use of com.google.cloud.security.privateca.v1.Certificate in project kubernetes-client by fabric8io.
the class CertificateCreate method main.
public static void main(String[] args) {
try (NamespacedCertManagerClient certManagerClient = new DefaultCertManagerClient()) {
String namespace = "default";
Certificate certificate = new CertificateBuilder().build();
// Create Certificate
certManagerClient.v1().certificates().inNamespace(namespace).create(certificate);
System.out.println("Created: " + certificate.getMetadata().getName());
// List Certificate
CertificateList certificateList = certManagerClient.v1().certificates().inNamespace(namespace).list();
System.out.println("There are " + certificateList.getItems().size() + " TaskRun objects in " + namespace);
}
}
use of com.google.cloud.security.privateca.v1.Certificate in project kubernetes-client by fabric8io.
the class CertificateCreate method main.
public static void main(String[] args) {
try (NamespacedCertManagerClient certManagerClient = new DefaultCertManagerClient()) {
String namespace = "default";
Certificate certificate = new CertificateBuilder().build();
// Create Certificate
certManagerClient.v1alpha2().certificates().inNamespace(namespace).create(certificate);
System.out.println("Created: " + certificate.getMetadata().getName());
// List Certificate
CertificateList certificateList = certManagerClient.v1alpha2().certificates().inNamespace(namespace).list();
System.out.println("There are " + certificateList.getItems().size() + " TaskRun objects in " + namespace);
}
}
use of com.google.cloud.security.privateca.v1.Certificate in project kubernetes-client by fabric8io.
the class CertificateCreate method main.
public static void main(String[] args) {
try (NamespacedCertManagerClient certManagerClient = new DefaultCertManagerClient()) {
String namespace = "default";
Certificate certificate = new CertificateBuilder().build();
// Create Certificate
certManagerClient.v1alpha3().certificates().inNamespace(namespace).create(certificate);
System.out.println("Created: " + certificate.getMetadata().getName());
// List Certificate
CertificateList certificateList = certManagerClient.v1alpha3().certificates().inNamespace(namespace).list();
System.out.println("There are " + certificateList.getItems().size() + " TaskRun objects in " + namespace);
}
}
use of com.google.cloud.security.privateca.v1.Certificate in project TLS-Scanner by tls-attacker.
the class TrustAnchorManager method getFullCaCertificateSet.
private Set<Certificate> getFullCaCertificateSet() {
Set<Certificate> certificateSet = new HashSet<>();
for (CertificateEntry entry : trustAnchors.values()) {
InputStream resourceAsStream = TrustAnchorManager.class.getClassLoader().getResourceAsStream("trust/" + entry.getFingerprint() + ".pem");
try {
org.bouncycastle.crypto.tls.Certificate cert = PemUtil.readCertificate(resourceAsStream);
certificateSet.add(cert.getCertificateAt(0));
} catch (IOException | CertificateException ex) {
LOGGER.error("Could not load Certificate:" + entry.getSubjectName() + "/" + entry.getFingerprint(), ex);
}
}
return certificateSet;
}
use of com.google.cloud.security.privateca.v1.Certificate in project snowflake-jdbc by snowflakedb.
the class SFTrustManager method isCached.
/**
* Is OCSP Response cached?
*
* @param pairIssuerSubjectList a list of pair of issuer and subject certificates
* @return true if all of OCSP response are cached else false
*/
private boolean isCached(List<SFPair<Certificate, Certificate>> pairIssuerSubjectList) {
long currentTimeSecond = new Date().getTime() / 1000L;
boolean isCached = true;
try {
for (SFPair<Certificate, Certificate> pairIssuerSubject : pairIssuerSubjectList) {
OCSPReq req = createRequest(pairIssuerSubject);
CertificateID certificateId = req.getRequestList()[0].getCertID();
LOGGER.debug(CertificateIDToString(certificateId));
CertID cid = certificateId.toASN1Primitive();
OcspResponseCacheKey k = new OcspResponseCacheKey(cid.getIssuerNameHash().getEncoded(), cid.getIssuerKeyHash().getEncoded(), cid.getSerialNumber().getValue());
SFPair<Long, String> res = OCSP_RESPONSE_CACHE.get(k);
if (res == null) {
LOGGER.debug("Not all OCSP responses for the certificate is in the cache.");
isCached = false;
break;
} else if (currentTimeSecond - CACHE_EXPIRATION_IN_SECONDS > res.left) {
LOGGER.debug("Cache for CertID expired.");
isCached = false;
break;
} else {
try {
validateRevocationStatusMain(pairIssuerSubject, res.right);
} catch (SFOCSPException ex) {
LOGGER.debug("Cache includes invalid OCSPResponse. " + "Will download the OCSP cache from Snowflake OCSP server");
isCached = false;
}
}
}
} catch (IOException ex) {
LOGGER.debug("Failed to encode CertID.");
}
return isCached;
}
Aggregations