AWS.PcaConnectorAd — AWS SDK for JavaScript (original) (raw)
Examples:
Calling the createTemplate operation
var params = {
ConnectorArn: 'STRING_VALUE', /* required */
Definition: { /* required */
TemplateV2: {
CertificateValidity: { /* required */
RenewalPeriod: { /* required */
Period: 'NUMBER_VALUE', /* required */
PeriodType: HOURS | DAYS | WEEKS | MONTHS | YEARS /* required */
},
ValidityPeriod: { /* required */
Period: 'NUMBER_VALUE', /* required */
PeriodType: HOURS | DAYS | WEEKS | MONTHS | YEARS /* required */
}
},
EnrollmentFlags: { /* required */
EnableKeyReuseOnNtTokenKeysetStorageFull: true || false,
IncludeSymmetricAlgorithms: true || false,
NoSecurityExtension: true || false,
RemoveInvalidCertificateFromPersonalStore: true || false,
UserInteractionRequired: true || false
},
Extensions: { /* required */
KeyUsage: { /* required */
UsageFlags: { /* required */
DataEncipherment: true || false,
DigitalSignature: true || false,
KeyAgreement: true || false,
KeyEncipherment: true || false,
NonRepudiation: true || false
},
Critical: true || false
},
ApplicationPolicies: {
Policies: [ /* required */
{
PolicyObjectIdentifier: 'STRING_VALUE',
PolicyType: ALL_APPLICATION_POLICIES | ANY_PURPOSE | ATTESTATION_IDENTITY_KEY_CERTIFICATE | CERTIFICATE_REQUEST_AGENT | CLIENT_AUTHENTICATION | CODE_SIGNING | CTL_USAGE | DIGITAL_RIGHTS | DIRECTORY_SERVICE_EMAIL_REPLICATION | DISALLOWED_LIST | DNS_SERVER_TRUST | DOCUMENT_ENCRYPTION | DOCUMENT_SIGNING | DYNAMIC_CODE_GENERATOR | EARLY_LAUNCH_ANTIMALWARE_DRIVER | EMBEDDED_WINDOWS_SYSTEM_COMPONENT_VERIFICATION | ENCLAVE | ENCRYPTING_FILE_SYSTEM | ENDORSEMENT_KEY_CERTIFICATE | FILE_RECOVERY | HAL_EXTENSION | IP_SECURITY_END_SYSTEM | IP_SECURITY_IKE_INTERMEDIATE | IP_SECURITY_TUNNEL_TERMINATION | IP_SECURITY_USER | ISOLATED_USER_MODE | KDC_AUTHENTICATION | KERNEL_MODE_CODE_SIGNING | KEY_PACK_LICENSES | KEY_RECOVERY | KEY_RECOVERY_AGENT | LICENSE_SERVER_VERIFICATION | LIFETIME_SIGNING | MICROSOFT_PUBLISHER | MICROSOFT_TIME_STAMPING | MICROSOFT_TRUST_LIST_SIGNING | OCSP_SIGNING | OEM_WINDOWS_SYSTEM_COMPONENT_VERIFICATION | PLATFORM_CERTIFICATE | PREVIEW_BUILD_SIGNING | PRIVATE_KEY_ARCHIVAL | PROTECTED_PROCESS_LIGHT_VERIFICATION | PROTECTED_PROCESS_VERIFICATION | QUALIFIED_SUBORDINATION | REVOKED_LIST_SIGNER | ROOT_PROGRAM_AUTO_UPDATE_CA_REVOCATION | ROOT_PROGRAM_AUTO_UPDATE_END_REVOCATION | ROOT_PROGRAM_NO_OSCP_FAILOVER_TO_CRL | ROOT_LIST_SIGNER | SECURE_EMAIL | SERVER_AUTHENTICATION | SMART_CARD_LOGIN | SPC_ENCRYPTED_DIGEST_RETRY_COUNT | SPC_RELAXED_PE_MARKER_CHECK | TIME_STAMPING | WINDOWS_HARDWARE_DRIVER_ATTESTED_VERIFICATION | WINDOWS_HARDWARE_DRIVER_EXTENDED_VERIFICATION | WINDOWS_HARDWARE_DRIVER_VERIFICATION | WINDOWS_HELLO_RECOVERY_KEY_ENCRYPTION | WINDOWS_KITS_COMPONENT | WINDOWS_RT_VERIFICATION | WINDOWS_SOFTWARE_EXTENSION_VERIFICATION | WINDOWS_STORE | WINDOWS_SYSTEM_COMPONENT_VERIFICATION | WINDOWS_TCB_COMPONENT | WINDOWS_THIRD_PARTY_APPLICATION_COMPONENT | WINDOWS_UPDATE
},
/* more items */
],
Critical: true || false
}
},
GeneralFlags: { /* required */
AutoEnrollment: true || false,
MachineType: true || false
