Class: OCI::IdentityDomains::Models::ExtensionX509IdentityProvider

Inherits:
Object
  • Object
show all
Defined in:
lib/oci/identity_domains/models/extension_x509_identity_provider.rb

Overview

X509 Identity Provider Extension Schema

Constant Summary collapse

EKU_VALUES_ENUM =
[
  EKU_VALUES_SERVER_AUTH = 'SERVER_AUTH'.freeze,
  EKU_VALUES_CLIENT_AUTH = 'CLIENT_AUTH'.freeze,
  EKU_VALUES_CODE_SIGNING = 'CODE_SIGNING'.freeze,
  EKU_VALUES_EMAIL_PROTECTION = 'EMAIL_PROTECTION'.freeze,
  EKU_VALUES_TIME_STAMPING = 'TIME_STAMPING'.freeze,
  EKU_VALUES_OCSP_SIGNING = 'OCSP_SIGNING'.freeze,
  EKU_VALUES_UNKNOWN_ENUM_VALUE = 'UNKNOWN_ENUM_VALUE'.freeze
].freeze

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(attributes = {}) ⇒ ExtensionX509IdentityProvider

Initializes the object

Parameters:

  • attributes (Hash) (defaults to: {})

    Model attributes in the form of hash

Options Hash (attributes):



367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
# File 'lib/oci/identity_domains/models/extension_x509_identity_provider.rb', line 367

def initialize(attributes = {})
  return unless attributes.is_a?(Hash)

  # convert string to symbol for hash key
  attributes = attributes.each_with_object({}) { |(k, v), h| h[k.to_sym] = v }

  self.cert_match_attribute = attributes[:'certMatchAttribute'] if attributes[:'certMatchAttribute']

  raise 'You cannot provide both :certMatchAttribute and :cert_match_attribute' if attributes.key?(:'certMatchAttribute') && attributes.key?(:'cert_match_attribute')

  self.cert_match_attribute = attributes[:'cert_match_attribute'] if attributes[:'cert_match_attribute']

  self.user_match_attribute = attributes[:'userMatchAttribute'] if attributes[:'userMatchAttribute']

  raise 'You cannot provide both :userMatchAttribute and :user_match_attribute' if attributes.key?(:'userMatchAttribute') && attributes.key?(:'user_match_attribute')

  self.user_match_attribute = attributes[:'user_match_attribute'] if attributes[:'user_match_attribute']

  self.other_cert_match_attribute = attributes[:'otherCertMatchAttribute'] if attributes[:'otherCertMatchAttribute']

  raise 'You cannot provide both :otherCertMatchAttribute and :other_cert_match_attribute' if attributes.key?(:'otherCertMatchAttribute') && attributes.key?(:'other_cert_match_attribute')

  self.other_cert_match_attribute = attributes[:'other_cert_match_attribute'] if attributes[:'other_cert_match_attribute']

  self.signing_certificate_chain = attributes[:'signingCertificateChain'] if attributes[:'signingCertificateChain']

  raise 'You cannot provide both :signingCertificateChain and :signing_certificate_chain' if attributes.key?(:'signingCertificateChain') && attributes.key?(:'signing_certificate_chain')

  self.signing_certificate_chain = attributes[:'signing_certificate_chain'] if attributes[:'signing_certificate_chain']

  self.ocsp_enabled = attributes[:'ocspEnabled'] unless attributes[:'ocspEnabled'].nil?

  raise 'You cannot provide both :ocspEnabled and :ocsp_enabled' if attributes.key?(:'ocspEnabled') && attributes.key?(:'ocsp_enabled')

  self.ocsp_enabled = attributes[:'ocsp_enabled'] unless attributes[:'ocsp_enabled'].nil?

