Example 6 with CertificateAuthorityName
use of com.google.cloud.security.privateca.v1.CertificateAuthorityName in project java-security-private-ca by googleapis.
the class DisableCertificateAuthority method disableCertificateAuthority.
// Disable a Certificate Authority which is present in the given CA pool.
public static void disableCertificateAuthority(String project, String location, String pool_Id, String certificateAuthorityName) throws IOException, ExecutionException, InterruptedException {
// clean up any remaining background resources.
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
// Create the Certificate Authority Name.
CertificateAuthorityName certificateAuthorityNameParent = CertificateAuthorityName.newBuilder().setProject(project).setLocation(location).setCaPool(pool_Id).setCertificateAuthority(certificateAuthorityName).build();
// Create the Disable Certificate Authority Request.
DisableCertificateAuthorityRequest disableCertificateAuthorityRequest = DisableCertificateAuthorityRequest.newBuilder().setName(certificateAuthorityNameParent.toString()).build();
// Disable the Certificate Authority.
ApiFuture<Operation> futureCall = certificateAuthorityServiceClient.disableCertificateAuthorityCallable().futureCall(disableCertificateAuthorityRequest);
Operation response = futureCall.get();
if (response.hasError()) {
System.out.println("Error while disabling Certificate Authority !" + response.getError());
return;
}
// Get the current CA state.
State caState = certificateAuthorityServiceClient.getCertificateAuthority(certificateAuthorityNameParent).getState();
// Check if the Certificate Authority is disabled.
if (caState == State.DISABLED) {
System.out.println("Disabled Certificate Authority : " + certificateAuthorityName);
} else {
System.out.println("Cannot disable the Certificate Authority ! Current CA State: " + caState);
}
}
}
Also used :
State(com.google.cloud.security.privateca.v1.CertificateAuthority.State)
CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient)
CertificateAuthorityName(com.google.cloud.security.privateca.v1.CertificateAuthorityName)
DisableCertificateAuthorityRequest(com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest)
Operation(com.google.longrunning.Operation)
Example 7 with CertificateAuthorityName
use of com.google.cloud.security.privateca.v1.CertificateAuthorityName in project java-security-private-ca by googleapis.
the class UndeleteCertificateAuthority method undeleteCertificateAuthority.
// Restore a deleted CA, if still within the grace period of 30 days.
public static void undeleteCertificateAuthority(String project, String location, String pool_Id, String certificateAuthorityName) throws IOException, ExecutionException, InterruptedException, TimeoutException {
// clean up any remaining background resources.
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
String certificateAuthorityParent = CertificateAuthorityName.of(project, location, pool_Id, certificateAuthorityName).toString();
// Confirm if the CA is in DELETED stage.
if (getCurrentState(certificateAuthorityServiceClient, certificateAuthorityParent) != State.DELETED) {
System.out.println("CA is not deleted !");
return;
}
// Create the Request.
UndeleteCertificateAuthorityRequest undeleteCertificateAuthorityRequest = UndeleteCertificateAuthorityRequest.newBuilder().setName(certificateAuthorityParent).build();
// Undelete the CA.
ApiFuture<Operation> futureCall = certificateAuthorityServiceClient.undeleteCertificateAuthorityCallable().futureCall(undeleteCertificateAuthorityRequest);
Operation response = futureCall.get(5, TimeUnit.SECONDS);
// Confirm if the CA is DISABLED.
if (response.hasError() || getCurrentState(certificateAuthorityServiceClient, certificateAuthorityParent) != State.DISABLED) {
System.out.println("Unable to restore the Certificate Authority! Please try again !" + response.getError());
return;
}
// The CA will be in the DISABLED state. Enable before use.
System.out.println("Successfully restored the Certificate Authority ! " + certificateAuthorityName);
}
}
Also used :
UndeleteCertificateAuthorityRequest(com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest)
CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient)
Operation(com.google.longrunning.Operation)
Example 8 with CertificateAuthorityName
use of com.google.cloud.security.privateca.v1.CertificateAuthorityName in project java-security-private-ca by googleapis.
the class UpdateCertificateAuthority method updateCaLabel.
