Class CertificateExtensionConstraints (1.11.0)

CertificateExtensionConstraints(
    mapping=None, *, ignore_unknown_fields=False, **kwargs
)

Describes a set of X.509 extensions that may be part of some certificate issuance controls.

Attributes

NameDescription
known_extensions MutableSequence[google.cloud.security.privateca_v1.types.CertificateExtensionConstraints.KnownCertificateExtension]
Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.
additional_extensions MutableSequence[google.cloud.security.privateca_v1.types.ObjectId]
Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.

Classes

KnownCertificateExtension

KnownCertificateExtension(value)

Describes well-known X.509 extensions that can appear in a Certificate, not including the SubjectAltNames extension.

Values: KNOWN_CERTIFICATE_EXTENSION_UNSPECIFIED (0): Not specified. BASE_KEY_USAGE (1): Refers to a certificate's Key Usage extension, as described in RFC 5280 section 4.2.1.3 <https://tools.ietf.org/html/rfc5280#section-4.2.1.3>. This corresponds to the KeyUsage.base_key_usage field. EXTENDED_KEY_USAGE (2): Refers to a certificate's Extended Key Usage extension, as described in RFC 5280 section 4.2.1.12 <https://tools.ietf.org/html/rfc5280#section-4.2.1.12>. This corresponds to the KeyUsage.extended_key_usage message. CA_OPTIONS (3): Refers to a certificate's Basic Constraints extension, as described in RFC 5280 section 4.2.1.9 <https://tools.ietf.org/html/rfc5280#section-4.2.1.9>. This corresponds to the X509Parameters.ca_options field. POLICY_IDS (4): Refers to a certificate's Policy object identifiers, as described in RFC 5280 section 4.2.1.4 <https://tools.ietf.org/html/rfc5280#section-4.2.1.4>. This corresponds to the X509Parameters.policy_ids field. AIA_OCSP_SERVERS (5): Refers to OCSP servers in a certificate's Authority Information Access extension, as described in RFC 5280 section 4.2.2.1 <https://tools.ietf.org/html/rfc5280#section-4.2.2.1>, This corresponds to the X509Parameters.aia_ocsp_servers field. NAME_CONSTRAINTS (6): Refers to Name Constraints extension as described in RFC 5280 section 4.2.1.10 <https://tools.ietf.org/html/rfc5280#section-4.2.1.10>