  self.ocsp_server_name = attributes[:'ocspServerName'] if attributes[:'ocspServerName']

  raise 'You cannot provide both :ocspServerName and :ocsp_server_name' if attributes.key?(:'ocspServerName') && attributes.key?(:'ocsp_server_name')

  self.ocsp_server_name = attributes[:'ocsp_server_name'] if attributes[:'ocsp_server_name']

  self.ocsp_responder_url = attributes[:'ocspResponderURL'] if attributes[:'ocspResponderURL']

  raise 'You cannot provide both :ocspResponderURL and :ocsp_responder_url' if attributes.key?(:'ocspResponderURL') && attributes.key?(:'ocsp_responder_url')

  self.ocsp_responder_url = attributes[:'ocsp_responder_url'] if attributes[:'ocsp_responder_url']

  self.ocsp_allow_unknown_response_status = attributes[:'ocspAllowUnknownResponseStatus'] unless attributes[:'ocspAllowUnknownResponseStatus'].nil?

  raise 'You cannot provide both :ocspAllowUnknownResponseStatus and :ocsp_allow_unknown_response_status' if attributes.key?(:'ocspAllowUnknownResponseStatus') && attributes.key?(:'ocsp_allow_unknown_response_status')

  self.ocsp_allow_unknown_response_status = attributes[:'ocsp_allow_unknown_response_status'] unless attributes[:'ocsp_allow_unknown_response_status'].nil?

  self.ocsp_revalidate_time = attributes[:'ocspRevalidateTime'] if attributes[:'ocspRevalidateTime']

  raise 'You cannot provide both :ocspRevalidateTime and :ocsp_revalidate_time' if attributes.key?(:'ocspRevalidateTime') && attributes.key?(:'ocsp_revalidate_time')

  self.ocsp_revalidate_time = attributes[:'ocsp_revalidate_time'] if attributes[:'ocsp_revalidate_time']

  self.ocsp_enable_signed_response = attributes[:'ocspEnableSignedResponse'] unless attributes[:'ocspEnableSignedResponse'].nil?

  raise 'You cannot provide both :ocspEnableSignedResponse and :ocsp_enable_signed_response' if attributes.key?(:'ocspEnableSignedResponse') && attributes.key?(:'ocsp_enable_signed_response')

  self.ocsp_enable_signed_response = attributes[:'ocsp_enable_signed_response'] unless attributes[:'ocsp_enable_signed_response'].nil?

  self.ocsp_trust_cert_chain = attributes[:'ocspTrustCertChain'] if attributes[:'ocspTrustCertChain']

  raise 'You cannot provide both :ocspTrustCertChain and :ocsp_trust_cert_chain' if attributes.key?(:'ocspTrustCertChain') && attributes.key?(:'ocsp_trust_cert_chain')

  self.ocsp_trust_cert_chain = attributes[:'ocsp_trust_cert_chain'] if attributes[:'ocsp_trust_cert_chain']

  self.crl_enabled = attributes[:'crlEnabled'] unless attributes[:'crlEnabled'].nil?

  raise 'You cannot provide both :crlEnabled and :crl_enabled' if attributes.key?(:'crlEnabled') && attributes.key?(:'crl_enabled')

  self.crl_enabled = attributes[:'crl_enabled'] unless attributes[:'crl_enabled'].nil?

  self.crl_check_on_ocsp_failure_enabled = attributes[:'crlCheckOnOCSPFailureEnabled'] unless attributes[:'crlCheckOnOCSPFailureEnabled'].nil?

  raise 'You cannot provide both :crlCheckOnOCSPFailureEnabled and :crl_check_on_ocsp_failure_enabled' if attributes.key?(:'crlCheckOnOCSPFailureEnabled') && attributes.key?(:'crl_check_on_ocsp_failure_enabled')

  self.crl_check_on_ocsp_failure_enabled = attributes[:'crl_check_on_ocsp_failure_enabled'] unless attributes[:'crl_check_on_ocsp_failure_enabled'].nil?

