Package net.jsign.jca
Class HashiCorpVaultSigningService
- java.lang.Object
-
- net.jsign.jca.HashiCorpVaultSigningService
-
- All Implemented Interfaces:
SigningService
public class HashiCorpVaultSigningService extends Object implements SigningService
Signing service using the HashiCorp Vault API. It supports the Google Cloud KMS secrets engine only.- Since:
- 5.0
- See Also:
- HashiCorp Vault API - Google Cloud KMS Secrets Engine
-
-
Constructor Summary
Constructors Constructor Description HashiCorpVaultSigningService(String engineURL, String token, Function<String,Certificate[]> certificateStore)Creates a new HashiCorp Vault signing service.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description List<String>aliases()Returns the list of key names available in the secrets engine.Certificate[]getCertificateChain(String alias)Returns the certificate chain for the alias specified.StringgetName()Returns the name of the service.SigningServicePrivateKeygetPrivateKey(String alias, char[] password)Returns the private key for the certificate alias specified.byte[]sign(SigningServicePrivateKey privateKey, String algorithm, byte[] data)Sign the data with the private key specified.
-
-
-
Constructor Detail
-
HashiCorpVaultSigningService
public HashiCorpVaultSigningService(String engineURL, String token, Function<String,Certificate[]> certificateStore)
Creates a new HashiCorp Vault signing service.- Parameters:
engineURL- the URL of the HashiCorp Vault secrets enginetoken- the HashiCorp Vault tokencertificateStore- provides the certificate chain for the keys
-
-
Method Detail
-
getName
public String getName()
Description copied from interface:SigningServiceReturns the name of the service.- Specified by:
getNamein interfaceSigningService
-
aliases
public List<String> aliases() throws KeyStoreException
Returns the list of key names available in the secrets engine. NOTE: This will return the key name only, not the key name and version. HashiCorp Vault does not provide a function to retrieve the key version. The key version will need to be appended to the key name when using the key.- Specified by:
aliasesin interfaceSigningService- Returns:
- list of key names
- Throws:
KeyStoreException
-
getCertificateChain
public Certificate[] getCertificateChain(String alias) throws KeyStoreException
Description copied from interface:SigningServiceReturns the certificate chain for the alias specified.- Specified by:
getCertificateChainin interfaceSigningService- Parameters:
alias- the name of the certificate- Throws:
KeyStoreException
-
getPrivateKey
public SigningServicePrivateKey getPrivateKey(String alias, char[] password) throws UnrecoverableKeyException
Description copied from interface:SigningServiceReturns the private key for the certificate alias specified.- Specified by:
getPrivateKeyin interfaceSigningService- Parameters:
alias- the name of the certificatepassword- the secret required to access the key- Throws:
UnrecoverableKeyException
-
sign
public byte[] sign(SigningServicePrivateKey privateKey, String algorithm, byte[] data) throws GeneralSecurityException
Description copied from interface:SigningServiceSign the data with the private key specified.- Specified by:
signin interfaceSigningService- Parameters:
privateKey- the private keyalgorithm- the signing algorithm (for example SHA256withRSA)data- the data to be signed- Throws:
GeneralSecurityException
-
-