Package com.google.cloud.security.privateca.v1

Class CaPool.IssuancePolicy

  • All Implemented Interfaces:
    CaPool.IssuancePolicyOrBuilder, com.google.protobuf.Message, com.google.protobuf.MessageLite, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, Serializable
    Enclosing class:
    CaPool
    public static final class CaPool.IssuancePolicy
extends com.google.protobuf.GeneratedMessageV3
implements CaPool.IssuancePolicyOrBuilder
     Defines controls over all certificate issuance within a
 [CaPool][google.cloud.security.privateca.v1.CaPool].
    Protobuf type google.cloud.security.privateca.v1.CaPool.IssuancePolicy
    See Also:
    Serialized Form

    • Field Detail

      • ALLOWED_KEY_TYPES_FIELD_NUMBER

        public static final int ALLOWED_KEY_TYPES_FIELD_NUMBER
        See Also:
        Constant Field Values

      • MAXIMUM_LIFETIME_FIELD_NUMBER

        public static final int MAXIMUM_LIFETIME_FIELD_NUMBER
        See Also:
        Constant Field Values

      • ALLOWED_ISSUANCE_MODES_FIELD_NUMBER

        public static final int ALLOWED_ISSUANCE_MODES_FIELD_NUMBER
        See Also:
        Constant Field Values

      • BASELINE_VALUES_FIELD_NUMBER

        public static final int BASELINE_VALUES_FIELD_NUMBER
        See Also:
        Constant Field Values

      • IDENTITY_CONSTRAINTS_FIELD_NUMBER

        public static final int IDENTITY_CONSTRAINTS_FIELD_NUMBER
        See Also:
        Constant Field Values

      • PASSTHROUGH_EXTENSIONS_FIELD_NUMBER

        public static final int PASSTHROUGH_EXTENSIONS_FIELD_NUMBER
        See Also:
        Constant Field Values

    • Method Detail

      • newInstance

        protected Object newInstance​(com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter unused)
        Overrides:
        newInstance in class com.google.protobuf.GeneratedMessageV3

      • getDescriptor

        public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

      • internalGetFieldAccessorTable

        protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
        Specified by:
        internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3

      • getAllowedKeyTypesList

        public List<CaPool.IssuancePolicy.AllowedKeyType> getAllowedKeyTypesList()
         Optional. If any
 [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType]
 is specified, then the certificate request's public key must match one of
 the key types listed here. Otherwise, any key may be used.
        repeated .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType allowed_key_types = 1 [(.google.api.field_behavior) = OPTIONAL];
        Specified by:
        getAllowedKeyTypesList in interface CaPool.IssuancePolicyOrBuilder

      • getAllowedKeyTypesOrBuilderList

        public List<? extends CaPool.IssuancePolicy.AllowedKeyTypeOrBuilder> getAllowedKeyTypesOrBuilderList()
         Optional. If any
 [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType]
 is specified, then the certificate request's public key must match one of
 the key types listed here. Otherwise, any key may be used.
        repeated .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType allowed_key_types = 1 [(.google.api.field_behavior) = OPTIONAL];
        Specified by:
        getAllowedKeyTypesOrBuilderList in interface CaPool.IssuancePolicyOrBuilder

      • getAllowedKeyTypesCount

        public int getAllowedKeyTypesCount()
         Optional. If any
 [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType]
 is specified, then the certificate request's public key must match one of
 the key types listed here. Otherwise, any key may be used.
        repeated .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType allowed_key_types = 1 [(.google.api.field_behavior) = OPTIONAL];
        Specified by:
        getAllowedKeyTypesCount in interface CaPool.IssuancePolicyOrBuilder

      • getAllowedKeyTypes

        public CaPool.IssuancePolicy.AllowedKeyType getAllowedKeyTypes​(int index)
         Optional. If any
 [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType]
 is specified, then the certificate request's public key must match one of
 the key types listed here. Otherwise, any key may be used.
        repeated .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType allowed_key_types = 1 [(.google.api.field_behavior) = OPTIONAL];
        Specified by:
        getAllowedKeyTypes in interface CaPool.IssuancePolicyOrBuilder

      • getAllowedKeyTypesOrBuilder

        public CaPool.IssuancePolicy.AllowedKeyTypeOrBuilder getAllowedKeyTypesOrBuilder​(int index)
         Optional. If any
 [AllowedKeyType][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType]
 is specified, then the certificate request's public key must match one of
 the key types listed here. Otherwise, any key may be used.
        repeated .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.AllowedKeyType allowed_key_types = 1 [(.google.api.field_behavior) = OPTIONAL];
        Specified by:
        getAllowedKeyTypesOrBuilder in interface CaPool.IssuancePolicyOrBuilder

      • hasMaximumLifetime

        public boolean hasMaximumLifetime()
         Optional. The maximum lifetime allowed for issued
 [Certificates][google.cloud.security.privateca.v1.Certificate]. Note that
 if the issuing
 [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
 expires before a
 [Certificate][google.cloud.security.privateca.v1.Certificate]'s requested
 maximum_lifetime, the effective lifetime will be explicitly truncated to
 match it.
        .google.protobuf.Duration maximum_lifetime = 2 [(.google.api.field_behavior) = OPTIONAL];
        Specified by:
        hasMaximumLifetime in interface CaPool.IssuancePolicyOrBuilder
        Returns:
        Whether the maximumLifetime field is set.