  self.crl_location = attributes[:'crlLocation'] if attributes[:'crlLocation']

  raise 'You cannot provide both :crlLocation and :crl_location' if attributes.key?(:'crlLocation') && attributes.key?(:'crl_location')

  self.crl_location = attributes[:'crl_location'] if attributes[:'crl_location']

  self.crl_reload_duration = attributes[:'crlReloadDuration'] if attributes[:'crlReloadDuration']

  raise 'You cannot provide both :crlReloadDuration and :crl_reload_duration' if attributes.key?(:'crlReloadDuration') && attributes.key?(:'crl_reload_duration')

  self.crl_reload_duration = attributes[:'crl_reload_duration'] if attributes[:'crl_reload_duration']

  self.eku_validation_enabled = attributes[:'ekuValidationEnabled'] unless attributes[:'ekuValidationEnabled'].nil?

  raise 'You cannot provide both :ekuValidationEnabled and :eku_validation_enabled' if attributes.key?(:'ekuValidationEnabled') && attributes.key?(:'eku_validation_enabled')

  self.eku_validation_enabled = attributes[:'eku_validation_enabled'] unless attributes[:'eku_validation_enabled'].nil?

  self.eku_values = attributes[:'ekuValues'] if attributes[:'ekuValues']

  raise 'You cannot provide both :ekuValues and :eku_values' if attributes.key?(:'ekuValues') && attributes.key?(:'eku_values')

  self.eku_values = attributes[:'eku_values'] if attributes[:'eku_values']
end

Instance Attribute Details

#cert_match_attributeString

[Required] X509 Certificate Matching Attribute

Added In: 2010242156

SCIM++ Properties: - caseExact: false - idcsSearchable: false - multiValued: false - mutability: readWrite - required: true - returned: default - type: string - uniqueness: none

Returns:

  • (String)


36
37
38
# File 'lib/oci/identity_domains/models/extension_x509_identity_provider.rb', line 36

def cert_match_attribute
  @cert_match_attribute
end

#crl_check_on_ocsp_failure_enabledBOOLEAN

Fallback on CRL Validation if OCSP fails.

Added In: 2010242156

SCIM++ Properties: - caseExact: false - idcsSearchable: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: boolean - uniqueness: none

Returns:

  • (BOOLEAN)


229
230
231
# File 'lib/oci/identity_domains/models/extension_x509_identity_provider.rb', line 229

def crl_check_on_ocsp_failure_enabled
  @crl_check_on_ocsp_failure_enabled
end

#crl_enabledBOOLEAN

Set to true to enable CRL Validation

Added In: 2010242156

SCIM++ Properties: - caseExact: false - idcsSearchable: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: boolean - uniqueness: none

Returns:

  • (BOOLEAN)


213
214
215
# File 'lib/oci/identity_domains/models/extension_x509_identity_provider.rb', line 213

def crl_enabled
  @crl_enabled
end

#crl_locationString

CRL Location URL

Added In: 2010242156

SCIM++ Properties: - caseExact: false - idcsSearchable: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: string - uniqueness: none

Returns:

  • (String)


245
246
247
# File 'lib/oci/identity_domains/models/extension_x509_identity_provider.rb', line 245

def crl_location
  @crl_location
end

#crl_reload_durationInteger

Fetch the CRL contents every X minutes

Added In: 2010242156

SCIM++ Properties: - idcsSearchable: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: integer - uniqueness: none

Returns:

  • (Integer)


260
261
262
# File 'lib/oci/identity_domains/models/extension_x509_identity_provider.rb', line 260

def crl_reload_duration
  @crl_reload_duration
end

#eku_validation_enabledBOOLEAN

Set to true to enable EKU Validation

Added In: 2304270343

SCIM++ Properties: - caseExact: false - idcsSearchable: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: boolean - uniqueness: none

Returns:

  • (BOOLEAN)


276
277
278
# File 'lib/oci/identity_domains/models/extension_x509_identity_provider.rb', line 276

def eku_validation_enabled
  @eku_validation_enabled
end

#eku_valuesArray<String>

List of EKU which needs to be validated

Added In: 2304270343

SCIM++ Properties: - caseExact: false - idcsSearchable: false - multiValued: true - mutability: readWrite - required: false - returned: default - type: string - uniqueness: none

