Interface ICertificateEntityDao

public interface ICertificateEntityDao
DAO for reading and writing CertificateEntity entities.
Since:
8.5.0
Author:
XIMA Media GmbH
See Also:

  • Method Details

    • create

      @NotNull @NotNull CertificateEntity create(CertificateEntity entity) throws FcCertificateManagementException
      Creates a new CertificateEntity in the database.
      Parameters:
      entity - The CertificateEntity to create.
      Throws:
      IllegalArgumentException - if the provided entity is null or has an ID
      FcCertificateManagementException - if the certificate could not be created

    • delete

      void delete(CertificateEntity entity) throws FcCertificateManagementException
      Deletes the specified certificate entity.
      Parameters:
      entity - the certificate entity to delete.
      Throws:
      IllegalArgumentException - if the provided entity is null
      FcCertificateManagementException - if the certificate could not be deleted

    • existsByFingerprint

      boolean existsByFingerprint(String certificateFingerprint, KeyStoreScope keyStoreScope)
      Returns whether a CertificateEntity with the given SHA-256 fingerprint exists.
      Parameters:
      certificateFingerprint - The SHA-256 fingerprint of the certificate.
      keyStoreScope - The key store scope, the existence check should be performed at.
      Returns:
      true if a certificate with the specified fingerprint exists, false otherwise.
      Throws:
      IllegalArgumentException - if the fingerprint is blank or the key store scope is invalid.

    • existsByPublicKeyFingerprint

      boolean existsByPublicKeyFingerprint(String publicKeyFingerprint, KeyStoreScope keyStoreScope)
      Returns whether a CertificateEntity exists in relation to the given public key SHA-256 fingerprint.
      Parameters:
      publicKeyFingerprint - The SHA-256 fingerprint of the certificates corresponding public key.
      keyStoreScope - The key store scope, the existence check should be performed at.
      Returns:
      true if a certificate with the specified public key fingerprint exists, false otherwise.
      Throws:
      IllegalArgumentException - if the public key fingerprint is blank or the key store scope is invalid.

    • findByFingerprint

      @NotNull @NotNull Optional<CertificateEntity> findByFingerprint(String certificateFingerprint, KeyStoreScope keyStoreScope)
      Retrieves a CertificateEntity by its SHA-256 fingerprint.
      Parameters:
      certificateFingerprint - The SHA-256 fingerprint of the certificate.
      keyStoreScope - The key store scope, the search should be performed at.
      Returns:
      The CertificateEntity with the specified fingerprint, or an empty Optional if not found.
      Throws:
      IllegalArgumentException - if the fingerprint is blank or the key store scope is invalid.

    • findById

      @NotNull @NotNull Optional<CertificateEntity> findById(Long id)
      Retrieves a CertificateEntity by its ID.
      Parameters:
      id - the ID of the certificate to retrieve.
      Returns:
      an Optional containing the CertificateEntity if found, or an empty Optional if not

    • findByPublicKeyFingerprint

      @NotNull @NotNull Optional<CertificateEntity> findByPublicKeyFingerprint(String publicKeyFingerprint, Long keyStoreId)
      Retrieves a CertificateEntity by its public key SHA-256 fingerprint.
      Parameters:
      publicKeyFingerprint - The SHA-256 fingerprint of the certificate's public key.
      keyStoreId - The ID of the key store, the search should be performed at.
      Returns:
      The CertificateEntity with the specified public key fingerprint, or an empty Optional if not found.
      Throws:
      IllegalArgumentException - if the public key fingerprint is blank or the key store scope is invalid.

    • findByPublicKeyFingerprint

      @NotNull @NotNull Optional<CertificateEntity> findByPublicKeyFingerprint(String publicKeyFingerprint, KeyStoreScope keyStoreScope)
      Retrieves a CertificateEntity by its public key SHA-256 fingerprint.
      Parameters:
      publicKeyFingerprint - The SHA-256 fingerprint of the certificate's public key.
      keyStoreScope - The key store scope, the search should be performed at.
      Returns:
      The CertificateEntity with the specified public key fingerprint, or an empty Optional if not found.
      Throws:
      IllegalArgumentException - if the public key fingerprint is blank or the key store scope is invalid.

