Class: AWSCDK::IoT::CfnDomainConfiguration::ServerCertificateConfigProperty

Inherits:
Jsii::Struct
  • Object
show all
Defined in:
io_t/cfn_domain_configuration.rb

Overview

The server certificate configuration.

For more information, see Configurable endpoints from the AWS IoT Core Developer Guide.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(enable_ocsp_check: nil, ocsp_authorized_responder_arn: nil, ocsp_lambda_arn: nil) ⇒ ServerCertificateConfigProperty

Returns a new instance of ServerCertificateConfigProperty.

Parameters:

  • enable_ocsp_check (Boolean, AWSCDK::IResolvable, nil) (defaults to: nil)

    A Boolean value that indicates whether Online Certificate Status Protocol (OCSP) server certificate check is enabled or not.

  • ocsp_authorized_responder_arn (String, nil) (defaults to: nil)

    The Amazon Resource Name (ARN) for an X.509 certificate stored in ACM. If provided, AWS IoT Core will use this certificate to validate the signature of the received OCSP response. The OCSP responder must sign responses using either this authorized responder certificate or the issuing certificate, depending on whether the ARN is provided or not. The certificate must be in the same account and region as the domain configuration.

  • ocsp_lambda_arn (String, nil) (defaults to: nil)

    The Amazon Resource Name (ARN) for a Lambda function that acts as a Request for Comments (RFC) 6960-compliant Online Certificate Status Protocol (OCSP) responder, supporting basic OCSP responses.



801
802
803
804
805
806
807
808
# File 'io_t/cfn_domain_configuration.rb', line 801

def initialize(enable_ocsp_check: nil, ocsp_authorized_responder_arn: nil, ocsp_lambda_arn: nil)
  @enable_ocsp_check = enable_ocsp_check
  Jsii::Type.check_type(@enable_ocsp_check, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "enableOcspCheck") unless @enable_ocsp_check.nil?
  @ocsp_authorized_responder_arn = ocsp_authorized_responder_arn
  Jsii::Type.check_type(@ocsp_authorized_responder_arn, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "ocspAuthorizedResponderArn") unless @ocsp_authorized_responder_arn.nil?
  @ocsp_lambda_arn = ocsp_lambda_arn
  Jsii::Type.check_type(@ocsp_lambda_arn, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "ocspLambdaArn") unless @ocsp_lambda_arn.nil?
end

Instance Attribute Details

#enable_ocsp_checkBoolean, ... (readonly)

A Boolean value that indicates whether Online Certificate Status Protocol (OCSP) server certificate check is enabled or not.

For more information, see Configurable endpoints from the AWS IoT Core Developer Guide.



816
817
818
# File 'io_t/cfn_domain_configuration.rb', line 816

def enable_ocsp_check
  @enable_ocsp_check
end

#ocsp_authorized_responder_arnString? (readonly)

The Amazon Resource Name (ARN) for an X.509 certificate stored in ACM. If provided, AWS IoT Core will use this certificate to validate the signature of the received OCSP response. The OCSP responder must sign responses using either this authorized responder certificate or the issuing certificate, depending on whether the ARN is provided or not. The certificate must be in the same account and region as the domain configuration.



821
822
823
# File 'io_t/cfn_domain_configuration.rb', line 821

def ocsp_authorized_responder_arn
  @ocsp_authorized_responder_arn
end

#ocsp_lambda_arnString? (readonly)

The Amazon Resource Name (ARN) for a Lambda function that acts as a Request for Comments (RFC) 6960-compliant Online Certificate Status Protocol (OCSP) responder, supporting basic OCSP responses.

The Lambda function accepts a base64-encoding of the OCSP request in the Distinguished Encoding Rules (DER) format. The Lambda function's response is also a base64-encoded OCSP response in the DER format. The response size must not exceed 4 kilobytes (KiB). The Lambda function must be in the same account and region as the domain configuration.



828
829
830
# File 'io_t/cfn_domain_configuration.rb', line 828

def ocsp_lambda_arn
  @ocsp_lambda_arn
end

Class Method Details

.jsii_propertiesObject



830
831
832
833
834
835
836
# File 'io_t/cfn_domain_configuration.rb', line 830

def self.jsii_properties
  {
    :enable_ocsp_check => "enableOcspCheck",
    :ocsp_authorized_responder_arn => "ocspAuthorizedResponderArn",
    :ocsp_lambda_arn => "ocspLambdaArn",
  }
end

Instance Method Details

#to_jsiiObject



838
839
840
841
842
843
844
845
846
# File 'io_t/cfn_domain_configuration.rb', line 838

def to_jsii
  result = {}
  result.merge!({
    "enableOcspCheck" => @enable_ocsp_check,
    "ocspAuthorizedResponderArn" => @ocsp_authorized_responder_arn,
    "ocspLambdaArn" => @ocsp_lambda_arn,
  })
  result.compact
end