Returns:

  • (Array<String>)


292
293
294
# File 'lib/oci/identity_domains/models/extension_x509_identity_provider.rb', line 292

def eku_values
  @eku_values
end

#ocsp_allow_unknown_response_statusBOOLEAN

Allow access if OCSP response is UNKNOWN or OCSP Responder does not respond within the timeout duration

Added In: 2010242156

SCIM++ Properties: - caseExact: false - idcsSearchable: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: boolean - uniqueness: none

Returns:

  • (BOOLEAN)


148
149
150
# File 'lib/oci/identity_domains/models/extension_x509_identity_provider.rb', line 148

def ocsp_allow_unknown_response_status
  @ocsp_allow_unknown_response_status
end

#ocsp_enable_signed_responseBOOLEAN

Describes if the OCSP response is signed

Added In: 2010242156

SCIM++ Properties: - caseExact: false - idcsSearchable: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: boolean - uniqueness: none

Returns:

  • (BOOLEAN)


181
182
183
# File 'lib/oci/identity_domains/models/extension_x509_identity_provider.rb', line 181

def ocsp_enable_signed_response
  @ocsp_enable_signed_response
end

#ocsp_enabledBOOLEAN

Set to true to enable OCSP Validation

Added In: 2010242156

SCIM++ Properties: - caseExact: false - idcsSearchable: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: boolean - uniqueness: none

Returns:

  • (BOOLEAN)


100
101
102
# File 'lib/oci/identity_domains/models/extension_x509_identity_provider.rb', line 100

def ocsp_enabled
  @ocsp_enabled
end

#ocsp_responder_urlString

This property specifies OCSP Responder URL.

Added In: 2010242156

SCIM++ Properties: - caseExact: false - idcsSearchable: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: string - uniqueness: none

Returns:

  • (String)


132
133
134
# File 'lib/oci/identity_domains/models/extension_x509_identity_provider.rb', line 132

def ocsp_responder_url
  @ocsp_responder_url
end

#ocsp_revalidate_timeInteger

Revalidate OCSP status for user after X hours

Added In: 2010242156

SCIM++ Properties: - idcsMaxValue: 24 - idcsMinValue: 0 - idcsSearchable: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: integer - uniqueness: none

Returns:

  • (Integer)


165
166
167
# File 'lib/oci/identity_domains/models/extension_x509_identity_provider.rb', line 165

def ocsp_revalidate_time
  @ocsp_revalidate_time
end

#ocsp_server_nameString

This property specifies the OCSP Server alias name

Added In: 2010242156

SCIM++ Properties: - caseExact: false - idcsSearchable: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: string - uniqueness: none

Returns:

  • (String)


116
117
118
# File 'lib/oci/identity_domains/models/extension_x509_identity_provider.rb', line 116

def ocsp_server_name
  @ocsp_server_name
end

#ocsp_trust_cert_chainArray<String>

OCSP Trusted Certificate Chain

Added In: 2010242156

SCIM++ Properties: - caseExact: false - idcsSearchable: false - multiValued: true - mutability: readWrite - required: false - returned: default - type: string - uniqueness: none

Returns:

  • (Array<String>)


197
198
199
# File 'lib/oci/identity_domains/models/extension_x509_identity_provider.rb', line 197

def ocsp_trust_cert_chain
  @ocsp_trust_cert_chain
end

#other_cert_match_attributeString

Check for specific conditions of other certificate attributes

Added In: 2010242156

SCIM++ Properties: - caseExact: false - idcsSearchable: false - multiValued: false - mutability: readWrite - required: false - returned: default - type: string - uniqueness: none

Returns:

  • (String)


68
69
70
# File 'lib/oci/identity_domains/models/extension_x509_identity_provider.rb', line 68

def other_cert_match_attribute
  @other_cert_match_attribute
end

#signing_certificate_chainArray<String>

[Required] Certificate alias list to create a chain for the incoming client certificate

Added In: 2010242156

SCIM++ Properties: - caseExact: false - idcsSearchable: false - multiValued: true - mutability: readWrite - required: true - returned: default - type: string - uniqueness: none

Returns:

  • (Array<String>)


84
85
86
# File 'lib/oci/identity_domains/models/extension_x509_identity_provider.rb', line 84

def signing_certificate_chain
  @signing_certificate_chain
end

#user_match_attributeString

[Required] This property specifies the userstore attribute value that must match the incoming certificate attribute.

