Example 51 with Certificate
use of com.google.cloud.security.privateca.v1.Certificate in project xipki by xipki.
the class CtLogServlet method doPost.
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
try {
AddPreChainRequest req0 = parse(req.getInputStream(), AddPreChainRequest.class);
List<byte[]> chain = req0.getChain();
if (chain == null || chain.size() < 2) {
String msg = "chain has less than two certificates";
LOG.warn(msg);
resp.sendError(HttpServletResponse.SC_BAD_REQUEST, msg);
return;
}
Certificate cert = Certificate.getInstance(chain.get(0));
Certificate caCert = Certificate.getInstance(chain.get(1));
byte[] issuerKeyHash = HashAlgo.SHA256.hash(caCert.getSubjectPublicKeyInfo().getEncoded());
byte[] preCertTbsCert = CtLog.getPreCertTbsCert(cert.getTBSCertificate());
byte sctVersion = 0;
long timestamp = System.currentTimeMillis();
byte[] sctExtensions = null;
Signature sig = Signature.getInstance(signatureAlgo);
sig.initSign(signingKey);
CtLog.update(sig, sctVersion, timestamp, sctExtensions, issuerKeyHash, preCertTbsCert);
byte[] signature = sig.sign();
AddPreChainResponse resp0 = new AddPreChainResponse();
resp0.setSct_version(sctVersion);
resp0.setId(logId);
resp0.setTimestamp(timestamp);
DigitallySigned digitallySigned = new DigitallySigned(signatureAndHashAlgorithm, signature);
resp0.setSignature(digitallySigned.getEncoded());
byte[] respContent = JSON.toJSONBytes(resp0);
resp.setContentType("application/json");
resp.setContentLengthLong(respContent.length);
resp.getOutputStream().write(respContent);
resp.setStatus(HttpServletResponse.SC_OK);
} catch (Exception ex) {
LogUtil.error(LOG, ex);
throw new ServletException(ex.getMessage(), ex);
}
}
Also used :
ServletException(javax.servlet.ServletException)
DigitallySigned(org.xipki.security.ctlog.CtLog.DigitallySigned)
Signature(java.security.Signature)
AddPreChainRequest(org.xipki.security.ctlog.CtLogMessages.AddPreChainRequest)
AddPreChainResponse(org.xipki.security.ctlog.CtLogMessages.AddPreChainResponse)
ServletException(javax.servlet.ServletException)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
IOException(java.io.IOException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
Certificate(org.bouncycastle.asn1.x509.Certificate)
Example 52 with Certificate
use of com.google.cloud.security.privateca.v1.Certificate in project LinLong-Java by zhenwei1108.
the class X509CertificatePair method getEncoded.
public byte[] getEncoded() throws CertificateEncodingException {
Certificate f = null;
Certificate r = null;
try {
if (forward != null) {
f = Certificate.getInstance(new ASN1InputStream(forward.getEncoded()).readObject());
if (f == null) {
throw new CertificateEncodingException("unable to get encoding for forward");
}
}
if (reverse != null) {
r = Certificate.getInstance(new ASN1InputStream(reverse.getEncoded()).readObject());
if (r == null) {
throw new CertificateEncodingException("unable to get encoding for reverse");
}
}
return new CertificatePair(f, r).getEncoded(ASN1Encoding.DER);
} catch (IllegalArgumentException e) {
throw new ExtCertificateEncodingException(e.toString(), e);
} catch (IOException e) {
throw new ExtCertificateEncodingException(e.toString(), e);
}
}
Also used :
ASN1InputStream(com.github.zhenwei.core.asn1.ASN1InputStream)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
IOException(java.io.IOException)
CertificatePair(com.github.zhenwei.core.asn1.x509.CertificatePair)
X509Certificate(java.security.cert.X509Certificate)
Certificate(com.github.zhenwei.core.asn1.x509.Certificate)
Example 53 with Certificate
use of com.google.cloud.security.privateca.v1.Certificate in project java-security-private-ca by googleapis.
the class CertificateAuthorityServiceClientTest method listCertificatesTest2.
@Test
public void listCertificatesTest2() throws Exception {
Certificate responsesElement = Certificate.newBuilder().build();
ListCertificatesResponse expectedResponse = ListCertificatesResponse.newBuilder().setNextPageToken("").addAllCertificates(Arrays.asList(responsesElement)).build();
mockCertificateAuthorityService.addResponse(expectedResponse);
String parent = "parent-995424086";
ListCertificatesPagedResponse pagedListResponse = client.listCertificates(parent);
List<Certificate> resources = Lists.newArrayList(pagedListResponse.iterateAll());
Assert.assertEquals(1, resources.size());
Assert.assertEquals(expectedResponse.getCertificatesList().get(0), resources.get(0));
List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
Assert.assertEquals(1, actualRequests.size());
ListCertificatesRequest actualRequest = ((ListCertificatesRequest) actualRequests.get(0));
Assert.assertEquals(parent, actualRequest.getParent());
Assert.assertTrue(channelProvider.isHeaderSent(ApiClientHeaderProvider.getDefaultApiClientHeaderKey(), GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
}
Also used :
AbstractMessage(com.google.protobuf.AbstractMessage)
ByteString(com.google.protobuf.ByteString)
ListCertificatesPagedResponse(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient.ListCertificatesPagedResponse)
Test(org.junit.Test)
Example 54 with Certificate
use of com.google.cloud.security.privateca.v1.Certificate in project java-security-private-ca by googleapis.
the class CertificateAuthorityServiceClientTest method listCertificatesTest.
