Example 1 with CertificateAuthorityServiceClient
use of com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient in project java-security-private-ca by googleapis.
the class UpdateCertificateTemplate method updateCertificateTemplate.
// Updates an existing certificate template.
public static void updateCertificateTemplate(String project, String location, String certificateTemplateId) throws IOException, ExecutionException, InterruptedException, TimeoutException {
/* Initialize client that will be used to send requests. This client only needs to be created
once, and can be reused for multiple requests. After completing all of your requests, call
the `certificateAuthorityServiceClient.close()` method on the client to safely
clean up any remaining background resources. */
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
String certificateTemplateName = CertificateTemplateName.of(project, location, certificateTemplateId).toString();
// Set the parent name and the properties to be updated.
CertificateTemplate certificateTemplate = CertificateTemplate.newBuilder().setName(certificateTemplateName).setIdentityConstraints(CertificateIdentityConstraints.newBuilder().setAllowSubjectPassthrough(false).setAllowSubjectAltNamesPassthrough(true).build()).build();
// Set the mask corresponding to the properties updated above.
FieldMask fieldMask = FieldMask.newBuilder().addPaths("identity_constraints.allow_subject_alt_names_passthrough").addPaths("identity_constraints.allow_subject_passthrough").build();
/* Set the new template.
Set the mask to specify which properties of the template should be updated. */
UpdateCertificateTemplateRequest request = UpdateCertificateTemplateRequest.newBuilder().setCertificateTemplate(certificateTemplate).setUpdateMask(fieldMask).build();
// Create the update certificate template request.
ApiFuture<Operation> futureCall = certificateAuthorityServiceClient.updateCertificateTemplateCallable().futureCall(request);
Operation response = futureCall.get(60, TimeUnit.SECONDS);
// Check for errors.
if (response.hasError()) {
System.out.println("Error in updating certificate template ! " + response.getError());
return;
}
// Get the updated certificate template and check if the properties have been updated.
CertificateIdentityConstraints updatedCertificateIdentityConstraints = certificateAuthorityServiceClient.getCertificateTemplate(certificateTemplateName).getIdentityConstraints();
if (!updatedCertificateIdentityConstraints.getAllowSubjectPassthrough() && updatedCertificateIdentityConstraints.getAllowSubjectAltNamesPassthrough()) {
System.out.println("Successfully updated the certificate template ! " + response.getName());
return;
}
System.out.println("Error in updating certificate template ! ");
}
}
Also used :
CertificateIdentityConstraints(com.google.cloud.security.privateca.v1.CertificateIdentityConstraints)
CertificateTemplate(com.google.cloud.security.privateca.v1.CertificateTemplate)
CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient)
UpdateCertificateTemplateRequest(com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest)
Operation(com.google.longrunning.Operation)
FieldMask(com.google.protobuf.FieldMask)
Example 2 with CertificateAuthorityServiceClient
use of com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient in project java-security-private-ca by googleapis.
the class SnippetsIT method fetchPemCSR.
// Fetch CSR of the given CA.
public static String fetchPemCSR(String pool_Id, String caName) throws IOException {
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
String caParent = CertificateAuthorityName.of(PROJECT_ID, LOCATION, pool_Id, caName).toString();
FetchCertificateAuthorityCsrResponse response = certificateAuthorityServiceClient.fetchCertificateAuthorityCsr(caParent);
return response.getPemCsr();
}
}
Also used :
CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient)
ByteString(com.google.protobuf.ByteString)
FetchCertificateAuthorityCsrResponse(com.google.cloud.security.privateca.v1.FetchCertificateAuthorityCsrResponse)
Example 3 with CertificateAuthorityServiceClient
use of com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient in project java-security-private-ca by googleapis.
the class SnippetsIT method testActivateSubordinateCertificateAuthority.
