com.bettercloud.vault.api.pki

Class RoleOptions

java.lang.Object

com.bettercloud.vault.api.pki.RoleOptions

public class RoleOptions
extends java.lang.Object

A container for options sent to and returned by role-related endpoints on the PKI backend. This class is meant for use with a builder pattern style. Example usage:

 final RoleOptions options = new RoleOptions()
                              .allowedDomains(new ArrayList<String>(){{ add("myvault.com"); }})
                              .allowSubdomains(true)
                              .maxTtl("9h");
 

Constructor Summary

Constructors

Constructor and Description
RoleOptions()

Method Summary

Modifier and Type	Method and Description
RoleOptions	allowAnyName(java.lang.Boolean allowAnyName)
RoleOptions	allowBareDomains(java.lang.Boolean allowBareDomains)
RoleOptions	allowedDomains(java.util.List<java.lang.String> allowedDomains)
RoleOptions	allowIpSans(java.lang.Boolean allowIpSans)
RoleOptions	allowLocalhost(java.lang.Boolean allowLocalhost)
RoleOptions	allowSubdomains(java.lang.Boolean allowSubdomains)
RoleOptions	clientFlag(java.lang.Boolean clientFlag)
RoleOptions	codeSigningFlag(java.lang.Boolean codeSigningFlag)
RoleOptions	emailProtectionFlag(java.lang.Boolean emailProtectionFlag)
RoleOptions	enforceHostnames(java.lang.Boolean enforceHostnames)
java.lang.Boolean	getAllowAnyName()
java.lang.Boolean	getAllowBareDomains()
java.util.List<java.lang.String>	getAllowedDomains()
java.lang.Boolean	getAllowIpSans()
java.lang.Boolean	getAllowLocalhost()
java.lang.Boolean	getAllowSubdomains()
java.lang.Boolean	getClientFlag()
java.lang.Boolean	getCodeSigningFlag()
java.lang.Boolean	getEmailProtectionFlag()
java.lang.Boolean	getEnforceHostnames()
java.lang.Long	getKeyBits()
java.lang.String	getKeyType()
java.lang.String	getMaxTtl()
java.lang.Boolean	getServerFlag()
java.lang.String	getTtl()
java.lang.Boolean	getUseCsrCommonName()
RoleOptions	keyBits(java.lang.Long keyBits)
RoleOptions	keyType(java.lang.String keyType)
RoleOptions	maxTtl(java.lang.String maxTtl)
RoleOptions	serverFlag(java.lang.Boolean serverFlag)
RoleOptions	ttl(java.lang.String ttl)
RoleOptions	useCsrCommonName(java.lang.Boolean useCsrCommonName)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

RoleOptions

public RoleOptions()

Method Detail

ttl

public RoleOptions ttl(java.lang.String ttl)

Parameters:

ttl - (optional) The Time To Live value provided as a string duration with time suffix. Hour is the largest suffix. If not set, uses the system default value or the value of max_ttl, whichever is shorter.

Returns:

This object, with ttl populated, ready for other builder methods or immediate use.

maxTtl

public RoleOptions maxTtl(java.lang.String maxTtl)

Parameters:

maxTtl - (optional) The maximum Time To Live provided as a string duration with time suffix. Hour is the largest suffix. If not set, defaults to the system maximum lease TTL.

Returns:

This object, with maxTtl populated, ready for other builder methods or immediate use.

allowLocalhost

public RoleOptions allowLocalhost(java.lang.Boolean allowLocalhost)

Parameters:

allowLocalhost - (optional) If set, clients can request certificates for localhost as one of the requested common names. This is useful for testing and to allow clients on a single host to talk securely. Defaults to true.

Returns:

This object, with allowLocalhost populated, ready for other builder methods or immediate use.

allowedDomains

public RoleOptions allowedDomains(java.util.List<java.lang.String> allowedDomains)

Parameters:

allowedDomains - (optional) Designates the domains of the role, provided as a comma-separated list. This is used with the allow_bare_domains and allow_subdomains options. There is no default.

Returns:

This object, with allowedDomains populated, ready for other builder methods or immediate use.

allowBareDomains

public RoleOptions allowBareDomains(java.lang.Boolean allowBareDomains)

Parameters:

allowBareDomains - (optional) If set, clients can request certificates matching the value of the actual domains themselves; e.g. if a configured domain set with allowed_domains is example.com, this allows clients to actually request a certificate containing the name example.com as one of the DNS values on the final certificate. In some scenarios, this can be considered a security risk. Defaults to false.

