public class VaultPkiTemplate extends Object implements VaultPkiOperations
VaultPkiOperations
.VaultPkiOperations.Encoding
Constructor and Description |
---|
VaultPkiTemplate(VaultOperations vaultOperations,
String path)
|
Modifier and Type | Method and Description |
---|---|
InputStream |
getCrl(VaultPkiOperations.Encoding encoding)
Retrieves the current CRL in raw form.
|
VaultCertificateResponse |
issueCertificate(String roleName,
VaultCertificateRequest certificateRequest)
Requests a certificate bundle (private key and certificate) from Vault's PKI
backend given a
roleName and VaultCertificateRequest . |
void |
revoke(String serialNumber)
Revokes a certificate using its serial number.
|
VaultSignCertificateRequestResponse |
signCertificateRequest(String roleName,
String csr,
VaultCertificateRequest certificateRequest)
|
public VaultPkiTemplate(VaultOperations vaultOperations, String path)
vaultOperations
- must not be null.path
- must not be empty or null.public VaultCertificateResponse issueCertificate(String roleName, VaultCertificateRequest certificateRequest) throws VaultException
VaultPkiOperations
roleName
and VaultCertificateRequest
. The issuing
CA certificate is returned as well, so that only the root CA need be in a client's
trust store. Certificates use DER format and are base64 encoded.issueCertificate
in interface VaultPkiOperations
roleName
- must not be empty or null.certificateRequest
- must not be null.VaultCertificateResponse
containing a CertificateBundle
.VaultException
public VaultSignCertificateRequestResponse signCertificateRequest(String roleName, String csr, VaultCertificateRequest certificateRequest) throws VaultException
VaultPkiOperations
roleName
, csr
and
VaultCertificateRequest
. The issuing CA certificate is returned as well, so
that only the root CA need be in a client's trust store. Certificates use DER
format and are base64 encoded.signCertificateRequest
in interface VaultPkiOperations
roleName
- must not be empty or null.csr
- must not be empty or null.certificateRequest
- must not be null.VaultCertificateResponse
containing a
Certificate
.VaultException
public void revoke(String serialNumber) throws VaultException
VaultPkiOperations
revoke
in interface VaultPkiOperations
serialNumber
- must not be empty or null.VaultException
public InputStream getCrl(VaultPkiOperations.Encoding encoding) throws VaultException
VaultPkiOperations
VaultPkiOperations.Encoding.DER
or VaultPkiOperations.Encoding.PEM
encoded.
If Vault reports no content under the CRL URL, then the result of this method call is null.
getCrl
in interface VaultPkiOperations
InputStream
containing the encoded CRL or null
if Vault responds with 204 No Content.VaultException
Copyright © 2016–2020 Pivotal Software, Inc.. All rights reserved.