// Updates the labels in a certificate authority.
public static void updateCaLabel(String project, String location, String pool_Id, String certificateAuthorityName) throws IOException, ExecutionException, InterruptedException, TimeoutException {
/* Initialize client that will be used to send requests. This client only needs to be created
once, and can be reused for multiple requests. After completing all of your requests, call
the `certificateAuthorityServiceClient.close()` method on the client to safely
clean up any remaining background resources. */
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
// Set the parent path and the new labels.
String certificateAuthorityParent = CertificateAuthorityName.of(project, location, pool_Id, certificateAuthorityName).toString();
CertificateAuthority certificateAuthority = CertificateAuthority.newBuilder().setName(certificateAuthorityParent).putLabels("env", "test").build();
// Create a request to update the CA.
UpdateCertificateAuthorityRequest request = UpdateCertificateAuthorityRequest.newBuilder().setCertificateAuthority(certificateAuthority).setUpdateMask(FieldMask.newBuilder().addPaths("labels").build()).build();
// Update the CA and wait for the operation to complete.
ApiFuture<Operation> futureCall = certificateAuthorityServiceClient.updateCertificateAuthorityCallable().futureCall(request);
Operation operation = futureCall.get(60, TimeUnit.SECONDS);
// Check for errors.
if (operation.hasError()) {
System.out.println("Error in updating labels ! " + operation.getError());
}
// Get the updated CA and check if it contains the new label.
CertificateAuthority response = certificateAuthorityServiceClient.getCertificateAuthority(certificateAuthorityParent);
if (response.getLabelsMap().containsKey("env") && response.getLabelsMap().get("env").equalsIgnoreCase("test")) {
System.out.println("Successfully updated the labels ! ");
}
}
}
Also used :
CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient)
CertificateAuthority(com.google.cloud.security.privateca.v1.CertificateAuthority)
UpdateCertificateAuthorityRequest(com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest)
Operation(com.google.longrunning.Operation)
Example 9 with CertificateAuthorityName
use of com.google.cloud.security.privateca.v1.CertificateAuthorityName in project java-security-private-ca by googleapis.
the class ActivateSubordinateCa method activateSubordinateCA.
// Activate a subordinate CA.
// *Prerequisite*: Get the CSR of the subordinate CA signed by another CA. Pass in the signed
// certificate and (issuer CA's name or the issuer CA's Certificate chain).
// *Post*: After activating the subordinate CA, it should be enabled before issuing certificates.
public static void activateSubordinateCA(String project, String location, String pool_Id, String certificateAuthorityName, String subordinateCaName, String pemCACertificate) throws ExecutionException, InterruptedException, IOException {
// clean up any remaining background resources.
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
// Subordinate CA parent.
String subordinateCaParent = CertificateAuthorityName.of(project, location, pool_Id, subordinateCaName).toString();
// Construct the "Activate CA Request".
ActivateCertificateAuthorityRequest activateCertificateAuthorityRequest = ActivateCertificateAuthorityRequest.newBuilder().setName(subordinateCaParent).setPemCaCertificate(pemCACertificate).setSubordinateConfig(SubordinateConfig.newBuilder().setCertificateAuthority(CertificateAuthorityName.of(project, location, pool_Id, certificateAuthorityName).toString()).build()).build();
// Activate the CA.
ApiFuture<Operation> futureCall = certificateAuthorityServiceClient.activateCertificateAuthorityCallable().futureCall(activateCertificateAuthorityRequest);
Operation response = futureCall.get();
if (response.hasError()) {
System.out.println("Error while activating the subordinate CA! " + response.getError());
return;
}
System.out.println("Subordinate Certificate Authority activated successfully ! !" + subordinateCaName);
TimeUnit.SECONDS.sleep(3);
// The current state will be STAGED.
