Package org.springframework.vault.core
Class VaultPkiTemplate
java.lang.Object
org.springframework.vault.core.VaultPkiTemplate
- All Implemented Interfaces:
VaultPkiOperations
Default implementation of
VaultPkiOperations.- Author:
- Mark Paluch, Alex Antonov
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.springframework.vault.core.VaultPkiOperations
VaultPkiOperations.Encoding -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptiongetCrl(VaultPkiOperations.Encoding encoding) Retrieves the current CRL in raw form.issueCertificate(String roleName, VaultCertificateRequest certificateRequest) Requests a certificate bundle (private key and certificate) from Vault's PKI backend given aroleNameandVaultCertificateRequest.voidRevokes a certificate using its serial number.signCertificateRequest(String roleName, String csr, VaultCertificateRequest certificateRequest)
-
Constructor Details
-
VaultPkiTemplate
- Parameters:
vaultOperations- must not be null.path- must not be empty or null.
-
-
Method Details
-
issueCertificate
public VaultCertificateResponse issueCertificate(String roleName, VaultCertificateRequest certificateRequest) throws VaultException Description copied from interface:VaultPkiOperationsRequests a certificate bundle (private key and certificate) from Vault's PKI backend given aroleNameandVaultCertificateRequest. The issuing CA certificate is returned as well, so that only the root CA need be in a client's trust store.- Specified by:
issueCertificatein interfaceVaultPkiOperations- Parameters:
roleName- must not be empty or null.certificateRequest- must not be null.- Returns:
- the
VaultCertificateResponsecontaining aCertificateBundle. - Throws:
VaultException- See Also:
-
signCertificateRequest
public VaultSignCertificateRequestResponse signCertificateRequest(String roleName, String csr, VaultCertificateRequest certificateRequest) throws VaultException Description copied from interface:VaultPkiOperationsSigns a CSR using Vault's PKI backend given aroleName,csrandVaultCertificateRequest. The issuing CA certificate is returned as well, so that only the root CA need be in a client's trust store.- Specified by:
signCertificateRequestin interfaceVaultPkiOperations- Parameters:
roleName- must not be empty or null.csr- must not be empty or null.certificateRequest- must not be null.- Returns:
- the
VaultCertificateResponsecontaining aCertificate. - Throws:
VaultException- See Also:
-
revoke
Description copied from interface:VaultPkiOperationsRevokes a certificate using its serial number. This is an alternative option to the standard method of revoking using Vault lease IDs. A successful revocation will rotate the CRL- Specified by:
revokein interfaceVaultPkiOperations- Parameters:
serialNumber- must not be empty or null.- Throws:
VaultException- See Also:
-
getCrl
Description copied from interface:VaultPkiOperationsRetrieves the current CRL in raw form. This endpoint is suitable for usage in the CRL distribution points extension in a CA certificate. This is a bare endpoint that does not return a standard Vault data structure. Returns dataVaultPkiOperations.Encoding.DERorVaultPkiOperations.Encoding.PEMencoded.If Vault reports no content under the CRL URL, then the result of this method call is null.
- Specified by:
getCrlin interfaceVaultPkiOperations- Returns:
InputStreamcontaining the encoded CRL or null if Vault responds with 204 No Content.- Throws:
VaultException- See Also:
-