Search in sources :

Example 56 with Certificate

use of com.google.cloud.security.privateca.v1.Certificate in project java-security-private-ca by googleapis.

the class SnippetsIT method testActivateSubordinateCertificateAuthority.

@Test
public void testActivateSubordinateCertificateAuthority() throws IOException, ExecutionException, InterruptedException {
    try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
        Certificate response = certificateAuthorityServiceClient.getCertificate(CertificateName.of(PROJECT_ID, LOCATION, CA_POOL_ID, CSR_CERTIFICATE_NAME).toString());
        String pemCertificate = response.getPemCertificate();
        privateca.ActivateSubordinateCa.activateSubordinateCA(PROJECT_ID, LOCATION, CA_POOL_ID, CA_NAME, SUBORDINATE_CA_NAME, pemCertificate);
        assertThat(stdOut.toString()).contains("Current State: STAGED");
    }
}
Also used : CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient) ByteString(com.google.protobuf.ByteString) Certificate(com.google.cloud.security.privateca.v1.Certificate) Test(org.junit.Test)

Example 57 with Certificate

use of com.google.cloud.security.privateca.v1.Certificate in project java-security-private-ca by googleapis.

the class SnippetsIT method testRevokeCertificate.

@Test
public void testRevokeCertificate() throws InterruptedException, ExecutionException, IOException {
    try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
        // Revoke the certificate.
        privateca.RevokeCertificate.revokeCertificate(PROJECT_ID, LOCATION, CA_POOL_ID, CERTIFICATE_NAME);
        // Check if the certificate has revocation details. If it does, then the certificate is
        // considered as revoked.
        CertificateName certificateName = CertificateName.of(PROJECT_ID, LOCATION, CA_POOL_ID, CERTIFICATE_NAME);
        Assert.assertTrue(certificateAuthorityServiceClient.getCertificate(certificateName).hasRevocationDetails());
    }
}
Also used : CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient) CertificateName(com.google.cloud.security.privateca.v1.CertificateName) Test(org.junit.Test)

Example 58 with Certificate

use of com.google.cloud.security.privateca.v1.Certificate in project java-security-private-ca by googleapis.

the class CreateCaPool method createCaPool.

// Create a Certificate Authority Pool. All certificates created under this CA pool will
// follow the same issuance policy, IAM policies,etc.,
public static void createCaPool(String project, String location, String pool_Id) throws InterruptedException, ExecutionException, IOException {
    // clean up any remaining background resources.
    try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
        /* Create the pool request
        Set Parent which denotes the project id and location.
        Set the Tier (see: https://cloud.google.com/certificate-authority-service/docs/tiers).
      */
        CreateCaPoolRequest caPoolRequest = CreateCaPoolRequest.newBuilder().setParent(LocationName.of(project, location).toString()).setCaPoolId(pool_Id).setCaPool(CaPool.newBuilder().setTier(Tier.ENTERPRISE).build()).build();
        // Create the CA pool.
        ApiFuture<Operation> futureCall = certificateAuthorityServiceClient.createCaPoolCallable().futureCall(caPoolRequest);
        Operation response = futureCall.get();
        if (response.hasError()) {
            System.out.println("Error while creating CA pool !" + response.getError());
            return;
        }
        System.out.println("CA pool created successfully: " + pool_Id);
    }
}
Also used : CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient) CreateCaPoolRequest(com.google.cloud.security.privateca.v1.CreateCaPoolRequest) Operation(com.google.longrunning.Operation)

Example 59 with Certificate

use of com.google.cloud.security.privateca.v1.Certificate in project java-security-private-ca by googleapis.

the class CreateCertificateTemplate method createCertificateTemplate.