// The Subordinate CA has to be ENABLED before issuing certificates.
System.out.println("Current State: " + certificateAuthorityServiceClient.getCertificateAuthority(subordinateCaParent).getState());
}
}
Also used :
CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient)
Operation(com.google.longrunning.Operation)
ActivateCertificateAuthorityRequest(com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest)
Example 10 with CertificateAuthorityName
use of com.google.cloud.security.privateca.v1.CertificateAuthorityName in project java-security-private-ca by googleapis.
the class CertificateAuthorityServiceClientTest method listCertificateRevocationListsTest.
@Test
public void listCertificateRevocationListsTest() throws Exception {
CertificateRevocationList responsesElement = CertificateRevocationList.newBuilder().build();
ListCertificateRevocationListsResponse expectedResponse = ListCertificateRevocationListsResponse.newBuilder().setNextPageToken("").addAllCertificateRevocationLists(Arrays.asList(responsesElement)).build();
mockCertificateAuthorityService.addResponse(expectedResponse);
CertificateAuthorityName parent = CertificateAuthorityName.of("[PROJECT]", "[LOCATION]", "[CA_POOL]", "[CERTIFICATE_AUTHORITY]");
ListCertificateRevocationListsPagedResponse pagedListResponse = client.listCertificateRevocationLists(parent);
List<CertificateRevocationList> resources = Lists.newArrayList(pagedListResponse.iterateAll());
Assert.assertEquals(1, resources.size());
Assert.assertEquals(expectedResponse.getCertificateRevocationListsList().get(0), resources.get(0));
List<AbstractMessage> actualRequests = mockCertificateAuthorityService.getRequests();
Assert.assertEquals(1, actualRequests.size());
ListCertificateRevocationListsRequest actualRequest = ((ListCertificateRevocationListsRequest) actualRequests.get(0));
Assert.assertEquals(parent.toString(), actualRequest.getParent());
Assert.assertTrue(channelProvider.isHeaderSent(ApiClientHeaderProvider.getDefaultApiClientHeaderKey(), GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
}
Also used :
AbstractMessage(com.google.protobuf.AbstractMessage)
ListCertificateRevocationListsPagedResponse(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient.ListCertificateRevocationListsPagedResponse)
Test(org.junit.Test)
Aggregations
CertificateAuthorityServiceClient (com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient)9
Operation (com.google.longrunning.Operation)7
State (com.google.cloud.security.privateca.v1.CertificateAuthority.State)3
CertificateAuthorityName (com.google.cloud.security.privateca.v1.CertificateAuthorityName)3
Certificate (com.google.cloud.security.privateca.v1.Certificate)2
CertificateAuthority (com.google.cloud.security.privateca.v1.CertificateAuthority)2
SubjectConfig (com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig)2
CreateCertificateRequest (com.google.cloud.security.privateca.v1.CreateCertificateRequest)2
X509Parameters (com.google.cloud.security.privateca.v1.X509Parameters)2
ActivateCertificateAuthorityRequest (com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest)1
KeyVersionSpec (com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec)1
ListCertificateRevocationListsPagedResponse (com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient.ListCertificateRevocationListsPagedResponse)1
CreateCertificateAuthorityRequest (com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest)1
DeleteCertificateAuthorityRequest (com.google.cloud.security.privateca.v1.DeleteCertificateAuthorityRequest)1
DisableCertificateAuthorityRequest (com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest)1
EnableCertificateAuthorityRequest (com.google.cloud.security.privateca.v1.EnableCertificateAuthorityRequest)1
PublicKey (com.google.cloud.security.privateca.v1.PublicKey)1
UndeleteCertificateAuthorityRequest (com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest)1
UpdateCertificateAuthorityRequest (com.google.cloud.security.privateca.v1.UpdateCertificateAuthorityRequest)1
AbstractMessage (com.google.protobuf.AbstractMessage)1