    • findValidCertificatesBySubject

      @NotNull @NotNull List<CertificateEntity> findValidCertificatesBySubject(Set<Long> tenantIds, Set<Long> userIds, boolean systemScope, String subject, Boolean hasKeyPair, Set<ECertificateUsageType> usageTypes, Set<String> keyAlgorithms, boolean subjectPartialMatch)
      Retrieves all valid certificates for a given tenant ID, user IDs, and the subject. All certificates, independent of their usages, are considered. This is in contrast to findValidCertificatesByUsageSubject(Set, Set, boolean, String, ECertificateUsageType, Boolean, Set, boolean) which retrieves the certificates by their usage subject and usage type, and not by their certificate subject.
      Parameters:
      tenantIds - A set of tenant IDs to filter the certificates by. Can be empty if no tenant scoped certificates should be included.
      userIds - A set of user IDs to filter the certificates by. Can be empty if no user scoped certificates should be included.
      systemScope - if true, system scope certificates will be included in the search; if false, only tenant/user scope certificates will be included.
      subject - The of the subject to match.
      hasKeyPair - if true, only certificates with an associated private key will be returned; if false, only certificates without an associated private key will be returned; if null, certificates with and without an associated private key will be returned.
      usageTypes - Optional set of ECertificateUsageType to filter the certificates by their usage types. If null or empty, no filtering by usage type is applied.
      keyAlgorithms - Optional set of key algorithms to filter the certificates by their key algorithms. If null or empty, no filtering by key algorithm is applied.
      subjectPartialMatch - whether to perform a partial match on the subject. If true, certificates whose subjects contain the specified subject as a substring will be matched. If false, only exact matches will be considered.
      Returns:
      A list of CertificateEntity objects that match the criteria.

    • findValidCertificatesByUsageSubject

      @NotNull @NotNull List<CertificateEntity> findValidCertificatesByUsageSubject(Set<Long> tenantIds, Set<Long> userIds, boolean systemScope, String usageSubject, ECertificateUsageType usageType, Boolean hasKeyPair, Set<String> keyAlgorithms, boolean usageSubjectPartialMatch)
      Retrieves all valid certificates for a given tenant ID, user IDs, usage type, and the usage subject. Only certificates with non-blank usage subject are considered. This is in contrast to findValidCertificatesBySubject(Set, Set, boolean, String, Boolean, Set, Set, boolean) which retrieves the certificates by their certificate subject, and not by their usage subject.
      Parameters:
      tenantIds - A set of tenant IDs to filter the certificates by. Can be empty if no tenant scoped certificates should be included.
      userIds - A set of user IDs to filter the certificates by. Can be empty if no user scoped certificates should be included.
      systemScope - if true, system scope certificates will be included in the search; if false, only tenant/user scope certificates will be included.
      usageSubject - The of the usage subject to match.
      usageType - The usage type of the certificates to match. Must not be null.
      hasKeyPair - if true, only certificates with an associated private key will be returned; if false, only certificates without an associated private key will be returned; if null, certificates with and without an associated private key will be returned.
      keyAlgorithms - Optional set of key algorithms to filter the certificates by their key algorithms. If null or empty, no filtering by key algorithm is applied.
      usageSubjectPartialMatch - whether to perform a partial match on the usage subject. If true, certificates whose usage subjects contain the specified usage subject as a substring will be matched. If false, only exact matches will be considered.
      Returns:
      A list of CertificateEntity objects that match the criteria.

    • getCurrentValidCertificateBySubject

      @NotNull @NotNull Optional<CertificateEntity> getCurrentValidCertificateBySubject(Set<Long> tenantIds, Set<Long> userIds, boolean systemScope, String subject, Boolean hasKeyPair, Set<ECertificateUsageType> usageTypes, Set<String> keyAlgorithms)
      Retrieves the current valid certificate for a given tenant ID, it's user IDs, and subject. All certificates, independent of their usages, are considered. This is in contrast to getCurrentValidCertificateByUsageSubject(Set, Set, boolean, String, ECertificateUsageType, Boolean, Set) which retrieves the certificate by its usage subject and usage type, and not by its certificate subject.
      Parameters:
      tenantIds - A set of tenant IDs to filter the certificate by. Can be empty if no tenant scoped certificates should be included.
      userIds - A set of user IDs to filter the certificate by. Can be empty if no user scoped certificates should be included.
      systemScope - if true, system scope certificates will be included in the search; if false, only tenant/user scope certificates will be included.
      subject - The subject of the certificate to match. Must not be blank.
      hasKeyPair - if true, only certificates with an associated private key will be returned; if false, only certificates without an associated private key will be returned; if null, certificates with and without an associated private key will be returned.
      usageTypes - Optional set of ECertificateUsageType to filter the certificate by its usage types. If null or empty, no filtering by usage type is applied.
      keyAlgorithms - Optional set of key algorithms to filter the certificate by its key algorithms. If null or empty, no filtering by key algorithm is applied.
      Returns:
      An Optional containing the CertificateEntity if found, or empty if no valid certificate exists.
      Throws:
      IllegalArgumentException - if the subject is blank or not a valid X.501 distinguished name.