@Test
public void testActivateSubordinateCertificateAuthority() throws IOException, ExecutionException, InterruptedException {
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
Certificate response = certificateAuthorityServiceClient.getCertificate(CertificateName.of(PROJECT_ID, LOCATION, CA_POOL_ID, CSR_CERTIFICATE_NAME).toString());
String pemCertificate = response.getPemCertificate();
privateca.ActivateSubordinateCa.activateSubordinateCA(PROJECT_ID, LOCATION, CA_POOL_ID, CA_NAME, SUBORDINATE_CA_NAME, pemCertificate);
assertThat(stdOut.toString()).contains("Current State: STAGED");
}
}
Also used :
CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient)
ByteString(com.google.protobuf.ByteString)
Certificate(com.google.cloud.security.privateca.v1.Certificate)
Test(org.junit.Test)
Example 4 with CertificateAuthorityServiceClient
use of com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient in project java-security-private-ca by googleapis.
the class SnippetsIT method testUpdateCAPoolIssuancePolicy.
@Test
public void testUpdateCAPoolIssuancePolicy() throws IOException {
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
IssuancePolicy issuancePolicy = certificateAuthorityServiceClient.getCaPool(CaPoolName.of(PROJECT_ID, LOCATION, CA_POOL_ID).toString()).getIssuancePolicy();
String actualExpression = issuancePolicy.getIdentityConstraints().getCelExpression().getExpression();
String expectedExpression = "subject_alt_names.all(san, san.type == DNS && (san.value == \"us.google.org\" || san.value.endsWith(\".google.com\")) )";
assertThat(actualExpression).contains(expectedExpression);
}
}
Also used :
CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient)
IssuancePolicy(com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy)
ByteString(com.google.protobuf.ByteString)
Test(org.junit.Test)
Example 5 with CertificateAuthorityServiceClient
use of com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient in project java-security-private-ca by googleapis.
the class SnippetsIT method testRevokeCertificate.
@Test
public void testRevokeCertificate() throws InterruptedException, ExecutionException, IOException {
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
// Revoke the certificate.
privateca.RevokeCertificate.revokeCertificate(PROJECT_ID, LOCATION, CA_POOL_ID, CERTIFICATE_NAME);
// Check if the certificate has revocation details. If it does, then the certificate is
// considered as revoked.
CertificateName certificateName = CertificateName.of(PROJECT_ID, LOCATION, CA_POOL_ID, CERTIFICATE_NAME);
Assert.assertTrue(certificateAuthorityServiceClient.getCertificate(certificateName).hasRevocationDetails());
}
}
Also used :
CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient)
CertificateName(com.google.cloud.security.privateca.v1.CertificateName)
Test(org.junit.Test)
Aggregations
CertificateAuthorityServiceClient (com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient)31
Operation (com.google.longrunning.Operation)14
Test (org.junit.Test)9
Certificate (com.google.cloud.security.privateca.v1.Certificate)8
ByteString (com.google.protobuf.ByteString)6
CertificateAuthority (com.google.cloud.security.privateca.v1.CertificateAuthority)5
CaPoolName (com.google.cloud.security.privateca.v1.CaPoolName)3
State (com.google.cloud.security.privateca.v1.CertificateAuthority.State)3
CertificateAuthorityName (com.google.cloud.security.privateca.v1.CertificateAuthorityName)3
SubjectConfig (com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig)3
CertificateName (com.google.cloud.security.privateca.v1.CertificateName)3
CertificateTemplate (com.google.cloud.security.privateca.v1.CertificateTemplate)3
X509Parameters (com.google.cloud.security.privateca.v1.X509Parameters)3
CaPool (com.google.cloud.security.privateca.v1.CaPool)2
IssuancePolicy (com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy)2
KeyVersionSpec (com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec)2
CreateCertificateAuthorityRequest (com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest)2
CreateCertificateRequest (com.google.cloud.security.privateca.v1.CreateCertificateRequest)2
ActivateCertificateAuthorityRequest (com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest)1
CertificateIdentityConstraints (com.google.cloud.security.privateca.v1.CertificateIdentityConstraints)1
