Interface PkiSecrets

  • All Superinterfaces:
    Secrets

    public interface PkiSecrets
    extends Secrets
    API operation for Vault PKI Secrets Engine. All methods block the current thread. This implementation is not suitable for reactive programming. Use PkiSecretsRx in reactive code.
    • Method Detail

      • create

        static PkiSecrets create​(PkiSecretsRx reactive)
        Create a new blocking API from its reactive counterpart.
        Parameters:
        reactive - reactive PKI Secrets
        Returns:
        blocking PKI Secrets
      • caCertificate

        default X509Certificate caCertificate()
        Certification authority certificate.
        Returns:
        certificate of the CA
      • caCertificate

        default byte[] caCertificate​(PkiFormat format)
        Certification authority certificate in raw bytes.
        Parameters:
        format - format to use, either DER or PEM format are supported
        Returns:
        CA certificate bytes
      • certificate

        default Optional<X509Certificate> certificate​(String serialNumber)
        Certificate with the defined serial id.
        Parameters:
        serialNumber - serial number of the certificate
        Returns:
        certificate, if not found, an exception is returned
      • certificate

        default Optional<byte[]> certificate​(String serialNumber,
                                             PkiFormat format)
        Certificate in raw bytes, currently only PkiFormat.PEM is supported.
        Parameters:
        serialNumber - serial number of the certificate
        format - format - must be PkiFormat.PEM
        Returns:
        certificate bytes in PEM format
      • crl

        default X509CRL crl()
        Certificate revocation list.
        Returns:
        revoke list
      • crl

        default byte[] crl​(PkiFormat format)
        Certificate revocation list in raw bytes.
        Parameters:
        format - to choose between PEM and DER encoding of the list
        Returns:
        CRL bytes
      • crl

        CrlGet.Response crl​(CrlGet.Request request)
        Get a CRL (certificate revocation list).
        Parameters:
        request - get CRL request
        Returns:
        get CRL response
      • signCertificateRequest

        SignCsr.Response signCertificateRequest​(SignCsr.Request request)
        This endpoint signs a new certificate based upon the provided CSR and the supplied parameters, subject to the restrictions contained in the role named in the endpoint.
        Parameters:
        request - sign CSR request
        Returns:
        a new certificate
      • revokeCertificate

        default Instant revokeCertificate​(String serialNumber)
        Revoke a certificate by its serial number.
        Parameters:
        serialNumber - serial number of the certificate to revoke
        Returns:
        revocation instant
      • revokeCertificate

        RevokeCertificate.Response revokeCertificate​(RevokeCertificate.Request request)
        Revoke a certificate.
        Parameters:
        request - revoke certificate request with at least the certificate serial number
        Returns:
        revoke certificate response
      • generateSelfSignedRoot

        default GenerateSelfSignedRoot.Response generateSelfSignedRoot​(String commonName)
        Generate a self signed root certificate. This operations makes sense for testing. For production environments, this would most likely be initialized with an explicit key and certificate.
        Parameters:
        commonName - the common name (cn) of the certificate
        Returns:
        when request finishes
      • generateSelfSignedRoot

        GenerateSelfSignedRoot.Response generateSelfSignedRoot​(GenerateSelfSignedRoot.Request request)
        Generate a self signed root certificate. This operations makes sense for testing. For production environments, this would most likely be initialized with an explicit key and certificate.
        Parameters:
        request - generate self signed root request with at least the common name configured
        Returns:
        generate self signed root response