Class CertificateBundle

java.lang.Object
org.springframework.vault.support.Certificate
org.springframework.vault.support.CertificateBundle

public class CertificateBundle extends Certificate
Value object representing a certificate bundle consisting of a private key, the certificate and the issuer certificate. Certificate and keys can be either DER or PEM encoded. RSA and Elliptic Curve keys and certificates can be converted to a KeySpec respective X509Certificate object. Supports creation of key stores that contain the key and the certificate chain.
Author:
Mark Paluch, Alex Bremora
See Also:
  • Method Details

    • of

      public static CertificateBundle of(String serialNumber, String certificate, String issuingCaCertificate, String privateKey)
      Create a CertificateBundle given a private key with certificates and the serial number.
      Parameters:
      serialNumber - must not be empty or null.
      certificate - must not be empty or null.
      issuingCaCertificate - must not be empty or null.
      privateKey - must not be empty or null.
      Returns:
      the CertificateBundle instead.
    • of

      public static CertificateBundle of(String serialNumber, String certificate, String issuingCaCertificate, String privateKey, @Nullable String privateKeyType)
      Create a CertificateBundle given a private key with certificates and the serial number.
      Parameters:
      serialNumber - must not be empty or null.
      certificate - must not be empty or null.
      issuingCaCertificate - must not be empty or null.
      privateKey - must not be empty or null.
      privateKeyType - must not be empty or null.
      Returns:
      the CertificateBundle
      Since:
      2.4
    • getPrivateKey

      public String getPrivateKey()
      Returns:
      the private key (decrypted form, PEM or DER-encoded)
    • getPrivateKeyType

      @Nullable public String getPrivateKeyType()
      Returns:
      the private key type, can be null.
      Since:
      2.4
    • getRequiredPrivateKeyType

      public String getRequiredPrivateKeyType()
      Returns:
      the required private key type, can be null.
      Throws:
      IllegalStateException - if the private key type is null
      Since:
      2.4
    • getPrivateKeySpec

      public KeySpec getPrivateKeySpec()
      Retrieve the private key as KeySpec.
      Returns:
      the private KeySpec. KeyFactory can generate a PrivateKey from this KeySpec.
    • createKeyStore

      public KeyStore createKeyStore(String keyAlias)
      Create a KeyStore from this CertificateBundle containing the private key and certificate chain.
      Parameters:
      keyAlias - the key alias to use.
      Returns:
      the KeyStore containing the private key and certificate chain.
    • createKeyStore

      public KeyStore createKeyStore(String keyAlias, boolean includeCaChain)
      Create a KeyStore from this CertificateBundle containing the private key and certificate chain.
      Parameters:
      keyAlias - the key alias to use.
      includeCaChain - whether to include the certificate authority chain instead of just the issuer certificate.
      Returns:
      the KeyStore containing the private key and certificate chain.
      Since:
      2.3.3
    • getX509IssuerCertificates

      public List<X509Certificate> getX509IssuerCertificates()
      Retrieve the issuing CA certificates as list of X509Certificate.
      Returns:
      the issuing CA X509Certificate.
      Since:
      2.3.3