Search in sources :

Example 6 with Certificate

use of com.google.cloud.security.privateca.v1.Certificate in project kubernetes-client by fabric8io.

the class CertificateCreate method main.

public static void main(String[] args) {
    try (NamespacedCertManagerClient certManagerClient = new DefaultCertManagerClient()) {
        String namespace = "default";
        Certificate certificate = new CertificateBuilder().build();
        // Create Certificate
        certManagerClient.v1().certificates().inNamespace(namespace).create(certificate);
        System.out.println("Created: " + certificate.getMetadata().getName());
        // List Certificate
        CertificateList certificateList = certManagerClient.v1().certificates().inNamespace(namespace).list();
        System.out.println("There are " + certificateList.getItems().size() + " TaskRun objects in " + namespace);
    }
}
Also used : NamespacedCertManagerClient(io.fabric8.certmanager.client.NamespacedCertManagerClient) DefaultCertManagerClient(io.fabric8.certmanager.client.DefaultCertManagerClient) CertificateBuilder(io.fabric8.certmanager.api.model.v1.CertificateBuilder) CertificateList(io.fabric8.certmanager.api.model.v1.CertificateList) Certificate(io.fabric8.certmanager.api.model.v1.Certificate)

Example 7 with Certificate

use of com.google.cloud.security.privateca.v1.Certificate in project kubernetes-client by fabric8io.

the class CertificateCreate method main.

public static void main(String[] args) {
    try (NamespacedCertManagerClient certManagerClient = new DefaultCertManagerClient()) {
        String namespace = "default";
        Certificate certificate = new CertificateBuilder().build();
        // Create Certificate
        certManagerClient.v1alpha2().certificates().inNamespace(namespace).create(certificate);
        System.out.println("Created: " + certificate.getMetadata().getName());
        // List Certificate
        CertificateList certificateList = certManagerClient.v1alpha2().certificates().inNamespace(namespace).list();
        System.out.println("There are " + certificateList.getItems().size() + " TaskRun objects in " + namespace);
    }
}
Also used : NamespacedCertManagerClient(io.fabric8.certmanager.client.NamespacedCertManagerClient) DefaultCertManagerClient(io.fabric8.certmanager.client.DefaultCertManagerClient) CertificateBuilder(io.fabric8.certmanager.api.model.v1alpha2.CertificateBuilder) CertificateList(io.fabric8.certmanager.api.model.v1alpha2.CertificateList) Certificate(io.fabric8.certmanager.api.model.v1alpha2.Certificate)

Example 8 with Certificate

use of com.google.cloud.security.privateca.v1.Certificate in project kubernetes-client by fabric8io.

the class CertificateCreate method main.

public static void main(String[] args) {
    try (NamespacedCertManagerClient certManagerClient = new DefaultCertManagerClient()) {
        String namespace = "default";
        Certificate certificate = new CertificateBuilder().build();
        // Create Certificate
        certManagerClient.v1alpha3().certificates().inNamespace(namespace).create(certificate);
        System.out.println("Created: " + certificate.getMetadata().getName());
        // List Certificate
        CertificateList certificateList = certManagerClient.v1alpha3().certificates().inNamespace(namespace).list();
        System.out.println("There are " + certificateList.getItems().size() + " TaskRun objects in " + namespace);
    }
}
Also used : NamespacedCertManagerClient(io.fabric8.certmanager.client.NamespacedCertManagerClient) DefaultCertManagerClient(io.fabric8.certmanager.client.DefaultCertManagerClient) CertificateBuilder(io.fabric8.certmanager.api.model.v1alpha3.CertificateBuilder) CertificateList(io.fabric8.certmanager.api.model.v1alpha3.CertificateList) Certificate(io.fabric8.certmanager.api.model.v1alpha3.Certificate)

Example 9 with Certificate

use of com.google.cloud.security.privateca.v1.Certificate in project TLS-Scanner by tls-attacker.

the class TrustAnchorManager method getFullCaCertificateSet.

