Package io.quarkus.vault.runtime
Class VaultPKIManager
- java.lang.Object
-
- io.quarkus.vault.runtime.VaultPKIManager
-
- All Implemented Interfaces:
VaultPKISecretReactiveEngine
@ApplicationScoped public class VaultPKIManager extends Object implements VaultPKISecretReactiveEngine
-
-
Constructor Summary
Constructors Constructor Description VaultPKIManager(VaultClient vaultClient, VaultAuthManager vaultAuthManager, VaultInternalPKISecretEngine vaultInternalPKISecretEngine)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description io.smallrye.mutiny.Uni<Void>configCertificateAuthority(String pemBundle)Configures the engine's CA.io.smallrye.mutiny.Uni<Void>configCRL(ConfigCRLOptions options)Configures engine's CRL.io.smallrye.mutiny.Uni<Void>configURLs(ConfigURLsOptions options)Configures engine's URLs for issuing certificates, CRL distribution points, and OCSP servers.io.smallrye.mutiny.Uni<Void>deleteRole(String role)Deletes a role.io.smallrye.mutiny.Uni<Void>deleteRoot()Deletes the engine's current CA.io.smallrye.mutiny.Uni<GeneratedCertificate>generateCertificate(String role, GenerateCertificateOptions options)Generates a public/private key pair and certificate issued from the engine's CA using the provided options.io.smallrye.mutiny.Uni<GeneratedIntermediateCSRResult>generateIntermediateCSR(GenerateIntermediateCSROptions options)Generates a Certificate Signing Request and private key for the engine's CA.io.smallrye.mutiny.Uni<GeneratedRootCertificate>generateRoot(GenerateRootOptions options)Generates a self-signed root as the engine's CA.io.smallrye.mutiny.Uni<CertificateData.PEM>getCertificate(String serial)Retrieve a specific certificate (PEM encoded).io.smallrye.mutiny.Uni<CertificateData.PEM>getCertificateAuthority()Retrieves the engine's CA certificate (PEM encoded).io.smallrye.mutiny.Uni<CertificateData>getCertificateAuthority(DataFormat format)Retrieves the engine's CA certificate.io.smallrye.mutiny.Uni<CAChainData.PEM>getCertificateAuthorityChain()Retrieves the engine's CA chain (PEM encoded).io.smallrye.mutiny.Uni<CRLData.PEM>getCertificateRevocationList()Retrieves the engine's CRL (PEM encoded).io.smallrye.mutiny.Uni<CRLData>getCertificateRevocationList(DataFormat format)Retrieves the engine's CRL.io.smallrye.mutiny.Uni<List<String>>getCertificates()List all issued certificate serial numbers.io.smallrye.mutiny.Uni<RoleOptions>getRole(String role)Retrieve current options for a role.io.smallrye.mutiny.Uni<List<String>>getRoles()Lists existing role names.io.smallrye.mutiny.Uni<ConfigCRLOptions>readCRLConfig()Read engine's CRL configuration.io.smallrye.mutiny.Uni<ConfigURLsOptions>readURLsConfig()Read engine's configured URLs for issuing certificates, CRL distribution points, and OCSP servers.io.smallrye.mutiny.Uni<OffsetDateTime>revokeCertificate(String serialNumber)Revokes a certificate.io.smallrye.mutiny.Uni<Boolean>rotateCertificateRevocationList()Forces a rotation of the associated CRL.io.smallrye.mutiny.Uni<Void>setSignedIntermediateCA(String pemCert)Sets the engine's intermediate CA certificate, signed by another CA.io.smallrye.mutiny.Uni<SignedCertificate>signIntermediateCA(String pemSigningRequest, SignIntermediateCAOptions options)Generates an intermediate CA certificate issued from the engine's CA using the provided Certificate Signing Request and options.io.smallrye.mutiny.Uni<SignedCertificate>signRequest(String role, String pemSigningRequest, GenerateCertificateOptions options)Generates a certificate issued from the engine's CA using the provided Certificate Signing Request and options.io.smallrye.mutiny.Uni<Void>tidy(TidyOptions options)Tidy up the storage backend and/or CRL by removing certificates that have expired and are past a certain buffer period beyond their expiration time.io.smallrye.mutiny.Uni<Void>updateRole(String role, RoleOptions options)Updates, or creates, a role.
-
-
-
Constructor Detail
-
VaultPKIManager
@Inject public VaultPKIManager(VaultClient vaultClient, VaultAuthManager vaultAuthManager, VaultInternalPKISecretEngine vaultInternalPKISecretEngine)
-
-
Method Detail
-
getCertificateAuthority
public io.smallrye.mutiny.Uni<CertificateData.PEM> getCertificateAuthority()
Description copied from interface:VaultPKISecretReactiveEngineRetrieves the engine's CA certificate (PEM encoded).- Specified by:
getCertificateAuthorityin interfaceVaultPKISecretReactiveEngine- Returns:
- Certificate authority certificate.
