CfnTemplatePropsMixin
- class aws_cdk.mixins_preview.aws_pcaconnectorad.mixins.CfnTemplatePropsMixin(props, *, strategy=None)
Bases:
MixinCreates an Active Directory compatible certificate template.
The connectors issues certificates using these templates based on the requester’s Active Directory group membership.
- See:
- CloudformationResource:
AWS::PCAConnectorAD::Template
- Mixin:
true
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview import mixins from aws_cdk.mixins_preview.aws_pcaconnectorad import mixins as pcaconnectorad_mixins cfn_template_props_mixin = pcaconnectorad_mixins.CfnTemplatePropsMixin(pcaconnectorad_mixins.CfnTemplateMixinProps( connector_arn="connectorArn", definition=pcaconnectorad_mixins.CfnTemplatePropsMixin.TemplateDefinitionProperty( template_v2=pcaconnectorad_mixins.CfnTemplatePropsMixin.TemplateV2Property( certificate_validity=pcaconnectorad_mixins.CfnTemplatePropsMixin.CertificateValidityProperty( renewal_period=pcaconnectorad_mixins.CfnTemplatePropsMixin.ValidityPeriodProperty( period=123, period_type="periodType" ), validity_period=pcaconnectorad_mixins.CfnTemplatePropsMixin.ValidityPeriodProperty( period=123, period_type="periodType" ) ), enrollment_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.EnrollmentFlagsV2Property( enable_key_reuse_on_nt_token_keyset_storage_full=False, include_symmetric_algorithms=False, no_security_extension=False, remove_invalid_certificate_from_personal_store=False, user_interaction_required=False ), extensions=pcaconnectorad_mixins.CfnTemplatePropsMixin.ExtensionsV2Property( application_policies=pcaconnectorad_mixins.CfnTemplatePropsMixin.ApplicationPoliciesProperty( critical=False, policies=[pcaconnectorad_mixins.CfnTemplatePropsMixin.ApplicationPolicyProperty( policy_object_identifier="policyObjectIdentifier", policy_type="policyType" )] ), key_usage=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsageProperty( critical=False, usage_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsageFlagsProperty( data_encipherment=False, digital_signature=False, key_agreement=False, key_encipherment=False, non_repudiation=False ) ) ), general_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.GeneralFlagsV2Property( auto_enrollment=False, machine_type=False ), private_key_attributes=pcaconnectorad_mixins.CfnTemplatePropsMixin.PrivateKeyAttributesV2Property( crypto_providers=["cryptoProviders"], key_spec="keySpec", minimal_key_length=123 ), private_key_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.PrivateKeyFlagsV2Property( client_version="clientVersion", exportable_key=False, strong_key_protection_required=False ), subject_name_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.SubjectNameFlagsV2Property( require_common_name=False, require_directory_path=False, require_dns_as_cn=False, require_email=False, san_require_directory_guid=False, san_require_dns=False, san_require_domain_dns=False, san_require_email=False, san_require_spn=False, san_require_upn=False ), superseded_templates=["supersededTemplates"] ), template_v3=pcaconnectorad_mixins.CfnTemplatePropsMixin.TemplateV3Property( certificate_validity=pcaconnectorad_mixins.CfnTemplatePropsMixin.CertificateValidityProperty( renewal_period=pcaconnectorad_mixins.CfnTemplatePropsMixin.ValidityPeriodProperty( period=123, period_type="periodType" ), validity_period=pcaconnectorad_mixins.CfnTemplatePropsMixin.ValidityPeriodProperty( period=123, period_type="periodType" ) ), enrollment_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.EnrollmentFlagsV3Property( enable_key_reuse_on_nt_token_keyset_storage_full=False, include_symmetric_algorithms=False, no_security_extension=False, remove_invalid_certificate_from_personal_store=False, user_interaction_required=False ), extensions=pcaconnectorad_mixins.CfnTemplatePropsMixin.ExtensionsV3Property( application_policies=pcaconnectorad_mixins.CfnTemplatePropsMixin.ApplicationPoliciesProperty( critical=False, policies=[pcaconnectorad_mixins.CfnTemplatePropsMixin.ApplicationPolicyProperty( policy_object_identifier="policyObjectIdentifier", policy_type="policyType" )] ), key_usage=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsageProperty( critical=False, usage_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsageFlagsProperty( data_encipherment=False, digital_signature=False, key_agreement=False, key_encipherment=False, non_repudiation=False ) ) ), general_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.GeneralFlagsV3Property( auto_enrollment=False, machine_type=False ), hash_algorithm="hashAlgorithm", private_key_attributes=pcaconnectorad_mixins.CfnTemplatePropsMixin.PrivateKeyAttributesV3Property( algorithm="algorithm", crypto_providers=["cryptoProviders"], key_spec="keySpec", key_usage_property=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsagePropertyProperty( property_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsagePropertyFlagsProperty( decrypt=False, key_agreement=False, sign=False ), property_type="propertyType" ), minimal_key_length=123 ), private_key_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.PrivateKeyFlagsV3Property( client_version="clientVersion", exportable_key=False, require_alternate_signature_algorithm=False, strong_key_protection_required=False ), subject_name_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.SubjectNameFlagsV3Property( require_common_name=False, require_directory_path=False, require_dns_as_cn=False, require_email=False, san_require_directory_guid=False, san_require_dns=False, san_require_domain_dns=False, san_require_email=False, san_require_spn=False, san_require_upn=False ), superseded_templates=["supersededTemplates"] ), template_v4=pcaconnectorad_mixins.CfnTemplatePropsMixin.TemplateV4Property( certificate_validity=pcaconnectorad_mixins.CfnTemplatePropsMixin.CertificateValidityProperty( renewal_period=pcaconnectorad_mixins.CfnTemplatePropsMixin.ValidityPeriodProperty( period=123, period_type="periodType" ), validity_period=pcaconnectorad_mixins.CfnTemplatePropsMixin.ValidityPeriodProperty( period=123, period_type="periodType" ) ), enrollment_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.EnrollmentFlagsV4Property( enable_key_reuse_on_nt_token_keyset_storage_full=False, include_symmetric_algorithms=False, no_security_extension=False, remove_invalid_certificate_from_personal_store=False, user_interaction_required=False ), extensions=pcaconnectorad_mixins.CfnTemplatePropsMixin.ExtensionsV4Property( application_policies=pcaconnectorad_mixins.CfnTemplatePropsMixin.ApplicationPoliciesProperty( critical=False, policies=[pcaconnectorad_mixins.CfnTemplatePropsMixin.ApplicationPolicyProperty( policy_object_identifier="policyObjectIdentifier", policy_type="policyType" )] ), key_usage=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsageProperty( critical=False, usage_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsageFlagsProperty( data_encipherment=False, digital_signature=False, key_agreement=False, key_encipherment=False, non_repudiation=False ) ) ), general_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.GeneralFlagsV4Property( auto_enrollment=False, machine_type=False ), hash_algorithm="hashAlgorithm", private_key_attributes=pcaconnectorad_mixins.CfnTemplatePropsMixin.PrivateKeyAttributesV4Property( algorithm="algorithm", crypto_providers=["cryptoProviders"], key_spec="keySpec", key_usage_property=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsagePropertyProperty( property_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsagePropertyFlagsProperty( decrypt=False, key_agreement=False, sign=False ), property_type="propertyType" ), minimal_key_length=123 ), private_key_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.PrivateKeyFlagsV4Property( client_version="clientVersion", exportable_key=False, require_alternate_signature_algorithm=False, require_same_key_renewal=False, strong_key_protection_required=False, use_legacy_provider=False ), subject_name_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.SubjectNameFlagsV4Property( require_common_name=False, require_directory_path=False, require_dns_as_cn=False, require_email=False, san_require_directory_guid=False, san_require_dns=False, san_require_domain_dns=False, san_require_email=False, san_require_spn=False, san_require_upn=False ), superseded_templates=["supersededTemplates"] ) ), name="name", reenroll_all_certificate_holders=False, tags={ "tags_key": "tags" } ), strategy=mixins.PropertyMergeStrategy.OVERRIDE )
Create a mixin to apply properties to
AWS::PCAConnectorAD::Template.- Parameters:
props (
Union[CfnTemplateMixinProps,Dict[str,Any]]) – L1 properties to apply.strategy (
Optional[PropertyMergeStrategy]) – (experimental) Strategy for merging nested properties. Default: - PropertyMergeStrategy.MERGE
Methods
- apply_to(construct)
Apply the mixin properties to the construct.
- Parameters:
construct (
IConstruct)- Return type:
- supports(construct)
Check if this mixin supports the given construct.
- Parameters:
construct (
IConstruct)- Return type:
bool
Attributes
- CFN_PROPERTY_KEYS = ['connectorArn', 'definition', 'name', 'reenrollAllCertificateHolders', 'tags']
Static Methods
- classmethod is_mixin(x)
(experimental) Checks if
xis a Mixin.- Parameters:
x (
Any) – Any object.- Return type:
bool- Returns:
true if
xis an object created from a class which extendsMixin.- Stability:
experimental
ApplicationPoliciesProperty
- class CfnTemplatePropsMixin.ApplicationPoliciesProperty(*, critical=None, policies=None)
Bases:
objectApplication policies describe what the certificate can be used for.
- Parameters:
critical (
Union[bool,IResolvable,None]) – Marks the application policy extension as critical.policies (
Union[IResolvable,Sequence[Union[IResolvable,ApplicationPolicyProperty,Dict[str,Any]]],None]) – Application policies describe what the certificate can be used for.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_pcaconnectorad import mixins as pcaconnectorad_mixins application_policies_property = pcaconnectorad_mixins.CfnTemplatePropsMixin.ApplicationPoliciesProperty( critical=False, policies=[pcaconnectorad_mixins.CfnTemplatePropsMixin.ApplicationPolicyProperty( policy_object_identifier="policyObjectIdentifier", policy_type="policyType" )] )
Attributes
- critical
Marks the application policy extension as critical.
