Search in sources :

Example 1 with CertificateAuthorityName

use of com.google.cloud.security.privateca.v1.CertificateAuthorityName in project java-security-private-ca by googleapis.

the class CreateCertificate_CSR method createCertificateWithCSR.

// Create a Certificate which is issued by the specified Certificate Authority.
// The certificate details and the public key is provided as a CSR (Certificate Signing Request).
public static void createCertificateWithCSR(String project, String location, String pool_Id, String certificateAuthorityName, String certificateName, String pemCSR) throws IOException, ExecutionException, InterruptedException {
    // clean up any remaining background resources.
    try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
        // certificateLifetime: The validity of the certificate in seconds.
        long certificateLifetime = 1000L;
        // Create certificate with CSR.
        // The pemCSR contains the public key and the domain details required.
        Certificate certificate = Certificate.newBuilder().setPemCsr(pemCSR).setLifetime(Duration.newBuilder().setSeconds(certificateLifetime).build()).build();
        // Create the Certificate Request.
        // Set the CA which is responsible for creating the certificate with the provided CSR.
        CreateCertificateRequest certificateRequest = CreateCertificateRequest.newBuilder().setParent(CaPoolName.of(project, location, pool_Id).toString()).setIssuingCertificateAuthorityId(certificateAuthorityName).setCertificateId(certificateName).setCertificate(certificate).build();
        // Get the certificate response.
        ApiFuture<Certificate> future = certificateAuthorityServiceClient.createCertificateCallable().futureCall(certificateRequest);
        Certificate certificateResponse = future.get();
        System.out.println("Certificate created successfully : " + certificateResponse.getName());
        // Get the signed certificate and the issuer chain list.
        System.out.println("Signed certificate:\n " + certificateResponse.getPemCertificate());
        System.out.println("Issuer chain list:\n" + certificateResponse.getPemCertificateChainList());
    }
}
Also used : CreateCertificateRequest(com.google.cloud.security.privateca.v1.CreateCertificateRequest) CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient) Certificate(com.google.cloud.security.privateca.v1.Certificate)

Example 2 with CertificateAuthorityName

use of com.google.cloud.security.privateca.v1.CertificateAuthorityName in project java-security-private-ca by googleapis.

the class DeleteCertificateAuthority method deleteCertificateAuthority.

// Delete the Certificate Authority from the specified CA pool.
// Before deletion, the CA must be disabled and must not contain any active certificates.
public static void deleteCertificateAuthority(String project, String location, String pool_Id, String certificateAuthorityName) throws IOException, ExecutionException, InterruptedException {
    // clean up any remaining background resources.
    try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
        // Create the Certificate Authority Name.
        CertificateAuthorityName certificateAuthorityNameParent = CertificateAuthorityName.newBuilder().setProject(project).setLocation(location).setCaPool(pool_Id).setCertificateAuthority(certificateAuthorityName).build();
        // Check if the CA is enabled.
        State caState = certificateAuthorityServiceClient.getCertificateAuthority(certificateAuthorityNameParent).getState();
        if (caState == State.ENABLED) {
            System.out.println("Please disable the Certificate Authority before deletion ! Current state: " + caState);
            return;
        }
        // Create the DeleteCertificateAuthorityRequest.
        // Setting the setIgnoreActiveCertificates() to true, will delete the CA
        // even if it contains active certificates. Care should be taken to re-anchor
        // the certificates to new CA before deleting.
        DeleteCertificateAuthorityRequest deleteCertificateAuthorityRequest = DeleteCertificateAuthorityRequest.newBuilder().setName(certificateAuthorityNameParent.toString()).setIgnoreActiveCertificates(false).build();
        // Delete the Certificate Authority.
        ApiFuture<Operation> futureCall = certificateAuthorityServiceClient.deleteCertificateAuthorityCallable().futureCall(deleteCertificateAuthorityRequest);
        Operation response = futureCall.get();
        if (response.hasError()) {
            System.out.println("Error while deleting Certificate Authority !" + response.getError());
            return;
        }
        // Check if the CA has been deleted.
        caState = certificateAuthorityServiceClient.getCertificateAuthority(certificateAuthorityNameParent).getState();
        if (caState == State.DELETED) {
            System.out.println("Successfully deleted Certificate Authority : " + certificateAuthorityName);
        } else {
            System.out.println("Unable to delete Certificate Authority. Please try again ! Current state: " + caState);
        }
    }
}
Also used : State(com.google.cloud.security.privateca.v1.CertificateAuthority.State) CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient) CertificateAuthorityName(com.google.cloud.security.privateca.v1.CertificateAuthorityName) Operation(com.google.longrunning.Operation) DeleteCertificateAuthorityRequest(com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest)

Example 3 with CertificateAuthorityName

use of com.google.cloud.security.privateca.v1.CertificateAuthorityName in project java-security-private-ca by googleapis.

the class EnableCertificateAuthority method enableCertificateAuthority.

