Class SignCsr.Request

  • All Implemented Interfaces:
    ApiRequest<SignCsr.Request>
    Enclosing class:
    SignCsr

    public static final class SignCsr.Request
    extends VaultRequest<T>
    Request object. Can be configured with additional headers, query parameters etc.
    • Method Detail

      • csr

        public SignCsr.Request csr​(String csr)
        Certification request (CSR) in PEM format.
        Parameters:
        csr - certificate signing request
        Returns:
        updated request
      • addAltName

        public T addAltName​(String name)
        Specifies requested Subject Alternative Name(s). These can be host names or email addresses; they will be parsed into their respective fields. If any requested names do not match role policy, the entire request will be denied.
        Parameters:
        name - alt name
        Returns:
        updated request
      • addIpSan

        public T addIpSan​(String subjectAlternativeName)
        Specifies requested IP Subject Alternative Name(s). Only valid if the role allows IP SANs (which is the default).
        Parameters:
        subjectAlternativeName - IP subject alternative name
        Returns:
        updated request
      • addUriSan

        public T addUriSan​(String subjectAlternativeName)
        Specifies the requested URI Subject Alternative Name(s).
        Parameters:
        subjectAlternativeName - URI subject alternative name
        Returns:
        updated request
      • addOtherSan

        public T addOtherSan​(String oid,
                             String value)
        Specifies custom OID/UTF8-string SANs. These must match values specified on the role in allowed_other_sans (see role creation for allowed_other_sans globbing rules). The format is the same as OpenSSL: <oid>:<type>:<value> where the type is hardcoded to UTF8.
        Parameters:
        oid - OID of the subject alternative name
        value - value of the subject alternative name
        Returns:
        updated request
      • ttl

        public T ttl​(Duration duration)
        Specifies requested Time To Live. Cannot be greater than the role's max_ttl value. If not provided, the role's ttl value will be used. Note that the role values default to system values if not explicitly set.
        Parameters:
        duration - time to live
        Returns:
        updated request
      • excludeCnFromSans

        public T excludeCnFromSans​(boolean exclude)
        If true, the given common_name will not be included in DNS or Email Subject Alternate Names (as appropriate). Useful if the CN is not a hostname or email address, but is instead some human-readable identifier.
        Parameters:
        exclude - whether to exclude CN from subject alternative names
        Returns:
        updated request
      • commonName

        public T commonName​(String commonName)
      • format

        public T format​(PkiFormat format)
      • roleName

        public T roleName​(String roleName)