      • getMaximumLifetime

        public com.google.protobuf.Duration getMaximumLifetime()
         Optional. The maximum lifetime allowed for issued
 [Certificates][google.cloud.security.privateca.v1.Certificate]. Note that
 if the issuing
 [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
 expires before a
 [Certificate][google.cloud.security.privateca.v1.Certificate]'s requested
 maximum_lifetime, the effective lifetime will be explicitly truncated to
 match it.
        .google.protobuf.Duration maximum_lifetime = 2 [(.google.api.field_behavior) = OPTIONAL];
        Specified by:
        getMaximumLifetime in interface CaPool.IssuancePolicyOrBuilder
        Returns:
        The maximumLifetime.

      • getMaximumLifetimeOrBuilder

        public com.google.protobuf.DurationOrBuilder getMaximumLifetimeOrBuilder()
         Optional. The maximum lifetime allowed for issued
 [Certificates][google.cloud.security.privateca.v1.Certificate]. Note that
 if the issuing
 [CertificateAuthority][google.cloud.security.privateca.v1.CertificateAuthority]
 expires before a
 [Certificate][google.cloud.security.privateca.v1.Certificate]'s requested
 maximum_lifetime, the effective lifetime will be explicitly truncated to
 match it.
        .google.protobuf.Duration maximum_lifetime = 2 [(.google.api.field_behavior) = OPTIONAL];
        Specified by:
        getMaximumLifetimeOrBuilder in interface CaPool.IssuancePolicyOrBuilder

      • hasAllowedIssuanceModes

        public boolean hasAllowedIssuanceModes()
         Optional. If specified, then only methods allowed in the
 [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes]
 may be used to issue
 [Certificates][google.cloud.security.privateca.v1.Certificate].
        .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes allowed_issuance_modes = 3 [(.google.api.field_behavior) = OPTIONAL];
        Specified by:
        hasAllowedIssuanceModes in interface CaPool.IssuancePolicyOrBuilder
        Returns:
        Whether the allowedIssuanceModes field is set.

      • getAllowedIssuanceModes

        public CaPool.IssuancePolicy.IssuanceModes getAllowedIssuanceModes()
         Optional. If specified, then only methods allowed in the
 [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes]
 may be used to issue
 [Certificates][google.cloud.security.privateca.v1.Certificate].
        .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes allowed_issuance_modes = 3 [(.google.api.field_behavior) = OPTIONAL];
        Specified by:
        getAllowedIssuanceModes in interface CaPool.IssuancePolicyOrBuilder
        Returns:
        The allowedIssuanceModes.

      • getAllowedIssuanceModesOrBuilder

        public CaPool.IssuancePolicy.IssuanceModesOrBuilder getAllowedIssuanceModesOrBuilder()
         Optional. If specified, then only methods allowed in the
 [IssuanceModes][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes]
 may be used to issue
 [Certificates][google.cloud.security.privateca.v1.Certificate].
        .google.cloud.security.privateca.v1.CaPool.IssuancePolicy.IssuanceModes allowed_issuance_modes = 3 [(.google.api.field_behavior) = OPTIONAL];
        Specified by:
        getAllowedIssuanceModesOrBuilder in interface CaPool.IssuancePolicyOrBuilder

      • hasBaselineValues

        public boolean hasBaselineValues()
         Optional. A set of X.509 values that will be applied to all certificates
 issued through this [CaPool][google.cloud.security.privateca.v1.CaPool].
 If a certificate request includes conflicting values for the same
 properties, they will be overwritten by the values defined here. If a
 certificate request uses a
 [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
 that defines conflicting
 [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values]
 for the same properties, the certificate issuance request will fail.
        .google.cloud.security.privateca.v1.X509Parameters baseline_values = 4 [(.google.api.field_behavior) = OPTIONAL];
        Specified by:
        hasBaselineValues in interface CaPool.IssuancePolicyOrBuilder
        Returns:
        Whether the baselineValues field is set.