// Enable the Certificate Authority present in the given ca pool.
// CA cannot be enabled if it has been already deleted.
public static void enableCertificateAuthority(String project, String location, String pool_Id, String certificateAuthorityName) throws IOException, ExecutionException, InterruptedException {
    try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
        // Create the Certificate Authority Name.
        CertificateAuthorityName certificateAuthorityParent = CertificateAuthorityName.newBuilder().setProject(project).setLocation(location).setCaPool(pool_Id).setCertificateAuthority(certificateAuthorityName).build();
        // Create the Enable Certificate Authority Request.
        EnableCertificateAuthorityRequest enableCertificateAuthorityRequest = EnableCertificateAuthorityRequest.newBuilder().setName(certificateAuthorityParent.toString()).build();
        // Enable the Certificate Authority.
        ApiFuture<Operation> futureCall = certificateAuthorityServiceClient.enableCertificateAuthorityCallable().futureCall(enableCertificateAuthorityRequest);
        Operation response = futureCall.get();
        if (response.hasError()) {
            System.out.println("Error while enabling Certificate Authority !" + response.getError());
            return;
        }
        // Get the current CA state.
        State caState = certificateAuthorityServiceClient.getCertificateAuthority(certificateAuthorityParent).getState();
        // Check if the CA is enabled.
        if (caState == State.ENABLED) {
            System.out.println("Enabled Certificate Authority : " + certificateAuthorityName);
        } else {
            System.out.println("Cannot enable the Certificate Authority ! Current CA State: " + caState);
        }
    }
}
Also used : State(com.google.cloud.security.privateca.v1.CertificateAuthority.State) CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient) CertificateAuthorityName(com.google.cloud.security.privateca.v1.CertificateAuthorityName) EnableCertificateAuthorityRequest(com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest) Operation(com.google.longrunning.Operation)

Example 4 with CertificateAuthorityName

use of com.google.cloud.security.privateca.v1.CertificateAuthorityName in project java-security-private-ca by googleapis.

the class CreateCertificate method createCertificate.

// Create a Certificate which is issued by the Certificate Authority present in the CA Pool.
// The public key used to sign the certificate can be generated using any crypto
// library/framework.
public static void createCertificate(String project, String location, String pool_Id, String certificateAuthorityName, String certificateName, ByteString publicKeyBytes) throws InterruptedException, ExecutionException, IOException {
    // clean up any remaining background resources.
    try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
        // commonName: Enter a title for your certificate.
        // orgName: Provide the name of your company.
        // domainName: List the fully qualified domain name.
        // certificateLifetime: The validity of the certificate in seconds.
        String commonName = "common-name";
        String orgName = "org-name";
        String domainName = "dns.your-domain.com";
        long certificateLifetime = 1000L;
        // Set the Public Key and its format.
        PublicKey publicKey = PublicKey.newBuilder().setKey(publicKeyBytes).setFormat(KeyFormat.PEM).build();
        SubjectConfig subjectConfig = SubjectConfig.newBuilder().setSubject(Subject.newBuilder().setCommonName(commonName).setOrganization(orgName).build()).setSubjectAltName(SubjectAltNames.newBuilder().addDnsNames(domainName).build()).build();
        // Set the X.509 fields required for the certificate.
        X509Parameters x509Parameters = X509Parameters.newBuilder().setKeyUsage(KeyUsage.newBuilder().setBaseKeyUsage(KeyUsageOptions.newBuilder().setDigitalSignature(true).setKeyEncipherment(true).setCertSign(true).build()).setExtendedKeyUsage(ExtendedKeyUsageOptions.newBuilder().setServerAuth(true).build()).build()).setCaOptions(CaOptions.newBuilder().setIsCa(true).buildPartial()).build();
        // Create certificate.
        Certificate certificate = Certificate.newBuilder().setConfig(CertificateConfig.newBuilder().setPublicKey(publicKey).setSubjectConfig(subjectConfig).setX509Config(x509Parameters).build()).setLifetime(Duration.newBuilder().setSeconds(certificateLifetime).build()).build();
        // Create the Certificate Request.
        CreateCertificateRequest certificateRequest = CreateCertificateRequest.newBuilder().setParent(CaPoolName.of(project, location, pool_Id).toString()).setCertificateId(certificateName).setCertificate(certificate).setIssuingCertificateAuthorityId(certificateAuthorityName).build();
        // Get the Certificate response.
        ApiFuture<Certificate> future = certificateAuthorityServiceClient.createCertificateCallable().futureCall(certificateRequest);
        Certificate response = future.get();
        // Get the PEM encoded, signed X.509 certificate.
        System.out.println(response.getPemCertificate());
        // To verify the obtained certificate, use this intermediate chain list.
        System.out.println(response.getPemCertificateChainList());
    }
}
Also used : SubjectConfig(com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig) X509Parameters(com.google.cloud.security.privateca.v1.X509Parameters) CreateCertificateRequest(com.google.cloud.security.privateca.v1.CreateCertificateRequest) PublicKey(com.google.cloud.security.privateca.v1.PublicKey) CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient) ByteString(com.google.protobuf.ByteString) Certificate(com.google.cloud.security.privateca.v1.Certificate)

Example 5 with CertificateAuthorityName

use of com.google.cloud.security.privateca.v1.CertificateAuthorityName in project java-security-private-ca by googleapis.

the class CreateCertificateAuthority method createCertificateAuthority.

