home-cert-assistant/src/main/java/de/mlessmann/certassist/openssl/CertificateUsage.java

package de.mlessmann.certassist.openssl;

import java.nio.file.Path;
import org.springframework.lang.Nullable;

/**
 * Instance of a certificate that is temporarily stored on disk to be available for use in command line calls.
 * The instance implements AutoCloseable to enable cleanup after the stored files are no longer needed.
 * @implSpec The files should be removed from disk when the instance is closed, UNLESS the provided paths are the permanent storage location for the certificate files.
 */
public interface CertificateUsage extends AutoCloseable {
    /**
     * Returns the path to the certificate file (on disk, potentially temporary depending on the storage implementation).
     */
    Path certificatePath();

    /**
     * Returns the path to the private key file (on disk, potentially temporary depending on the storage implementation).
     * This file should also be encrypted as the file system is considered in-flight.
     * @see CertificatePasswordProvider
     * @apiNote Return value can be null, when there is no private key (e.g. imported certificates for trust only)
     */
    @Nullable
    Path certificateKeyPath();

    /**
     * Returns the path to the fullchain file (on disk, potentially temporary depending on the storage implementation).
     * This should contain the entire certification chain from (inclusive) the certificate to the root authority (inclusive).
     * @implSpec This method may return {@code null} if the certificate is self-signed.
     */
    @Nullable
    Path fullchainPath();

    /**
     * String representation of the certificate's fingerprint.
     * In case of OpenSSL, this should be in the form of: {@code SHA1;<HEX>:<HEX>:...}
     */
    String fingerprint();

    @Override
    default void close() {
        // Default implementation does nothing - overwrite this if you need to close resources.
    }
}