      • getBaselineValues

        public X509Parameters getBaselineValues()
         Optional. A set of X.509 values that will be applied to all certificates
 issued through this [CaPool][google.cloud.security.privateca.v1.CaPool].
 If a certificate request includes conflicting values for the same
 properties, they will be overwritten by the values defined here. If a
 certificate request uses a
 [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
 that defines conflicting
 [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values]
 for the same properties, the certificate issuance request will fail.
        .google.cloud.security.privateca.v1.X509Parameters baseline_values = 4 [(.google.api.field_behavior) = OPTIONAL];
        Specified by:
        getBaselineValues in interface CaPool.IssuancePolicyOrBuilder
        Returns:
        The baselineValues.

      • getBaselineValuesOrBuilder

        public X509ParametersOrBuilder getBaselineValuesOrBuilder()
         Optional. A set of X.509 values that will be applied to all certificates
 issued through this [CaPool][google.cloud.security.privateca.v1.CaPool].
 If a certificate request includes conflicting values for the same
 properties, they will be overwritten by the values defined here. If a
 certificate request uses a
 [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
 that defines conflicting
 [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values]
 for the same properties, the certificate issuance request will fail.
        .google.cloud.security.privateca.v1.X509Parameters baseline_values = 4 [(.google.api.field_behavior) = OPTIONAL];
        Specified by:
        getBaselineValuesOrBuilder in interface CaPool.IssuancePolicyOrBuilder

      • hasIdentityConstraints

        public boolean hasIdentityConstraints()
         Optional. Describes constraints on identities that may appear in
 [Certificates][google.cloud.security.privateca.v1.Certificate] issued
 through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If this
 is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool]
 will not add restrictions on a certificate's identity.
        .google.cloud.security.privateca.v1.CertificateIdentityConstraints identity_constraints = 5 [(.google.api.field_behavior) = OPTIONAL];
        Specified by:
        hasIdentityConstraints in interface CaPool.IssuancePolicyOrBuilder
        Returns:
        Whether the identityConstraints field is set.

      • getIdentityConstraints

        public CertificateIdentityConstraints getIdentityConstraints()
         Optional. Describes constraints on identities that may appear in
 [Certificates][google.cloud.security.privateca.v1.Certificate] issued
 through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If this
 is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool]
 will not add restrictions on a certificate's identity.
        .google.cloud.security.privateca.v1.CertificateIdentityConstraints identity_constraints = 5 [(.google.api.field_behavior) = OPTIONAL];
        Specified by:
        getIdentityConstraints in interface CaPool.IssuancePolicyOrBuilder
        Returns:
        The identityConstraints.

      • getIdentityConstraintsOrBuilder

        public CertificateIdentityConstraintsOrBuilder getIdentityConstraintsOrBuilder()
         Optional. Describes constraints on identities that may appear in
 [Certificates][google.cloud.security.privateca.v1.Certificate] issued
 through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If this
 is omitted, then this [CaPool][google.cloud.security.privateca.v1.CaPool]
 will not add restrictions on a certificate's identity.
        .google.cloud.security.privateca.v1.CertificateIdentityConstraints identity_constraints = 5 [(.google.api.field_behavior) = OPTIONAL];
        Specified by:
        getIdentityConstraintsOrBuilder in interface CaPool.IssuancePolicyOrBuilder

      • hasPassthroughExtensions

        public boolean hasPassthroughExtensions()
         Optional. Describes the set of X.509 extensions that may appear in a
 [Certificate][google.cloud.security.privateca.v1.Certificate] issued
 through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a
 certificate request sets extensions that don't appear in the
 [passthrough_extensions][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.passthrough_extensions],
 those extensions will be dropped. If a certificate request uses a
 [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
 with
 [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values]
 that don't appear here, the certificate issuance request will fail. If
 this is omitted, then this
 [CaPool][google.cloud.security.privateca.v1.CaPool] will not add
 restrictions on a certificate's X.509 extensions. These constraints do
 not apply to X.509 extensions set in this
 [CaPool][google.cloud.security.privateca.v1.CaPool]'s
 [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values].
        .google.cloud.security.privateca.v1.CertificateExtensionConstraints passthrough_extensions = 6 [(.google.api.field_behavior) = OPTIONAL];
        Specified by:
        hasPassthroughExtensions in interface CaPool.IssuancePolicyOrBuilder
        Returns:
        Whether the passthroughExtensions field is set.

      • getPassthroughExtensions

        public CertificateExtensionConstraints getPassthroughExtensions()
         Optional. Describes the set of X.509 extensions that may appear in a
 [Certificate][google.cloud.security.privateca.v1.Certificate] issued
 through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a
 certificate request sets extensions that don't appear in the
 [passthrough_extensions][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.passthrough_extensions],
 those extensions will be dropped. If a certificate request uses a
 [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
 with
 [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values]
 that don't appear here, the certificate issuance request will fail. If
 this is omitted, then this
 [CaPool][google.cloud.security.privateca.v1.CaPool] will not add
 restrictions on a certificate's X.509 extensions. These constraints do
 not apply to X.509 extensions set in this
 [CaPool][google.cloud.security.privateca.v1.CaPool]'s
 [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values].
        .google.cloud.security.privateca.v1.CertificateExtensionConstraints passthrough_extensions = 6 [(.google.api.field_behavior) = OPTIONAL];
        Specified by:
        getPassthroughExtensions in interface CaPool.IssuancePolicyOrBuilder
        Returns:
        The passthroughExtensions.

