Package software.amazon.awssdk.services.pcaconnectorad.model

Interface EnrollmentFlagsV2.Builder

    • Method Detail

      • enableKeyReuseOnNtTokenKeysetStorageFull

        EnrollmentFlagsV2.Builder enableKeyReuseOnNtTokenKeysetStorageFull​(Boolean enableKeyReuseOnNtTokenKeysetStorageFull)

        Allow renewal using the same key.

        Parameters:
        enableKeyReuseOnNtTokenKeysetStorageFull - Allow renewal using the same key.
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • includeSymmetricAlgorithms

        EnrollmentFlagsV2.Builder includeSymmetricAlgorithms​(Boolean includeSymmetricAlgorithms)

        Include symmetric algorithms allowed by the subject.

        Parameters:
        includeSymmetricAlgorithms - Include symmetric algorithms allowed by the subject.
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • noSecurityExtension

        EnrollmentFlagsV2.Builder noSecurityExtension​(Boolean noSecurityExtension)

        This flag instructs the CA to not include the security extension szOID_NTDS_CA_SECURITY_EXT (OID:1.3.6.1.4.1.311.25.2), as specified in [MS-WCCE] sections 2.2.2.7.7.4 and 3.2.2.6.2.1.4.5.9, in the issued certificate. This addresses a Windows Kerberos elevation-of-privilege vulnerability.

        Parameters:
        noSecurityExtension - This flag instructs the CA to not include the security extension szOID_NTDS_CA_SECURITY_EXT (OID:1.3.6.1.4.1.311.25.2), as specified in [MS-WCCE] sections 2.2.2.7.7.4 and 3.2.2.6.2.1.4.5.9, in the issued certificate. This addresses a Windows Kerberos elevation-of-privilege vulnerability.
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • removeInvalidCertificateFromPersonalStore

        EnrollmentFlagsV2.Builder removeInvalidCertificateFromPersonalStore​(Boolean removeInvalidCertificateFromPersonalStore)

        Delete expired or revoked certificates instead of archiving them.

        Parameters:
        removeInvalidCertificateFromPersonalStore - Delete expired or revoked certificates instead of archiving them.
        Returns:
        Returns a reference to this object so that method calls can be chained together.

      • userInteractionRequired

        EnrollmentFlagsV2.Builder userInteractionRequired​(Boolean userInteractionRequired)

        Require user interaction when the subject is enrolled and the private key associated with the certificate is used.

        Parameters:
        userInteractionRequired - Require user interaction when the subject is enrolled and the private key associated with the certificate is used.
        Returns:
        Returns a reference to this object so that method calls can be chained together.