- policies
Application policies describe what the certificate can be used for.
ApplicationPolicyProperty
- class CfnTemplatePropsMixin.ApplicationPolicyProperty(*, policy_object_identifier=None, policy_type=None)
Bases:
objectApplication policies describe what the certificate can be used for.
- Parameters:
policy_object_identifier (
Optional[str]) – The object identifier (OID) of an application policy.policy_type (
Optional[str]) – The type of application policy.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_pcaconnectorad import mixins as pcaconnectorad_mixins application_policy_property = pcaconnectorad_mixins.CfnTemplatePropsMixin.ApplicationPolicyProperty( policy_object_identifier="policyObjectIdentifier", policy_type="policyType" )
Attributes
- policy_object_identifier
The object identifier (OID) of an application policy.
- policy_type
The type of application policy.
CertificateValidityProperty
- class CfnTemplatePropsMixin.CertificateValidityProperty(*, renewal_period=None, validity_period=None)
Bases:
objectInformation describing the end of the validity period of the certificate.
This parameter sets the “Not After” date for the certificate. Certificate validity is the period of time during which a certificate is valid. Validity can be expressed as an explicit date and time when the certificate expires, or as a span of time after issuance, stated in days, months, or years. For more information, see Validity in RFC 5280. This value is unaffected when ValidityNotBefore is also specified. For example, if Validity is set to 20 days in the future, the certificate will expire 20 days from issuance time regardless of the ValidityNotBefore value.
- Parameters:
renewal_period (
Union[IResolvable,ValidityPeriodProperty,Dict[str,Any],None]) – Renewal period is the period of time before certificate expiration when a new certificate will be requested.validity_period (
Union[IResolvable,ValidityPeriodProperty,Dict[str,Any],None]) – Information describing the end of the validity period of the certificate. This parameter sets the “Not After” date for the certificate. Certificate validity is the period of time during which a certificate is valid. Validity can be expressed as an explicit date and time when the certificate expires, or as a span of time after issuance, stated in days, months, or years. For more information, see Validity in RFC 5280. This value is unaffected when ValidityNotBefore is also specified. For example, if Validity is set to 20 days in the future, the certificate will expire 20 days from issuance time regardless of the ValidityNotBefore value.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_pcaconnectorad import mixins as pcaconnectorad_mixins certificate_validity_property = pcaconnectorad_mixins.CfnTemplatePropsMixin.CertificateValidityProperty( renewal_period=pcaconnectorad_mixins.CfnTemplatePropsMixin.ValidityPeriodProperty( period=123, period_type="periodType" ), validity_period=pcaconnectorad_mixins.CfnTemplatePropsMixin.ValidityPeriodProperty( period=123, period_type="periodType" ) )
Attributes
- renewal_period
Renewal period is the period of time before certificate expiration when a new certificate will be requested.
- validity_period
Information describing the end of the validity period of the certificate.
This parameter sets the “Not After” date for the certificate. Certificate validity is the period of time during which a certificate is valid. Validity can be expressed as an explicit date and time when the certificate expires, or as a span of time after issuance, stated in days, months, or years. For more information, see Validity in RFC 5280. This value is unaffected when ValidityNotBefore is also specified. For example, if Validity is set to 20 days in the future, the certificate will expire 20 days from issuance time regardless of the ValidityNotBefore value.
EnrollmentFlagsV2Property
- class CfnTemplatePropsMixin.EnrollmentFlagsV2Property(*, enable_key_reuse_on_nt_token_keyset_storage_full=None, include_symmetric_algorithms=None, no_security_extension=None, remove_invalid_certificate_from_personal_store=None, user_interaction_required=None)
Bases:
objectTemplate configurations for v2 template schema.
- Parameters:
enable_key_reuse_on_nt_token_keyset_storage_full (
Union[bool,IResolvable,None]) – Allow renewal using the same key.include_symmetric_algorithms (
Union[bool,IResolvable,None]) – Include symmetric algorithms allowed by the subject.no_security_extension (
Union[bool,IResolvable,None]) – This flag instructs the CA to not include the security extension szOID_NTDS_CA_SECURITY_EXT (OID:1.3.6.1.4.1.311.25.2), as specified in [MS-WCCE] sections 2.2.2.7.7.4 and 3.2.2.6.2.1.4.5.9, in the issued certificate. This addresses a Windows Kerberos elevation-of-privilege vulnerability.remove_invalid_certificate_from_personal_store (
Union[bool,IResolvable,None]) – Delete expired or revoked certificates instead of archiving them.user_interaction_required (
Union[bool,IResolvable,None]) – Require user interaction when the subject is enrolled and the private key associated with the certificate is used.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_pcaconnectorad import mixins as pcaconnectorad_mixins enrollment_flags_v2_property = pcaconnectorad_mixins.CfnTemplatePropsMixin.EnrollmentFlagsV2Property( enable_key_reuse_on_nt_token_keyset_storage_full=False, include_symmetric_algorithms=False, no_security_extension=False, remove_invalid_certificate_from_personal_store=False, user_interaction_required=False )
Attributes
- enable_key_reuse_on_nt_token_keyset_storage_full
Allow renewal using the same key.
- include_symmetric_algorithms
Include symmetric algorithms allowed by the subject.
- no_security_extension
1.3.6.1.4.1.311.25.2), as specified in [MS-WCCE] sections 2.2.2.7.7.4 and 3.2.2.6.2.1.4.5.9, in the issued certificate. This addresses a Windows Kerberos elevation-of-privilege vulnerability.
- See:
- Type:
This flag instructs the CA to not include the security extension szOID_NTDS_CA_SECURITY_EXT (OID
- remove_invalid_certificate_from_personal_store
Delete expired or revoked certificates instead of archiving them.
- user_interaction_required
Require user interaction when the subject is enrolled and the private key associated with the certificate is used.
EnrollmentFlagsV3Property
- class CfnTemplatePropsMixin.EnrollmentFlagsV3Property(*, enable_key_reuse_on_nt_token_keyset_storage_full=None, include_symmetric_algorithms=None, no_security_extension=None, remove_invalid_certificate_from_personal_store=None, user_interaction_required=None)
Bases:
objectTemplate configurations for v3 template schema.
- Parameters:
enable_key_reuse_on_nt_token_keyset_storage_full (
Union[bool,IResolvable,None]) – Allow renewal using the same key.include_symmetric_algorithms (
Union[bool,IResolvable,None]) – Include symmetric algorithms allowed by the subject.no_security_extension (
Union[bool,IResolvable,None]) – This flag instructs the CA to not include the security extension szOID_NTDS_CA_SECURITY_EXT (OID:1.3.6.1.4.1.311.25.2), as specified in [MS-WCCE] sections 2.2.2.7.7.4 and 3.2.2.6.2.1.4.5.9, in the issued certificate. This addresses a Windows Kerberos elevation-of-privilege vulnerability.remove_invalid_certificate_from_personal_store (
Union[bool,IResolvable,None]) – Delete expired or revoked certificates instead of archiving them.user_interaction_required (
Union[bool,IResolvable,None]) – Require user interaction when the subject is enrolled and the private key associated with the certificate is used.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_pcaconnectorad import mixins as pcaconnectorad_mixins enrollment_flags_v3_property = pcaconnectorad_mixins.CfnTemplatePropsMixin.EnrollmentFlagsV3Property( enable_key_reuse_on_nt_token_keyset_storage_full=False, include_symmetric_algorithms=False, no_security_extension=False, remove_invalid_certificate_from_personal_store=False, user_interaction_required=False )
Attributes
- enable_key_reuse_on_nt_token_keyset_storage_full
Allow renewal using the same key.
- include_symmetric_algorithms
Include symmetric algorithms allowed by the subject.
- no_security_extension
1.3.6.1.4.1.311.25.2), as specified in [MS-WCCE] sections 2.2.2.7.7.4 and 3.2.2.6.2.1.4.5.9, in the issued certificate. This addresses a Windows Kerberos elevation-of-privilege vulnerability.
- See:
- Type:
This flag instructs the CA to not include the security extension szOID_NTDS_CA_SECURITY_EXT (OID
- remove_invalid_certificate_from_personal_store
Delete expired or revoked certificates instead of archiving them.
- user_interaction_required
Require user interaction when the subject is enrolled and the private key associated with the certificate is used.
EnrollmentFlagsV4Property
- class CfnTemplatePropsMixin.EnrollmentFlagsV4Property(*, enable_key_reuse_on_nt_token_keyset_storage_full=None, include_symmetric_algorithms=None, no_security_extension=None, remove_invalid_certificate_from_personal_store=None, user_interaction_required=None)
Bases:
objectTemplate configurations for v4 template schema.
- Parameters:
enable_key_reuse_on_nt_token_keyset_storage_full (
Union[bool,IResolvable,None]) – Allow renewal using the same key.include_symmetric_algorithms (
Union[bool,IResolvable,None]) – Include symmetric algorithms allowed by the subject.no_security_extension (
Union[bool,IResolvable,None]) – This flag instructs the CA to not include the security extension szOID_NTDS_CA_SECURITY_EXT (OID:1.3.6.1.4.1.311.25.2), as specified in [MS-WCCE] sections 2.2.2.7.7.4 and 3.2.2.6.2.1.4.5.9, in the issued certificate. This addresses a Windows Kerberos elevation-of-privilege vulnerability.remove_invalid_certificate_from_personal_store (
Union[bool,IResolvable,None]) – Delete expired or revoked certificates instead of archiving them.user_interaction_required (
Union[bool,IResolvable,None]) – Require user interaction when the subject is enrolled and the private key associated with the certificate is used.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_pcaconnectorad import mixins as pcaconnectorad_mixins enrollment_flags_v4_property = pcaconnectorad_mixins.CfnTemplatePropsMixin.EnrollmentFlagsV4Property( enable_key_reuse_on_nt_token_keyset_storage_full=False, include_symmetric_algorithms=False, no_security_extension=False, remove_invalid_certificate_from_personal_store=False, user_interaction_required=False )
Attributes
- enable_key_reuse_on_nt_token_keyset_storage_full
Allow renewal using the same key.
