Read ca_chain from PKI response and store it in Credential

src/main/java/io/github/jopenlibs/vault/api/pki/Credential.java

@@ -13,6 +13,7 @@
  * final Credential options = new Credential()
  *                              .certificate(...)
  *                              .issuingCa(...)
+ *                              .caChain(...)
  *                              .privateKey(...)
  *                              .privateKeyType(...)
  *                              .serialNumber(...);
@@ -23,6 +24,7 @@ public class Credential implements Serializable {
 
     private String certificate;
     private String issuingCa;
+    private List<String> caChain;
     private String privateKey;
     private String privateKeyType;
     private String serialNumber;
@@ -47,6 +49,17 @@ public Credential issuingCa(final String issuingCa) {
         return this;
     }
 
+    /**
+     * @param caChain The list of intermediate and root certificates, in PEM format.
+     * It is only included if there is in fact a chain outside of a built-in Vault CA cert being used for the issuing/signing.
+     * @return This object, with the CA chain populated, ready for other builder
+     * methods or immediate use.
+     */
+    public Credential caChain(final List<String> caChain) {
+        this.caChain = caChain;
+        return this;
+    }
+
     /**
      * @param privateKey The private key, in PEM format
      * @return This object, with the private key populated, ready for other builder methods or
@@ -85,6 +98,10 @@ public String getIssuingCa() {
         return issuingCa;
     }
 
+    public List<String> getCaChain() {
+        return caChain;
+    }
+
     public String getPrivateKey() {
         return privateKey;
     }

src/main/java/io/github/jopenlibs/vault/response/PkiResponse.java

@@ -3,11 +3,14 @@
 import io.github.jopenlibs.vault.api.Logical;
 import io.github.jopenlibs.vault.api.pki.Credential;
 import io.github.jopenlibs.vault.api.pki.RoleOptions;
+import io.github.jopenlibs.vault.json.JsonObject;
+import io.github.jopenlibs.vault.json.JsonValue;
 import io.github.jopenlibs.vault.rest.RestResponse;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
 import java.util.StringTokenizer;
+import java.util.stream.Collectors;
 
 /**
  * This class is a container for the information returned by Vault in PKI backend API operations
@@ -25,7 +28,7 @@ public class PkiResponse extends LogicalResponse {
     public PkiResponse(final RestResponse restResponse, final int retries) {
         super(restResponse, retries, Logical.logicalOperations.authentication);
         roleOptions = buildRoleOptionsFromData(this.getData());
-        credential = buildCredentialFromData(this.getData());
+        credential = buildCredentialFromData(this.getData(), this.getDataObject());
     }
 
     public RoleOptions getRoleOptions() {
@@ -104,14 +107,21 @@ private RoleOptions buildRoleOptionsFromData(final Map<String, String> data) {
      *
      * @param data The <code>"data"</code> object from a Vault JSON response, converted into Java
      * key-value pairs.
+     * @param dataObject The <code>"data"</code> object from a Vault JSON response.
      * @return A container for credential data
      */
-    private Credential buildCredentialFromData(final Map<String, String> data) {
+    private Credential buildCredentialFromData(final Map<String, String> data, final JsonObject dataObject) {
         if (data == null) {
             return null;
         }
         final String certificate = data.get("certificate");
         final String issuingCa = data.get("issuing_ca");
+        final JsonValue caChainJsonValue = dataObject != null ? dataObject.get("ca_chain") : null;
+        final List<String> caChain = caChainJsonValue != null
+                ? caChainJsonValue.asArray().values().stream()
+                .map(JsonValue::asString)
+                .collect(Collectors.toList())
+                : null;
         final String privateKey = data.get("private_key");
         final String privateKeyType = data.get("private_key_type");
         final String serialNumber = data.get("serial_number");
@@ -123,6 +133,7 @@ private Credential buildCredentialFromData(final Map<String, String> data) {
         return new Credential()
                 .certificate(certificate)
                 .issuingCa(issuingCa)
+                .caChain(caChain)
                 .privateKey(privateKey)
                 .privateKeyType(privateKeyType)
                 .serialNumber(serialNumber);

src/test-integration/java/io/github/jopenlibs/vault/api/AuthBackendPkiTests.java

@@ -145,6 +145,7 @@ public void testIssueCredentialWithCsr()
         final PkiResponse issueResponse = vault.pki()
                 .issue("testRole", "test.myvault.com", null, null, "1h", CredentialFormat.PEM, csr);
         TestCase.assertNotNull(issueResponse.getCredential().getCertificate());
+        TestCase.assertNotNull(issueResponse.getCredential().getCaChain());
         TestCase.assertNull(issueResponse.getCredential().getPrivateKey());
         TestCase.assertNotNull(issueResponse.getCredential().getSerialNumber());
         TestCase.assertNotNull(issueResponse.getCredential().getIssuingCa());