java.lang.Object

org.springframework.vault.core.VaultPkiTemplate

All Implemented Interfaces:: VaultPkiOperations

public class VaultPkiTemplate extends Object implements VaultPkiOperations

Default implementation of VaultPkiOperations.

Author:: Mark Paluch, Alex Antonov

Nested Class Summary

Nested classes/interfaces inherited from interface org.springframework.vault.core.VaultPkiOperations
VaultPkiOperations.Encoding
Constructor Summary

Constructors

Constructor

Description

VaultPkiTemplate(VaultOperations vaultOperations, String path)

Create a new VaultPkiTemplate given VaultOperations and the mount path.
Method Summary

Modifier and Type

Method

Description

InputStream

getCrl(VaultPkiOperations.Encoding encoding)

Retrieves the current CRL in raw form.

VaultIssuerCertificateRequestResponse

getIssuerCertificate(String issuer)

Retrieves the specified issuer's certificate.

InputStream

getIssuerCertificate(String issuer, VaultPkiOperations.Encoding encoding)

Retrieves the specified issuer's certificate.

VaultCertificateResponse

issueCertificate(String roleName, VaultCertificateRequest certificateRequest)

Requests a certificate bundle (private key and certificate) from Vault's PKI backend given a roleName and VaultCertificateRequest.

void

revoke(String serialNumber)

Revokes a certificate using its serial number.

VaultSignCertificateRequestResponse

signCertificateRequest(String roleName, String csr, VaultCertificateRequest certificateRequest)

Signs a CSR using Vault's PKI backend given a roleName, csr and VaultCertificateRequest.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- VaultPkiTemplate
  
  public VaultPkiTemplate(VaultOperations vaultOperations, String path)
  
  Create a new VaultPkiTemplate given VaultOperations and the mount path.
  
  Parameters:
  
  vaultOperations - must not be null.
  
  path - must not be empty or null.
Method Details
- issueCertificate
  
  public VaultCertificateResponse issueCertificate(String roleName, VaultCertificateRequest certificateRequest) throws VaultException
  
  Description copied from interface: VaultPkiOperations
  
  Requests a certificate bundle (private key and certificate) from Vault's PKI backend given a roleName and VaultCertificateRequest. The issuing CA certificate is returned as well, so that only the root CA need be in a client's trust store.
  Specified by:
  
  issueCertificate in interface VaultPkiOperations
  
  Parameters:
  
  roleName - must not be empty or null.
  
  certificateRequest - must not be null.
  
  Returns:
  
  the VaultCertificateResponse containing a CertificateBundle .
  
  Throws:
  
  VaultException
  
  See Also:
  
  POST /pki/issue/[role name]
- signCertificateRequest
  
  public VaultSignCertificateRequestResponse signCertificateRequest(String roleName, String csr, VaultCertificateRequest certificateRequest) throws VaultException
  
  Description copied from interface: VaultPkiOperations
  
  Signs a CSR using Vault's PKI backend given a roleName, csr and VaultCertificateRequest. The issuing CA certificate is returned as well, so that only the root CA need be in a client's trust store.
  Specified by:
  
  signCertificateRequest in interface VaultPkiOperations
  
  Parameters:
  
  roleName - must not be empty or null.
  
  csr - must not be empty or null.
  
  certificateRequest - must not be null.
  
  Returns:
  
  the VaultCertificateResponse containing a Certificate .
  
  Throws:
  
  VaultException
  
  See Also:
  
  POST /pki/sign/[role name]
- revoke
  
  public void revoke(String serialNumber) throws VaultException
  
  Description copied from interface: VaultPkiOperations
  
  Revokes a certificate using its serial number. This is an alternative option to the standard method of revoking using Vault lease IDs. A successful revocation will rotate the CRL
  Specified by:
  
  revoke in interface VaultPkiOperations
  
  Parameters:
  
  serialNumber - must not be empty or null.
  
  Throws:
  
  VaultException
  
  See Also:
  
  POST /pki/revoke
- getCrl
  
  public InputStream getCrl(VaultPkiOperations.Encoding encoding) throws VaultException
  
  Description copied from interface: VaultPkiOperations
  
  Retrieves the current CRL in raw form. This endpoint is suitable for usage in the CRL distribution points extension in a CA certificate. This is a bare endpoint that does not return a standard Vault data structure. Returns data VaultPkiOperations.Encoding.DER or VaultPkiOperations.Encoding.PEM encoded.
  If Vault reports no content under the CRL URL, then the result of this method call is null.
  Specified by:
  
  getCrl in interface VaultPkiOperations
  
  Returns:
  
  InputStream containing the encoded CRL or null if Vault responds with 204 No Content.
  
  Throws:
  
  VaultException
  
  See Also:
  
  GET /pki/crl
- getIssuerCertificate
  
  public VaultIssuerCertificateRequestResponse getIssuerCertificate(String issuer) throws VaultException
  
  Description copied from interface: VaultPkiOperations
  
  Retrieves the specified issuer's certificate. Includes the full ca_chain of the issuer.
  Specified by:
  
  getIssuerCertificate in interface VaultPkiOperations
  
  Parameters:
  
  issuer - reference to an existing issuer, either by Vault-generated identifier, or the name assigned to an issuer. Pass the literal string default to refer to the currently configured issuer.
  
  Returns:
  
  the VaultIssuerCertificateRequestResponse containing a Certificate
  
  Throws:
  
  VaultException
  
  See Also:
  
  GET * /pki/issuer/:issuer_ref/json
- getIssuerCertificate
  
  public InputStream getIssuerCertificate(String issuer, VaultPkiOperations.Encoding encoding) throws VaultException
  
  Description copied from interface: VaultPkiOperations
  
  Retrieves the specified issuer's certificate. Includes the full ca_chain of the issuer.
  Specified by:
  
  getIssuerCertificate in interface VaultPkiOperations
  
  Parameters:
  
  issuer - reference to an existing issuer, either by Vault-generated identifier, or the name assigned to an issuer. Pass the literal string default to refer to the currently configured issuer.
  
  encoding - encoding to use.
  
  Returns:
  
  InputStream containing the encoded certificate.
  
  Throws:
  
  VaultException
  
  See Also:
  
  GET /pki/issuer/:issuer_ref/{der, pem}

Class VaultPkiTemplate

Nested Class Summary

Nested classes/interfaces inherited from interface org.springframework.vault.core.VaultPkiOperations

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Details

VaultPkiTemplate

Method Details

issueCertificate

signCertificateRequest

revoke

getCrl

getIssuerCertificate

getIssuerCertificate