Returns:

This object, with allowBareDomains populated, ready for other builder methods or immediate use.

allowSubdomains

public RoleOptions allowSubdomains(java.lang.Boolean allowSubdomains)

Parameters:

allowSubdomains - (optional) If set, clients can request certificates with CNs that are subdomains of the CNs allowed by the other role options. This includes wildcard subdomains. For example, an allowed_domains value of example.com with this option set to true will allow foo.example.com and bar.example.com as well as *.example.com. This is redundant when using the allow_any_name option. Defaults to false. *

Returns:

This object, with allowSubdomains populated, ready for other builder methods or immediate use.

allowAnyName

public RoleOptions allowAnyName(java.lang.Boolean allowAnyName)

Parameters:

allowAnyName - (optional) If set, clients can request any CN. Useful in some circumstances, but make sure you understand whether it is appropriate for your installation before enabling it. Defaults to false.

Returns:

This object, with allowSubdomains populated, ready for other builder methods or immediate use.

enforceHostnames

public RoleOptions enforceHostnames(java.lang.Boolean enforceHostnames)

Parameters:

enforceHostnames - (optional) If set, only valid host names are allowed for CNs, DNS SANs, and the host part of email addresses. Defaults to true.

Returns:

This object, with enforceHostnames populated, ready for other builder methods or immediate use.

allowIpSans

public RoleOptions allowIpSans(java.lang.Boolean allowIpSans)

Parameters:

allowIpSans - (optional) If set, clients can request IP Subject Alternative Names. No authorization checking is performed except to verify that the given values are valid IP addresses. Defaults to true.

Returns:

This object, with allowIpSans populated, ready for other builder methods or immediate use.

serverFlag

public RoleOptions serverFlag(java.lang.Boolean serverFlag)

Parameters:

serverFlag - (optional) If set, certificates are flagged for server use. Defaults to true.

Returns:

This object, with serverFlag populated, ready for other builder methods or immediate use.

clientFlag

public RoleOptions clientFlag(java.lang.Boolean clientFlag)

Parameters:

clientFlag - (optional) If set, certificates are flagged for client use. Defaults to true.

Returns:

This object, with clientFlag populated, ready for other builder methods or immediate use.

codeSigningFlag

public RoleOptions codeSigningFlag(java.lang.Boolean codeSigningFlag)

Parameters:

codeSigningFlag - (optional) If set, certificates are flagged for code signing use. Defaults to false.

Returns:

This object, with codeSigningFlag populated, ready for other builder methods or immediate use.

emailProtectionFlag

public RoleOptions emailProtectionFlag(java.lang.Boolean emailProtectionFlag)

Parameters:

emailProtectionFlag - (optional) If set, certificates are flagged for email protection use. Defaults to false.

Returns:

This object, with emailProtectionFlag populated, ready for other builder methods or immediate use.

keyType

public RoleOptions keyType(java.lang.String keyType)

Parameters:

keyType - (optional) The type of key to generate for generated private keys. Currently, rsa and ec are supported. Defaults to rsa.

Returns:

This object, with keyType populated, ready for other builder methods or immediate use.

keyBits

public RoleOptions keyBits(java.lang.Long keyBits)

Parameters:

keyBits - (optional) The number of bits to use for the generated keys. Defaults to 2048; this will need to be changed for ec keys. See https://golang.org/pkg/crypto/elliptic/#Curve for an overview of allowed bit lengths for ec.

Returns:

This object, with keyBits populated, ready for other builder methods or immediate use.

useCsrCommonName

public RoleOptions useCsrCommonName(java.lang.Boolean useCsrCommonName)

Parameters:

useCsrCommonName - (optional) If set, when used with the CSR signing endpoint, the common name in the CSR will be used instead of taken from the JSON data. This does not include any requested SANs in the CSR. Defaults to false.

Returns:

This object, with useCsrCommonName populated, ready for other builder methods or immediate use.

getTtl

public java.lang.String getTtl()

getMaxTtl

public java.lang.String getMaxTtl()

getAllowLocalhost

public java.lang.Boolean getAllowLocalhost()

getAllowedDomains

public java.util.List<java.lang.String> getAllowedDomains()

getAllowBareDomains

public java.lang.Boolean getAllowBareDomains()

getAllowSubdomains

public java.lang.Boolean getAllowSubdomains()

getAllowAnyName

public java.lang.Boolean getAllowAnyName()

getEnforceHostnames

public java.lang.Boolean getEnforceHostnames()

getAllowIpSans

public java.lang.Boolean getAllowIpSans()

getServerFlag

public java.lang.Boolean getServerFlag()

getClientFlag

public java.lang.Boolean getClientFlag()

getCodeSigningFlag

public java.lang.Boolean getCodeSigningFlag()

getEmailProtectionFlag

public java.lang.Boolean getEmailProtectionFlag()

getKeyType

public java.lang.String getKeyType()

getKeyBits

public java.lang.Long getKeyBits()

getUseCsrCommonName

public java.lang.Boolean getUseCsrCommonName()