- include_symmetric_algorithms
Include symmetric algorithms allowed by the subject.
- no_security_extension
1.3.6.1.4.1.311.25.2), as specified in [MS-WCCE] sections 2.2.2.7.7.4 and 3.2.2.6.2.1.4.5.9, in the issued certificate. This addresses a Windows Kerberos elevation-of-privilege vulnerability.
- See:
- Type:
This flag instructs the CA to not include the security extension szOID_NTDS_CA_SECURITY_EXT (OID
- remove_invalid_certificate_from_personal_store
Delete expired or revoked certificates instead of archiving them.
- user_interaction_required
Require user interaction when the subject is enrolled and the private key associated with the certificate is used.
ExtensionsV2Property
- class CfnTemplatePropsMixin.ExtensionsV2Property(*, application_policies=None, key_usage=None)
Bases:
objectCertificate extensions for v2 template schema.
- Parameters:
application_policies (
Union[IResolvable,ApplicationPoliciesProperty,Dict[str,Any],None]) – Application policies specify what the certificate is used for and its purpose.key_usage (
Union[IResolvable,KeyUsageProperty,Dict[str,Any],None]) – The key usage extension defines the purpose (e.g., encipherment, signature, certificate signing) of the key contained in the certificate.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_pcaconnectorad import mixins as pcaconnectorad_mixins extensions_v2_property = pcaconnectorad_mixins.CfnTemplatePropsMixin.ExtensionsV2Property( application_policies=pcaconnectorad_mixins.CfnTemplatePropsMixin.ApplicationPoliciesProperty( critical=False, policies=[pcaconnectorad_mixins.CfnTemplatePropsMixin.ApplicationPolicyProperty( policy_object_identifier="policyObjectIdentifier", policy_type="policyType" )] ), key_usage=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsageProperty( critical=False, usage_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsageFlagsProperty( data_encipherment=False, digital_signature=False, key_agreement=False, key_encipherment=False, non_repudiation=False ) ) )
Attributes
- application_policies
Application policies specify what the certificate is used for and its purpose.
- key_usage
The key usage extension defines the purpose (e.g., encipherment, signature, certificate signing) of the key contained in the certificate.
ExtensionsV3Property
- class CfnTemplatePropsMixin.ExtensionsV3Property(*, application_policies=None, key_usage=None)
Bases:
objectCertificate extensions for v3 template schema.
- Parameters:
application_policies (
Union[IResolvable,ApplicationPoliciesProperty,Dict[str,Any],None]) – Application policies specify what the certificate is used for and its purpose.key_usage (
Union[IResolvable,KeyUsageProperty,Dict[str,Any],None]) – The key usage extension defines the purpose (e.g., encipherment, signature, certificate signing) of the key contained in the certificate.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_pcaconnectorad import mixins as pcaconnectorad_mixins extensions_v3_property = pcaconnectorad_mixins.CfnTemplatePropsMixin.ExtensionsV3Property( application_policies=pcaconnectorad_mixins.CfnTemplatePropsMixin.ApplicationPoliciesProperty( critical=False, policies=[pcaconnectorad_mixins.CfnTemplatePropsMixin.ApplicationPolicyProperty( policy_object_identifier="policyObjectIdentifier", policy_type="policyType" )] ), key_usage=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsageProperty( critical=False, usage_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsageFlagsProperty( data_encipherment=False, digital_signature=False, key_agreement=False, key_encipherment=False, non_repudiation=False ) ) )
Attributes
- application_policies
Application policies specify what the certificate is used for and its purpose.
- key_usage
The key usage extension defines the purpose (e.g., encipherment, signature, certificate signing) of the key contained in the certificate.
ExtensionsV4Property
- class CfnTemplatePropsMixin.ExtensionsV4Property(*, application_policies=None, key_usage=None)
Bases:
objectCertificate extensions for v4 template schema.
- Parameters:
application_policies (
Union[IResolvable,ApplicationPoliciesProperty,Dict[str,Any],None]) – Application policies specify what the certificate is used for and its purpose.key_usage (
Union[IResolvable,KeyUsageProperty,Dict[str,Any],None]) – The key usage extension defines the purpose (e.g., encipherment, signature) of the key contained in the certificate.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_pcaconnectorad import mixins as pcaconnectorad_mixins extensions_v4_property = pcaconnectorad_mixins.CfnTemplatePropsMixin.ExtensionsV4Property( application_policies=pcaconnectorad_mixins.CfnTemplatePropsMixin.ApplicationPoliciesProperty( critical=False, policies=[pcaconnectorad_mixins.CfnTemplatePropsMixin.ApplicationPolicyProperty( policy_object_identifier="policyObjectIdentifier", policy_type="policyType" )] ), key_usage=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsageProperty( critical=False, usage_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsageFlagsProperty( data_encipherment=False, digital_signature=False, key_agreement=False, key_encipherment=False, non_repudiation=False ) ) )
Attributes
- application_policies
Application policies specify what the certificate is used for and its purpose.
- key_usage
The key usage extension defines the purpose (e.g., encipherment, signature) of the key contained in the certificate.
GeneralFlagsV2Property
- class CfnTemplatePropsMixin.GeneralFlagsV2Property(*, auto_enrollment=None, machine_type=None)
Bases:
objectGeneral flags for v2 template schema that defines if the template is for a machine or a user and if the template can be issued using autoenrollment.
- Parameters:
auto_enrollment (
Union[bool,IResolvable,None]) – Allows certificate issuance using autoenrollment. Set to TRUE to allow autoenrollment.machine_type (
Union[bool,IResolvable,None]) – Defines if the template is for machines or users. Set to TRUE if the template is for machines. Set to FALSE if the template is for users.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_pcaconnectorad import mixins as pcaconnectorad_mixins general_flags_v2_property = pcaconnectorad_mixins.CfnTemplatePropsMixin.GeneralFlagsV2Property( auto_enrollment=False, machine_type=False )
Attributes
- auto_enrollment
Allows certificate issuance using autoenrollment.
Set to TRUE to allow autoenrollment.
- machine_type
Defines if the template is for machines or users.
Set to TRUE if the template is for machines. Set to FALSE if the template is for users.
GeneralFlagsV3Property
- class CfnTemplatePropsMixin.GeneralFlagsV3Property(*, auto_enrollment=None, machine_type=None)
Bases:
objectGeneral flags for v3 template schema that defines if the template is for a machine or a user and if the template can be issued using autoenrollment.
- Parameters:
auto_enrollment (
Union[bool,IResolvable,None]) – Allows certificate issuance using autoenrollment. Set to TRUE to allow autoenrollment.machine_type (
Union[bool,IResolvable,None]) – Defines if the template is for machines or users. Set to TRUE if the template is for machines. Set to FALSE if the template is for users
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_pcaconnectorad import mixins as pcaconnectorad_mixins general_flags_v3_property = pcaconnectorad_mixins.CfnTemplatePropsMixin.GeneralFlagsV3Property( auto_enrollment=False, machine_type=False )
Attributes
- auto_enrollment
Allows certificate issuance using autoenrollment.
Set to TRUE to allow autoenrollment.
- machine_type
Defines if the template is for machines or users.
Set to TRUE if the template is for machines. Set to FALSE if the template is for users
GeneralFlagsV4Property
- class CfnTemplatePropsMixin.GeneralFlagsV4Property(*, auto_enrollment=None, machine_type=None)
Bases:
objectGeneral flags for v4 template schema that defines if the template is for a machine or a user and if the template can be issued using autoenrollment.
- Parameters:
auto_enrollment (
Union[bool,IResolvable,None]) – Allows certificate issuance using autoenrollment. Set to TRUE to allow autoenrollment.machine_type (
Union[bool,IResolvable,None]) – Defines if the template is for machines or users. Set to TRUE if the template is for machines. Set to FALSE if the template is for users
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_pcaconnectorad import mixins as pcaconnectorad_mixins general_flags_v4_property = pcaconnectorad_mixins.CfnTemplatePropsMixin.GeneralFlagsV4Property( auto_enrollment=False, machine_type=False )
Attributes
- auto_enrollment
Allows certificate issuance using autoenrollment.
Set to TRUE to allow autoenrollment.
- machine_type
Defines if the template is for machines or users.
Set to TRUE if the template is for machines. Set to FALSE if the template is for users
KeyUsageFlagsProperty
- class CfnTemplatePropsMixin.KeyUsageFlagsProperty(*, data_encipherment=None, digital_signature=None, key_agreement=None, key_encipherment=None, non_repudiation=None)
Bases:
objectThe key usage flags represent the purpose (e.g., encipherment, signature) of the key contained in the certificate.