},
PrivateKeyAttributes: { /* required */
KeySpec: KEY_EXCHANGE | SIGNATURE, /* required */
MinimalKeyLength: 'NUMBER_VALUE', /* required */
CryptoProviders: [
'STRING_VALUE',
/* more items */
]
},
PrivateKeyFlags: { /* required */
ClientVersion: WINDOWS_SERVER_2003 | WINDOWS_SERVER_2008 | WINDOWS_SERVER_2008_R2 | WINDOWS_SERVER_2012 | WINDOWS_SERVER_2012_R2 | WINDOWS_SERVER_2016, /* required */
ExportableKey: true || false,
StrongKeyProtectionRequired: true || false
},
SubjectNameFlags: { /* required */
RequireCommonName: true || false,
RequireDirectoryPath: true || false,
RequireDnsAsCn: true || false,
RequireEmail: true || false,
SanRequireDirectoryGuid: true || false,
SanRequireDns: true || false,
SanRequireDomainDns: true || false,
SanRequireEmail: true || false,
SanRequireSpn: true || false,
SanRequireUpn: true || false
},
SupersededTemplates: [
'STRING_VALUE',
/* more items */
]
},
TemplateV3: {
CertificateValidity: { /* required */
RenewalPeriod: { /* required */
Period: 'NUMBER_VALUE', /* required */
PeriodType: HOURS | DAYS | WEEKS | MONTHS | YEARS /* required */
},
ValidityPeriod: { /* required */
Period: 'NUMBER_VALUE', /* required */
PeriodType: HOURS | DAYS | WEEKS | MONTHS | YEARS /* required */
}
},
EnrollmentFlags: { /* required */
EnableKeyReuseOnNtTokenKeysetStorageFull: true || false,
IncludeSymmetricAlgorithms: true || false,
NoSecurityExtension: true || false,
RemoveInvalidCertificateFromPersonalStore: true || false,
UserInteractionRequired: true || false
},
Extensions: { /* required */
KeyUsage: { /* required */
UsageFlags: { /* required */
DataEncipherment: true || false,
DigitalSignature: true || false,
KeyAgreement: true || false,
KeyEncipherment: true || false,
NonRepudiation: true || false
},
Critical: true || false
},
ApplicationPolicies: {
Policies: [ /* required */
{
PolicyObjectIdentifier: 'STRING_VALUE',
PolicyType: ALL_APPLICATION_POLICIES | ANY_PURPOSE | ATTESTATION_IDENTITY_KEY_CERTIFICATE | CERTIFICATE_REQUEST_AGENT | CLIENT_AUTHENTICATION | CODE_SIGNING | CTL_USAGE | DIGITAL_RIGHTS | DIRECTORY_SERVICE_EMAIL_REPLICATION | DISALLOWED_LIST | DNS_SERVER_TRUST | DOCUMENT_ENCRYPTION | DOCUMENT_SIGNING | DYNAMIC_CODE_GENERATOR | EARLY_LAUNCH_ANTIMALWARE_DRIVER | EMBEDDED_WINDOWS_SYSTEM_COMPONENT_VERIFICATION | ENCLAVE | ENCRYPTING_FILE_SYSTEM | ENDORSEMENT_KEY_CERTIFICATE | FILE_RECOVERY | HAL_EXTENSION | IP_SECURITY_END_SYSTEM | IP_SECURITY_IKE_INTERMEDIATE | IP_SECURITY_TUNNEL_TERMINATION | IP_SECURITY_USER | ISOLATED_USER_MODE | KDC_AUTHENTICATION | KERNEL_MODE_CODE_SIGNING | KEY_PACK_LICENSES | KEY_RECOVERY | KEY_RECOVERY_AGENT | LICENSE_SERVER_VERIFICATION | LIFETIME_SIGNING | MICROSOFT_PUBLISHER | MICROSOFT_TIME_STAMPING | MICROSOFT_TRUST_LIST_SIGNING | OCSP_SIGNING | OEM_WINDOWS_SYSTEM_COMPONENT_VERIFICATION | PLATFORM_CERTIFICATE | PREVIEW_BUILD_SIGNING | PRIVATE_KEY_ARCHIVAL | PROTECTED_PROCESS_LIGHT_VERIFICATION | PROTECTED_PROCESS_VERIFICATION | QUALIFIED_SUBORDINATION | REVOKED_LIST_SIGNER | ROOT_PROGRAM_AUTO_UPDATE_CA_REVOCATION | ROOT_PROGRAM_AUTO_UPDATE_END_REVOCATION | ROOT_PROGRAM_NO_OSCP_FAILOVER_TO_CRL | ROOT_LIST_SIGNER | SECURE_EMAIL | SERVER_AUTHENTICATION | SMART_CARD_LOGIN | SPC_ENCRYPTED_DIGEST_RETRY_COUNT | SPC_RELAXED_PE_MARKER_CHECK | TIME_STAMPING | WINDOWS_HARDWARE_DRIVER_ATTESTED_VERIFICATION | WINDOWS_HARDWARE_DRIVER_EXTENDED_VERIFICATION | WINDOWS_HARDWARE_DRIVER_VERIFICATION | WINDOWS_HELLO_RECOVERY_KEY_ENCRYPTION | WINDOWS_KITS_COMPONENT | WINDOWS_RT_VERIFICATION | WINDOWS_SOFTWARE_EXTENSION_VERIFICATION | WINDOWS_STORE | WINDOWS_SYSTEM_COMPONENT_VERIFICATION | WINDOWS_TCB_COMPONENT | WINDOWS_THIRD_PARTY_APPLICATION_COMPONENT | WINDOWS_UPDATE
},
/* more items */
],
Critical: true || false
}
},
GeneralFlags: { /* required */
AutoEnrollment: true || false,
MachineType: true || false
},
HashAlgorithm: SHA256 | SHA384 | SHA512, /* required */
PrivateKeyAttributes: { /* required */
Algorithm: RSA | ECDH_P256 | ECDH_P384 | ECDH_P521, /* required */
KeySpec: KEY_EXCHANGE | SIGNATURE, /* required */
KeyUsageProperty: { /* required */
PropertyFlags: {
Decrypt: true || false,
KeyAgreement: true || false,
Sign: true || false
},
PropertyType: ALL
},
MinimalKeyLength: 'NUMBER_VALUE', /* required */
CryptoProviders: [
'STRING_VALUE',
/* more items */
]
},
PrivateKeyFlags: { /* required */
ClientVersion: WINDOWS_SERVER_2008 | WINDOWS_SERVER_2008_R2 | WINDOWS_SERVER_2012 | WINDOWS_SERVER_2012_R2 | WINDOWS_SERVER_2016, /* required */
ExportableKey: true || false,
RequireAlternateSignatureAlgorithm: true || false,
StrongKeyProtectionRequired: true || false
},
SubjectNameFlags: { /* required */
RequireCommonName: true || false,
RequireDirectoryPath: true || false,
RequireDnsAsCn: true || false,
RequireEmail: true || false,
SanRequireDirectoryGuid: true || false,
SanRequireDns: true || false,
SanRequireDomainDns: true || false,
SanRequireEmail: true || false,
SanRequireSpn: true || false,
SanRequireUpn: true || false
},
SupersededTemplates: [
'STRING_VALUE',
/* more items */
]
},
TemplateV4: {
CertificateValidity: { /* required */
RenewalPeriod: { /* required */
Period: 'NUMBER_VALUE', /* required */
PeriodType: HOURS | DAYS | WEEKS | MONTHS | YEARS /* required */
},
ValidityPeriod: { /* required */
Period: 'NUMBER_VALUE', /* required */
PeriodType: HOURS | DAYS | WEEKS | MONTHS | YEARS /* required */
}
},
EnrollmentFlags: { /* required */
EnableKeyReuseOnNtTokenKeysetStorageFull: true || false,
IncludeSymmetricAlgorithms: true || false,
NoSecurityExtension: true || false,
RemoveInvalidCertificateFromPersonalStore: true || false,
UserInteractionRequired: true || false
},
Extensions: { /* required */
KeyUsage: { /* required */
UsageFlags: { /* required */
DataEncipherment: true || false,
DigitalSignature: true || false,
KeyAgreement: true || false,
KeyEncipherment: true || false,
NonRepudiation: true || false
},
Critical: true || false
},
ApplicationPolicies: {
Policies: [ /* required */
{
PolicyObjectIdentifier: 'STRING_VALUE',
