JSONWebKey
A JSON Web Key (JWK) as defined by RFC 7517.
Properties
Keyobject requiredThe cryptographic key material. Structure depends on the key type (RSA, EC, etc.).KeyIDstring requiredThe ‘kid’ parameter: a unique identifier for the key.Algorithmstring requiredThe ‘alg’ parameter: the algorithm intended for use with this key (e.g. RS256, ES256).Usestring requiredThe ‘use’ parameter: ‘sig’ for signing or ’enc’ for encryption.- The X.509 certificate chain
- ↳
Rawarray[string] requiredThe raw ASN.1 DER encoded certificate. - ↳
RawTBSCertificatearray[string] requiredThe raw ASN.1 DER encoded TBSCertificate. - ↳
RawSubjectPublicKeyInfoarray[string] requiredThe raw ASN.1 DER encoded SubjectPublicKeyInfo. - ↳
RawSubjectarray[string] requiredThe raw ASN.1 DER encoded subject. - ↳
RawIssuerarray[string] requiredThe raw ASN.1 DER encoded issuer. - ↳
Signaturearray[string] requiredThe certificate signature. - ↳
SignatureAlgorithminteger requiredThe signature algorithm identifier. - ↳
PublicKeyAlgorithminteger requiredThe public key algorithm identifier. - ↳
PublicKeyobject requiredThe public key contained in the certificate. - ↳
Versioninteger requiredThe X.509 certificate version. - ↳
SerialNumberinteger requiredThe certificate serial number. - The certificate issuer distinguished name.
- The certificate subject distinguished name.
- ↳
NotBeforestring requiredThe start of the certificate validity period. - ↳
NotAfterstring requiredThe end of the certificate validity period. - ↳
KeyUsageinteger requiredBitfield of key usage flags. - The certificate extensions.
- Additional extensions to add to the certificate.
- ↳
UnhandledCriticalExtensionsarray[string] requiredCritical extensions that were not handled during parsing. - ↳
ExtKeyUsagearray[integer] requiredExtended key usage values. - ↳
UnknownExtKeyUsagearray[string] requiredUnknown extended key usage OIDs. - ↳
BasicConstraintsValidboolean requiredWhether the basic constraints extension is valid. - ↳
IsCAboolean requiredWhether the certificate is a CA certificate. - ↳
MaxPathLeninteger requiredMaximum number of intermediate CAs allowed in the path. - ↳
MaxPathLenZeroboolean requiredWhether MaxPathLen was explicitly set to zero. - ↳
SubjectKeyIdarray[string] requiredThe subject key identifier extension value. - ↳
AuthorityKeyIdarray[string] requiredThe authority key identifier extension value. - ↳
OCSPServerarray[string] requiredOCSP server URLs from the authority information access extension. - ↳
IssuingCertificateURLarray[string] requiredIssuing certificate URLs from the authority information access extension. - ↳
DNSNamesarray[string] requiredDNS names from the subject alternative name extension. - ↳
EmailAddressesarray[string] requiredEmail addresses from the subject alternative name extension. - ↳
IPAddressesarray[array] requiredIP addresses from the subject alternative name extension. - URIs from the subject alternative name extension.
- ↳
PermittedDNSDomainsCriticalboolean requiredWhether the name constraints are marked critical. - ↳
PermittedDNSDomainsarray[string] requiredPermitted DNS domain names from the name constraints extension. - ↳
ExcludedDNSDomainsarray[string] requiredExcluded DNS domain names from the name constraints extension. - Permitted IP ranges from the name constraints extension.
- Excluded IP ranges from the name constraints extension.
- ↳
PermittedEmailAddressesarray[string] requiredPermitted email addresses from the name constraints extension. - ↳
ExcludedEmailAddressesarray[string] requiredExcluded email addresses from the name constraints extension. - ↳
PermittedURIDomainsarray[string] requiredPermitted URI domains from the name constraints extension. - ↳
ExcludedURIDomainsarray[string] requiredExcluded URI domains from the name constraints extension. - ↳
CRLDistributionPointsarray[string] requiredCRL distribution point URLs. - ↳
PolicyIdentifiersarray[string] requiredCertificate policy OIDs. - ↳
Policiesarray[string] requiredCertificate policies. - ↳
InhibitAnyPolicyinteger requiredThe inhibit any-policy constraint value. - ↳
InhibitAnyPolicyZeroboolean requiredWhether InhibitAnyPolicy was explicitly set to zero. - ↳
InhibitPolicyMappinginteger requiredThe inhibit policy mapping constraint value. - ↳
InhibitPolicyMappingZeroboolean requiredWhether InhibitPolicyMapping was explicitly set to zero. - ↳
RequireExplicitPolicyinteger requiredThe require explicit policy constraint value. - ↳
RequireExplicitPolicyZeroboolean requiredWhether RequireExplicitPolicy was explicitly set to zero. - Policy mappings from the policy mapping extension.
- The URL for the X.509 certificate chain
- ↳
Schemestring requiredThe URL scheme (e.g. https, http). - ↳
Opaquestring requiredThe opaque data of the URL. - ↳
Userstring requiredThe user information associated with the URL. - ↳
Hoststring requiredThe host or host:port of the URL. - ↳
Pathstring requiredThe path of the URL. - ↳
RawPathstring requiredThe encoded path hint, used when the path contains escaped characters. - ↳
OmitHostboolean requiredWhether to omit the host in the URL string. - ↳
ForceQueryboolean requiredWhether to force a trailing question mark even if the query is empty. - ↳
RawQuerystring requiredThe encoded query string, without the leading question mark. - ↳
Fragmentstring requiredThe URL fragment (without the leading hash). - ↳
RawFragmentstring requiredThe encoded fragment hint. CertificateThumbprintSHA1array[string] requiredThe SHA-1 thumbprint of the X.509 certificateCertificateThumbprintSHA256array[string] requiredThe SHA-256 thumbprint of the X.509 certificate
Thank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.