- Parameters:
data_encipherment (
Union[bool,IResolvable,None]) – DataEncipherment is asserted when the subject public key is used for directly enciphering raw user data without the use of an intermediate symmetric cipher.digital_signature (
Union[bool,IResolvable,None]) – The digitalSignature is asserted when the subject public key is used for verifying digital signatures.key_agreement (
Union[bool,IResolvable,None]) – KeyAgreement is asserted when the subject public key is used for key agreement.key_encipherment (
Union[bool,IResolvable,None]) – KeyEncipherment is asserted when the subject public key is used for enciphering private or secret keys, i.e., for key transport.non_repudiation (
Union[bool,IResolvable,None]) – NonRepudiation is asserted when the subject public key is used to verify digital signatures.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_pcaconnectorad import mixins as pcaconnectorad_mixins key_usage_flags_property = pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsageFlagsProperty( data_encipherment=False, digital_signature=False, key_agreement=False, key_encipherment=False, non_repudiation=False )
Attributes
- data_encipherment
DataEncipherment is asserted when the subject public key is used for directly enciphering raw user data without the use of an intermediate symmetric cipher.
- digital_signature
The digitalSignature is asserted when the subject public key is used for verifying digital signatures.
- key_agreement
KeyAgreement is asserted when the subject public key is used for key agreement.
- key_encipherment
KeyEncipherment is asserted when the subject public key is used for enciphering private or secret keys, i.e., for key transport.
- non_repudiation
NonRepudiation is asserted when the subject public key is used to verify digital signatures.
KeyUsageProperty
- class CfnTemplatePropsMixin.KeyUsageProperty(*, critical=None, usage_flags=None)
Bases:
objectThe key usage extension defines the purpose (e.g., encipherment, signature) of the key contained in the certificate.
- Parameters:
critical (
Union[bool,IResolvable,None]) – Sets the key usage extension to critical.usage_flags (
Union[IResolvable,KeyUsageFlagsProperty,Dict[str,Any],None]) – The key usage flags represent the purpose (e.g., encipherment, signature) of the key contained in the certificate.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_pcaconnectorad import mixins as pcaconnectorad_mixins key_usage_property = pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsageProperty( critical=False, usage_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsageFlagsProperty( data_encipherment=False, digital_signature=False, key_agreement=False, key_encipherment=False, non_repudiation=False ) )
Attributes
- critical
Sets the key usage extension to critical.
- usage_flags
The key usage flags represent the purpose (e.g., encipherment, signature) of the key contained in the certificate.
KeyUsagePropertyFlagsProperty
- class CfnTemplatePropsMixin.KeyUsagePropertyFlagsProperty(*, decrypt=None, key_agreement=None, sign=None)
Bases:
objectSpecifies key usage.
- Parameters:
decrypt (
Union[bool,IResolvable,None]) – Allows key for encryption and decryption.key_agreement (
Union[bool,IResolvable,None]) – Allows key exchange without encryption.sign (
Union[bool,IResolvable,None]) – Allow key use for digital signature.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_pcaconnectorad import mixins as pcaconnectorad_mixins key_usage_property_flags_property = pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsagePropertyFlagsProperty( decrypt=False, key_agreement=False, sign=False )
Attributes
- decrypt
Allows key for encryption and decryption.
- key_agreement
Allows key exchange without encryption.
- sign
Allow key use for digital signature.
KeyUsagePropertyProperty
- class CfnTemplatePropsMixin.KeyUsagePropertyProperty(*, property_flags=None, property_type=None)
Bases:
objectThe key usage property defines the purpose of the private key contained in the certificate.
You can specify specific purposes using property flags or all by using property type ALL.
- Parameters:
property_flags (
Union[IResolvable,KeyUsagePropertyFlagsProperty,Dict[str,Any],None]) – You can specify key usage for encryption, key agreement, and signature. You can use property flags or property type but not both.property_type (
Optional[str]) – You can specify all key usages using property type ALL. You can use property type or property flags but not both.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_pcaconnectorad import mixins as pcaconnectorad_mixins key_usage_property_property = pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsagePropertyProperty( property_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsagePropertyFlagsProperty( decrypt=False, key_agreement=False, sign=False ), property_type="propertyType" )
Attributes
- property_flags
You can specify key usage for encryption, key agreement, and signature.
You can use property flags or property type but not both.
- property_type
You can specify all key usages using property type ALL.
You can use property type or property flags but not both.
PrivateKeyAttributesV2Property
- class CfnTemplatePropsMixin.PrivateKeyAttributesV2Property(*, crypto_providers=None, key_spec=None, minimal_key_length=None)
Bases:
objectDefines the attributes of the private key.
- Parameters:
crypto_providers (
Optional[Sequence[str]]) – Defines the cryptographic providers used to generate the private key.key_spec (
Optional[str]) – Defines the purpose of the private key. Set it to “KEY_EXCHANGE” or “SIGNATURE” value.minimal_key_length (
Union[int,float,None]) – Set the minimum key length of the private key.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_pcaconnectorad import mixins as pcaconnectorad_mixins private_key_attributes_v2_property = pcaconnectorad_mixins.CfnTemplatePropsMixin.PrivateKeyAttributesV2Property( crypto_providers=["cryptoProviders"], key_spec="keySpec", minimal_key_length=123 )
Attributes
- crypto_providers
Defines the cryptographic providers used to generate the private key.
- key_spec
Defines the purpose of the private key.
Set it to “KEY_EXCHANGE” or “SIGNATURE” value.
- minimal_key_length
Set the minimum key length of the private key.
PrivateKeyAttributesV3Property
- class CfnTemplatePropsMixin.PrivateKeyAttributesV3Property(*, algorithm=None, crypto_providers=None, key_spec=None, key_usage_property=None, minimal_key_length=None)
Bases:
objectDefines the attributes of the private key.
- Parameters:
algorithm (
Optional[str]) – Defines the algorithm used to generate the private key.crypto_providers (
Optional[Sequence[str]]) – Defines the cryptographic providers used to generate the private key.key_spec (
Optional[str]) – Defines the purpose of the private key. Set it to “KEY_EXCHANGE” or “SIGNATURE” value.key_usage_property (
Union[IResolvable,KeyUsagePropertyProperty,Dict[str,Any],None]) – The key usage property defines the purpose of the private key contained in the certificate. You can specify specific purposes using property flags or all by using property type ALL.minimal_key_length (
Union[int,float,None]) – Set the minimum key length of the private key.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_pcaconnectorad import mixins as pcaconnectorad_mixins private_key_attributes_v3_property = pcaconnectorad_mixins.CfnTemplatePropsMixin.PrivateKeyAttributesV3Property( algorithm="algorithm", crypto_providers=["cryptoProviders"], key_spec="keySpec", key_usage_property=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsagePropertyProperty( property_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsagePropertyFlagsProperty( decrypt=False, key_agreement=False, sign=False ), property_type="propertyType" ), minimal_key_length=123 )
Attributes
- algorithm
Defines the algorithm used to generate the private key.
- crypto_providers
Defines the cryptographic providers used to generate the private key.
- key_spec
Defines the purpose of the private key.
Set it to “KEY_EXCHANGE” or “SIGNATURE” value.
- key_usage_property
The key usage property defines the purpose of the private key contained in the certificate.
You can specify specific purposes using property flags or all by using property type ALL.
- minimal_key_length
Set the minimum key length of the private key.
PrivateKeyAttributesV4Property
- class CfnTemplatePropsMixin.PrivateKeyAttributesV4Property(*, algorithm=None, crypto_providers=None, key_spec=None, key_usage_property=None, minimal_key_length=None)
Bases:
objectDefines the attributes of the private key.
- Parameters:
algorithm (
Optional[str]) – Defines the algorithm used to generate the private key.crypto_providers (
Optional[Sequence[str]]) – Defines the cryptographic providers used to generate the private key.key_spec (
Optional[str]) – Defines the purpose of the private key. Set it to “KEY_EXCHANGE” or “SIGNATURE” value.key_usage_property (
Union[IResolvable,KeyUsagePropertyProperty,Dict[str,Any],None]) – The key usage property defines the purpose of the private key contained in the certificate. You can specify specific purposes using property flags or all by using property type ALL.minimal_key_length (
Union[int,float,None]) – Set the minimum key length of the private key.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_pcaconnectorad import mixins as pcaconnectorad_mixins private_key_attributes_v4_property = pcaconnectorad_mixins.CfnTemplatePropsMixin.PrivateKeyAttributesV4Property( algorithm="algorithm", crypto_providers=["cryptoProviders"], key_spec="keySpec", key_usage_property=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsagePropertyProperty( property_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsagePropertyFlagsProperty( decrypt=False, key_agreement=False, sign=False ), property_type="propertyType" ), minimal_key_length=123 )
Attributes
- algorithm
Defines the algorithm used to generate the private key.
- crypto_providers
Defines the cryptographic providers used to generate the private key.
- key_spec
Defines the purpose of the private key.
Set it to “KEY_EXCHANGE” or “SIGNATURE” value.
- key_usage_property
The key usage property defines the purpose of the private key contained in the certificate.
You can specify specific purposes using property flags or all by using property type ALL.
- minimal_key_length
Set the minimum key length of the private key.
PrivateKeyFlagsV2Property
- class CfnTemplatePropsMixin.PrivateKeyFlagsV2Property(*, client_version=None, exportable_key=None, strong_key_protection_required=None)
Bases:
objectPrivate key flags for v2 templates specify the client compatibility, if the private key can be exported, and if user input is required when using a private key.
- Parameters:
client_version (
Optional[str]) – Defines the minimum client compatibility.exportable_key (
Union[bool,IResolvable,None]) – Allows the private key to be exported.strong_key_protection_required (
Union[bool,IResolvable,None]) – Require user input when using the private key for enrollment.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_pcaconnectorad import mixins as pcaconnectorad_mixins private_key_flags_v2_property = pcaconnectorad_mixins.CfnTemplatePropsMixin.PrivateKeyFlagsV2Property( client_version="clientVersion", exportable_key=False, strong_key_protection_required=False )
Attributes
- client_version
Defines the minimum client compatibility.
- exportable_key
Allows the private key to be exported.
- strong_key_protection_required
Require user input when using the private key for enrollment.
