How to use VaultTemplate when my vault service turns on client authentication

Vault
,
1

Recently learning about vault. Follow https://developer.hashicorp.com/vault/docs/get-started/developer-qs to achieve the goal of use Vault client libraries inside my application code.
But now my vault service turns on client authentication, how should this instance be written?

listener "tcp" {
  address = "[::]:8200"
  tls_cert_file = "/certs/webServer.crt"
  tls_key_file  = "/certs/webServer.key"
  tls_disable = false
  tls_require_and_verify_client_cert = true
  tls_client_ca_file = "/certs/webClientCA.pem"
}

Mainly I don’t know how to configure the delivery of client certificate, client key, and listener’s ca certificate.

public void run(String... strings) throws Exception {
    VaultEndpoint vaultEndpoint = new VaultEndpoint();

    vaultEndpoint.setHost("dev-vault-service");
    vaultEndpoint.setPort(8200);
    vaultEndpoint.setScheme("https");

    // Authenticate
    VaultTemplate vaultTemplate = new VaultTemplate(
            vaultEndpoint,
            new TokenAuthentication("dev-only-token"));

    // Write a secret
    Map<String, String> data = new HashMap<>();
    data.put("password", "Hashi123");

    Versioned.Metadata createResponse = vaultTemplate
            .opsForVersionedKeyValue("secret")
            .put("my-secret-password", data);

    System.out.println("Secret written successfully.");

    // Read a secret
    Versioned<Map<String, Object>> readResponse = vaultTemplate
            .opsForVersionedKeyValue("secret")
            .get("my-secret-password");

    String password = "";
    if (readResponse != null && readResponse.hasData()) {
        password = (String) readResponse.getData().get("password");
    }

    System.out.println("password");
}
2 
   public static void readSecret() {
        HttpComponentsClientHttpRequestFactory requestFactory = getRequestFactory(certificatePath, certificatePassword);
        VaultTemplate vaultTemplate = getVaultTemplate(token, requestFactory);
        // Read a secret

    }

    public static HttpComponentsClientHttpRequestFactory getRequestFactory(String certificatePath, String certificatePassword) {
        SSLContext sslContext = null;
        try {
            sslContext = SSLContextBuilder
                    .create()
                    .loadKeyMaterial(new FileUrlResource(certificatePath).getURL(), certificatePassword.toCharArray(), certificatePassword.toCharArray())
                    .loadTrustMaterial(new TrustSelfSignedStrategy() {
                        public boolean isTrusted(java.security.cert.X509Certificate[] chain, String authType) {
                            return true;
                        }
                    })
                    .build();
        } catch (Exception e) {
            e.printStackTrace();
        }
        CloseableHttpClient client = HttpClients.custom().setSSLContext(sslContext).build();
        return new HttpComponentsClientHttpRequestFactory(client);
    }

    public static VaultTemplate getVaultTemplate(String token, HttpComponentsClientHttpRequestFactory requestFactory) {
        VaultEndpoint vaultEndpoint = new VaultEndpoint();
        String vaultHost = "dev.vault.autox.tech";
        int vaultPort = 50036;
        vaultEndpoint.setHost(vaultHost);
        vaultEndpoint.setPort(vaultPort);
        vaultEndpoint.setScheme("https");
        return new VaultTemplate(vaultEndpoint, requestFactory, new SimpleSessionManager(new TokenAuthentication(token)));
    }