use of com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient in project java-security-private-ca by googleapis.
the class CreateCertificate method createCertificate.
// Create a Certificate which is issued by the Certificate Authority present in the CA Pool.
// The public key used to sign the certificate can be generated using any crypto
// library/framework.
public static void createCertificate(String project, String location, String pool_Id, String certificateAuthorityName, String certificateName, ByteString publicKeyBytes) throws InterruptedException, ExecutionException, IOException {
// clean up any remaining background resources.
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
// commonName: Enter a title for your certificate.
// orgName: Provide the name of your company.
// domainName: List the fully qualified domain name.
// certificateLifetime: The validity of the certificate in seconds.
String commonName = "common-name";
String orgName = "org-name";
String domainName = "dns.your-domain.com";
long certificateLifetime = 1000L;
// Set the Public Key and its format.
PublicKey publicKey = PublicKey.newBuilder().setKey(publicKeyBytes).setFormat(KeyFormat.PEM).build();
SubjectConfig subjectConfig = SubjectConfig.newBuilder().setSubject(Subject.newBuilder().setCommonName(commonName).setOrganization(orgName).build()).setSubjectAltName(SubjectAltNames.newBuilder().addDnsNames(domainName).build()).build();
// Set the X.509 fields required for the certificate.
X509Parameters x509Parameters = X509Parameters.newBuilder().setKeyUsage(KeyUsage.newBuilder().setBaseKeyUsage(KeyUsageOptions.newBuilder().setDigitalSignature(true).setKeyEncipherment(true).setCertSign(true).build()).setExtendedKeyUsage(ExtendedKeyUsageOptions.newBuilder().setServerAuth(true).build()).build()).setCaOptions(CaOptions.newBuilder().setIsCa(true).buildPartial()).build();
// Create certificate.
Certificate certificate = Certificate.newBuilder().setConfig(CertificateConfig.newBuilder().setPublicKey(publicKey).setSubjectConfig(subjectConfig).setX509Config(x509Parameters).build()).setLifetime(Duration.newBuilder().setSeconds(certificateLifetime).build()).build();
// Create the Certificate Request.
CreateCertificateRequest certificateRequest = CreateCertificateRequest.newBuilder().setParent(CaPoolName.of(project, location, pool_Id).toString()).setCertificateId(certificateName).setCertificate(certificate).setIssuingCertificateAuthorityId(certificateAuthorityName).build();
// Get the Certificate response.
ApiFuture<Certificate> future = certificateAuthorityServiceClient.createCertificateCallable().futureCall(certificateRequest);
Certificate response = future.get();
// Get the PEM encoded, signed X.509 certificate.
System.out.println(response.getPemCertificate());
// To verify the obtained certificate, use this intermediate chain list.
System.out.println(response.getPemCertificateChainList());
}
}
use of com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient in project java-security-private-ca by googleapis.
the class CreateCertificateAuthority method createCertificateAuthority.
// Create Certificate Authority which is the root CA in the given CA Pool.
public static void createCertificateAuthority(String project, String location, String pool_Id, String certificateAuthorityName) throws InterruptedException, ExecutionException, IOException {
// clean up any remaining background resources.
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
String commonName = "common-name";
String orgName = "org-name";
// Validity of this CA in seconds.
int caDuration = 100000;
// Set the type of Algorithm.
KeyVersionSpec keyVersionSpec = KeyVersionSpec.newBuilder().setAlgorithm(SignHashAlgorithm.RSA_PKCS1_4096_SHA256).build();
// Set CA subject config.
SubjectConfig subjectConfig = SubjectConfig.newBuilder().setSubject(Subject.newBuilder().setCommonName(commonName).setOrganization(orgName).build()).build();
// Set the key usage options for X.509 fields.
X509Parameters x509Parameters = X509Parameters.newBuilder().setKeyUsage(KeyUsage.newBuilder().setBaseKeyUsage(KeyUsageOptions.newBuilder().setCrlSign(true).setCertSign(true).build()).build()).setCaOptions(CaOptions.newBuilder().setIsCa(true).build()).build();
// Set certificate authority settings.
CertificateAuthority certificateAuthority = CertificateAuthority.newBuilder().setType(CertificateAuthority.Type.SELF_SIGNED).setKeySpec(keyVersionSpec).setConfig(CertificateConfig.newBuilder().setSubjectConfig(subjectConfig).setX509Config(x509Parameters).build()).setLifetime(Duration.newBuilder().setSeconds(caDuration).build()).build();
// Create the CertificateAuthorityRequest.
CreateCertificateAuthorityRequest certificateAuthorityRequest = CreateCertificateAuthorityRequest.newBuilder().setParent(CaPoolName.of(project, location, pool_Id).toString()).setCertificateAuthorityId(certificateAuthorityName).setCertificateAuthority(certificateAuthority).build();
// Create Certificate Authority.
ApiFuture<Operation> futureCall = certificateAuthorityServiceClient.createCertificateAuthorityCallable().futureCall(certificateAuthorityRequest);
Operation response = futureCall.get();
if (response.hasError()) {
System.out.println("Error while creating CA !" + response.getError());
return;
}
System.out.println("Certificate Authority created successfully : " + certificateAuthorityName);
}
}
use of com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient in project java-security-private-ca by googleapis.
the class CreateSubordinateCa method createSubordinateCertificateAuthority.
public static void createSubordinateCertificateAuthority(String project, String location, String pool_Id, String subordinateCaName) throws IOException, ExecutionException, InterruptedException {
// clean up any remaining background resources.
