Class: AWSCDK::PCAConnectorAD::CfnTemplate::EnrollmentFlagsV2Property
- Inherits:
-
Jsii::Struct
- Object
- Jsii::Struct
- AWSCDK::PCAConnectorAD::CfnTemplate::EnrollmentFlagsV2Property
- Defined in:
- pca_connector_ad/cfn_template.rb
Overview
Template configurations for v2 template schema.
Instance Attribute Summary collapse
-
#enable_key_reuse_on_nt_token_keyset_storage_full ⇒ Boolean, ...
readonly
Allow renewal using the same key.
-
#include_symmetric_algorithms ⇒ Boolean, ...
readonly
Include symmetric algorithms allowed by the subject.
-
#no_security_extension ⇒ Boolean, ...
readonly
This flag instructs the CA to not include the security extension szOID_NTDS_CA_SECURITY_EXT (OID:1.3.6.1.4.1.311.25.2), as specified in [MS-WCCE] sections 2.2.2.7.7.4 and 3.2.2.6.2.1.4.5.9, in the issued certificate.
-
#remove_invalid_certificate_from_personal_store ⇒ Boolean, ...
readonly
Delete expired or revoked certificates instead of archiving them.
-
#user_interaction_required ⇒ Boolean, ...
readonly
Require user interaction when the subject is enrolled and the private key associated with the certificate is used.
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(enable_key_reuse_on_nt_token_keyset_storage_full: nil, include_symmetric_algorithms: nil, no_security_extension: nil, remove_invalid_certificate_from_personal_store: nil, user_interaction_required: nil) ⇒ EnrollmentFlagsV2Property
constructor
A new instance of EnrollmentFlagsV2Property.
- #to_jsii ⇒ Object
Constructor Details
#initialize(enable_key_reuse_on_nt_token_keyset_storage_full: nil, include_symmetric_algorithms: nil, no_security_extension: nil, remove_invalid_certificate_from_personal_store: nil, user_interaction_required: nil) ⇒ EnrollmentFlagsV2Property
Returns a new instance of EnrollmentFlagsV2Property.
708 709 710 711 712 713 714 715 716 717 718 719 |
# File 'pca_connector_ad/cfn_template.rb', line 708 def initialize(enable_key_reuse_on_nt_token_keyset_storage_full: nil, include_symmetric_algorithms: nil, no_security_extension: nil, remove_invalid_certificate_from_personal_store: nil, user_interaction_required: nil) @enable_key_reuse_on_nt_token_keyset_storage_full = enable_key_reuse_on_nt_token_keyset_storage_full Jsii::Type.check_type(@enable_key_reuse_on_nt_token_keyset_storage_full, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "enableKeyReuseOnNtTokenKeysetStorageFull") unless @enable_key_reuse_on_nt_token_keyset_storage_full.nil? @include_symmetric_algorithms = include_symmetric_algorithms Jsii::Type.check_type(@include_symmetric_algorithms, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "includeSymmetricAlgorithms") unless @include_symmetric_algorithms.nil? @no_security_extension = no_security_extension Jsii::Type.check_type(@no_security_extension, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "noSecurityExtension") unless @no_security_extension.nil? @remove_invalid_certificate_from_personal_store = remove_invalid_certificate_from_personal_store Jsii::Type.check_type(@remove_invalid_certificate_from_personal_store, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "removeInvalidCertificateFromPersonalStore") unless @remove_invalid_certificate_from_personal_store.nil? @user_interaction_required = user_interaction_required Jsii::Type.check_type(@user_interaction_required, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "userInteractionRequired") unless @user_interaction_required.nil? end |
Instance Attribute Details
#enable_key_reuse_on_nt_token_keyset_storage_full ⇒ Boolean, ... (readonly)
Allow renewal using the same key.
725 726 727 |
# File 'pca_connector_ad/cfn_template.rb', line 725 def enable_key_reuse_on_nt_token_keyset_storage_full @enable_key_reuse_on_nt_token_keyset_storage_full end |
#include_symmetric_algorithms ⇒ Boolean, ... (readonly)
Include symmetric algorithms allowed by the subject.
730 731 732 |
# File 'pca_connector_ad/cfn_template.rb', line 730 def include_symmetric_algorithms @include_symmetric_algorithms end |
#no_security_extension ⇒ Boolean, ... (readonly)
This flag instructs the CA to not include the security extension szOID_NTDS_CA_SECURITY_EXT (OID:1.3.6.1.4.1.311.25.2), as specified in [MS-WCCE] sections 2.2.2.7.7.4 and 3.2.2.6.2.1.4.5.9, in the issued certificate. This addresses a Windows Kerberos elevation-of-privilege vulnerability.
735 736 737 |
# File 'pca_connector_ad/cfn_template.rb', line 735 def no_security_extension @no_security_extension end |
#remove_invalid_certificate_from_personal_store ⇒ Boolean, ... (readonly)
Delete expired or revoked certificates instead of archiving them.
740 741 742 |
# File 'pca_connector_ad/cfn_template.rb', line 740 def remove_invalid_certificate_from_personal_store @remove_invalid_certificate_from_personal_store end |
#user_interaction_required ⇒ Boolean, ... (readonly)
Require user interaction when the subject is enrolled and the private key associated with the certificate is used.
745 746 747 |
# File 'pca_connector_ad/cfn_template.rb', line 745 def user_interaction_required @user_interaction_required end |
Class Method Details
.jsii_properties ⇒ Object
747 748 749 750 751 752 753 754 755 |
# File 'pca_connector_ad/cfn_template.rb', line 747 def self.jsii_properties { :enable_key_reuse_on_nt_token_keyset_storage_full => "enableKeyReuseOnNtTokenKeysetStorageFull", :include_symmetric_algorithms => "includeSymmetricAlgorithms", :no_security_extension => "noSecurityExtension", :remove_invalid_certificate_from_personal_store => "removeInvalidCertificateFromPersonalStore", :user_interaction_required => "userInteractionRequired", } end |
Instance Method Details
#to_jsii ⇒ Object
757 758 759 760 761 762 763 764 765 766 767 |
# File 'pca_connector_ad/cfn_template.rb', line 757 def to_jsii result = {} result.merge!({ "enableKeyReuseOnNtTokenKeysetStorageFull" => @enable_key_reuse_on_nt_token_keyset_storage_full, "includeSymmetricAlgorithms" => @include_symmetric_algorithms, "noSecurityExtension" => @no_security_extension, "removeInvalidCertificateFromPersonalStore" => @remove_invalid_certificate_from_personal_store, "userInteractionRequired" => @user_interaction_required, }) result.compact end |