PrivateKeyFlagsV3Property
- class CfnTemplatePropsMixin.PrivateKeyFlagsV3Property(*, client_version=None, exportable_key=None, require_alternate_signature_algorithm=None, strong_key_protection_required=None)
Bases:
objectPrivate key flags for v3 templates specify the client compatibility, if the private key can be exported, if user input is required when using a private key, and if an alternate signature algorithm should be used.
- Parameters:
client_version (
Optional[str]) – Defines the minimum client compatibility.exportable_key (
Union[bool,IResolvable,None]) – Allows the private key to be exported.require_alternate_signature_algorithm (
Union[bool,IResolvable,None]) – Reguires the PKCS #1 v2.1 signature format for certificates. You should verify that your CA, objects, and applications can accept this signature format.strong_key_protection_required (
Union[bool,IResolvable,None]) – Requirer user input when using the private key for enrollment.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_pcaconnectorad import mixins as pcaconnectorad_mixins private_key_flags_v3_property = pcaconnectorad_mixins.CfnTemplatePropsMixin.PrivateKeyFlagsV3Property( client_version="clientVersion", exportable_key=False, require_alternate_signature_algorithm=False, strong_key_protection_required=False )
Attributes
- client_version
Defines the minimum client compatibility.
- exportable_key
Allows the private key to be exported.
- require_alternate_signature_algorithm
Reguires the PKCS #1 v2.1 signature format for certificates. You should verify that your CA, objects, and applications can accept this signature format.
- strong_key_protection_required
Requirer user input when using the private key for enrollment.
PrivateKeyFlagsV4Property
- class CfnTemplatePropsMixin.PrivateKeyFlagsV4Property(*, client_version=None, exportable_key=None, require_alternate_signature_algorithm=None, require_same_key_renewal=None, strong_key_protection_required=None, use_legacy_provider=None)
Bases:
objectPrivate key flags for v4 templates specify the client compatibility, if the private key can be exported, if user input is required when using a private key, if an alternate signature algorithm should be used, and if certificates are renewed using the same private key.
- Parameters:
client_version (
Optional[str]) – Defines the minimum client compatibility.exportable_key (
Union[bool,IResolvable,None]) – Allows the private key to be exported.require_alternate_signature_algorithm (
Union[bool,IResolvable,None]) – Requires the PKCS #1 v2.1 signature format for certificates. You should verify that your CA, objects, and applications can accept this signature format.require_same_key_renewal (
Union[bool,IResolvable,None]) – Renew certificate using the same private key.strong_key_protection_required (
Union[bool,IResolvable,None]) – Require user input when using the private key for enrollment.use_legacy_provider (
Union[bool,IResolvable,None]) – Specifies the cryptographic service provider category used to generate private keys. Set to TRUE to use Legacy Cryptographic Service Providers and FALSE to use Key Storage Providers.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_pcaconnectorad import mixins as pcaconnectorad_mixins private_key_flags_v4_property = pcaconnectorad_mixins.CfnTemplatePropsMixin.PrivateKeyFlagsV4Property( client_version="clientVersion", exportable_key=False, require_alternate_signature_algorithm=False, require_same_key_renewal=False, strong_key_protection_required=False, use_legacy_provider=False )
Attributes
- client_version
Defines the minimum client compatibility.
- exportable_key
Allows the private key to be exported.
- require_alternate_signature_algorithm
Requires the PKCS #1 v2.1 signature format for certificates. You should verify that your CA, objects, and applications can accept this signature format.
- require_same_key_renewal
Renew certificate using the same private key.
- strong_key_protection_required
Require user input when using the private key for enrollment.
- use_legacy_provider
Specifies the cryptographic service provider category used to generate private keys.
Set to TRUE to use Legacy Cryptographic Service Providers and FALSE to use Key Storage Providers.
SubjectNameFlagsV2Property
- class CfnTemplatePropsMixin.SubjectNameFlagsV2Property(*, require_common_name=None, require_directory_path=None, require_dns_as_cn=None, require_email=None, san_require_directory_guid=None, san_require_dns=None, san_require_domain_dns=None, san_require_email=None, san_require_spn=None, san_require_upn=None)
Bases:
objectInformation to include in the subject name and alternate subject name of the certificate.
The subject name can be common name, directory path, DNS as common name, or left blank. You can optionally include email to the subject name for user templates. If you leave the subject name blank then you must set a subject alternate name. The subject alternate name (SAN) can include globally unique identifier (GUID), DNS, domain DNS, email, service principal name (SPN), and user principal name (UPN). You can leave the SAN blank. If you leave the SAN blank, then you must set a subject name.
- Parameters:
require_common_name (
Union[bool,IResolvable,None]) – Include the common name in the subject name.require_directory_path (
Union[bool,IResolvable,None]) – Include the directory path in the subject name.require_dns_as_cn (
Union[bool,IResolvable,None]) – Include the DNS as common name in the subject name.require_email (
Union[bool,IResolvable,None]) – Include the subject’s email in the subject name.san_require_directory_guid (
Union[bool,IResolvable,None]) – Include the globally unique identifier (GUID) in the subject alternate name.san_require_dns (
Union[bool,IResolvable,None]) – Include the DNS in the subject alternate name.san_require_domain_dns (
Union[bool,IResolvable,None]) – Include the domain DNS in the subject alternate name.san_require_email (
Union[bool,IResolvable,None]) – Include the subject’s email in the subject alternate name.san_require_spn (
Union[bool,IResolvable,None]) – Include the service principal name (SPN) in the subject alternate name.san_require_upn (
Union[bool,IResolvable,None]) – Include the user principal name (UPN) in the subject alternate name.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_pcaconnectorad import mixins as pcaconnectorad_mixins subject_name_flags_v2_property = pcaconnectorad_mixins.CfnTemplatePropsMixin.SubjectNameFlagsV2Property( require_common_name=False, require_directory_path=False, require_dns_as_cn=False, require_email=False, san_require_directory_guid=False, san_require_dns=False, san_require_domain_dns=False, san_require_email=False, san_require_spn=False, san_require_upn=False )
Attributes
- require_common_name
Include the common name in the subject name.
- require_directory_path
Include the directory path in the subject name.
- require_dns_as_cn
Include the DNS as common name in the subject name.
- require_email
Include the subject’s email in the subject name.
- san_require_directory_guid
Include the globally unique identifier (GUID) in the subject alternate name.
- san_require_dns
Include the DNS in the subject alternate name.
- san_require_domain_dns
Include the domain DNS in the subject alternate name.
- san_require_email
Include the subject’s email in the subject alternate name.
- san_require_spn
Include the service principal name (SPN) in the subject alternate name.
- san_require_upn
Include the user principal name (UPN) in the subject alternate name.
SubjectNameFlagsV3Property
- class CfnTemplatePropsMixin.SubjectNameFlagsV3Property(*, require_common_name=None, require_directory_path=None, require_dns_as_cn=None, require_email=None, san_require_directory_guid=None, san_require_dns=None, san_require_domain_dns=None, san_require_email=None, san_require_spn=None, san_require_upn=None)
Bases:
objectInformation to include in the subject name and alternate subject name of the certificate.
The subject name can be common name, directory path, DNS as common name, or left blank. You can optionally include email to the subject name for user templates. If you leave the subject name blank then you must set a subject alternate name. The subject alternate name (SAN) can include globally unique identifier (GUID), DNS, domain DNS, email, service principal name (SPN), and user principal name (UPN). You can leave the SAN blank. If you leave the SAN blank, then you must set a subject name.
- Parameters:
require_common_name (
Union[bool,IResolvable,None]) – Include the common name in the subject name.require_directory_path (
Union[bool,IResolvable,None]) – Include the directory path in the subject name.require_dns_as_cn (
Union[bool,IResolvable,None]) – Include the DNS as common name in the subject name.require_email (
Union[bool,IResolvable,None]) – Include the subject’s email in the subject name.san_require_directory_guid (
Union[bool,IResolvable,None]) – Include the globally unique identifier (GUID) in the subject alternate name.san_require_dns (
Union[bool,IResolvable,None]) – Include the DNS in the subject alternate name.san_require_domain_dns (
Union[bool,IResolvable,None]) – Include the domain DNS in the subject alternate name.san_require_email (
Union[bool,IResolvable,None]) – Include the subject’s email in the subject alternate name.san_require_spn (
Union[bool,IResolvable,None]) – Include the service principal name (SPN) in the subject alternate name.san_require_upn (
Union[bool,IResolvable,None]) – Include the user principal name (UPN) in the subject alternate name.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_pcaconnectorad import mixins as pcaconnectorad_mixins subject_name_flags_v3_property = pcaconnectorad_mixins.CfnTemplatePropsMixin.SubjectNameFlagsV3Property( require_common_name=False, require_directory_path=False, require_dns_as_cn=False, require_email=False, san_require_directory_guid=False, san_require_dns=False, san_require_domain_dns=False, san_require_email=False, san_require_spn=False, san_require_upn=False )
Attributes
- require_common_name
Include the common name in the subject name.
- require_directory_path
Include the directory path in the subject name.
- require_dns_as_cn
Include the DNS as common name in the subject name.
- require_email
Include the subject’s email in the subject name.
- san_require_directory_guid
Include the globally unique identifier (GUID) in the subject alternate name.
- san_require_dns
Include the DNS in the subject alternate name.
- san_require_domain_dns
Include the domain DNS in the subject alternate name.
- san_require_email
Include the subject’s email in the subject alternate name.
- san_require_spn
Include the service principal name (SPN) in the subject alternate name.
- san_require_upn
Include the user principal name (UPN) in the subject alternate name.