-
getCertificateAuthority
public io.smallrye.mutiny.Uni<CertificateData> getCertificateAuthority(DataFormat format)
Description copied from interface:VaultPKISecretReactiveEngineRetrieves the engine's CA certificate.- Specified by:
getCertificateAuthorityin interfaceVaultPKISecretReactiveEngine- Parameters:
format- Format of the returned certificate data.- Returns:
- Certificate authority certificate.
-
configCertificateAuthority
public io.smallrye.mutiny.Uni<Void> configCertificateAuthority(String pemBundle)
Description copied from interface:VaultPKISecretReactiveEngineConfigures the engine's CA.- Specified by:
configCertificateAuthorityin interfaceVaultPKISecretReactiveEngine- Parameters:
pemBundle- PEM encoded bundle including the CA, with optional chain, and private key.
-
configURLs
public io.smallrye.mutiny.Uni<Void> configURLs(ConfigURLsOptions options)
Description copied from interface:VaultPKISecretReactiveEngineConfigures engine's URLs for issuing certificates, CRL distribution points, and OCSP servers.- Specified by:
configURLsin interfaceVaultPKISecretReactiveEngine- Parameters:
options- URL options.
-
readURLsConfig
public io.smallrye.mutiny.Uni<ConfigURLsOptions> readURLsConfig()
Description copied from interface:VaultPKISecretReactiveEngineRead engine's configured URLs for issuing certificates, CRL distribution points, and OCSP servers.- Specified by:
readURLsConfigin interfaceVaultPKISecretReactiveEngine- Returns:
- URL options.
-
configCRL
public io.smallrye.mutiny.Uni<Void> configCRL(ConfigCRLOptions options)
Description copied from interface:VaultPKISecretReactiveEngineConfigures engine's CRL.- Specified by:
configCRLin interfaceVaultPKISecretReactiveEngine- Parameters:
options- CRL options.
-
readCRLConfig
public io.smallrye.mutiny.Uni<ConfigCRLOptions> readCRLConfig()
Description copied from interface:VaultPKISecretReactiveEngineRead engine's CRL configuration.- Specified by:
readCRLConfigin interfaceVaultPKISecretReactiveEngine- Returns:
- URL options.
-
getCertificateAuthorityChain
public io.smallrye.mutiny.Uni<CAChainData.PEM> getCertificateAuthorityChain()
Description copied from interface:VaultPKISecretReactiveEngineRetrieves the engine's CA chain (PEM encoded).- Specified by:
getCertificateAuthorityChainin interfaceVaultPKISecretReactiveEngine- Returns:
- Certificate authority chain.
-
getCertificateRevocationList
public io.smallrye.mutiny.Uni<CRLData.PEM> getCertificateRevocationList()
Description copied from interface:VaultPKISecretReactiveEngineRetrieves the engine's CRL (PEM encoded).- Specified by:
getCertificateRevocationListin interfaceVaultPKISecretReactiveEngine- Returns:
- Certificate revocation list.
-
getCertificateRevocationList
public io.smallrye.mutiny.Uni<CRLData> getCertificateRevocationList(DataFormat format)
Description copied from interface:VaultPKISecretReactiveEngineRetrieves the engine's CRL.- Specified by:
getCertificateRevocationListin interfaceVaultPKISecretReactiveEngine- Parameters:
format- Format of the returned crl data.- Returns:
- Certificate revocation list.
-
rotateCertificateRevocationList
public io.smallrye.mutiny.Uni<Boolean> rotateCertificateRevocationList()
Description copied from interface:VaultPKISecretReactiveEngineForces a rotation of the associated CRL.- Specified by:
rotateCertificateRevocationListin interfaceVaultPKISecretReactiveEngine
-
getCertificates
public io.smallrye.mutiny.Uni<List<String>> getCertificates()
Description copied from interface:VaultPKISecretReactiveEngineList all issued certificate serial numbers.- Specified by:
getCertificatesin interfaceVaultPKISecretReactiveEngine- Returns:
- List of certificate serialize numbers.
-
getCertificate
public io.smallrye.mutiny.Uni<CertificateData.PEM> getCertificate(String serial)
Description copied from interface:VaultPKISecretReactiveEngineRetrieve a specific certificate (PEM encoded).- Specified by:
getCertificatein interfaceVaultPKISecretReactiveEngine- Parameters:
serial- Serial number of certificate.- Returns:
- Certificate or null if no certificate exists.
-
generateCertificate
public io.smallrye.mutiny.Uni<GeneratedCertificate> generateCertificate(String role, GenerateCertificateOptions options)
Description copied from interface:VaultPKISecretReactiveEngineGenerates a public/private key pair and certificate issued from the engine's CA using the provided options.- Specified by:
generateCertificatein interfaceVaultPKISecretReactiveEngine- Parameters:
role- Name of role used to create certificate.options- Certificate generation options.- Returns:
- Generated certificate and private key.
-
signRequest
public io.smallrye.mutiny.Uni<SignedCertificate> signRequest(String role, String pemSigningRequest, GenerateCertificateOptions options)
Description copied from interface:VaultPKISecretReactiveEngineGenerates a certificate issued from the engine's CA using the provided Certificate Signing Request and options.- Specified by:
signRequestin interfaceVaultPKISecretReactiveEngine- Parameters:
role- Name of role used to create certificate.pemSigningRequest- Certificate Signing Request (PEM encoded).options- Certificate generation options.- Returns:
- Generated certificate.
-
revokeCertificate
public io.smallrye.mutiny.Uni<OffsetDateTime> revokeCertificate(String serialNumber)
Description copied from interface:VaultPKISecretReactiveEngineRevokes a certificate.- Specified by:
revokeCertificatein interfaceVaultPKISecretReactiveEngine- Parameters:
serialNumber- Serial number of certificate.- Returns:
- Time of certificates revocation.
-
updateRole
public io.smallrye.mutiny.Uni<Void> updateRole(String role, RoleOptions options)
Description copied from interface:VaultPKISecretReactiveEngineUpdates, or creates, a role.- Specified by:
updateRolein interfaceVaultPKISecretReactiveEngine- Parameters:
role- Name of role.options- Options for role.
-
getRole
public io.smallrye.mutiny.Uni<RoleOptions> getRole(String role)
Description copied from interface:VaultPKISecretReactiveEngineRetrieve current options for a role.- Specified by:
getRolein interfaceVaultPKISecretReactiveEngine- Parameters:
role- Name of role.- Returns:
- Options for the role or null if role does not exist.
-
getRoles
public io.smallrye.mutiny.Uni<List<String>> getRoles()
Description copied from interface:VaultPKISecretReactiveEngineLists existing role names.- Specified by:
getRolesin interfaceVaultPKISecretReactiveEngine- Returns:
- List of role names.
-
deleteRole
public io.smallrye.mutiny.Uni<Void> deleteRole(String role)
Description copied from interface:VaultPKISecretReactiveEngineDeletes a role.- Specified by:
deleteRolein interfaceVaultPKISecretReactiveEngine- Parameters:
role- Name of role.
-
generateRoot
public io.smallrye.mutiny.Uni<GeneratedRootCertificate> generateRoot(GenerateRootOptions options)
Description copied from interface:VaultPKISecretReactiveEngineGenerates a self-signed root as the engine's CA.- Specified by:
generateRootin interfaceVaultPKISecretReactiveEngine- Parameters:
options- Generation options.- Returns:
- Generated root certificate.
-
deleteRoot
public io.smallrye.mutiny.Uni<Void> deleteRoot()
Description copied from interface:VaultPKISecretReactiveEngineDeletes the engine's current CA.- Specified by:
deleteRootin interfaceVaultPKISecretReactiveEngine
-
signIntermediateCA
public io.smallrye.mutiny.Uni<SignedCertificate> signIntermediateCA(String pemSigningRequest, SignIntermediateCAOptions options)
Description copied from interface:VaultPKISecretReactiveEngineGenerates an intermediate CA certificate issued from the engine's CA using the provided Certificate Signing Request and options.- Specified by:
signIntermediateCAin interfaceVaultPKISecretReactiveEngine- Parameters:
pemSigningRequest- Certificate Signing Request (PEM encoded).options- Signing options.- Returns:
- Generated certificate.
-
generateIntermediateCSR
public io.smallrye.mutiny.Uni<GeneratedIntermediateCSRResult> generateIntermediateCSR(GenerateIntermediateCSROptions options)
Description copied from interface:VaultPKISecretReactiveEngineGenerates a Certificate Signing Request and private key for the engine's CA. Use this to generate a CSR and for the engine's CA that can be used by another CA to issue an intermediate CA certificate. After generating the intermediate CAVaultPKISecretReactiveEngine.setSignedIntermediateCA(String)must be used to set the engine's CA certificate. This will overwrite any previously existing CA private key for the engine.- Specified by:
generateIntermediateCSRin interfaceVaultPKISecretReactiveEngine- Parameters:
options- Options for CSR generation.- Returns:
- Generated CSR and, if key export is enabled, private key.
- See Also:
VaultPKISecretReactiveEngine.setSignedIntermediateCA(String)
-
setSignedIntermediateCA
public io.smallrye.mutiny.Uni<Void> setSignedIntermediateCA(String pemCert)
Description copied from interface:VaultPKISecretReactiveEngineSets the engine's intermediate CA certificate, signed by another CA. After generating a CSR (viaVaultPKISecretReactiveEngine.generateIntermediateCSR(GenerateIntermediateCSROptions)), this method must be used to set the engine's CA.- Specified by:
setSignedIntermediateCAin interfaceVaultPKISecretReactiveEngine- Parameters:
pemCert- Signed certificate (PEM encoded).- See Also:
VaultPKISecretReactiveEngine.generateIntermediateCSR(GenerateIntermediateCSROptions)
-
tidy
public io.smallrye.mutiny.Uni<Void> tidy(TidyOptions options)
Description copied from interface:VaultPKISecretReactiveEngineTidy up the storage backend and/or CRL by removing certificates that have expired and are past a certain buffer period beyond their expiration time.- Specified by:
tidyin interfaceVaultPKISecretReactiveEngine- Parameters:
options- Tidy options.
-
-