Class: AWSCDK::PCAConnectorAD::CfnTemplate::EnrollmentFlagsV3Property
- Inherits:
-
Jsii::Struct
- Object
- Jsii::Struct
- AWSCDK::PCAConnectorAD::CfnTemplate::EnrollmentFlagsV3Property
- Defined in:
- pca_connector_ad/cfn_template.rb
Overview
Template configurations for v3 template schema.
Instance Attribute Summary collapse
-
#enable_key_reuse_on_nt_token_keyset_storage_full ⇒ Boolean, ...
readonly
Allow renewal using the same key.
-
#include_symmetric_algorithms ⇒ Boolean, ...
readonly
Include symmetric algorithms allowed by the subject.
-
#no_security_extension ⇒ Boolean, ...
readonly
This flag instructs the CA to not include the security extension szOID_NTDS_CA_SECURITY_EXT (OID:1.3.6.1.4.1.311.25.2), as specified in [MS-WCCE] sections 2.2.2.7.7.4 and 3.2.2.6.2.1.4.5.9, in the issued certificate.
-
#remove_invalid_certificate_from_personal_store ⇒ Boolean, ...
readonly
Delete expired or revoked certificates instead of archiving them.
-
#user_interaction_required ⇒ Boolean, ...
readonly
Require user interaction when the subject is enrolled and the private key associated with the certificate is used.
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(enable_key_reuse_on_nt_token_keyset_storage_full: nil, include_symmetric_algorithms: nil, no_security_extension: nil, remove_invalid_certificate_from_personal_store: nil, user_interaction_required: nil) ⇒ EnrollmentFlagsV3Property
constructor
A new instance of EnrollmentFlagsV3Property.
- #to_jsii ⇒ Object
Constructor Details
#initialize(enable_key_reuse_on_nt_token_keyset_storage_full: nil, include_symmetric_algorithms: nil, no_security_extension: nil, remove_invalid_certificate_from_personal_store: nil, user_interaction_required: nil) ⇒ EnrollmentFlagsV3Property
Returns a new instance of EnrollmentFlagsV3Property.
781 782 783 784 785 786 787 788 789 790 791 792 |
# File 'pca_connector_ad/cfn_template.rb', line 781 def initialize(enable_key_reuse_on_nt_token_keyset_storage_full: nil, include_symmetric_algorithms: nil, no_security_extension: nil, remove_invalid_certificate_from_personal_store: nil, user_interaction_required: nil) @enable_key_reuse_on_nt_token_keyset_storage_full = enable_key_reuse_on_nt_token_keyset_storage_full Jsii::Type.check_type(@enable_key_reuse_on_nt_token_keyset_storage_full, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "enableKeyReuseOnNtTokenKeysetStorageFull") unless @enable_key_reuse_on_nt_token_keyset_storage_full.nil? @include_symmetric_algorithms = include_symmetric_algorithms Jsii::Type.check_type(@include_symmetric_algorithms, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "includeSymmetricAlgorithms") unless @include_symmetric_algorithms.nil? @no_security_extension = no_security_extension Jsii::Type.check_type(@no_security_extension, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "noSecurityExtension") unless @no_security_extension.nil? @remove_invalid_certificate_from_personal_store = remove_invalid_certificate_from_personal_store Jsii::Type.check_type(@remove_invalid_certificate_from_personal_store, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "removeInvalidCertificateFromPersonalStore") unless @remove_invalid_certificate_from_personal_store.nil? @user_interaction_required = user_interaction_required Jsii::Type.check_type(@user_interaction_required, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "userInteractionRequired") unless @user_interaction_required.nil? end |
Instance Attribute Details
#enable_key_reuse_on_nt_token_keyset_storage_full ⇒ Boolean, ... (readonly)
Allow renewal using the same key.
798 799 800 |
# File 'pca_connector_ad/cfn_template.rb', line 798 def enable_key_reuse_on_nt_token_keyset_storage_full @enable_key_reuse_on_nt_token_keyset_storage_full end |
#include_symmetric_algorithms ⇒ Boolean, ... (readonly)
Include symmetric algorithms allowed by the subject.
803 804 805 |
# File 'pca_connector_ad/cfn_template.rb', line 803 def include_symmetric_algorithms @include_symmetric_algorithms end |
#no_security_extension ⇒ Boolean, ... (readonly)
This flag instructs the CA to not include the security extension szOID_NTDS_CA_SECURITY_EXT (OID:1.3.6.1.4.1.311.25.2), as specified in [MS-WCCE] sections 2.2.2.7.7.4 and 3.2.2.6.2.1.4.5.9, in the issued certificate. This addresses a Windows Kerberos elevation-of-privilege vulnerability.
808 809 810 |
# File 'pca_connector_ad/cfn_template.rb', line 808 def no_security_extension @no_security_extension end |
#remove_invalid_certificate_from_personal_store ⇒ Boolean, ... (readonly)
Delete expired or revoked certificates instead of archiving them.
813 814 815 |
# File 'pca_connector_ad/cfn_template.rb', line 813 def remove_invalid_certificate_from_personal_store @remove_invalid_certificate_from_personal_store end |
#user_interaction_required ⇒ Boolean, ... (readonly)
Require user interaction when the subject is enrolled and the private key associated with the certificate is used.
818 819 820 |
# File 'pca_connector_ad/cfn_template.rb', line 818 def user_interaction_required @user_interaction_required end |
Class Method Details
.jsii_properties ⇒ Object
820 821 822 823 824 825 826 827 828 |
# File 'pca_connector_ad/cfn_template.rb', line 820 def self.jsii_properties { :enable_key_reuse_on_nt_token_keyset_storage_full => "enableKeyReuseOnNtTokenKeysetStorageFull", :include_symmetric_algorithms => "includeSymmetricAlgorithms", :no_security_extension => "noSecurityExtension", :remove_invalid_certificate_from_personal_store => "removeInvalidCertificateFromPersonalStore", :user_interaction_required => "userInteractionRequired", } end |
Instance Method Details
#to_jsii ⇒ Object
830 831 832 833 834 835 836 837 838 839 840 |
# File 'pca_connector_ad/cfn_template.rb', line 830 def to_jsii result = {} result.merge!({ "enableKeyReuseOnNtTokenKeysetStorageFull" => @enable_key_reuse_on_nt_token_keyset_storage_full, "includeSymmetricAlgorithms" => @include_symmetric_algorithms, "noSecurityExtension" => @no_security_extension, "removeInvalidCertificateFromPersonalStore" => @remove_invalid_certificate_from_personal_store, "userInteractionRequired" => @user_interaction_required, }) result.compact end |