Package io.quarkus.vault.pki

Class SignIntermediateCAOptions

  • public class SignIntermediateCAOptions
extends Object
    Options for signing an intermediate CA certificate.

    • Field Detail

      • subjectCommonName

        public String subjectCommonName
        Specifies Common Name (CN) of the subject.

      • subjectOrganization

        public String subjectOrganization
        Specifies Organization (O) of the subject.

      • subjectOrganizationalUnit

        public String subjectOrganizationalUnit
        Specifies Organizational Unit (OU) of the subject.

      • subjectStreetAddress

        public String subjectStreetAddress
        Specifies Street Address of the subject.

      • subjectPostalCode

        public String subjectPostalCode
        Specifies Postal Code of the subject.

      • subjectLocality

        public String subjectLocality
        Specifies Locality (L) of the subject.

      • subjectProvince

        public String subjectProvince
        Specifies Province (ST) of the subject.

      • subjectCountry

        public String subjectCountry
        Specifies Country (C) of the subject.

      • subjectSerialNumber

        public String subjectSerialNumber
        Specifies the Serial Number (SERIALNUMBER) of the subject.

      • subjectAlternativeNames

        public List<String> subjectAlternativeNames
        Specifies Subject Alternative Names.

        These can be host names or email addresses; they will be parsed into their respective fields.

      • excludeCommonNameFromSubjectAlternativeNames

        public Boolean excludeCommonNameFromSubjectAlternativeNames
        Flag determining if the Common Name (CN) of the subject will be included by default in the Subject Alternative Names of issued certificates.

      • ipSubjectAlternativeNames

        public List<String> ipSubjectAlternativeNames
        Specifies IP Subject Alternative Names.

      • uriSubjectAlternativeNames

        public List<String> uriSubjectAlternativeNames
        Specifies URI Subject Alternative Names.

      • otherSubjectAlternativeNames

        public List<String> otherSubjectAlternativeNames
        Specifies custom OID/UTF8-string Subject Alternative Names.

        The format is the same as OpenSSL: ;: where the only current valid type is UTF8.

      • timeToLive

        public String timeToLive
        Specifies time-to-live.

        Value is specified as a string duration with time suffix. Hour is the largest supported suffix.

      • maxPathLength

        public Integer maxPathLength
        Specifies the maximum path length for generated certificate.

      • useCSRValues

        public Boolean useCSRValues
        Flag determining if CSR values are used instead of configured default values.

        Enables the following handling:

        • Subject information, including names and alternate names, will be preserved from the CSR.
        • Any key usages (for instance, non-repudiation) requested in the CSR will be added to the set of CA key usages.
        • Extensions requested in the CSR will be copied into the issued certificate.

      • permittedDnsDomains

        public List<String> permittedDnsDomains
        DNS domains for which certificates are allowed to be issued or signed by this CA certificate. Subdomains are allowed, as per RFC.

      • format

        public DataFormat format
        Specifies returned format of certificate data. If unspecified it defaults to DataFormat.PEM

    • Constructor Detail

      • SignIntermediateCAOptions

        public SignIntermediateCAOptions()