Examples with CertificateAuthorityServiceClient com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient used on opensource projects

Search in sources :

Example 16 with CertificateAuthorityServiceClient

use of com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient in project java-security-private-ca by googleapis.

the class CreateCertificate method createCertificate.

// Create a Certificate which is issued by the Certificate Authority present in the CA Pool.
// The public key used to sign the certificate can be generated using any crypto
// library/framework.
public static void createCertificate(String project, String location, String pool_Id, String certificateAuthorityName, String certificateName, ByteString publicKeyBytes) throws InterruptedException, ExecutionException, IOException {
    // clean up any remaining background resources.
    try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
        // commonName: Enter a title for your certificate.
        // orgName: Provide the name of your company.
        // domainName: List the fully qualified domain name.
        // certificateLifetime: The validity of the certificate in seconds.
        String commonName = "common-name";
        String orgName = "org-name";
        String domainName = "dns.your-domain.com";
        long certificateLifetime = 1000L;
        // Set the Public Key and its format.
        PublicKey publicKey = PublicKey.newBuilder().setKey(publicKeyBytes).setFormat(KeyFormat.PEM).build();
        SubjectConfig subjectConfig = SubjectConfig.newBuilder().setSubject(Subject.newBuilder().setCommonName(commonName).setOrganization(orgName).build()).setSubjectAltName(SubjectAltNames.newBuilder().addDnsNames(domainName).build()).build();
        // Set the X.509 fields required for the certificate.
        X509Parameters x509Parameters = X509Parameters.newBuilder().setKeyUsage(KeyUsage.newBuilder().setBaseKeyUsage(KeyUsageOptions.newBuilder().setDigitalSignature(true).setKeyEncipherment(true).setCertSign(true).build()).setExtendedKeyUsage(ExtendedKeyUsageOptions.newBuilder().setServerAuth(true).build()).build()).setCaOptions(CaOptions.newBuilder().setIsCa(true).buildPartial()).build();
        // Create certificate.
        Certificate certificate = Certificate.newBuilder().setConfig(CertificateConfig.newBuilder().setPublicKey(publicKey).setSubjectConfig(subjectConfig).setX509Config(x509Parameters).build()).setLifetime(Duration.newBuilder().setSeconds(certificateLifetime).build()).build();
        // Create the Certificate Request.
        CreateCertificateRequest certificateRequest = CreateCertificateRequest.newBuilder().setParent(CaPoolName.of(project, location, pool_Id).toString()).setCertificateId(certificateName).setCertificate(certificate).setIssuingCertificateAuthorityId(certificateAuthorityName).build();
        // Get the Certificate response.
        ApiFuture<Certificate> future = certificateAuthorityServiceClient.createCertificateCallable().futureCall(certificateRequest);
        Certificate response = future.get();
        // Get the PEM encoded, signed X.509 certificate.
        System.out.println(response.getPemCertificate());
        // To verify the obtained certificate, use this intermediate chain list.
        System.out.println(response.getPemCertificateChainList());
    }
}
Also used : SubjectConfig(com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig) X509Parameters(com.google.cloud.security.privateca.v1.X509Parameters) CreateCertificateRequest(com.google.cloud.security.privateca.v1.CreateCertificateRequest) PublicKey(com.google.cloud.security.privateca.v1.PublicKey) CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient) ByteString(com.google.protobuf.ByteString) Certificate(com.google.cloud.security.privateca.v1.Certificate)

Example 17 with CertificateAuthorityServiceClient

use of com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient in project java-security-private-ca by googleapis.

the class CreateCertificateAuthority method createCertificateAuthority.

