Class Certificate

java.lang.Object
org.springframework.vault.support.Certificate
Direct Known Subclasses:
CertificateBundle

public class Certificate extends Object
Value object representing a certificate consisting of the certificate and the issuer certificate. Certificate and keys can be either DER or PEM (including PEM bundle) encoded. Certificates can be obtained as X509Certificate.
Since:
2.0
Author:
Mark Paluch
See Also:
  • Method Details

    • of

      public static Certificate of(String serialNumber, String certificate, String issuingCaCertificate)
      Create a Certificate given a private key with certificates and the serial number.
      Parameters:
      serialNumber - must not be empty or null.
      certificate - must not be empty or null.
      issuingCaCertificate - must not be empty or null.
      Returns:
      the Certificate
    • of

      public static Certificate of(String serialNumber, String certificate, String issuingCaCertificate, List<String> caChain)
      Create a Certificate given a private key with certificates and the serial number.
      Parameters:
      serialNumber - must not be empty or null.
      certificate - must not be empty or null.
      issuingCaCertificate - must not be empty or null.
      caChain - empty list allowed
      Returns:
      the Certificate.
      Since:
      3.1
    • of

      public static Certificate of(String serialNumber, String certificate, String issuingCaCertificate, List<String> caChain, Long revocationTime)
      Create a Certificate given a private key with certificates and the serial number.
      Parameters:
      serialNumber - must not be empty or null.
      certificate - must not be empty or null.
      issuingCaCertificate - must not be empty or null.
      caChain - empty list allowed
      revocationTime - revocation time, must not be null.
      Returns:
      the Certificate.
      Since:
      3.1
    • getSerialNumber

      public String getSerialNumber()
      Returns:
      the serial number.
    • getCertificate

      public String getCertificate()
      Returns:
      encoded certificate (PEM or DER-encoded).
    • getIssuingCaCertificate

      public String getIssuingCaCertificate()
      Returns:
      encoded certificate of the issuing CA (PEM or DER-encoded).
    • getX509Certificate

      public X509Certificate getX509Certificate()
      Retrieve the certificate as X509Certificate.
      Returns:
      the X509Certificate.
      Throws:
      IllegalStateException - if there is no X.509 certificate available.
    • getX509IssuerCertificate

      public X509Certificate getX509IssuerCertificate()
      Retrieve the issuing CA certificate as X509Certificate.
      Returns:
      the issuing CA X509Certificate.
    • createTrustStore

      public KeyStore createTrustStore()
      Create a trust store as KeyStore from this Certificate containing the certificate chain.
      Returns:
      the KeyStore containing the private key and certificate chain.
    • createTrustStore

      public KeyStore createTrustStore(boolean includeCaChain)
      Create a trust store as KeyStore from this Certificate containing * the certificate chain.
      Parameters:
      includeCaChain - whether to include the certificate authority chain instead of just the issuer certificate.
      Returns:
      the KeyStore containing the certificate and certificate chain.
    • getX509IssuerCertificates

      public List<X509Certificate> getX509IssuerCertificates()
      Retrieve the issuing CA certificates as list of X509Certificate.
      Returns:
      the issuing CA X509Certificate.
      Since:
      2.3.3
    • getRevocationTime

      @Nullable public Instant getRevocationTime()
    • isRevoked

      public boolean isRevoked()