PolicyType: ALL_APPLICATION_POLICIES | ANY_PURPOSE | ATTESTATION_IDENTITY_KEY_CERTIFICATE | CERTIFICATE_REQUEST_AGENT | CLIENT_AUTHENTICATION | CODE_SIGNING | CTL_USAGE | DIGITAL_RIGHTS | DIRECTORY_SERVICE_EMAIL_REPLICATION | DISALLOWED_LIST | DNS_SERVER_TRUST | DOCUMENT_ENCRYPTION | DOCUMENT_SIGNING | DYNAMIC_CODE_GENERATOR | EARLY_LAUNCH_ANTIMALWARE_DRIVER | EMBEDDED_WINDOWS_SYSTEM_COMPONENT_VERIFICATION | ENCLAVE | ENCRYPTING_FILE_SYSTEM | ENDORSEMENT_KEY_CERTIFICATE | FILE_RECOVERY | HAL_EXTENSION | IP_SECURITY_END_SYSTEM | IP_SECURITY_IKE_INTERMEDIATE | IP_SECURITY_TUNNEL_TERMINATION | IP_SECURITY_USER | ISOLATED_USER_MODE | KDC_AUTHENTICATION | KERNEL_MODE_CODE_SIGNING | KEY_PACK_LICENSES | KEY_RECOVERY | KEY_RECOVERY_AGENT | LICENSE_SERVER_VERIFICATION | LIFETIME_SIGNING | MICROSOFT_PUBLISHER | MICROSOFT_TIME_STAMPING | MICROSOFT_TRUST_LIST_SIGNING | OCSP_SIGNING | OEM_WINDOWS_SYSTEM_COMPONENT_VERIFICATION | PLATFORM_CERTIFICATE | PREVIEW_BUILD_SIGNING | PRIVATE_KEY_ARCHIVAL | PROTECTED_PROCESS_LIGHT_VERIFICATION | PROTECTED_PROCESS_VERIFICATION | QUALIFIED_SUBORDINATION | REVOKED_LIST_SIGNER | ROOT_PROGRAM_AUTO_UPDATE_CA_REVOCATION | ROOT_PROGRAM_AUTO_UPDATE_END_REVOCATION | ROOT_PROGRAM_NO_OSCP_FAILOVER_TO_CRL | ROOT_LIST_SIGNER | SECURE_EMAIL | SERVER_AUTHENTICATION | SMART_CARD_LOGIN | SPC_ENCRYPTED_DIGEST_RETRY_COUNT | SPC_RELAXED_PE_MARKER_CHECK | TIME_STAMPING | WINDOWS_HARDWARE_DRIVER_ATTESTED_VERIFICATION | WINDOWS_HARDWARE_DRIVER_EXTENDED_VERIFICATION | WINDOWS_HARDWARE_DRIVER_VERIFICATION | WINDOWS_HELLO_RECOVERY_KEY_ENCRYPTION | WINDOWS_KITS_COMPONENT | WINDOWS_RT_VERIFICATION | WINDOWS_SOFTWARE_EXTENSION_VERIFICATION | WINDOWS_STORE | WINDOWS_SYSTEM_COMPONENT_VERIFICATION | WINDOWS_TCB_COMPONENT | WINDOWS_THIRD_PARTY_APPLICATION_COMPONENT | WINDOWS_UPDATE
},
/* more items */
],
Critical: true || false
}
},
GeneralFlags: { /* required */
AutoEnrollment: true || false,
MachineType: true || false
},
PrivateKeyAttributes: { /* required */
KeySpec: KEY_EXCHANGE | SIGNATURE, /* required */
MinimalKeyLength: 'NUMBER_VALUE', /* required */
Algorithm: RSA | ECDH_P256 | ECDH_P384 | ECDH_P521,
CryptoProviders: [
'STRING_VALUE',
/* more items */
],
KeyUsageProperty: {
PropertyFlags: {
Decrypt: true || false,
KeyAgreement: true || false,
Sign: true || false
},
PropertyType: ALL
}
},
PrivateKeyFlags: { /* required */
ClientVersion: WINDOWS_SERVER_2012 | WINDOWS_SERVER_2012_R2 | WINDOWS_SERVER_2016, /* required */
ExportableKey: true || false,
RequireAlternateSignatureAlgorithm: true || false,
RequireSameKeyRenewal: true || false,
StrongKeyProtectionRequired: true || false,
UseLegacyProvider: true || false
},
SubjectNameFlags: { /* required */
RequireCommonName: true || false,
RequireDirectoryPath: true || false,
RequireDnsAsCn: true || false,
RequireEmail: true || false,
SanRequireDirectoryGuid: true || false,
SanRequireDns: true || false,
SanRequireDomainDns: true || false,
SanRequireEmail: true || false,
SanRequireSpn: true || false,
SanRequireUpn: true || false
},
HashAlgorithm: SHA256 | SHA384 | SHA512,
SupersededTemplates: [
'STRING_VALUE',
/* more items */
]
}
},
Name: 'STRING_VALUE', /* required */
ClientToken: 'STRING_VALUE',
Tags: {
'<String>': 'STRING_VALUE',
/* '<String>': ... */
}
};
pcaconnectorad.createTemplate(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});