Search in sources :

Example 56 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-docs-samples by GoogleCloudPlatform.

the class CreateKeyHsm method createKeyHsm.

// Create a new key that is stored in an HSM.
public void createKeyHsm(String projectId, String locationId, String keyRingId, String id) throws IOException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the parent name from the project, location, and key ring.
        KeyRingName keyRingName = KeyRingName.of(projectId, locationId, keyRingId);
        // Build the hsm key to create.
        CryptoKey key = CryptoKey.newBuilder().setPurpose(CryptoKeyPurpose.ENCRYPT_DECRYPT).setVersionTemplate(CryptoKeyVersionTemplate.newBuilder().setProtectionLevel(ProtectionLevel.HSM).setAlgorithm(CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION)).build();
        // Create the key.
        CryptoKey createdKey = client.createCryptoKey(keyRingName, id, key);
        System.out.printf("Created hsm key %s%n", createdKey.getName());
    }
}
Also used : CryptoKey(com.google.cloud.kms.v1.CryptoKey) KeyRingName(com.google.cloud.kms.v1.KeyRingName) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Example 57 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-docs-samples by GoogleCloudPlatform.

the class DestroyKeyVersion method destroyKeyVersion.

// Schedule destruction of the given key version.
public void destroyKeyVersion(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId) throws IOException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the key version name from the project, location, key ring, key,
        // and key version.
        CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
        // Destroy the key version.
        CryptoKeyVersion response = client.destroyCryptoKeyVersion(keyVersionName);
        System.out.printf("Destroyed key version: %s%n", response.getName());
    }
}
Also used : CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName) CryptoKeyVersion(com.google.cloud.kms.v1.CryptoKeyVersion) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Example 58 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-docs-samples by GoogleCloudPlatform.

the class EnableKeyVersion method enableKeyVersion.

// Enable a disabled key version to be used again.
public void enableKeyVersion(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId) throws IOException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the key version name from the project, location, key ring, key,
        // and key version.
        CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
        // Build the updated key version, setting it to enabled.
        CryptoKeyVersion keyVersion = CryptoKeyVersion.newBuilder().setName(keyVersionName.toString()).setState(CryptoKeyVersionState.ENABLED).build();
        // Create a field mask of updated values.
        FieldMask fieldMask = FieldMaskUtil.fromString("state");
        // Destroy the key version.
        CryptoKeyVersion response = client.updateCryptoKeyVersion(keyVersion, fieldMask);
        System.out.printf("Enabled key version: %s%n", response.getName());
    }
}
Also used : CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName) CryptoKeyVersion(com.google.cloud.kms.v1.CryptoKeyVersion) FieldMask(com.google.protobuf.FieldMask) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Example 59 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project spring-cloud-gcp by GoogleCloudPlatform.

the class KmsAutoConfigurationTests method testKeyManagementClientCreated.

@Test
void testKeyManagementClientCreated() {
    try (ConfigurableApplicationContext c = applicationBuilder.run()) {
        KeyManagementServiceClient client = c.getBean(KeyManagementServiceClient.class);
        assertThat(client).isNotNull();
    }
}
Also used : ConfigurableApplicationContext(org.springframework.context.ConfigurableApplicationContext) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient) Test(org.junit.jupiter.api.Test)

Example 60 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.

the class VerifyMac method verifyMac.

// Sign data with a given mac key.
public void verifyMac(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId, String data, byte[] signature) throws IOException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the key version name from the project, location, key ring, key,
        // and key version.
        CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
        // Verify the signature
        MacVerifyResponse response = client.macVerify(keyVersionName, ByteString.copyFromUtf8(data), ByteString.copyFrom(signature));
        // The data comes back as raw bytes, which may include non-printable
        // characters. This base64-encodes the result so it can be printed below.
        System.out.printf("Success: %s%n", response.getSuccess());
    }
}
Also used : CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName) MacVerifyResponse(com.google.cloud.kms.v1.MacVerifyResponse) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Aggregations

KeyManagementServiceClient (com.google.cloud.kms.v1.KeyManagementServiceClient)185 CryptoKey (com.google.cloud.kms.v1.CryptoKey)56 CryptoKeyVersion (com.google.cloud.kms.v1.CryptoKeyVersion)39 CryptoKeyVersionName (com.google.cloud.kms.v1.CryptoKeyVersionName)37 CryptoKeyName (com.google.cloud.kms.v1.CryptoKeyName)33 ByteString (com.google.protobuf.ByteString)20 KeyRingName (com.google.cloud.kms.v1.KeyRingName)17 KeyRing (com.google.cloud.kms.v1.KeyRing)16 FieldMask (com.google.protobuf.FieldMask)16 PublicKey (com.google.cloud.kms.v1.PublicKey)14 ImportJob (com.google.cloud.kms.v1.ImportJob)10 Test (org.junit.Test)10 Digest (com.google.cloud.kms.v1.Digest)8 EncryptResponse (com.google.cloud.kms.v1.EncryptResponse)8 Policy (com.google.iam.v1.Policy)8 X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)8 DecryptResponse (com.google.cloud.kms.v1.DecryptResponse)7 AsymmetricDecryptResponse (com.google.cloud.kms.v1.AsymmetricDecryptResponse)6 AsymmetricSignResponse (com.google.cloud.kms.v1.AsymmetricSignResponse)6 LocationName (com.google.cloud.kms.v1.LocationName)6