排序及篩選憑證

本頁說明如何排序及篩選憑證授權單位服務中,ListCertificates API 呼叫傳回的憑證。

如要瞭解如何列出及查看已核發的憑證,請參閱「查看已核發的憑證」。

排序支援

根據預設,ListCertificates API 呼叫會傳回依 create_time 欄位排序的憑證,且最新憑證會列在最前面。無法指定其他排序順序。

篩選支援

下列欄位可用於篩選 ListCertificates API 呼叫傳回的憑證:

欄位名稱 欄位類型 支援的運算子
create_time 時間戳記 <, >, <=, >=, =, !=
update_time 時間戳記 <, >, <=, >=, =, !=
certificate_description.subject_description.not_after_time 時間戳記 <, >, <=, >=, =, !=
certificate_description.subject_description.not_before_time 時間戳記 <, >, <=, >=, =, !=
certificate_description.cert_fingerprint.sha256_hash 字串 =, !=
certificate_description.subject_description.hex_serial_number 字串 =, !=
certificate_description.subject_description.subject.common_name 字串 =, !=
certificate_description.subject_description.subject.country_code 字串 =, !=
certificate_description.subject_description.subject.organization 字串 =, !=
certificate_description.subject_description.subject.organizational_unit 字串 =, !=
certificate_description.subject_description.subject.locality 字串 =, !=
certificate_description.subject_description.subject.province 字串 =, !=
certificate_description.subject_description.subject.street_address 字串 =, !=
certificate_description.subject_description.subject.postal_code 字串 =, !=
certificate_description.subject_description.subject_alt_name.dns_names 字串 :(HAS 運算子)
certificate_description.x509_description.key_usage.extended_key_usage.client_auth bool =, !=
certificate_description.x509_description.key_usage.extended_key_usage.server_auth bool =, !=
labels map :(HAS 運算子)
certificate_template 字串 =, !=:(HAS 運算子)

注意:欄位 certificate_description.x509_description.key_usage.extended_key_usage.client_authcertificate_description.x509_description.key_usage.extended_key_usage.server_auth 是布林值,分別表示是否存在對應的擴充金鑰用途。

篩選語法

篩選語法遵循 AIP 160 中設定的 API 篩選指引,但有下列限制:

  • 系統僅支援頂層 AND 運算子。其他所有項目都不是 (例如 ORNOT、巢狀運算子,或這些運算子的任何組合)。

    • 有效:篩選器只使用頂層 AND 運算子:

      create_time>"2020-08-21T11:30:00.11-05:00" AND certificate_description.x509_description.key_usage.extended_key_usage.server_auth=true

    • 無效:篩選器使用 OR 運算子:

       create_time>"2020-08-21T11:30:00.11-05:00" OR certificate_description.x509_description.key_usage.extended_key_usage.server_auth=true

    • 無效:篩選器使用巢狀運算子:

       (create_time>"2020-08-21T11:30:00.11-05:00" AND certificate_description.x509_description.key_usage.extended_key_usage.server_auth=true) AND certificate_description.subject_description.subject.common_name="foo.com"

  • 不支援萬用字元比對 (使用 *),但 certificate_description.subject_description.subject_alt_name.dns_names 欄位支援 DNS 標籤的後置字元比對。

    • 有效:篩選器會比較萬用字元後置字串是否相符:

      certificate_description.subject_description.subject_alt_name.dns_names:"*.foo.com"

    • 無效:篩選器會與萬用字元前置字元比對:

      certificate_description.subject_description.subject_alt_name.dns_names:"foo.*"

    • 無效:篩選器會比較不支援的欄位與萬用字元:

      "certificate_description.subject_description.hex_serial_number"="*3d3"

後續步驟