package io.helidon.integrations.vault.secrets.pki;

import io.helidon.integrations.vault.ListSecrets;
import io.helidon.integrations.vault.Secrets;
import io.helidon.integrations.vault.VaultOptionalResponse;
import io.helidon.integrations.vault.secrets.pki.CaCertificateGet;
import io.helidon.integrations.vault.secrets.pki.CertificateGet;
import io.helidon.integrations.vault.secrets.pki.CrlGet;
import io.helidon.integrations.vault.secrets.pki.GenerateSelfSignedRoot;
import io.helidon.integrations.vault.secrets.pki.IssueCertificate;
import io.helidon.integrations.vault.secrets.pki.PkiRole;
import io.helidon.integrations.vault.secrets.pki.RevokeCertificate;
import io.helidon.integrations.vault.secrets.pki.SignCsr;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.util.Optional;

/* loaded from: input_file:io/helidon/integrations/vault/secrets/pki/PkiSecrets.class */
public interface PkiSecrets extends Secrets {
    public static final String KEY_TYPE_RSA = "rsa";
    public static final String KEY_TYPE_EC = "ec";

    static PkiSecrets create(PkiSecretsRx pkiSecretsRx) {
        return new PkiSecretsImpl(pkiSecretsRx);
    }

    VaultOptionalResponse<ListSecrets.Response> list(ListSecrets.Request request);

    default X509Certificate caCertificate() {
        return caCertificate(CaCertificateGet.Request.builder()).toCertificate();
    }

    default byte[] caCertificate(PkiFormat pkiFormat) {
        return caCertificate(CaCertificateGet.Request.builder().format(pkiFormat)).toBytes();
    }

    CaCertificateGet.Response caCertificate(CaCertificateGet.Request request);

    default Optional<X509Certificate> certificate(String str) {
        return certificate(CertificateGet.Request.builder().serialNumber(str)).entity().map((v0) -> {
            return v0.toCertificate();
        });
    }

    default Optional<byte[]> certificate(String str, PkiFormat pkiFormat) {
        return certificate(CertificateGet.Request.builder().serialNumber(str).format(pkiFormat)).entity().map((v0) -> {
            return v0.toBytes();
        });
    }

    VaultOptionalResponse<CertificateGet.Response> certificate(CertificateGet.Request request);

    default X509CRL crl() {
        return crl(CrlGet.Request.builder()).toCrl();
    }

    default byte[] crl(PkiFormat pkiFormat) {
        return crl(CrlGet.Request.builder().format(pkiFormat)).toBytes();
    }

    CrlGet.Response crl(CrlGet.Request request);

    IssueCertificate.Response issueCertificate(IssueCertificate.Request request);

    SignCsr.Response signCertificateRequest(SignCsr.Request request);

    default Instant revokeCertificate(String str) {
        return revokeCertificate(RevokeCertificate.Request.builder().serialNumber(str)).revocationTime();
    }

    RevokeCertificate.Response revokeCertificate(RevokeCertificate.Request request);

    default GenerateSelfSignedRoot.Response generateSelfSignedRoot(String str) {
        return generateSelfSignedRoot(GenerateSelfSignedRoot.Request.builder().commonName(str));
    }

    GenerateSelfSignedRoot.Response generateSelfSignedRoot(GenerateSelfSignedRoot.Request request);

    PkiRole.Response createOrUpdateRole(PkiRole.Request request);
}