Added In: 2010242156

SCIM++ Properties: - caseExact: false - idcsSearchable: false - multiValued: false - mutability: readWrite - required: true - returned: default - type: string - uniqueness: none

Returns:

  • (String)


52
53
54
# File 'lib/oci/identity_domains/models/extension_x509_identity_provider.rb', line 52

def user_match_attribute
  @user_match_attribute
end

Class Method Details

.attribute_mapObject

Attribute mapping from ruby-style variable name to JSON key.



295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
# File 'lib/oci/identity_domains/models/extension_x509_identity_provider.rb', line 295

def self.attribute_map
  {
    # rubocop:disable Style/SymbolLiteral
    'cert_match_attribute': :'certMatchAttribute',
    'user_match_attribute': :'userMatchAttribute',
    'other_cert_match_attribute': :'otherCertMatchAttribute',
    'signing_certificate_chain': :'signingCertificateChain',
    'ocsp_enabled': :'ocspEnabled',
    'ocsp_server_name': :'ocspServerName',
    'ocsp_responder_url': :'ocspResponderURL',
    'ocsp_allow_unknown_response_status': :'ocspAllowUnknownResponseStatus',
    'ocsp_revalidate_time': :'ocspRevalidateTime',
    'ocsp_enable_signed_response': :'ocspEnableSignedResponse',
    'ocsp_trust_cert_chain': :'ocspTrustCertChain',
    'crl_enabled': :'crlEnabled',
    'crl_check_on_ocsp_failure_enabled': :'crlCheckOnOCSPFailureEnabled',
    'crl_location': :'crlLocation',
    'crl_reload_duration': :'crlReloadDuration',
    'eku_validation_enabled': :'ekuValidationEnabled',
    'eku_values': :'ekuValues'
    # rubocop:enable Style/SymbolLiteral
  }
end

.swagger_typesObject

Attribute type mapping.



320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
# File 'lib/oci/identity_domains/models/extension_x509_identity_provider.rb', line 320

def self.swagger_types
  {
    # rubocop:disable Style/SymbolLiteral
    'cert_match_attribute': :'String',
    'user_match_attribute': :'String',
    'other_cert_match_attribute': :'String',
    'signing_certificate_chain': :'Array<String>',
    'ocsp_enabled': :'BOOLEAN',
    'ocsp_server_name': :'String',
    'ocsp_responder_url': :'String',
    'ocsp_allow_unknown_response_status': :'BOOLEAN',
    'ocsp_revalidate_time': :'Integer',
    'ocsp_enable_signed_response': :'BOOLEAN',
    'ocsp_trust_cert_chain': :'Array<String>',
    'crl_enabled': :'BOOLEAN',
    'crl_check_on_ocsp_failure_enabled': :'BOOLEAN',
    'crl_location': :'String',
    'crl_reload_duration': :'Integer',
    'eku_validation_enabled': :'BOOLEAN',
    'eku_values': :'Array<String>'
    # rubocop:enable Style/SymbolLiteral
  }
end

Instance Method Details

#==(other) ⇒ Object

Checks equality by comparing each attribute.

