package io.helidon.integrations.vault.secrets.pki;

import io.helidon.common.reactive.Single;
import io.helidon.integrations.vault.Engine;
import io.helidon.integrations.vault.ListSecrets;
import io.helidon.integrations.vault.SecretsRx;
import io.helidon.integrations.vault.VaultOptionalResponse;
import io.helidon.integrations.vault.secrets.pki.CaCertificateGet;
import io.helidon.integrations.vault.secrets.pki.CertificateGet;
import io.helidon.integrations.vault.secrets.pki.CrlGet;
import io.helidon.integrations.vault.secrets.pki.GenerateSelfSignedRoot;
import io.helidon.integrations.vault.secrets.pki.IssueCertificate;
import io.helidon.integrations.vault.secrets.pki.PkiRole;
import io.helidon.integrations.vault.secrets.pki.RevokeCertificate;
import io.helidon.integrations.vault.secrets.pki.SignCsr;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.util.Optional;

/* loaded from: input_file:io/helidon/integrations/vault/secrets/pki/PkiSecretsRx.class */
public interface PkiSecretsRx extends SecretsRx {
    public static final Engine<PkiSecretsRx> ENGINE = Engine.create(PkiSecretsRx.class, "pki", "pki");
    public static final String KEY_TYPE_RSA = "rsa";
    public static final String KEY_TYPE_EC = "ec";

    Single<VaultOptionalResponse<ListSecrets.Response>> list(ListSecrets.Request request);

    default Single<X509Certificate> caCertificate() {
        return caCertificate(CaCertificateGet.Request.builder()).map((v0) -> {
            return v0.toCertificate();
        });
    }

    default Single<byte[]> caCertificate(PkiFormat pkiFormat) {
        return caCertificate(CaCertificateGet.Request.builder().format(pkiFormat)).map((v0) -> {
            return v0.toBytes();
        });
    }

    Single<CaCertificateGet.Response> caCertificate(CaCertificateGet.Request request);

    default Single<Optional<X509Certificate>> certificate(String str) {
        return certificate(CertificateGet.Request.builder().serialNumber(str)).map((v0) -> {
            return v0.entity();
        }).map(optional -> {
            return optional.map((v0) -> {
                return v0.toCertificate();
            });
        });
    }

    default Single<Optional<byte[]>> certificate(String str, PkiFormat pkiFormat) {
        return certificate(CertificateGet.Request.builder().serialNumber(str).format(pkiFormat)).map((v0) -> {
            return v0.entity();
        }).map(optional -> {
            return optional.map((v0) -> {
                return v0.toBytes();
            });
        });
    }

    Single<VaultOptionalResponse<CertificateGet.Response>> certificate(CertificateGet.Request request);

    default Single<X509CRL> crl() {
        return crl(CrlGet.Request.builder()).map((v0) -> {
            return v0.toCrl();
        });
    }

    default Single<byte[]> crl(PkiFormat pkiFormat) {
        return crl(CrlGet.Request.builder().format(pkiFormat)).map((v0) -> {
            return v0.toBytes();
        });
    }

    Single<CrlGet.Response> crl(CrlGet.Request request);

    Single<IssueCertificate.Response> issueCertificate(IssueCertificate.Request request);

    Single<SignCsr.Response> signCertificateRequest(SignCsr.Request request);

    default Single<Instant> revokeCertificate(String str) {
        return revokeCertificate(RevokeCertificate.Request.builder().serialNumber(str)).map((v0) -> {
            return v0.revocationTime();
        });
    }

    Single<RevokeCertificate.Response> revokeCertificate(RevokeCertificate.Request request);

    default Single<GenerateSelfSignedRoot.Response> generateSelfSignedRoot(String str) {
        return generateSelfSignedRoot(GenerateSelfSignedRoot.Request.builder().commonName(str));
    }

    Single<GenerateSelfSignedRoot.Response> generateSelfSignedRoot(GenerateSelfSignedRoot.Request request);

    Single<PkiRole.Response> createOrUpdateRole(PkiRole.Request request);
}
