertificateExtensionConstraints
Returns
Type Description
$this