@Test
public void listCertificatesTest() throws Exception {
Certificate responsesElement = Certificate.newBuilder().build();
ListCertificatesResponse expectedResponse = ListCertificatesResponse.newBuilder().setNextPageToken("").addAllCertificates(Arrays.asList(responsesElement)).build();
mockCertificateAuthorityService.addResponse(expectedResponse);
CaPoolName parent = CaPoolName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]");
ListCertificatesPagedResponse pagedListResponse = client.listCertificates(parent);
List<Certificate> resources = Lists.newArrayList(pagedListResponse.iterateAll());
Assert.assertEquals(1, resources.size());
Assert.assertEquals(expectedResponse.getCertificatesList().get(0), resources.get(0));
List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
Assert.assertEquals(1, actualRequests.size());
ListCertificatesRequest actualRequest = ((ListCertificatesRequest) actualRequests.get(0));
Assert.assertEquals(parent.toString(), actualRequest.getParent());
Assert.assertTrue(channelProvider.isHeaderSent(ApiClientHeaderProvider.getDefaultApiClientHeaderKey(), GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
}
Also used :
AbstractMessage(com.google.protobuf.AbstractMessage)
ListCertificatesPagedResponse(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient.ListCertificatesPagedResponse)
Test(org.junit.Test)
Example 55 with Certificate
use of com.google.cloud.security.privateca.v1.Certificate in project java-security-private-ca by googleapis.
the class UpdateCertificateTemplate method updateCertificateTemplate.
// Updates an existing certificate template.
public static void updateCertificateTemplate(String project, String location, String certificateTemplateId) throws IOException, ExecutionException, InterruptedException, TimeoutException {
/* Initialize client that will be used to send requests. This client only needs to be created
once, and can be reused for multiple requests. After completing all of your requests, call
the `certificateAuthorityServiceClient.close()` method on the client to safely
clean up any remaining background resources. */
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
String certificateTemplateName = CertificateTemplateName.of(project, location, certificateTemplateId).toString();
// Set the parent name and the properties to be updated.
CertificateTemplate certificateTemplate = CertificateTemplate.newBuilder().setName(certificateTemplateName).setIdentityConstraints(CertificateIdentityConstraints.newBuilder().setAllowSubjectPassthrough(false).setAllowSubjectAltNamesPassthrough(true).build()).build();
// Set the mask corresponding to the properties updated above.
FieldMask fieldMask = FieldMask.newBuilder().addPaths("identity_constraints.allow_subject_alt_names_passthrough").addPaths("identity_constraints.allow_subject_passthrough").build();
/* Set the new template.
Set the mask to specify which properties of the template should be updated. */
UpdateCertificateTemplateRequest request = UpdateCertificateTemplateRequest.newBuilder().setCertificateTemplate(certificateTemplate).setUpdateMask(fieldMask).build();
// Create the update certificate template request.
ApiFuture<Operation> futureCall = certificateAuthorityServiceClient.updateCertificateTemplateCallable().futureCall(request);
Operation response = futureCall.get(60, TimeUnit.SECONDS);
// Check for errors.
if (response.hasError()) {
System.out.println("Error in updating certificate template ! " + response.getError());
return;
}
// Get the updated certificate template and check if the properties have been updated.
CertificateIdentityConstraints updatedCertificateIdentityConstraints = certificateAuthorityServiceClient.getCertificateTemplate(certificateTemplateName).getIdentityConstraints();
if (!updatedCertificateIdentityConstraints.getAllowSubjectPassthrough() && updatedCertificateIdentityConstraints.getAllowSubjectAltNamesPassthrough()) {
System.out.println("Successfully updated the certificate template ! " + response.getName());
return;
}
System.out.println("Error in updating certificate template ! ");
}
}
Also used :
CertificateIdentityConstraints(com.google.cloud.security.privateca.v1.CertificateIdentityConstraints)
CertificateTemplate(com.google.cloud.security.privateca.v1.CertificateTemplate)
CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient)
UpdateCertificateTemplateRequest(com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest)
Operation(com.google.longrunning.Operation)
FieldMask(com.google.protobuf.FieldMask)
Aggregations
Certificate (org.bouncycastle.asn1.x509.Certificate)53
IOException (java.io.IOException)40
X509Certificate (java.security.cert.X509Certificate)37
CertificateException (java.security.cert.CertificateException)27
CertificateAuthorityServiceClient (com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient)24
Test (org.junit.Test)14
Operation (com.google.longrunning.Operation)13
File (java.io.File)11
BigInteger (java.math.BigInteger)9
CertificateEncodingException (java.security.cert.CertificateEncodingException)9
TBSCertificate (org.bouncycastle.asn1.x509.TBSCertificate)9
Test (org.junit.jupiter.api.Test)9
Certificate (com.google.cloud.security.privateca.v1.Certificate)8
SQLException (java.sql.SQLException)8
X500Name (org.bouncycastle.asn1.x500.X500Name)8
ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)7
Certificate (com.beanit.asn1bean.compiler.pkix1explicit88.Certificate)6
Extension (org.bouncycastle.asn1.x509.Extension)6
OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)6
Date (java.util.Date)5
