Package io.quarkus.vault

Interface VaultPKISecretReactiveEngine

  • All Known Implementing Classes:
    VaultPKIManager
    public interface VaultPKISecretReactiveEngine
    A service that interacts with Hashicorp's Vault PKI secret engine to issue certificates & manage certificate authorities.
    See Also:
    PKI

    • Method Detail

      • getCertificateAuthority

        io.smallrye.mutiny.Uni<CertificateData.PEM> getCertificateAuthority()
        Retrieves the engine's CA certificate (PEM encoded).
        Returns:
        Certificate authority certificate.

      • getCertificateAuthority

        io.smallrye.mutiny.Uni<CertificateData> getCertificateAuthority​(DataFormat format)
        Retrieves the engine's CA certificate.
        Parameters:
        format - Format of the returned certificate data.
        Returns:
        Certificate authority certificate.

      • configCertificateAuthority

        io.smallrye.mutiny.Uni<Void> configCertificateAuthority​(String pemBundle)
        Configures the engine's CA.
        Parameters:
        pemBundle - PEM encoded bundle including the CA, with optional chain, and private key.

      • configURLs

        io.smallrye.mutiny.Uni<Void> configURLs​(ConfigURLsOptions options)
        Configures engine's URLs for issuing certificates, CRL distribution points, and OCSP servers.
        Parameters:
        options - URL options.

      • readURLsConfig

        io.smallrye.mutiny.Uni<ConfigURLsOptions> readURLsConfig()
        Read engine's configured URLs for issuing certificates, CRL distribution points, and OCSP servers.
        Returns:
        URL options.

      • configCRL

        io.smallrye.mutiny.Uni<Void> configCRL​(ConfigCRLOptions options)
        Configures engine's CRL.
        Parameters:
        options - CRL options.

      • readCRLConfig

        io.smallrye.mutiny.Uni<ConfigCRLOptions> readCRLConfig()
        Read engine's CRL configuration.
        Returns:
        URL options.

      • getCertificateAuthorityChain

        io.smallrye.mutiny.Uni<CAChainData.PEM> getCertificateAuthorityChain()
        Retrieves the engine's CA chain (PEM encoded).
        Returns:
        Certificate authority chain.

      • getCertificateRevocationList

        io.smallrye.mutiny.Uni<CRLData.PEM> getCertificateRevocationList()
        Retrieves the engine's CRL (PEM encoded).
        Returns:
        Certificate revocation list.

      • getCertificateRevocationList

        io.smallrye.mutiny.Uni<CRLData> getCertificateRevocationList​(DataFormat format)
        Retrieves the engine's CRL.
        Parameters:
        format - Format of the returned crl data.
        Returns:
        Certificate revocation list.

      • rotateCertificateRevocationList

        io.smallrye.mutiny.Uni<Boolean> rotateCertificateRevocationList()
        Forces a rotation of the associated CRL.

      • getCertificates

        io.smallrye.mutiny.Uni<List<String>> getCertificates()
        List all issued certificate serial numbers.
        Returns:
        List of certificate serialize numbers.

      • getCertificate

        io.smallrye.mutiny.Uni<CertificateData.PEM> getCertificate​(String serial)
        Retrieve a specific certificate (PEM encoded).
        Parameters:
        serial - Serial number of certificate.
        Returns:
        Certificate or null if no certificate exists.

      • generateCertificate

        io.smallrye.mutiny.Uni<GeneratedCertificate> generateCertificate​(String role,
                                                                 GenerateCertificateOptions options)
        Generates a public/private key pair and certificate issued from the engine's CA using the provided options.
        Parameters:
        role - Name of role used to create certificate.
        options - Certificate generation options.
        Returns:
        Generated certificate and private key.

      • signRequest

        io.smallrye.mutiny.Uni<SignedCertificate> signRequest​(String role,
                                                      String pemSigningRequest,
                                                      GenerateCertificateOptions options)
        Generates a certificate issued from the engine's CA using the provided Certificate Signing Request and options.
        Parameters:
        role - Name of role used to create certificate.
        pemSigningRequest - Certificate Signing Request (PEM encoded).
        options - Certificate generation options.
        Returns:
        Generated certificate.

      • revokeCertificate

        io.smallrye.mutiny.Uni<OffsetDateTime> revokeCertificate​(String serialNumber)
        Revokes a certificate.
        Parameters:
        serialNumber - Serial number of certificate.
        Returns:
        Time of certificates revocation.

      • updateRole

        io.smallrye.mutiny.Uni<Void> updateRole​(String role,
                                        RoleOptions options)
        Updates, or creates, a role.
        Parameters:
        role - Name of role.
        options - Options for role.

      • getRole

        io.smallrye.mutiny.Uni<RoleOptions> getRole​(String role)
        Retrieve current options for a role.
        Parameters:
        role - Name of role.
        Returns:
        Options for the role or null if role does not exist.

      • getRoles

        io.smallrye.mutiny.Uni<List<String>> getRoles()
        Lists existing role names.
        Returns:
        List of role names.

      • deleteRole

        io.smallrye.mutiny.Uni<Void> deleteRole​(String role)
        Deletes a role.
        Parameters:
        role - Name of role.

      • generateRoot

        io.smallrye.mutiny.Uni<GeneratedRootCertificate> generateRoot​(GenerateRootOptions options)
        Generates a self-signed root as the engine's CA.
        Parameters:
        options - Generation options.
        Returns:
        Generated root certificate.

      • deleteRoot

        io.smallrye.mutiny.Uni<Void> deleteRoot()
        Deletes the engine's current CA.

      • signIntermediateCA

        io.smallrye.mutiny.Uni<SignedCertificate> signIntermediateCA​(String pemSigningRequest,
                                                             SignIntermediateCAOptions options)
        Generates an intermediate CA certificate issued from the engine's CA using the provided Certificate Signing Request and options.
        Parameters:
        pemSigningRequest - Certificate Signing Request (PEM encoded).
        options - Signing options.
        Returns:
        Generated certificate.

      • generateIntermediateCSR

        io.smallrye.mutiny.Uni<GeneratedIntermediateCSRResult> generateIntermediateCSR​(GenerateIntermediateCSROptions options)
        Generates a Certificate Signing Request and private key for the engine's CA. Use this to generate a CSR and for the engine's CA that can be used by another CA to issue an intermediate CA certificate. After generating the intermediate CA setSignedIntermediateCA(String) must be used to set the engine's CA certificate. This will overwrite any previously existing CA private key for the engine.
        Parameters:
        options - Options for CSR generation.
        Returns:
        Generated CSR and, if key export is enabled, private key.
        See Also:
        setSignedIntermediateCA(String)

      • tidy

        io.smallrye.mutiny.Uni<Void> tidy​(TidyOptions options)
        Tidy up the storage backend and/or CRL by removing certificates that have expired and are past a certain buffer period beyond their expiration time.
        Parameters:
        options - Tidy options.