      • getPassthroughExtensionsOrBuilder

        public CertificateExtensionConstraintsOrBuilder getPassthroughExtensionsOrBuilder()
         Optional. Describes the set of X.509 extensions that may appear in a
 [Certificate][google.cloud.security.privateca.v1.Certificate] issued
 through this [CaPool][google.cloud.security.privateca.v1.CaPool]. If a
 certificate request sets extensions that don't appear in the
 [passthrough_extensions][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.passthrough_extensions],
 those extensions will be dropped. If a certificate request uses a
 [CertificateTemplate][google.cloud.security.privateca.v1.CertificateTemplate]
 with
 [predefined_values][google.cloud.security.privateca.v1.CertificateTemplate.predefined_values]
 that don't appear here, the certificate issuance request will fail. If
 this is omitted, then this
 [CaPool][google.cloud.security.privateca.v1.CaPool] will not add
 restrictions on a certificate's X.509 extensions. These constraints do
 not apply to X.509 extensions set in this
 [CaPool][google.cloud.security.privateca.v1.CaPool]'s
 [baseline_values][google.cloud.security.privateca.v1.CaPool.IssuancePolicy.baseline_values].
        .google.cloud.security.privateca.v1.CertificateExtensionConstraints passthrough_extensions = 6 [(.google.api.field_behavior) = OPTIONAL];
        Specified by:
        getPassthroughExtensionsOrBuilder in interface CaPool.IssuancePolicyOrBuilder

      • isInitialized

        public final boolean isInitialized()
        Specified by:
        isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
        Overrides:
        isInitialized in class com.google.protobuf.GeneratedMessageV3

      • writeTo

        public void writeTo​(com.google.protobuf.CodedOutputStream output)
             throws IOException
        Specified by:
        writeTo in interface com.google.protobuf.MessageLite
        Overrides:
        writeTo in class com.google.protobuf.GeneratedMessageV3
        Throws:
        IOException

      • getSerializedSize

        public int getSerializedSize()
        Specified by:
        getSerializedSize in interface com.google.protobuf.MessageLite
        Overrides:
        getSerializedSize in class com.google.protobuf.GeneratedMessageV3

      • equals

        public boolean equals​(Object obj)
        Specified by:
        equals in interface com.google.protobuf.Message
        Overrides:
        equals in class com.google.protobuf.AbstractMessage

      • hashCode

        public int hashCode()
        Specified by:
        hashCode in interface com.google.protobuf.Message
        Overrides:
        hashCode in class com.google.protobuf.AbstractMessage

      • parseFrom

        public static CaPool.IssuancePolicy parseFrom​(ByteBuffer data)
                                       throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static CaPool.IssuancePolicy parseFrom​(ByteBuffer data,
                                              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                       throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static CaPool.IssuancePolicy parseFrom​(com.google.protobuf.ByteString data)
                                       throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static CaPool.IssuancePolicy parseFrom​(com.google.protobuf.ByteString data,
                                              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                       throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static CaPool.IssuancePolicy parseFrom​(byte[] data)
                                       throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static CaPool.IssuancePolicy parseFrom​(byte[] data,
                                              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                       throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • newBuilderForType

        public CaPool.IssuancePolicy.Builder newBuilderForType()
        Specified by:
        newBuilderForType in interface com.google.protobuf.Message
        Specified by:
        newBuilderForType in interface com.google.protobuf.MessageLite

      • toBuilder

        public CaPool.IssuancePolicy.Builder toBuilder()
        Specified by:
        toBuilder in interface com.google.protobuf.Message
        Specified by:
        toBuilder in interface com.google.protobuf.MessageLite

      • newBuilderForType

        protected CaPool.IssuancePolicy.Builder newBuilderForType​(com.google.protobuf.GeneratedMessageV3.BuilderParent parent)
        Specified by:
        newBuilderForType in class com.google.protobuf.GeneratedMessageV3

      • getParserForType

        public com.google.protobuf.Parser<CaPool.IssuancePolicy> getParserForType()
        Specified by:
        getParserForType in interface com.google.protobuf.Message
        Specified by:
        getParserForType in interface com.google.protobuf.MessageLite
        Overrides:
        getParserForType in class com.google.protobuf.GeneratedMessageV3

      • getDefaultInstanceForType

        public CaPool.IssuancePolicy getDefaultInstanceForType()
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder