Search in sources :

Example 46 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-docs-samples by GoogleCloudPlatform.

the class RestoreKeyVersion method restoreKeyVersion.

// Schedule destruction of the given key version.
public void restoreKeyVersion(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId) throws IOException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the key version name from the project, location, key ring, key,
        // and key version.
        CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
        // Restore the key version.
        CryptoKeyVersion response = client.restoreCryptoKeyVersion(keyVersionName);
        System.out.printf("Restored key version: %s%n", response.getName());
    }
}
Also used : CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName) CryptoKeyVersion(com.google.cloud.kms.v1.CryptoKeyVersion) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Example 47 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-docs-samples by GoogleCloudPlatform.

the class UpdateKeyRemoveLabels method updateKeyRemoveLabels.

// Update a key to remove all labels.
public void updateKeyRemoveLabels(String projectId, String locationId, String keyRingId, String keyId) throws IOException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the name from the project, location, key ring, and keyId.
        CryptoKeyName cryptoKeyName = CryptoKeyName.of(projectId, locationId, keyRingId, keyId);
        // Build an empty key with no labels.
        CryptoKey key = CryptoKey.newBuilder().setName(cryptoKeyName.toString()).build();
        // Construct the field mask.
        FieldMask fieldMask = FieldMaskUtil.fromString("labels");
        // Create the key.
        CryptoKey createdKey = client.updateCryptoKey(key, fieldMask);
        System.out.printf("Updated key %s%n", createdKey.getName());
    }
}
Also used : CryptoKeyName(com.google.cloud.kms.v1.CryptoKeyName) CryptoKey(com.google.cloud.kms.v1.CryptoKey) FieldMask(com.google.protobuf.FieldMask) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Example 48 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-docs-samples by GoogleCloudPlatform.

the class UpdateKeyRemoveRotation method updateKeyRemoveRotation.

// Update a key to remove all labels.
public void updateKeyRemoveRotation(String projectId, String locationId, String keyRingId, String keyId) throws IOException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the name from the project, location, key ring, and keyId.
        CryptoKeyName cryptoKeyName = CryptoKeyName.of(projectId, locationId, keyRingId, keyId);
        // Build an empty key with no labels.
        CryptoKey key = CryptoKey.newBuilder().setName(cryptoKeyName.toString()).clearRotationPeriod().clearNextRotationTime().build();
        // Construct the field mask.
        FieldMask fieldMask = FieldMaskUtil.fromString("rotation_period,next_rotation_time");
        // Create the key.
        CryptoKey createdKey = client.updateCryptoKey(key, fieldMask);
        System.out.printf("Updated key %s%n", createdKey.getName());
    }
}
Also used : CryptoKeyName(com.google.cloud.kms.v1.CryptoKeyName) CryptoKey(com.google.cloud.kms.v1.CryptoKey) FieldMask(com.google.protobuf.FieldMask) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Example 49 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-docs-samples by GoogleCloudPlatform.

the class SnippetsIT method testVerifyAsymmetricRsa.

@Test
public void testVerifyAsymmetricRsa() throws IOException, GeneralSecurityException {
    String message = "my message";
    byte[] signature;
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        CryptoKeyVersionName versionName = CryptoKeyVersionName.of(PROJECT_ID, LOCATION_ID, KEY_RING_ID, ASYMMETRIC_SIGN_RSA_KEY_ID, "1");
        MessageDigest sha256 = MessageDigest.getInstance("SHA-256");
        byte[] hash = sha256.digest(message.getBytes(StandardCharsets.UTF_8));
        Digest digest = Digest.newBuilder().setSha256(ByteString.copyFrom(hash)).build();
        signature = client.asymmetricSign(versionName, digest).getSignature().toByteArray();
    }
    new VerifyAsymmetricRsa().verifyAsymmetricRsa(PROJECT_ID, LOCATION_ID, KEY_RING_ID, ASYMMETRIC_SIGN_RSA_KEY_ID, "1", message, signature);
    assertThat(stdOut.toString()).contains("Signature");
}
Also used : CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName) MessageDigest(java.security.MessageDigest) Digest(com.google.cloud.kms.v1.Digest) ByteString(com.google.protobuf.ByteString) MessageDigest(java.security.MessageDigest) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient) Test(org.junit.Test)

Example 50 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-docs-samples by GoogleCloudPlatform.

the class SnippetsIT method createSymmetricKey.

private static CryptoKey createSymmetricKey(String keyId) throws IOException {
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        CryptoKey key = CryptoKey.newBuilder().setPurpose(CryptoKeyPurpose.ENCRYPT_DECRYPT).setVersionTemplate(CryptoKeyVersionTemplate.newBuilder().setAlgorithm(CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION).build()).putLabels("foo", "bar").putLabels("zip", "zap").build();
        CryptoKey createdKey = client.createCryptoKey(getKeyRingName(), keyId, key);
        return createdKey;
    }
}
Also used : CryptoKey(com.google.cloud.kms.v1.CryptoKey) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Aggregations

KeyManagementServiceClient (com.google.cloud.kms.v1.KeyManagementServiceClient)185 CryptoKey (com.google.cloud.kms.v1.CryptoKey)56 CryptoKeyVersion (com.google.cloud.kms.v1.CryptoKeyVersion)39 CryptoKeyVersionName (com.google.cloud.kms.v1.CryptoKeyVersionName)37 CryptoKeyName (com.google.cloud.kms.v1.CryptoKeyName)33 ByteString (com.google.protobuf.ByteString)20 KeyRingName (com.google.cloud.kms.v1.KeyRingName)17 KeyRing (com.google.cloud.kms.v1.KeyRing)16 FieldMask (com.google.protobuf.FieldMask)16 PublicKey (com.google.cloud.kms.v1.PublicKey)14 ImportJob (com.google.cloud.kms.v1.ImportJob)10 Test (org.junit.Test)10 Digest (com.google.cloud.kms.v1.Digest)8 EncryptResponse (com.google.cloud.kms.v1.EncryptResponse)8 Policy (com.google.iam.v1.Policy)8 X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)8 DecryptResponse (com.google.cloud.kms.v1.DecryptResponse)7 AsymmetricDecryptResponse (com.google.cloud.kms.v1.AsymmetricDecryptResponse)6 AsymmetricSignResponse (com.google.cloud.kms.v1.AsymmetricSignResponse)6 LocationName (com.google.cloud.kms.v1.LocationName)6