Make PKI changes on the latest version

src/main/java/com/bettercloud/vault/api/pki/Pki.java

@@ -374,7 +374,7 @@ public PkiResponse issue(
             final String ttl,
             final CredentialFormat format) throws VaultException {
 
-        return issue(roleName, commonName, altNames, ipSans, ttl, format, "");
+        return issue(roleName, commonName, altNames, ipSans, ttl, format, "", null);
     }
 
     /**
@@ -407,8 +407,6 @@ public PkiResponse issue(
      * @return A container for the information returned by Vault
      * @throws VaultException If any error occurs or unexpected response is received from Vault
      */
-
-
     public PkiResponse issue(
             final String roleName,
             final String commonName,
@@ -417,6 +415,50 @@ public PkiResponse issue(
             final String ttl,
             final CredentialFormat format,
             final String csr
+    ) throws VaultException {
+        return issue(roleName,commonName,altNames,ipSans, ttl, format, csr, null);
+    }
+
+    /**
+     * <p>Operation to allow a format to be set for the private key.</p>
+     *
+     * <blockquote>
+     * <pre>{@code
+     * final VaultConfig config = new VaultConfig.address(...).token(...).build();
+     * final Vault vault = new Vault(config);
+     *
+     * final PkiResponse response = vault.pki().issue(
+     *         "roleName",
+     *         "commonName",
+     *         null,
+     *         null,
+     *         null,
+     *         CredentialFormat.PEM, null, PrivateKeyFormat.PKCS8
+     *     ));
+     * assertEquals(200, response.getRestResponse().getStatus();
+     * }</pre>
+     * </blockquote>
+     *
+     * @param roleName The role on which the credentials will be based.
+     * @param commonName The requested CN for the certificate. If the CN is allowed by role policy, it will be issued.
+     * @param altNames (optional) Requested Subject Alternative Names, in a comma-delimited list. These can be host names or email addresses; they will be parsed into their respective fields. If any requested names do not match role policy, the entire request will be denied.
+     * @param ipSans (optional) Requested IP Subject Alternative Names, in a comma-delimited list. Only valid if the role allows IP SANs (which is the default).
+     * @param ttl (optional) Requested Time To Live. Cannot be greater than the role's max_ttl value. If not provided, the role's ttl value will be used. Note that the role values default to system values if not explicitly set.
+     * @param format (optional) Format for returned data. Can be pem, der, or pem_bundle; defaults to pem. If der, the output is base64 encoded. If pem_bundle, the certificate field will contain the private key, certificate, and issuing CA, concatenated.
+     * @param csr (optional) PEM Encoded CSR
+     * @param privateKeyFormat (optional) der, pem, or pkcs8
+     * @return A container for the information returned by Vault
+     * @throws VaultException If any error occurs or unexpected response is received from Vault
+     */
+    public PkiResponse issue(
+            final String roleName,
+            final String commonName,
+            final List<String> altNames,
+            final List<String> ipSans,
+            final String ttl,
+            final CredentialFormat format,
+            final String csr,
+            final PrivateKeyFormat privateKeyFormat
     ) throws VaultException {
         int retryCount = 0;
         while (true) {
@@ -454,6 +496,9 @@ public PkiResponse issue(
             if (csr != null) {
                 jsonObject.add("csr", csr);
             }
+            if (privateKeyFormat != null) {
+                jsonObject.add("private_key_format", privateKeyFormat.toString());
+            }
             final String requestJson = jsonObject.toString();
 
             // Make an HTTP request to Vault

src/main/java/com/bettercloud/vault/api/pki/PrivateKeyFormat.java

@@ -0,0 +1,23 @@
+package com.bettercloud.vault.api.pki;
+
+public enum PrivateKeyFormat {
+    DER,
+    PEM,
+    PKCS8;
+
+    public static PrivateKeyFormat fromString(final String text) {
+        if (text != null) {
+            for (final PrivateKeyFormat format : PrivateKeyFormat.values()) {
+                if (text.equalsIgnoreCase(format.toString())) {
+                    return format;
+                }
+            }
+        }
+        return null;
+    }
+
+    @Override
+    public String toString() {
+        return super.toString().toLowerCase();
+    }
+}

src/test-integration/java/com/bettercloud/vault/api/AuthBackendTokenTests.java

@@ -9,7 +9,6 @@
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
 import java.util.Arrays;
-import java.util.List;
 import java.util.UUID;
 import org.junit.BeforeClass;
 import org.junit.ClassRule;

src/test/java/com/bettercloud/vault/vault/api/TransitApiTest.java

@@ -7,14 +7,12 @@
 import com.bettercloud.vault.response.LogicalResponse;
 import com.bettercloud.vault.vault.VaultTestUtils;
 import com.bettercloud.vault.vault.mock.MockVault;
+import java.util.Collections;
+import java.util.Optional;
 import org.eclipse.jetty.server.Server;
 import org.junit.After;
-import org.junit.Before;
 import org.junit.Test;
 
-import java.util.Collections;
-import java.util.Optional;
-
 import static org.junit.Assert.assertEquals;
 
 public class TransitApiTest {