SubjectNameFlagsV4Property
- class CfnTemplatePropsMixin.SubjectNameFlagsV4Property(*, require_common_name=None, require_directory_path=None, require_dns_as_cn=None, require_email=None, san_require_directory_guid=None, san_require_dns=None, san_require_domain_dns=None, san_require_email=None, san_require_spn=None, san_require_upn=None)
Bases:
objectInformation to include in the subject name and alternate subject name of the certificate.
The subject name can be common name, directory path, DNS as common name, or left blank. You can optionally include email to the subject name for user templates. If you leave the subject name blank then you must set a subject alternate name. The subject alternate name (SAN) can include globally unique identifier (GUID), DNS, domain DNS, email, service principal name (SPN), and user principal name (UPN). You can leave the SAN blank. If you leave the SAN blank, then you must set a subject name.
- Parameters:
require_common_name (
Union[bool,IResolvable,None]) – Include the common name in the subject name.require_directory_path (
Union[bool,IResolvable,None]) – Include the directory path in the subject name.require_dns_as_cn (
Union[bool,IResolvable,None]) – Include the DNS as common name in the subject name.require_email (
Union[bool,IResolvable,None]) – Include the subject’s email in the subject name.san_require_directory_guid (
Union[bool,IResolvable,None]) – Include the globally unique identifier (GUID) in the subject alternate name.san_require_dns (
Union[bool,IResolvable,None]) – Include the DNS in the subject alternate name.san_require_domain_dns (
Union[bool,IResolvable,None]) – Include the domain DNS in the subject alternate name.san_require_email (
Union[bool,IResolvable,None]) – Include the subject’s email in the subject alternate name.san_require_spn (
Union[bool,IResolvable,None]) – Include the service principal name (SPN) in the subject alternate name.san_require_upn (
Union[bool,IResolvable,None]) – Include the user principal name (UPN) in the subject alternate name.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_pcaconnectorad import mixins as pcaconnectorad_mixins subject_name_flags_v4_property = pcaconnectorad_mixins.CfnTemplatePropsMixin.SubjectNameFlagsV4Property( require_common_name=False, require_directory_path=False, require_dns_as_cn=False, require_email=False, san_require_directory_guid=False, san_require_dns=False, san_require_domain_dns=False, san_require_email=False, san_require_spn=False, san_require_upn=False )
Attributes
- require_common_name
Include the common name in the subject name.
- require_directory_path
Include the directory path in the subject name.
- require_dns_as_cn
Include the DNS as common name in the subject name.
- require_email
Include the subject’s email in the subject name.
- san_require_directory_guid
Include the globally unique identifier (GUID) in the subject alternate name.
- san_require_dns
Include the DNS in the subject alternate name.
- san_require_domain_dns
Include the domain DNS in the subject alternate name.
- san_require_email
Include the subject’s email in the subject alternate name.
- san_require_spn
Include the service principal name (SPN) in the subject alternate name.
- san_require_upn
Include the user principal name (UPN) in the subject alternate name.
TemplateDefinitionProperty
- class CfnTemplatePropsMixin.TemplateDefinitionProperty(*, template_v2=None, template_v3=None, template_v4=None)
Bases:
objectTemplate configuration to define the information included in certificates.
Define certificate validity and renewal periods, certificate request handling and enrollment options, key usage extensions, application policies, and cryptography settings.
- Parameters:
template_v2 (
Union[IResolvable,TemplateV2Property,Dict[str,Any],None]) – Template configuration to define the information included in certificates. Define certificate validity and renewal periods, certificate request handling and enrollment options, key usage extensions, application policies, and cryptography settings.template_v3 (
Union[IResolvable,TemplateV3Property,Dict[str,Any],None]) – Template configuration to define the information included in certificates. Define certificate validity and renewal periods, certificate request handling and enrollment options, key usage extensions, application policies, and cryptography settings.template_v4 (
Union[IResolvable,TemplateV4Property,Dict[str,Any],None]) – Template configuration to define the information included in certificates. Define certificate validity and renewal periods, certificate request handling and enrollment options, key usage extensions, application policies, and cryptography settings.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_pcaconnectorad import mixins as pcaconnectorad_mixins template_definition_property = pcaconnectorad_mixins.CfnTemplatePropsMixin.TemplateDefinitionProperty( template_v2=pcaconnectorad_mixins.CfnTemplatePropsMixin.TemplateV2Property( certificate_validity=pcaconnectorad_mixins.CfnTemplatePropsMixin.CertificateValidityProperty( renewal_period=pcaconnectorad_mixins.CfnTemplatePropsMixin.ValidityPeriodProperty( period=123, period_type="periodType" ), validity_period=pcaconnectorad_mixins.CfnTemplatePropsMixin.ValidityPeriodProperty( period=123, period_type="periodType" ) ), enrollment_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.EnrollmentFlagsV2Property( enable_key_reuse_on_nt_token_keyset_storage_full=False, include_symmetric_algorithms=False, no_security_extension=False, remove_invalid_certificate_from_personal_store=False, user_interaction_required=False ), extensions=pcaconnectorad_mixins.CfnTemplatePropsMixin.ExtensionsV2Property( application_policies=pcaconnectorad_mixins.CfnTemplatePropsMixin.ApplicationPoliciesProperty( critical=False, policies=[pcaconnectorad_mixins.CfnTemplatePropsMixin.ApplicationPolicyProperty( policy_object_identifier="policyObjectIdentifier", policy_type="policyType" )] ), key_usage=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsageProperty( critical=False, usage_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsageFlagsProperty( data_encipherment=False, digital_signature=False, key_agreement=False, key_encipherment=False, non_repudiation=False ) ) ), general_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.GeneralFlagsV2Property( auto_enrollment=False, machine_type=False ), private_key_attributes=pcaconnectorad_mixins.CfnTemplatePropsMixin.PrivateKeyAttributesV2Property( crypto_providers=["cryptoProviders"], key_spec="keySpec", minimal_key_length=123 ), private_key_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.PrivateKeyFlagsV2Property( client_version="clientVersion", exportable_key=False, strong_key_protection_required=False ), subject_name_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.SubjectNameFlagsV2Property( require_common_name=False, require_directory_path=False, require_dns_as_cn=False, require_email=False, san_require_directory_guid=False, san_require_dns=False, san_require_domain_dns=False, san_require_email=False, san_require_spn=False, san_require_upn=False ), superseded_templates=["supersededTemplates"] ), template_v3=pcaconnectorad_mixins.CfnTemplatePropsMixin.TemplateV3Property( certificate_validity=pcaconnectorad_mixins.CfnTemplatePropsMixin.CertificateValidityProperty( renewal_period=pcaconnectorad_mixins.CfnTemplatePropsMixin.ValidityPeriodProperty( period=123, period_type="periodType" ), validity_period=pcaconnectorad_mixins.CfnTemplatePropsMixin.ValidityPeriodProperty( period=123, period_type="periodType" ) ), enrollment_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.EnrollmentFlagsV3Property( enable_key_reuse_on_nt_token_keyset_storage_full=False, include_symmetric_algorithms=False, no_security_extension=False, remove_invalid_certificate_from_personal_store=False, user_interaction_required=False ), extensions=pcaconnectorad_mixins.CfnTemplatePropsMixin.ExtensionsV3Property( application_policies=pcaconnectorad_mixins.CfnTemplatePropsMixin.ApplicationPoliciesProperty( critical=False, policies=[pcaconnectorad_mixins.CfnTemplatePropsMixin.ApplicationPolicyProperty( policy_object_identifier="policyObjectIdentifier", policy_type="policyType" )] ), key_usage=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsageProperty( critical=False, usage_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsageFlagsProperty( data_encipherment=False, digital_signature=False, key_agreement=False, key_encipherment=False, non_repudiation=False ) ) ), general_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.GeneralFlagsV3Property( auto_enrollment=False, machine_type=False ), hash_algorithm="hashAlgorithm", private_key_attributes=pcaconnectorad_mixins.CfnTemplatePropsMixin.PrivateKeyAttributesV3Property( algorithm="algorithm", crypto_providers=["cryptoProviders"], key_spec="keySpec", key_usage_property=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsagePropertyProperty( property_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsagePropertyFlagsProperty( decrypt=False, key_agreement=False, sign=False ), property_type="propertyType" ), minimal_key_length=123 ), private_key_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.PrivateKeyFlagsV3Property( client_version="clientVersion", exportable_key=False, require_alternate_signature_algorithm=False, strong_key_protection_required=False ), subject_name_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.SubjectNameFlagsV3Property( require_common_name=False, require_directory_path=False, require_dns_as_cn=False, require_email=False, san_require_directory_guid=False, san_require_dns=False, san_require_domain_dns=False, san_require_email=False, san_require_spn=False, san_require_upn=False ), superseded_templates=["supersededTemplates"] ), template_v4=pcaconnectorad_mixins.CfnTemplatePropsMixin.TemplateV4Property( certificate_validity=pcaconnectorad_mixins.CfnTemplatePropsMixin.CertificateValidityProperty( renewal_period=pcaconnectorad_mixins.CfnTemplatePropsMixin.ValidityPeriodProperty( period=123, period_type="periodType" ), validity_period=pcaconnectorad_mixins.CfnTemplatePropsMixin.ValidityPeriodProperty( period=123, period_type="periodType" ) ), enrollment_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.EnrollmentFlagsV4Property( enable_key_reuse_on_nt_token_keyset_storage_full=False, include_symmetric_algorithms=False, no_security_extension=False, remove_invalid_certificate_from_personal_store=False, user_interaction_required=False ), extensions=pcaconnectorad_mixins.CfnTemplatePropsMixin.ExtensionsV4Property( application_policies=pcaconnectorad_mixins.CfnTemplatePropsMixin.ApplicationPoliciesProperty( critical=False, policies=[pcaconnectorad_mixins.CfnTemplatePropsMixin.ApplicationPolicyProperty( policy_object_identifier="policyObjectIdentifier", policy_type="policyType" )] ), key_usage=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsageProperty( critical=False, usage_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsageFlagsProperty( data_encipherment=False, digital_signature=False, key_agreement=False, key_encipherment=False, non_repudiation=False ) ) ), general_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.GeneralFlagsV4Property( auto_enrollment=False, machine_type=False ), hash_algorithm="hashAlgorithm", private_key_attributes=pcaconnectorad_mixins.CfnTemplatePropsMixin.PrivateKeyAttributesV4Property( algorithm="algorithm", crypto_providers=["cryptoProviders"], key_spec="keySpec", key_usage_property=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsagePropertyProperty( property_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsagePropertyFlagsProperty( decrypt=False, key_agreement=False, sign=False ), property_type="propertyType" ), minimal_key_length=123 ), private_key_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.PrivateKeyFlagsV4Property( client_version="clientVersion", exportable_key=False, require_alternate_signature_algorithm=False, require_same_key_renewal=False, strong_key_protection_required=False, use_legacy_provider=False ), subject_name_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.SubjectNameFlagsV4Property( require_common_name=False, require_directory_path=False, require_dns_as_cn=False, require_email=False, san_require_directory_guid=False, san_require_dns=False, san_require_domain_dns=False, san_require_email=False, san_require_spn=False, san_require_upn=False ), superseded_templates=["supersededTemplates"] ) )
Attributes
- template_v2
Template configuration to define the information included in certificates.
