Examples with KeyManagementServiceClient com.google.cloud.kms.v1.KeyManagementServiceClient used on opensource projects

Example 91 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-docs-samples by GoogleCloudPlatform.

the class UpdateKeyUpdateLabels method updateKeyUpdateLabels.

// Create a new key that is used for symmetric encryption and decryption.
public void updateKeyUpdateLabels(String projectId, String locationId, String keyRingId, String keyId) throws IOException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the parent name from the project, location, and key ring.
        CryptoKeyName cryptoKeyName = CryptoKeyName.of(projectId, locationId, keyRingId, keyId);
        // 
        // Step 1 - get the current set of labels on the key
        // 
        // Get the current key.
        CryptoKey key = client.getCryptoKey(cryptoKeyName);
        // 
        // Step 2 - add a label to the list of labels
        // 
        // Add a new label.
        key = key.toBuilder().putLabels("new_label", "new_value").build();
        // Construct the field mask.
        FieldMask fieldMask = FieldMaskUtil.fromString("labels");
        // Update the key.
        CryptoKey updatedKey = client.updateCryptoKey(key, fieldMask);
        System.out.printf("Updated key %s%n", updatedKey.getName());
    }
}

Example 92 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-docs-samples by GoogleCloudPlatform.

the class VerifyAsymmetricEc method verifyAsymmetricEc.

// Verify the signature of a message signed with an RSA key.
public void verifyAsymmetricEc(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId, String message, byte[] signature) throws IOException, GeneralSecurityException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the name from the project, location, and key ring, key, and key version.
        CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
        // Convert the message into bytes. Cryptographic plaintexts and
        // ciphertexts are always byte arrays.
        byte[] plaintext = message.getBytes(StandardCharsets.UTF_8);
        // Get the public key.
        PublicKey publicKey = client.getPublicKey(keyVersionName);
        // Convert the public PEM key to a DER key (see helper below).
        byte[] derKey = convertPemToDer(publicKey.getPem());
        X509EncodedKeySpec keySpec = new X509EncodedKeySpec(derKey);
        java.security.PublicKey ecKey = KeyFactory.getInstance("EC").generatePublic(keySpec);
        // Verify the 'RSA_SIGN_PKCS1_2048_SHA256' signature.
        // For other key algorithms:
        // http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#Signature
        Signature ecVerify = Signature.getInstance("SHA256withECDSA");
        ecVerify.initVerify(ecKey);
        ecVerify.update(plaintext);
        // Verify the signature.
        boolean verified = ecVerify.verify(signature);
        System.out.printf("Signature verified: %s", verified);
    }
}

Example 93 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-docs-samples by GoogleCloudPlatform.

the class VerifyAsymmetricRsa method verifyAsymmetricRsa.

// Verify the signature of a message signed with an RSA key.
public void verifyAsymmetricRsa(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId, String message, byte[] signature) throws IOException, GeneralSecurityException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the name from the project, location, and key ring, key, and key version.
        CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
        // Convert the message into bytes. Cryptographic plaintexts and
        // ciphertexts are always byte arrays.
        byte[] plaintext = message.getBytes(StandardCharsets.UTF_8);
        // Get the public key.
        PublicKey publicKey = client.getPublicKey(keyVersionName);
        // Convert the public PEM key to a DER key (see helper below).
        byte[] derKey = convertPemToDer(publicKey.getPem());
        X509EncodedKeySpec keySpec = new X509EncodedKeySpec(derKey);
        java.security.PublicKey rsaKey = KeyFactory.getInstance("RSA").generatePublic(keySpec);
        // Verify the 'RSA_SIGN_PKCS1_2048_SHA256' signature.
        // For other key algorithms:
        // http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#Signature
        Signature rsaVerify = Signature.getInstance("SHA256withRSA");
        rsaVerify.initVerify(rsaKey);
        rsaVerify.update(plaintext);
        // Verify the signature.
        boolean verified = rsaVerify.verify(signature);
        System.out.printf("Signature verified: %s", verified);
    }
}

Example 94 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-docs-samples by GoogleCloudPlatform.

the class SnippetsIT method afterAll.

@AfterClass
public static void afterAll() throws IOException {
    Assert.assertFalse("missing GOOGLE_CLOUD_PROJECT", Strings.isNullOrEmpty(PROJECT_ID));
    // Iterate over each key ring's key's crypto key versions and destroy.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        for (CryptoKey key : client.listCryptoKeys(getKeyRingName()).iterateAll()) {
            if (key.hasRotationPeriod() || key.hasNextRotationTime()) {
                CryptoKey keyWithoutRotation = CryptoKey.newBuilder().setName(key.getName()).build();
                FieldMask fieldMask = FieldMaskUtil.fromString("rotation_period,next_rotation_time");
                client.updateCryptoKey(keyWithoutRotation, fieldMask);
            }
            ListCryptoKeyVersionsRequest listVersionsRequest = ListCryptoKeyVersionsRequest.newBuilder().setParent(key.getName()).setFilter("state != DESTROYED AND state != DESTROY_SCHEDULED").build();
            for (CryptoKeyVersion version : client.listCryptoKeyVersions(listVersionsRequest).iterateAll()) {
                client.destroyCryptoKeyVersion(version.getName());
            }
        }
    }
}

Example 95 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-docs-samples by GoogleCloudPlatform.

the class SnippetsIT method createAsymmetricDecryptKey.

private static CryptoKey createAsymmetricDecryptKey(String keyId) throws IOException {
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        CryptoKey key = CryptoKey.newBuilder().setPurpose(CryptoKeyPurpose.ASYMMETRIC_DECRYPT).setVersionTemplate(CryptoKeyVersionTemplate.newBuilder().setAlgorithm(CryptoKeyVersionAlgorithm.RSA_DECRYPT_OAEP_2048_SHA256).build()).putLabels("foo", "bar").putLabels("zip", "zap").build();
        CryptoKey createdKey = client.createCryptoKey(getKeyRingName(), keyId, key);
        return createdKey;
    }
}