class Aws::ACMPCA::Types::Extensions

Contains X.509 extension information for a certificate.

@note When making an API call, you may pass Extensions

data as a hash:

    {
      certificate_policies: [
        {
          cert_policy_id: "CustomObjectIdentifier", # required
          policy_qualifiers: [
            {
              policy_qualifier_id: "CPS", # required, accepts CPS
              qualifier: { # required
                cps_uri: "String256", # required
              },
            },
          ],
        },
      ],
      extended_key_usage: [
        {
          extended_key_usage_type: "SERVER_AUTH", # accepts SERVER_AUTH, CLIENT_AUTH, CODE_SIGNING, EMAIL_PROTECTION, TIME_STAMPING, OCSP_SIGNING, SMART_CARD_LOGIN, DOCUMENT_SIGNING, CERTIFICATE_TRANSPARENCY
          extended_key_usage_object_identifier: "CustomObjectIdentifier",
        },
      ],
      key_usage: {
        digital_signature: false,
        non_repudiation: false,
        key_encipherment: false,
        data_encipherment: false,
        key_agreement: false,
        key_cert_sign: false,
        crl_sign: false,
        encipher_only: false,
        decipher_only: false,
      },
      subject_alternative_names: [
        {
          other_name: {
            type_id: "CustomObjectIdentifier", # required
            value: "String256", # required
          },
          rfc_822_name: "String256",
          dns_name: "String253",
          directory_name: {
            country: "CountryCodeString",
            organization: "String64",
            organizational_unit: "String64",
            distinguished_name_qualifier: "ASN1PrintableString64",
            state: "String128",
            common_name: "String64",
            serial_number: "ASN1PrintableString64",
            locality: "String128",
            title: "String64",
            surname: "String40",
            given_name: "String16",
            initials: "String5",
            pseudonym: "String128",
            generation_qualifier: "String3",
          },
          edi_party_name: {
            party_name: "String256", # required
            name_assigner: "String256",
          },
          uniform_resource_identifier: "String253",
          ip_address: "String39",
          registered_id: "CustomObjectIdentifier",
        },
      ],
    }

@!attribute [rw] certificate_policies

Contains a sequence of one or more policy information terms, each of
which consists of an object identifier (OID) and optional
qualifiers. For more information, see NIST's definition of [Object
Identifier (OID)][1].

In an end-entity certificate, these terms indicate the policy under
which the certificate was issued and the purposes for which it may
be used. In a CA certificate, these terms limit the set of policies
for certification paths that include this certificate.

[1]: https://csrc.nist.gov/glossary/term/Object_Identifier
@return [Array<Types::PolicyInformation>]

@!attribute [rw] extended_key_usage

Specifies additional purposes for which the certified public key may
be used other than basic purposes indicated in the `KeyUsage`
extension.
@return [Array<Types::ExtendedKeyUsage>]

@!attribute [rw] key_usage

Defines one or more purposes for which the key contained in the
certificate can be used. Default value for each option is false.
@return [Types::KeyUsage]

@!attribute [rw] subject_alternative_names

The subject alternative name extension allows identities to be bound
to the subject of the certificate. These identities may be included
in addition to or in place of the identity in the subject field of
the certificate.
@return [Array<Types::GeneralName>]

@see docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/Extensions AWS API Documentation

Constants

SENSITIVE