Define certificate validity and renewal periods, certificate request handling and enrollment options, key usage extensions, application policies, and cryptography settings.
- template_v3
Template configuration to define the information included in certificates.
Define certificate validity and renewal periods, certificate request handling and enrollment options, key usage extensions, application policies, and cryptography settings.
- template_v4
Template configuration to define the information included in certificates.
Define certificate validity and renewal periods, certificate request handling and enrollment options, key usage extensions, application policies, and cryptography settings.
TemplateV2Property
- class CfnTemplatePropsMixin.TemplateV2Property(*, certificate_validity=None, enrollment_flags=None, extensions=None, general_flags=None, private_key_attributes=None, private_key_flags=None, subject_name_flags=None, superseded_templates=None)
Bases:
objectv2 template schema that uses Legacy Cryptographic Providers.
- Parameters:
certificate_validity (
Union[IResolvable,CertificateValidityProperty,Dict[str,Any],None]) – Certificate validity describes the validity and renewal periods of a certificate.enrollment_flags (
Union[IResolvable,EnrollmentFlagsV2Property,Dict[str,Any],None]) – Enrollment flags describe the enrollment settings for certificates such as using the existing private key and deleting expired or revoked certificates.extensions (
Union[IResolvable,ExtensionsV2Property,Dict[str,Any],None]) – Extensions describe the key usage extensions and application policies for a template.general_flags (
Union[IResolvable,GeneralFlagsV2Property,Dict[str,Any],None]) – General flags describe whether the template is used for computers or users and if the template can be used with autoenrollment.private_key_attributes (
Union[IResolvable,PrivateKeyAttributesV2Property,Dict[str,Any],None]) – Private key attributes allow you to specify the minimal key length, key spec, and cryptographic providers for the private key of a certificate for v2 templates. V2 templates allow you to use Legacy Cryptographic Service Providers.private_key_flags (
Union[IResolvable,PrivateKeyFlagsV2Property,Dict[str,Any],None]) – Private key flags for v2 templates specify the client compatibility, if the private key can be exported, and if user input is required when using a private key.subject_name_flags (
Union[IResolvable,SubjectNameFlagsV2Property,Dict[str,Any],None]) – Subject name flags describe the subject name and subject alternate name that is included in a certificate.superseded_templates (
Optional[Sequence[str]]) – List of templates in Active Directory that are superseded by this template.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_pcaconnectorad import mixins as pcaconnectorad_mixins template_v2_property = pcaconnectorad_mixins.CfnTemplatePropsMixin.TemplateV2Property( certificate_validity=pcaconnectorad_mixins.CfnTemplatePropsMixin.CertificateValidityProperty( renewal_period=pcaconnectorad_mixins.CfnTemplatePropsMixin.ValidityPeriodProperty( period=123, period_type="periodType" ), validity_period=pcaconnectorad_mixins.CfnTemplatePropsMixin.ValidityPeriodProperty( period=123, period_type="periodType" ) ), enrollment_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.EnrollmentFlagsV2Property( enable_key_reuse_on_nt_token_keyset_storage_full=False, include_symmetric_algorithms=False, no_security_extension=False, remove_invalid_certificate_from_personal_store=False, user_interaction_required=False ), extensions=pcaconnectorad_mixins.CfnTemplatePropsMixin.ExtensionsV2Property( application_policies=pcaconnectorad_mixins.CfnTemplatePropsMixin.ApplicationPoliciesProperty( critical=False, policies=[pcaconnectorad_mixins.CfnTemplatePropsMixin.ApplicationPolicyProperty( policy_object_identifier="policyObjectIdentifier", policy_type="policyType" )] ), key_usage=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsageProperty( critical=False, usage_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsageFlagsProperty( data_encipherment=False, digital_signature=False, key_agreement=False, key_encipherment=False, non_repudiation=False ) ) ), general_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.GeneralFlagsV2Property( auto_enrollment=False, machine_type=False ), private_key_attributes=pcaconnectorad_mixins.CfnTemplatePropsMixin.PrivateKeyAttributesV2Property( crypto_providers=["cryptoProviders"], key_spec="keySpec", minimal_key_length=123 ), private_key_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.PrivateKeyFlagsV2Property( client_version="clientVersion", exportable_key=False, strong_key_protection_required=False ), subject_name_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.SubjectNameFlagsV2Property( require_common_name=False, require_directory_path=False, require_dns_as_cn=False, require_email=False, san_require_directory_guid=False, san_require_dns=False, san_require_domain_dns=False, san_require_email=False, san_require_spn=False, san_require_upn=False ), superseded_templates=["supersededTemplates"] )
Attributes
- certificate_validity
Certificate validity describes the validity and renewal periods of a certificate.
- enrollment_flags
Enrollment flags describe the enrollment settings for certificates such as using the existing private key and deleting expired or revoked certificates.
- extensions
Extensions describe the key usage extensions and application policies for a template.
- general_flags
General flags describe whether the template is used for computers or users and if the template can be used with autoenrollment.
- private_key_attributes
Private key attributes allow you to specify the minimal key length, key spec, and cryptographic providers for the private key of a certificate for v2 templates.
V2 templates allow you to use Legacy Cryptographic Service Providers.
- private_key_flags
Private key flags for v2 templates specify the client compatibility, if the private key can be exported, and if user input is required when using a private key.
- subject_name_flags
Subject name flags describe the subject name and subject alternate name that is included in a certificate.
- superseded_templates
List of templates in Active Directory that are superseded by this template.
TemplateV3Property
- class CfnTemplatePropsMixin.TemplateV3Property(*, certificate_validity=None, enrollment_flags=None, extensions=None, general_flags=None, hash_algorithm=None, private_key_attributes=None, private_key_flags=None, subject_name_flags=None, superseded_templates=None)
Bases:
objectv3 template schema that uses Key Storage Providers.
- Parameters:
certificate_validity (
Union[IResolvable,CertificateValidityProperty,Dict[str,Any],None]) – Certificate validity describes the validity and renewal periods of a certificate.enrollment_flags (
Union[IResolvable,EnrollmentFlagsV3Property,Dict[str,Any],None]) – Enrollment flags describe the enrollment settings for certificates such as using the existing private key and deleting expired or revoked certificates.extensions (
Union[IResolvable,ExtensionsV3Property,Dict[str,Any],None]) – Extensions describe the key usage extensions and application policies for a template.general_flags (
Union[IResolvable,GeneralFlagsV3Property,Dict[str,Any],None]) – General flags describe whether the template is used for computers or users and if the template can be used with autoenrollment.hash_algorithm (
Optional[str]) – Specifies the hash algorithm used to hash the private key.private_key_attributes (
Union[IResolvable,PrivateKeyAttributesV3Property,Dict[str,Any],None]) – Private key attributes allow you to specify the algorithm, minimal key length, key spec, key usage, and cryptographic providers for the private key of a certificate for v3 templates. V3 templates allow you to use Key Storage Providers.private_key_flags (
Union[IResolvable,PrivateKeyFlagsV3Property,Dict[str,Any],None]) – Private key flags for v3 templates specify the client compatibility, if the private key can be exported, if user input is required when using a private key, and if an alternate signature algorithm should be used.subject_name_flags (
Union[IResolvable,SubjectNameFlagsV3Property,Dict[str,Any],None]) – Subject name flags describe the subject name and subject alternate name that is included in a certificate.superseded_templates (
Optional[Sequence[str]]) – List of templates in Active Directory that are superseded by this template.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_pcaconnectorad import mixins as pcaconnectorad_mixins template_v3_property = pcaconnectorad_mixins.CfnTemplatePropsMixin.TemplateV3Property( certificate_validity=pcaconnectorad_mixins.CfnTemplatePropsMixin.CertificateValidityProperty( renewal_period=pcaconnectorad_mixins.CfnTemplatePropsMixin.ValidityPeriodProperty( period=123, period_type="periodType" ), validity_period=pcaconnectorad_mixins.CfnTemplatePropsMixin.ValidityPeriodProperty( period=123, period_type="periodType" ) ), enrollment_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.EnrollmentFlagsV3Property( enable_key_reuse_on_nt_token_keyset_storage_full=False, include_symmetric_algorithms=False, no_security_extension=False, remove_invalid_certificate_from_personal_store=False, user_interaction_required=False ), extensions=pcaconnectorad_mixins.CfnTemplatePropsMixin.ExtensionsV3Property( application_policies=pcaconnectorad_mixins.CfnTemplatePropsMixin.ApplicationPoliciesProperty( critical=False, policies=[pcaconnectorad_mixins.CfnTemplatePropsMixin.ApplicationPolicyProperty( policy_object_identifier="policyObjectIdentifier", policy_type="policyType" )] ), key_usage=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsageProperty( critical=False, usage_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsageFlagsProperty( data_encipherment=False, digital_signature=False, key_agreement=False, key_encipherment=False, non_repudiation=False ) ) ), general_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.GeneralFlagsV3Property( auto_enrollment=False, machine_type=False ), hash_algorithm="hashAlgorithm", private_key_attributes=pcaconnectorad_mixins.CfnTemplatePropsMixin.PrivateKeyAttributesV3Property( algorithm="algorithm", crypto_providers=["cryptoProviders"], key_spec="keySpec", key_usage_property=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsagePropertyProperty( property_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsagePropertyFlagsProperty( decrypt=False, key_agreement=False, sign=False ), property_type="propertyType" ), minimal_key_length=123 ), private_key_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.PrivateKeyFlagsV3Property( client_version="clientVersion", exportable_key=False, require_alternate_signature_algorithm=False, strong_key_protection_required=False ), subject_name_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.SubjectNameFlagsV3Property( require_common_name=False, require_directory_path=False, require_dns_as_cn=False, require_email=False, san_require_directory_guid=False, san_require_dns=False, san_require_domain_dns=False, san_require_email=False, san_require_spn=False, san_require_upn=False ), superseded_templates=["supersededTemplates"] )
Attributes
- certificate_validity
Certificate validity describes the validity and renewal periods of a certificate.
