All Implemented Interfaces:
ApiRequest<SignCsr.Request>
Enclosing class:
SignCsr

public static final class SignCsr.Request extends VaultRequest<T>
Request object. Can be configured with additional headers, query parameters etc.
  • Method Details

    • builder

      public static SignCsr.Request builder()
      Fluent API builder for configuring a request. The request builder is passed as is, without a build method. The equivalent of a build method is ApiJsonBuilder.toJson(jakarta.json.JsonBuilderFactory) used by the RestApi.
      Returns:
      new request builder
    • csr

      public SignCsr.Request csr(String csr)
      Certification request (CSR) in PEM format.
      Parameters:
      csr - certificate signing request
      Returns:
      updated request
    • addAltName

      public SignCsr.Request addAltName(String name)
      Specifies requested Subject Alternative Name(s). These can be host names or email addresses; they will be parsed into their respective fields. If any requested names do not match role policy, the entire request will be denied.
      Parameters:
      name - alt name
      Returns:
      updated request
    • addIpSan

      public SignCsr.Request addIpSan(String subjectAlternativeName)
      Specifies requested IP Subject Alternative Name(s). Only valid if the role allows IP SANs (which is the default).
      Parameters:
      subjectAlternativeName - IP subject alternative name
      Returns:
      updated request
    • addUriSan

      public SignCsr.Request addUriSan(String subjectAlternativeName)
      Specifies the requested URI Subject Alternative Name(s).
      Parameters:
      subjectAlternativeName - URI subject alternative name
      Returns:
      updated request
    • addOtherSan

      public SignCsr.Request addOtherSan(String oid, String value)
      Specifies custom OID/UTF8-string SANs. These must match values specified on the role in allowed_other_sans (see role creation for allowed_other_sans globbing rules). The format is the same as OpenSSL: <oid>:<type>:<value> where the type is hardcoded to UTF8.
      Parameters:
      oid - OID of the subject alternative name
      value - value of the subject alternative name
      Returns:
      updated request
    • ttl

      public SignCsr.Request ttl(Duration duration)
      Specifies requested Time To Live. Cannot be greater than the role's max_ttl value. If not provided, the role's ttl value will be used. Note that the role values default to system values if not explicitly set.
      Parameters:
      duration - time to live
      Returns:
      updated request
    • excludeCnFromSans

      public SignCsr.Request excludeCnFromSans(boolean exclude)
      If true, the given common_name will not be included in DNS or Email Subject Alternate Names (as appropriate). Useful if the CN is not a hostname or email address, but is instead some human-readable identifier.
      Parameters:
      exclude - whether to exclude CN from subject alternative names
      Returns:
      updated request
    • commonName

      public SignCsr.Request commonName(String commonName)
    • format

      public SignCsr.Request format(PkiFormat format)
    • roleName

      public SignCsr.Request roleName(String roleName)