// Create Certificate Authority which is the root CA in the given CA Pool.
public static void createCertificateAuthority(String project, String location, String pool_Id, String certificateAuthorityName) throws InterruptedException, ExecutionException, IOException {
    // clean up any remaining background resources.
    try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
        String commonName = "common-name";
        String orgName = "org-name";
        // Validity of this CA in seconds.
        int caDuration = 100000;
        // Set the type of Algorithm.
        KeyVersionSpec keyVersionSpec = KeyVersionSpec.newBuilder().setAlgorithm(SignHashAlgorithm.RSA_PKCS1_4096_SHA256).build();
        // Set CA subject config.
        SubjectConfig subjectConfig = SubjectConfig.newBuilder().setSubject(Subject.newBuilder().setCommonName(commonName).setOrganization(orgName).build()).build();
        // Set the key usage options for X.509 fields.
        X509Parameters x509Parameters = X509Parameters.newBuilder().setKeyUsage(KeyUsage.newBuilder().setBaseKeyUsage(KeyUsageOptions.newBuilder().setCrlSign(true).setCertSign(true).build()).build()).setCaOptions(CaOptions.newBuilder().setIsCa(true).build()).build();
        // Set certificate authority settings.
        CertificateAuthority certificateAuthority = CertificateAuthority.newBuilder().setType(CertificateAuthority.Type.SELF_SIGNED).setKeySpec(keyVersionSpec).setConfig(CertificateConfig.newBuilder().setSubjectConfig(subjectConfig).setX509Config(x509Parameters).build()).setLifetime(Duration.newBuilder().setSeconds(caDuration).build()).build();
        // Create the CertificateAuthorityRequest.
        CreateCertificateAuthorityRequest certificateAuthorityRequest = CreateCertificateAuthorityRequest.newBuilder().setParent(CaPoolName.of(project, location, pool_Id).toString()).setCertificateAuthorityId(certificateAuthorityName).setCertificateAuthority(certificateAuthority).build();
        // Create Certificate Authority.
        ApiFuture<Operation> futureCall = certificateAuthorityServiceClient.createCertificateAuthorityCallable().futureCall(certificateAuthorityRequest);
        Operation response = futureCall.get();
        if (response.hasError()) {
            System.out.println("Error while creating CA !" + response.getError());
            return;
        }
        System.out.println("Certificate Authority created successfully : " + certificateAuthorityName);
    }
}
Also used : SubjectConfig(com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig) X509Parameters(com.google.cloud.security.privateca.v1.X509Parameters) CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient) CreateCertificateAuthorityRequest(com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest) KeyVersionSpec(com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec) CertificateAuthority(com.google.cloud.security.privateca.v1.CertificateAuthority) Operation(com.google.longrunning.Operation)

Aggregations

CertificateAuthorityServiceClient (com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient)9 Operation (com.google.longrunning.Operation)7 State (com.google.cloud.security.privateca.v1.CertificateAuthority.State)3 CertificateAuthorityName (com.google.cloud.security.privateca.v1.CertificateAuthorityName)3 Certificate (com.google.cloud.security.privateca.v1.Certificate)2 CertificateAuthority (com.google.cloud.security.privateca.v1.CertificateAuthority)2 SubjectConfig (com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig)2 CreateCertificateRequest (com.google.cloud.security.privateca.v1.CreateCertificateRequest)2 X509Parameters (com.google.cloud.security.privateca.v1.X509Parameters)2 ActivateCertificateAuthorityRequest (com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest)1 KeyVersionSpec (com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec)1 ListCertificateRevocationListsPagedResponse (com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient.ListCertificateRevocationListsPagedResponse)1 CreateCertificateAuthorityRequest (com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest)1 DeleteCertificateAuthorityRequest (com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest)1 DisableCertificateAuthorityRequest (com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest)1 EnableCertificateAuthorityRequest (com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest)1 PublicKey (com.google.cloud.security.privateca.v1.PublicKey)1 UndeleteCertificateAuthorityRequest (com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest)1 UpdateCertificateAuthorityRequest (com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest)1 AbstractMessage (com.google.protobuf.AbstractMessage)1