{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "#/components/schemas/CertificatePolicy",
  "title": "CertificatePolicy",
  "type": "object",
  "description": "Management policy for a certificate.",
  "properties": {
    "id": {
      "type": "string",
      "readOnly": true,
      "example": "abc123"
    },
    "key_props": {
      "type": "object",
      "description": "Properties of the key pair.",
      "properties": {
        "exportable": {
          "type": "boolean"
        },
        "kty": {
          "type": "string",
          "enum": [
            "RSA",
            "RSA-HSM",
            "EC",
            "EC-HSM"
          ]
        },
        "key_size": {
          "type": "integer"
        },
        "reuse_key": {
          "type": "boolean"
        },
        "crv": {
          "type": "string",
          "enum": [
            "P-256",
            "P-384",
            "P-521",
            "P-256K"
          ]
        }
      },
      "example": "example_value"
    },
    "secret_props": {
      "type": "object",
      "description": "Properties of the secret backing a certificate.",
      "properties": {
        "contentType": {
          "type": "string"
        }
      },
      "example": "example_value"
    },
    "x509_props": {
      "type": "object",
      "description": "Properties of the X509 component.",
      "properties": {
        "subject": {
          "type": "string"
        },
        "sans": {
          "type": "object",
          "properties": {
            "emails": {
              "type": "array",
              "items": {
                "type": "string"
              }
            },
            "dns_names": {
              "type": "array",
              "items": {
                "type": "string"
              }
            },
            "upns": {
              "type": "array",
              "items": {
                "type": "string"
              }
            }
          }
        },
        "ekus": {
          "type": "array",
          "items": {
            "type": "string"
          }
        },
        "key_usage": {
          "type": "array",
          "items": {
            "type": "string"
          }
        },
        "validity_months": {
          "type": "integer"
        }
      },
      "example": "example_value"
    },
    "issuer": {
      "type": "object",
      "description": "Parameters for the issuer of the X509 component.",
      "properties": {
        "name": {
          "type": "string",
          "description": "Name of the referenced issuer object or reserved names (Self, Unknown)."
        },
        "cty": {
          "type": "string",
          "description": "Certificate type as supported by the provider."
        }
      },
      "example": "example_value"
    },
    "attributes": {
      "$ref": "#/components/schemas/CertificateAttributes"
    },
    "lifetime_actions": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "trigger": {
            "type": "object",
            "properties": {
              "lifetime_percentage": {
                "type": "integer"
              },
              "days_before_expiry": {
                "type": "integer"
              }
            }
          },
          "action": {
            "type": "object",
            "properties": {
              "action_type": {
                "type": "string",
                "enum": [
                  "EmailContacts",
                  "AutoRenew"
                ]
              }
            }
          }
        }
      },
      "example": []
    }
  }
}