    • getCurrentValidCertificateByUsageSubject

      @NotNull @NotNull Optional<CertificateEntity> getCurrentValidCertificateByUsageSubject(Set<Long> tenantIds, Set<Long> userIds, boolean systemScope, String usageSubject, ECertificateUsageType usageType, Boolean hasKeyPair, Set<String> keyAlgorithms)
      Retrieves the current valid certificate for a given tenant ID, it's user IDs, usage type, and usage subject. Only certificates with non-blank usage subject are considered. This is in contrast to getCurrentValidCertificateBySubject(Set, Set, boolean, String, Boolean, Set, Set) which retrieves the certificate by its certificate subject and not by its usage subject.
      Parameters:
      tenantIds - A set of tenant IDs associated with the tenant. Can be empty if no tenant scoped certificates should be included.
      userIds - A set of user IDs associated with the tenant. Can be empty if no user scoped certificates should be included.
      systemScope - if true, system scope certificates will be included in the search; if false, only tenant/user scope certificates will be included.
      usageSubject - The usage subject of the certificate to match. Must not be blank.
      usageType - The usage type of the certificate to match. Must not be null.
      hasKeyPair - if true, only certificates with an associated private key will be returned; if false, only certificates without an associated private key will be returned; if null, certificates with and without an associated private key will be returned.
      keyAlgorithms - Optional set of key algorithms to filter the certificate by its key algorithms. If null or empty, no filtering by key algorithm is applied.
      Returns:
      An Optional containing the CertificateEntity if found, or empty if no valid certificate exists.

    • getExpiredCertificateCountAt

      @NotNull @NotNull int getExpiredCertificateCountAt(Instant timestamp)
      Retrieves the number of certificates that are expired at the given timestamp.
      Parameters:
      timestamp - the instant at which the certificate should be expired.
      Returns:
      the number of certificates, that are expired at the given timestamp

    • getExpiredCertificatesAt

      @NotNull @NotNull List<CertificateEntity> getExpiredCertificatesAt(Instant timestamp)
      Retrieves all certificates that are expired at the given timestamp.
      Parameters:
      timestamp - the instant at which the certificate should be expired.
      Returns:
      a list of CertificateEntity objects representing the certificates that are expired at the given time stamp.

    • getTlsCertificatesForTenantScope

      @NotNull @NotNull List<CertificateEntity> getTlsCertificatesForTenantScope(Long tenantIds, Instant timestamp)
      Retrieves the TLS certificates for the tenant with the given ID that are valid at the instant given by the time stamp. For tenants all TLS certificates of that tenant and all TLS system certificates are returned.
      Parameters:
      tenantIds - the ID of the tenant to search for. This must be a valid ID.
      timestamp - the instant at which the certificate should be valid. This must be a valid instant.
      Returns:
      a list of CertificateEntity objects representing the TLS certificates for the given tenant scope that are valid at the given time stamp ordered by the valid from date.
      Throws:
      IllegalArgumentException - if the tenant ID or timestamp is null.

    • getTlsCertificatesForKeystoreScope

      @NotNull @NotNull List<CertificateEntity> getTlsCertificatesForKeystoreScope(Long keyStoreId, Instant timestamp)
      Retrieves the TLS certificates for the keystore with the given ID that are valid at the instant given by the time stamp. For keystores all TLS certificates of that keystore are returned.
      Parameters:
      keyStoreId - the ID of the keystore to search for. This must be a valid ID.
      timestamp - the instant at which the certificate should be valid. This must be a valid instant.
      Returns:
      a list of CertificateEntity objects representing the TLS certificates for the given keystore scope that are valid at the given time stamp ordered by the valid from date.
      Throws:
      IllegalArgumentException - if the keystore ID or timestamp is null.

    • getTlsCertificatesForSystemScope

      @NotNull @NotNull List<CertificateEntity> getTlsCertificatesForSystemScope(Instant timestamp)
      Retrieves the TLS certificates for the system scope that are valid at the instant given by the time stamp. For the system scope all TLS system certificates are returned.
      Parameters:
      timestamp - the instant at which the certificate should be valid. This must be a valid instant.
      Returns:
      a list of CertificateEntity objects representing the TLS certificates for the system scope that are valid at the given time stamp ordered by the valid from date.
      Throws:
      IllegalArgumentException - if the timestamp is null.

    • update

      @NotNull @NotNull CertificateEntity update(CertificateEntity entity) throws FcCertificateManagementException
      Updates the specified CertificateEntity in the database.
      Parameters:
      entity - The CertificateEntity to update.
      Throws:
      IllegalArgumentException - if the provided entity is null or has no ID
      FcCertificateManagementException - if the certificate could not be updated