- enrollment_flags
Enrollment flags describe the enrollment settings for certificates such as using the existing private key and deleting expired or revoked certificates.
- extensions
Extensions describe the key usage extensions and application policies for a template.
- general_flags
General flags describe whether the template is used for computers or users and if the template can be used with autoenrollment.
- hash_algorithm
Specifies the hash algorithm used to hash the private key.
- private_key_attributes
Private key attributes allow you to specify the algorithm, minimal key length, key spec, key usage, and cryptographic providers for the private key of a certificate for v3 templates.
V3 templates allow you to use Key Storage Providers.
- private_key_flags
Private key flags for v3 templates specify the client compatibility, if the private key can be exported, if user input is required when using a private key, and if an alternate signature algorithm should be used.
- subject_name_flags
Subject name flags describe the subject name and subject alternate name that is included in a certificate.
- superseded_templates
List of templates in Active Directory that are superseded by this template.
TemplateV4Property
- class CfnTemplatePropsMixin.TemplateV4Property(*, certificate_validity=None, enrollment_flags=None, extensions=None, general_flags=None, hash_algorithm=None, private_key_attributes=None, private_key_flags=None, subject_name_flags=None, superseded_templates=None)
Bases:
objectv4 template schema that can use either Legacy Cryptographic Providers or Key Storage Providers.
- Parameters:
certificate_validity (
Union[IResolvable,CertificateValidityProperty,Dict[str,Any],None]) – Certificate validity describes the validity and renewal periods of a certificate.enrollment_flags (
Union[IResolvable,EnrollmentFlagsV4Property,Dict[str,Any],None]) – Enrollment flags describe the enrollment settings for certificates using the existing private key and deleting expired or revoked certificates.extensions (
Union[IResolvable,ExtensionsV4Property,Dict[str,Any],None]) – Extensions describe the key usage extensions and application policies for a template.general_flags (
Union[IResolvable,GeneralFlagsV4Property,Dict[str,Any],None]) – General flags describe whether the template is used for computers or users and if the template can be used with autoenrollment.hash_algorithm (
Optional[str]) – Specifies the hash algorithm used to hash the private key. Hash algorithm can only be specified when using Key Storage Providers.private_key_attributes (
Union[IResolvable,PrivateKeyAttributesV4Property,Dict[str,Any],None]) – Private key attributes allow you to specify the minimal key length, key spec, key usage, and cryptographic providers for the private key of a certificate for v4 templates. V4 templates allow you to use either Key Storage Providers or Legacy Cryptographic Service Providers. You specify the cryptography provider category in private key flags.private_key_flags (
Union[IResolvable,PrivateKeyFlagsV4Property,Dict[str,Any],None]) – Private key flags for v4 templates specify the client compatibility, if the private key can be exported, if user input is required when using a private key, if an alternate signature algorithm should be used, and if certificates are renewed using the same private key.subject_name_flags (
Union[IResolvable,SubjectNameFlagsV4Property,Dict[str,Any],None]) – Subject name flags describe the subject name and subject alternate name that is included in a certificate.superseded_templates (
Optional[Sequence[str]]) – List of templates in Active Directory that are superseded by this template.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_pcaconnectorad import mixins as pcaconnectorad_mixins template_v4_property = pcaconnectorad_mixins.CfnTemplatePropsMixin.TemplateV4Property( certificate_validity=pcaconnectorad_mixins.CfnTemplatePropsMixin.CertificateValidityProperty( renewal_period=pcaconnectorad_mixins.CfnTemplatePropsMixin.ValidityPeriodProperty( period=123, period_type="periodType" ), validity_period=pcaconnectorad_mixins.CfnTemplatePropsMixin.ValidityPeriodProperty( period=123, period_type="periodType" ) ), enrollment_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.EnrollmentFlagsV4Property( enable_key_reuse_on_nt_token_keyset_storage_full=False, include_symmetric_algorithms=False, no_security_extension=False, remove_invalid_certificate_from_personal_store=False, user_interaction_required=False ), extensions=pcaconnectorad_mixins.CfnTemplatePropsMixin.ExtensionsV4Property( application_policies=pcaconnectorad_mixins.CfnTemplatePropsMixin.ApplicationPoliciesProperty( critical=False, policies=[pcaconnectorad_mixins.CfnTemplatePropsMixin.ApplicationPolicyProperty( policy_object_identifier="policyObjectIdentifier", policy_type="policyType" )] ), key_usage=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsageProperty( critical=False, usage_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsageFlagsProperty( data_encipherment=False, digital_signature=False, key_agreement=False, key_encipherment=False, non_repudiation=False ) ) ), general_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.GeneralFlagsV4Property( auto_enrollment=False, machine_type=False ), hash_algorithm="hashAlgorithm", private_key_attributes=pcaconnectorad_mixins.CfnTemplatePropsMixin.PrivateKeyAttributesV4Property( algorithm="algorithm", crypto_providers=["cryptoProviders"], key_spec="keySpec", key_usage_property=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsagePropertyProperty( property_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.KeyUsagePropertyFlagsProperty( decrypt=False, key_agreement=False, sign=False ), property_type="propertyType" ), minimal_key_length=123 ), private_key_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.PrivateKeyFlagsV4Property( client_version="clientVersion", exportable_key=False, require_alternate_signature_algorithm=False, require_same_key_renewal=False, strong_key_protection_required=False, use_legacy_provider=False ), subject_name_flags=pcaconnectorad_mixins.CfnTemplatePropsMixin.SubjectNameFlagsV4Property( require_common_name=False, require_directory_path=False, require_dns_as_cn=False, require_email=False, san_require_directory_guid=False, san_require_dns=False, san_require_domain_dns=False, san_require_email=False, san_require_spn=False, san_require_upn=False ), superseded_templates=["supersededTemplates"] )
Attributes
- certificate_validity
Certificate validity describes the validity and renewal periods of a certificate.
- enrollment_flags
Enrollment flags describe the enrollment settings for certificates using the existing private key and deleting expired or revoked certificates.
- extensions
Extensions describe the key usage extensions and application policies for a template.
- general_flags
General flags describe whether the template is used for computers or users and if the template can be used with autoenrollment.
- hash_algorithm
Specifies the hash algorithm used to hash the private key.
Hash algorithm can only be specified when using Key Storage Providers.
- private_key_attributes
Private key attributes allow you to specify the minimal key length, key spec, key usage, and cryptographic providers for the private key of a certificate for v4 templates.
V4 templates allow you to use either Key Storage Providers or Legacy Cryptographic Service Providers. You specify the cryptography provider category in private key flags.
- private_key_flags
Private key flags for v4 templates specify the client compatibility, if the private key can be exported, if user input is required when using a private key, if an alternate signature algorithm should be used, and if certificates are renewed using the same private key.
- subject_name_flags
Subject name flags describe the subject name and subject alternate name that is included in a certificate.
- superseded_templates
List of templates in Active Directory that are superseded by this template.
ValidityPeriodProperty
- class CfnTemplatePropsMixin.ValidityPeriodProperty(*, period=None, period_type=None)
Bases:
objectInformation describing the end of the validity period of the certificate.
This parameter sets the “Not After” date for the certificate. Certificate validity is the period of time during which a certificate is valid. Validity can be expressed as an explicit date and time when the certificate expires, or as a span of time after issuance, stated in hours, days, months, or years. For more information, see Validity in RFC 5280. This value is unaffected when ValidityNotBefore is also specified. For example, if Validity is set to 20 days in the future, the certificate will expire 20 days from issuance time regardless of the ValidityNotBefore value.
- Parameters:
period (
Union[int,float,None]) – The numeric value for the validity period.period_type (
Optional[str]) – The unit of time. You can select hours, days, weeks, months, and years.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_pcaconnectorad import mixins as pcaconnectorad_mixins validity_period_property = pcaconnectorad_mixins.CfnTemplatePropsMixin.ValidityPeriodProperty( period=123, period_type="periodType" )
Attributes
- period
The numeric value for the validity period.
- period_type
The unit of time.
You can select hours, days, weeks, months, and years.