private Set<Certificate> getFullCaCertificateSet() {
    Set<Certificate> certificateSet = new HashSet<>();
    for (CertificateEntry entry : trustAnchors.values()) {
        InputStream resourceAsStream = TrustAnchorManager.class.getClassLoader().getResourceAsStream("trust/" + entry.getFingerprint() + ".pem");
        try {
            org.bouncycastle.crypto.tls.Certificate cert = PemUtil.readCertificate(resourceAsStream);
            certificateSet.add(cert.getCertificateAt(0));
        } catch (IOException | CertificateException ex) {
            LOGGER.error("Could not load Certificate:" + entry.getSubjectName() + "/" + entry.getFingerprint(), ex);
        }
    }
    return certificateSet;
}
Also used : BufferedInputStream(java.io.BufferedInputStream) InputStream(java.io.InputStream) CertificateException(java.security.cert.CertificateException) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate) Certificate(org.bouncycastle.asn1.x509.Certificate) HashSet(java.util.HashSet)

Example 10 with Certificate

use of com.google.cloud.security.privateca.v1.Certificate in project snowflake-jdbc by snowflakedb.

the class SFTrustManager method isCached.

/**
 * Is OCSP Response cached?
 *
 * @param pairIssuerSubjectList a list of pair of issuer and subject certificates
 * @return true if all of OCSP response are cached else false
 */
private boolean isCached(List<SFPair<Certificate, Certificate>> pairIssuerSubjectList) {
    long currentTimeSecond = new Date().getTime() / 1000L;
    boolean isCached = true;
    try {
        for (SFPair<Certificate, Certificate> pairIssuerSubject : pairIssuerSubjectList) {
            OCSPReq req = createRequest(pairIssuerSubject);
            CertificateID certificateId = req.getRequestList()[0].getCertID();
            LOGGER.debug(CertificateIDToString(certificateId));
            CertID cid = certificateId.toASN1Primitive();
            OcspResponseCacheKey k = new OcspResponseCacheKey(cid.getIssuerNameHash().getEncoded(), cid.getIssuerKeyHash().getEncoded(), cid.getSerialNumber().getValue());
            SFPair<Long, String> res = OCSP_RESPONSE_CACHE.get(k);
            if (res == null) {
                LOGGER.debug("Not all OCSP responses for the certificate is in the cache.");
                isCached = false;
                break;
            } else if (currentTimeSecond - CACHE_EXPIRATION_IN_SECONDS > res.left) {
                LOGGER.debug("Cache for CertID expired.");
                isCached = false;
                break;
            } else {
                try {
                    validateRevocationStatusMain(pairIssuerSubject, res.right);
                } catch (SFOCSPException ex) {
                    LOGGER.debug("Cache includes invalid OCSPResponse. " + "Will download the OCSP cache from Snowflake OCSP server");
                    isCached = false;
                }
            }
        }
    } catch (IOException ex) {
        LOGGER.debug("Failed to encode CertID.");
    }
    return isCached;
}
Also used : CertID(org.bouncycastle.asn1.ocsp.CertID) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate) Certificate(org.bouncycastle.asn1.x509.Certificate)

Aggregations

Certificate (org.bouncycastle.asn1.x509.Certificate)53 IOException (java.io.IOException)40 X509Certificate (java.security.cert.X509Certificate)37 CertificateException (java.security.cert.CertificateException)27 CertificateAuthorityServiceClient (com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient)24 Test (org.junit.Test)14 Operation (com.google.longrunning.Operation)13 File (java.io.File)11 BigInteger (java.math.BigInteger)9 CertificateEncodingException (java.security.cert.CertificateEncodingException)9 TBSCertificate (org.bouncycastle.asn1.x509.TBSCertificate)9 Test (org.junit.jupiter.api.Test)9 Certificate (com.google.cloud.security.privateca.v1.Certificate)8 SQLException (java.sql.SQLException)8 X500Name (org.bouncycastle.asn1.x500.X500Name)8 ASN1Sequence (org.bouncycastle.asn1.ASN1Sequence)7 Certificate (com.beanit.asn1bean.compiler.pkix1explicit88.Certificate)6 Extension (org.bouncycastle.asn1.x509.Extension)6 OperatorCreationException (org.bouncycastle.operator.OperatorCreationException)6 Date (java.util.Date)5