// Create Certificate Authority which is the root CA in the given CA Pool.
public static void createCertificateAuthority(String project, String location, String pool_Id, String certificateAuthorityName) throws InterruptedException, ExecutionException, IOException {
    // clean up any remaining background resources.
    try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
        String commonName = "common-name";
        String orgName = "org-name";
        // Validity of this CA in seconds.
        int caDuration = 100000;
        // Set the type of Algorithm.
        KeyVersionSpec keyVersionSpec = KeyVersionSpec.newBuilder().setAlgorithm(SignHashAlgorithm.RSA_PKCS1_4096_SHA256).build();
        // Set CA subject config.
        SubjectConfig subjectConfig = SubjectConfig.newBuilder().setSubject(Subject.newBuilder().setCommonName(commonName).setOrganization(orgName).build()).build();
        // Set the key usage options for X.509 fields.
        X509Parameters x509Parameters = X509Parameters.newBuilder().setKeyUsage(KeyUsage.newBuilder().setBaseKeyUsage(KeyUsageOptions.newBuilder().setCrlSign(true).setCertSign(true).build()).build()).setCaOptions(CaOptions.newBuilder().setIsCa(true).build()).build();
        // Set certificate authority settings.
        CertificateAuthority certificateAuthority = CertificateAuthority.newBuilder().setType(CertificateAuthority.Type.SELF_SIGNED).setKeySpec(keyVersionSpec).setConfig(CertificateConfig.newBuilder().setSubjectConfig(subjectConfig).setX509Config(x509Parameters).build()).setLifetime(Duration.newBuilder().setSeconds(caDuration).build()).build();
        // Create the CertificateAuthorityRequest.
        CreateCertificateAuthorityRequest certificateAuthorityRequest = CreateCertificateAuthorityRequest.newBuilder().setParent(CaPoolName.of(project, location, pool_Id).toString()).setCertificateAuthorityId(certificateAuthorityName).setCertificateAuthority(certificateAuthority).build();
        // Create Certificate Authority.
        ApiFuture<Operation> futureCall = certificateAuthorityServiceClient.createCertificateAuthorityCallable().futureCall(certificateAuthorityRequest);
        Operation response = futureCall.get();
        if (response.hasError()) {
            System.out.println("Error while creating CA !" + response.getError());
            return;
        }
        System.out.println("Certificate Authority created successfully : " + certificateAuthorityName);
    }
}
Also used : SubjectConfig(com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig) X509Parameters(com.google.cloud.security.privateca.v1.X509Parameters) CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient) CreateCertificateAuthorityRequest(com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest) KeyVersionSpec(com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec) CertificateAuthority(com.google.cloud.security.privateca.v1.CertificateAuthority) Operation(com.google.longrunning.Operation)

Example 18 with CertificateAuthorityServiceClient

use of com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient in project java-security-private-ca by googleapis.

the class CreateSubordinateCa method createSubordinateCertificateAuthority.

public static void createSubordinateCertificateAuthority(String project, String location, String pool_Id, String subordinateCaName) throws IOException, ExecutionException, InterruptedException {
    // clean up any remaining background resources.
    try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
        String commonName = "common-name";
        String orgName = "csr-org-name";
        String domainName = "dns.your-domain.com";
        // Validity of this CA in seconds.
        int caDuration = 100000;
        // Set the type of Algorithm.
        KeyVersionSpec keyVersionSpec = KeyVersionSpec.newBuilder().setAlgorithm(SignHashAlgorithm.RSA_PKCS1_4096_SHA256).build();
        // Set CA subject config.
        SubjectConfig subjectConfig = SubjectConfig.newBuilder().setSubject(Subject.newBuilder().setCommonName(commonName).setOrganization(orgName).build()).setSubjectAltName(SubjectAltNames.newBuilder().addDnsNames(domainName).build()).build();
        // Set the key usage options for X.509 fields.
        X509Parameters x509Parameters = X509Parameters.newBuilder().setKeyUsage(KeyUsage.newBuilder().setBaseKeyUsage(KeyUsageOptions.newBuilder().setCrlSign(true).setCertSign(true).build()).build()).setCaOptions(CaOptions.newBuilder().setIsCa(true).build()).build();
        // Set certificate authority settings.
        CertificateAuthority subCertificateAuthority = CertificateAuthority.newBuilder().setType(CertificateAuthority.Type.SUBORDINATE).setKeySpec(keyVersionSpec).setConfig(CertificateConfig.newBuilder().setSubjectConfig(subjectConfig).setX509Config(x509Parameters).build()).setLifetime(Duration.newBuilder().setSeconds(caDuration).build()).build();
        // Create the CertificateAuthorityRequest.
        CreateCertificateAuthorityRequest subCertificateAuthorityRequest = CreateCertificateAuthorityRequest.newBuilder().setParent(CaPoolName.of(project, location, pool_Id).toString()).setCertificateAuthorityId(subordinateCaName).setCertificateAuthority(subCertificateAuthority).build();
        // Create Subordinate CA.
        ApiFuture<Operation> futureCall = certificateAuthorityServiceClient.createCertificateAuthorityCallable().futureCall(subCertificateAuthorityRequest);
        Operation response = futureCall.get();
        if (response.hasError()) {
            System.out.println("Error while creating Subordinate CA !" + response.getError());
            return;
        }
        System.out.println("Subordinate Certificate Authority created successfully : " + subordinateCaName);
    }
}
Also used : SubjectConfig(com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig) X509Parameters(com.google.cloud.security.privateca.v1.X509Parameters) CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient) CreateCertificateAuthorityRequest(com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest) KeyVersionSpec(com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec) CertificateAuthority(com.google.cloud.security.privateca.v1.CertificateAuthority) Operation(com.google.longrunning.Operation)

Example 19 with CertificateAuthorityServiceClient

use of com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient in project java-security-private-ca by googleapis.

the class DeleteCertificateTemplate method deleteCertificateTemplate.

