Interface PkiCredential
- All Known Subinterfaces:
ReloadablePkiCredential
- All Known Implementing Classes:
AbstractPkiCredential
,AbstractReloadablePkiCredential
,BasicCredential
,KeyStoreCredential
,ManagedPkiCredential
,Pkcs11Credential
public interface PkiCredential
A representation of a PKI key pair that holds a private key and an X.509 certificate (or just a public key).
- Author:
- Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)
-
Nested Class Summary
-
Method Summary
Modifier and TypeMethodDescriptiondefault void
destroy()
Optional destroy method for credentials that need to perform cleaning up.default X509Certificate
Gets the certificate holding the public key of the key pair.Gets a certificate chain for the credential, where the first element is the entity certificate (getCertificate()
).Gets the credential metadata.getName()
Gets the name of the credential.Gets the private key.Gets the public key.default boolean
Predicate that tells whether this credential resides in a hardware module.default <T> T
transform
(Function<PkiCredential, T> transformFunction) Transforms the credential to another format, for example an JWK or aKeyPair
.
-
Method Details
-
getPublicKey
Gets the public key.- Returns:
- the public key
-
getCertificate
Gets the certificate holding the public key of the key pair. May benull
depending on whether certificates are handled by the implementing class.- Returns:
- the certificate, or
null
if no certificate is configured for the credential
-
getCertificateChain
Gets a certificate chain for the credential, where the first element is the entity certificate (getCertificate()
). If no certificate is configured for the credential an empty list is returned.- Returns:
- a list of certificates, or an empty list
-
getPrivateKey
Gets the private key.- Returns:
- the private key
-
getMetadata
Gets the credential metadata.- Returns:
- a (potentially empty) credential metadata object
-
getName
Gets the name of the credential.- Returns:
- the name
-
isHardwareCredential
default boolean isHardwareCredential()Predicate that tells whether this credential resides in a hardware module.- Returns:
true
if the credential resides in a hardware module andfalse
otherwise
-
destroy
default void destroy()Optional destroy method for credentials that need to perform cleaning up. -
transform
Transforms the credential to another format, for example an JWK or aKeyPair
.- Type Parameters:
T
- the type of the new format- Parameters:
transformFunction
- the transform function- Returns:
- the new format
-