Parameters:

  • other (Object)

    the other object to be compared



503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
# File 'lib/oci/identity_domains/models/extension_x509_identity_provider.rb', line 503

def ==(other)
  return true if equal?(other)

  self.class == other.class &&
    cert_match_attribute == other.cert_match_attribute &&
    user_match_attribute == other.user_match_attribute &&
    other_cert_match_attribute == other.other_cert_match_attribute &&
    signing_certificate_chain == other.signing_certificate_chain &&
    ocsp_enabled == other.ocsp_enabled &&
    ocsp_server_name == other.ocsp_server_name &&
    ocsp_responder_url == other.ocsp_responder_url &&
    ocsp_allow_unknown_response_status == other.ocsp_allow_unknown_response_status &&
    ocsp_revalidate_time == other.ocsp_revalidate_time &&
    ocsp_enable_signed_response == other.ocsp_enable_signed_response &&
    ocsp_trust_cert_chain == other.ocsp_trust_cert_chain &&
    crl_enabled == other.crl_enabled &&
    crl_check_on_ocsp_failure_enabled == other.crl_check_on_ocsp_failure_enabled &&
    crl_location == other.crl_location &&
    crl_reload_duration == other.crl_reload_duration &&
    eku_validation_enabled == other.eku_validation_enabled &&
    eku_values == other.eku_values
end

#build_from_hash(attributes) ⇒ Object

Builds the object from hash

Parameters:

  • attributes (Hash)

    Model attributes in the form of hash

Returns:

  • (Object)

    Returns the model itself



549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
# File 'lib/oci/identity_domains/models/extension_x509_identity_provider.rb', line 549

def build_from_hash(attributes)
  return nil unless attributes.is_a?(Hash)

  self.class.swagger_types.each_pair do |key, type|
    if type =~ /^Array<(.*)>/i
      # check to ensure the input is an array given that the the attribute
      # is documented as an array but the input is not
      if attributes[self.class.attribute_map[key]].is_a?(Array)
        public_method("#{key}=").call(
          attributes[self.class.attribute_map[key]]
            .map { |v| OCI::Internal::Util.convert_to_type(Regexp.last_match(1), v) }
        )
      end
    elsif !attributes[self.class.attribute_map[key]].nil?
      public_method("#{key}=").call(
        OCI::Internal::Util.convert_to_type(type, attributes[self.class.attribute_map[key]])
      )
    end
    # or else data not found in attributes(hash), not an issue as the data can be optional
  end

  self
end

#eql?(other) ⇒ Boolean

Parameters:

  • other (Object)

    the other object to be compared

Returns:

  • (Boolean)

See Also:

  • `==` method


529
530
531
# File 'lib/oci/identity_domains/models/extension_x509_identity_provider.rb', line 529

def eql?(other)
  self == other
end

#hashFixnum

Calculates hash code according to all attributes.

Returns:

  • (Fixnum)

    Hash code



538
539
540
# File 'lib/oci/identity_domains/models/extension_x509_identity_provider.rb', line 538

def hash
  [cert_match_attribute, user_match_attribute, other_cert_match_attribute, signing_certificate_chain, ocsp_enabled, ocsp_server_name, ocsp_responder_url, ocsp_allow_unknown_response_status, ocsp_revalidate_time, ocsp_enable_signed_response, ocsp_trust_cert_chain, crl_enabled, crl_check_on_ocsp_failure_enabled, crl_location, crl_reload_duration, eku_validation_enabled, eku_values].hash
end

#to_hashHash

Returns the object in the form of hash

Returns:

  • (Hash)

    Returns the object in the form of hash



582
583
584
585
586
587
588
589
590
591
# File 'lib/oci/identity_domains/models/extension_x509_identity_provider.rb', line 582

def to_hash
  hash = {}
  self.class.attribute_map.each_pair do |attr, param|
    value = public_method(attr).call
    next if value.nil? && !instance_variable_defined?("@#{attr}")

    hash[param] = _to_hash(value)
  end
  hash
end

#to_sString

Returns the string representation of the object

Returns:

  • (String)

    String presentation of the object



576
577
578
# File 'lib/oci/identity_domains/models/extension_x509_identity_provider.rb', line 576

def to_s
  to_hash.to_s
end