// Deletes the certificate template present in the given project and location.
public static void deleteCertificateTemplate(String project, String location, String certificateTemplateId) throws IOException, ExecutionException, InterruptedException, TimeoutException {
    /* Initialize client that will be used to send requests. This client only needs to be created
    once, and can be reused for multiple requests. After completing all of your requests, call
    the `certificateAuthorityServiceClient.close()` method on the client to safely
    clean up any remaining background resources. */
    try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
        // Set the parent name of the certificate template to be deleted.
        DeleteCertificateTemplateRequest request = DeleteCertificateTemplateRequest.newBuilder().setName(CertificateTemplateName.of(project, location, certificateTemplateId).toString()).build();
        ApiFuture<Operation> futureCall = certificateAuthorityServiceClient.deleteCertificateTemplateCallable().futureCall(request);
        Operation response = futureCall.get(60, TimeUnit.SECONDS);
        // Check for errors.
        if (response.hasError()) {
            System.out.println("Error deleting the certificate template ! " + response.getError());
            return;
        }
        System.out.println("Successfully created certificate template ! " + response.getName());
    }
}
Also used : DeleteCertificateTemplateRequest(com.google.cloud.security.privateca.v1.DeleteCertificateTemplateRequest) CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient) Operation(com.google.longrunning.Operation)

Example 20 with CertificateAuthorityServiceClient

use of com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient in project java-security-private-ca by googleapis.

the class DisableCertificateAuthority method disableCertificateAuthority.

// Disable a Certificate Authority which is present in the given CA pool.
public static void disableCertificateAuthority(String project, String location, String pool_Id, String certificateAuthorityName) throws IOException, ExecutionException, InterruptedException {
    // clean up any remaining background resources.
    try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
        // Create the Certificate Authority Name.
        CertificateAuthorityName certificateAuthorityNameParent = CertificateAuthorityName.newBuilder().setProject(project).setLocation(location).setCaPool(pool_Id).setCertificateAuthority(certificateAuthorityName).build();
        // Create the Disable Certificate Authority Request.
        DisableCertificateAuthorityRequest disableCertificateAuthorityRequest = DisableCertificateAuthorityRequest.newBuilder().setName(certificateAuthorityNameParent.toString()).build();
        // Disable the Certificate Authority.
        ApiFuture<Operation> futureCall = certificateAuthorityServiceClient.disableCertificateAuthorityCallable().futureCall(disableCertificateAuthorityRequest);
        Operation response = futureCall.get();
        if (response.hasError()) {
            System.out.println("Error while disabling Certificate Authority !" + response.getError());
            return;
        }
        // Get the current CA state.
        State caState = certificateAuthorityServiceClient.getCertificateAuthority(certificateAuthorityNameParent).getState();
        // Check if the Certificate Authority is disabled.
        if (caState == State.DISABLED) {
            System.out.println("Disabled Certificate Authority : " + certificateAuthorityName);
        } else {
            System.out.println("Cannot disable the Certificate Authority ! Current CA State: " + caState);
        }
    }
}
Also used : State(com.google.cloud.security.privateca.v1.CertificateAuthority.State) CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient) CertificateAuthorityName(com.google.cloud.security.privateca.v1.CertificateAuthorityName) DisableCertificateAuthorityRequest(com.google.cloud.security.privateca.v1.DisableCertificateAuthorityRequest) Operation(com.google.longrunning.Operation)

Aggregations

CertificateAuthorityServiceClient (com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient)31 Operation (com.google.longrunning.Operation)14 Test (org.junit.Test)9 Certificate (com.google.cloud.security.privateca.v1.Certificate)8 ByteString (com.google.protobuf.ByteString)6 CertificateAuthority (com.google.cloud.security.privateca.v1.CertificateAuthority)5 CaPoolName (com.google.cloud.security.privateca.v1.CaPoolName)3 State (com.google.cloud.security.privateca.v1.CertificateAuthority.State)3 CertificateAuthorityName (com.google.cloud.security.privateca.v1.CertificateAuthorityName)3 SubjectConfig (com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig)3 CertificateName (com.google.cloud.security.privateca.v1.CertificateName)3 CertificateTemplate (com.google.cloud.security.privateca.v1.CertificateTemplate)3 X509Parameters (com.google.cloud.security.privateca.v1.X509Parameters)3 CaPool (com.google.cloud.security.privateca.v1.CaPool)2 IssuancePolicy (com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy)2 KeyVersionSpec (com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec)2 CreateCertificateAuthorityRequest (com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest)2 CreateCertificateRequest (com.google.cloud.security.privateca.v1.CreateCertificateRequest)2 ActivateCertificateAuthorityRequest (com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest)1 CertificateIdentityConstraints (com.google.cloud.security.privateca.v1.CertificateIdentityConstraints)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial