Interface PkiCredential

All Known Subinterfaces:
ReloadablePkiCredential
All Known Implementing Classes:
AbstractPkiCredential, AbstractReloadablePkiCredential, BasicCredential, KeyStoreCredential, ManagedPkiCredential, Pkcs11Credential

public interface PkiCredential
A representation of a PKI key pair that holds a private key and an X.509 certificate (or just a public key).
Author:
Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)
  • Method Details

    • getPublicKey

      @Nonnull PublicKey getPublicKey()
      Gets the public key.
      Returns:
      the public key
    • getCertificate

      @Nullable default X509Certificate getCertificate()
      Gets the certificate holding the public key of the key pair. May be null depending on whether certificates are handled by the implementing class.
      Returns:
      the certificate, or null if no certificate is configured for the credential
    • getCertificateChain

      @Nonnull List<X509Certificate> getCertificateChain()
      Gets a certificate chain for the credential, where the first element is the entity certificate (getCertificate()). If no certificate is configured for the credential an empty list is returned.
      Returns:
      a list of certificates, or an empty list
    • getPrivateKey

      @Nonnull PrivateKey getPrivateKey()
      Gets the private key.
      Returns:
      the private key
    • getMetadata

      @Nonnull PkiCredential.Metadata getMetadata()
      Gets the credential metadata.
      Returns:
      a (potentially empty) credential metadata object
    • getName

      @Nonnull String getName()
      Gets the name of the credential.
      Returns:
      the name
    • isHardwareCredential

      default boolean isHardwareCredential()
      Predicate that tells whether this credential resides in a hardware module.
      Returns:
      true if the credential resides in a hardware module and false otherwise
    • destroy

      default void destroy()
      Optional destroy method for credentials that need to perform cleaning up.
    • transform

      default <T> T transform(@Nonnull Function<PkiCredential,T> transformFunction)
      Transforms the credential to another format, for example an JWK or a KeyPair.
      Type Parameters:
      T - the type of the new format
      Parameters:
      transformFunction - the transform function
      Returns:
      the new format