/* Creates a Certificate template. These templates can be reused for common
  certificate issuance scenarios. */
public static void createCertificateTemplate(String project, String location, String certificateTemplateId) throws IOException, ExecutionException, InterruptedException, TimeoutException {
    /* Initialize client that will be used to send requests. This client only needs to be created
    once, and can be reused for multiple requests. After completing all of your requests, call
    the `certificateAuthorityServiceClient.close()` method on the client to safely
    clean up any remaining background resources. */
    try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
        /* Describes any predefined X.509 values set by this template.
      The provided extensions are copied over to certificate requests that use this template.*/
        KeyUsage keyUsage = KeyUsage.newBuilder().setBaseKeyUsage(KeyUsageOptions.newBuilder().setDigitalSignature(true).setKeyEncipherment(true).build()).setExtendedKeyUsage(ExtendedKeyUsageOptions.newBuilder().setServerAuth(true).build()).build();
        CaOptions caOptions = CaOptions.newBuilder().setIsCa(false).build();
        /* CEL expression that is evaluated against the Subject and
      Subject Alternative Name of the certificate before it is issued. */
        Expr expr = Expr.newBuilder().setExpression("subject_alt_names.all(san, san.type == DNS)").build();
        // Set the certificate issuance schema.
        CertificateTemplate certificateTemplate = CertificateTemplate.newBuilder().setPredefinedValues(X509Parameters.newBuilder().setKeyUsage(keyUsage).setCaOptions(caOptions).build()).setIdentityConstraints(CertificateIdentityConstraints.newBuilder().setCelExpression(expr).setAllowSubjectPassthrough(false).setAllowSubjectAltNamesPassthrough(false).build()).build();
        // Set the parent and certificate template properties.
        CreateCertificateTemplateRequest certificateTemplateRequest = CreateCertificateTemplateRequest.newBuilder().setParent(LocationName.of(project, location).toString()).setCertificateTemplate(certificateTemplate).setCertificateTemplateId(certificateTemplateId).build();
        // Create Template request.
        ApiFuture<Operation> futureCall = certificateAuthorityServiceClient.createCertificateTemplateCallable().futureCall(certificateTemplateRequest);
        Operation response = futureCall.get(60, TimeUnit.SECONDS);
        if (response.hasError()) {
            System.out.println("Error creating certificate template ! " + response.getError());
            return;
        }
        System.out.println("Successfully created certificate template ! " + response.getName());
    }
}
Also used : CreateCertificateTemplateRequest(com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest) Expr(com.google.type.Expr) CertificateTemplate(com.google.cloud.security.privateca.v1.CertificateTemplate) CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient) KeyUsage(com.google.cloud.security.privateca.v1.KeyUsage) CaOptions(com.google.cloud.security.privateca.v1.X509Parameters.CaOptions) Operation(com.google.longrunning.Operation)

Example 60 with Certificate

use of com.google.cloud.security.privateca.v1.Certificate in project java-security-private-ca by googleapis.

the class CreateCertificate_CSR method createCertificateWithCSR.

// Create a Certificate which is issued by the specified Certificate Authority.
// The certificate details and the public key is provided as a CSR (Certificate Signing Request).
public static void createCertificateWithCSR(String project, String location, String pool_Id, String certificateAuthorityName, String certificateName, String pemCSR) throws IOException, ExecutionException, InterruptedException {
    // clean up any remaining background resources.
    try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
        // certificateLifetime: The validity of the certificate in seconds.
        long certificateLifetime = 1000L;
        // Create certificate with CSR.
        // The pemCSR contains the public key and the domain details required.
        Certificate certificate = Certificate.newBuilder().setPemCsr(pemCSR).setLifetime(Duration.newBuilder().setSeconds(certificateLifetime).build()).build();
        // Create the Certificate Request.
        // Set the CA which is responsible for creating the certificate with the provided CSR.
        CreateCertificateRequest certificateRequest = CreateCertificateRequest.newBuilder().setParent(CaPoolName.of(project, location, pool_Id).toString()).setIssuingCertificateAuthorityId(certificateAuthorityName).setCertificateId(certificateName).setCertificate(certificate).build();
        // Get the certificate response.
        ApiFuture<Certificate> future = certificateAuthorityServiceClient.createCertificateCallable().futureCall(certificateRequest);
        Certificate certificateResponse = future.get();
        System.out.println("Certificate created successfully : " + certificateResponse.getName());
        // Get the signed certificate and the issuer chain list.
        System.out.println("Signed certificate:\n " + certificateResponse.getPemCertificate());
        System.out.println("Issuer chain list:\n" + certificateResponse.getPemCertificateChainList());
    }
}
Also used : CreateCertificateRequest(com.google.cloud.security.privateca.v1.CreateCertificateRequest) CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient) Certificate(com.google.cloud.security.privateca.v1.Certificate)

Aggregations

Certificate (org.bouncycastle.asn1.x509.Certificate)53 IOException (java.io.IOException)40 X509Certificate (java.security.cert.X509Certificate)37 CertificateException (java.security.cert.CertificateException)27 CertificateAuthorityServiceClient (com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient)24 Test (org.junit.Test)14 Operation (com.google.longrunning.Operation)13 File (java.io.File)11 BigInteger (java.math.BigInteger)9 CertificateEncodingException (java.security.cert.CertificateEncodingException)9 TBSCertificate (org.bouncycastle.asn1.x509.TBSCertificate)9 Test (org.junit.jupiter.api.Test)9 Certificate (com.google.cloud.security.privateca.v1.Certificate)8 SQLException (java.sql.SQLException)8 X500Name (org.bouncycastle.asn1.x500.X500Name)8 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)7 Certificate (com.beanit.asn1bean.compiler.pkix1explicit88.Certificate)6 Extension (org.bouncycastle.asn1.x509.Extension)6 OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)6 Date (java.util.Date)5