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
String commonName = "common-name";
String orgName = "csr-org-name";
String domainName = "dns.your-domain.com";
// Validity of this CA in seconds.
int caDuration = 100000;
// Set the type of Algorithm.
KeyVersionSpec keyVersionSpec = KeyVersionSpec.newBuilder().setAlgorithm(SignHashAlgorithm.RSA_PKCS1_4096_SHA256).build();
// Set CA subject config.
SubjectConfig subjectConfig = SubjectConfig.newBuilder().setSubject(Subject.newBuilder().setCommonName(commonName).setOrganization(orgName).build()).setSubjectAltName(SubjectAltNames.newBuilder().addDnsNames(domainName).build()).build();
// Set the key usage options for X.509 fields.
X509Parameters x509Parameters = X509Parameters.newBuilder().setKeyUsage(KeyUsage.newBuilder().setBaseKeyUsage(KeyUsageOptions.newBuilder().setCrlSign(true).setCertSign(true).build()).build()).setCaOptions(CaOptions.newBuilder().setIsCa(true).build()).build();
// Set certificate authority settings.
CertificateAuthority subCertificateAuthority = CertificateAuthority.newBuilder().setType(CertificateAuthority.Type.SUBORDINATE).setKeySpec(keyVersionSpec).setConfig(CertificateConfig.newBuilder().setSubjectConfig(subjectConfig).setX509Config(x509Parameters).build()).setLifetime(Duration.newBuilder().setSeconds(caDuration).build()).build();
// Create the CertificateAuthorityRequest.
CreateCertificateAuthorityRequest subCertificateAuthorityRequest = CreateCertificateAuthorityRequest.newBuilder().setParent(CaPoolName.of(project, location, pool_Id).toString()).setCertificateAuthorityId(subordinateCaName).setCertificateAuthority(subCertificateAuthority).build();
// Create Subordinate CA.
ApiFuture<Operation> futureCall = certificateAuthorityServiceClient.createCertificateAuthorityCallable().futureCall(subCertificateAuthorityRequest);
Operation response = futureCall.get();
if (response.hasError()) {
System.out.println("Error while creating Subordinate CA !" + response.getError());
return;
}
System.out.println("Subordinate Certificate Authority created successfully : " + subordinateCaName);
}
}
use of com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient in project java-security-private-ca by googleapis.
the class DeleteCertificateTemplate method deleteCertificateTemplate.
// Deletes the certificate template present in the given project and location.
public static void deleteCertificateTemplate(String project, String location, String certificateTemplateId) throws IOException, ExecutionException, InterruptedException, TimeoutException {
/* Initialize client that will be used to send requests. This client only needs to be created
once, and can be reused for multiple requests. After completing all of your requests, call
the `certificateAuthorityServiceClient.close()` method on the client to safely
clean up any remaining background resources. */
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
// Set the parent name of the certificate template to be deleted.
DeleteCertificateTemplateRequest request = DeleteCertificateTemplateRequest.newBuilder().setName(CertificateTemplateName.of(project, location, certificateTemplateId).toString()).build();
ApiFuture<Operation> futureCall = certificateAuthorityServiceClient.deleteCertificateTemplateCallable().futureCall(request);
Operation response = futureCall.get(60, TimeUnit.SECONDS);
// Check for errors.
if (response.hasError()) {
System.out.println("Error deleting the certificate template ! " + response.getError());
return;
}
System.out.println("Successfully created certificate template ! " + response.getName());
}
}
use of com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient in project java-security-private-ca by googleapis.
the class DisableCertificateAuthority method disableCertificateAuthority.
// Disable a Certificate Authority which is present in the given CA pool.
public static void disableCertificateAuthority(String project, String location, String pool_Id, String certificateAuthorityName) throws IOException, ExecutionException, InterruptedException {
// clean up any remaining background resources.
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
// Create the Certificate Authority Name.
CertificateAuthorityName certificateAuthorityNameParent = CertificateAuthorityName.newBuilder().setProject(project).setLocation(location).setCaPool(pool_Id).setCertificateAuthority(certificateAuthorityName).build();
// Create the Disable Certificate Authority Request.
DisableCertificateAuthorityRequest disableCertificateAuthorityRequest = DisableCertificateAuthorityRequest.newBuilder().setName(certificateAuthorityNameParent.toString()).build();
// Disable the Certificate Authority.
ApiFuture<Operation> futureCall = certificateAuthorityServiceClient.disableCertificateAuthorityCallable().futureCall(disableCertificateAuthorityRequest);
Operation response = futureCall.get();
if (response.hasError()) {
System.out.println("Error while disabling Certificate Authority !" + response.getError());
return;
}
// Get the current CA state.
State caState = certificateAuthorityServiceClient.getCertificateAuthority(certificateAuthorityNameParent).getState();
// Check if the Certificate Authority is disabled.
if (caState == State.DISABLED) {
System.out.println("Disabled Certificate Authority : " + certificateAuthorityName);
} else {
System.out.println("Cannot disable the Certificate Authority ! Current CA State: " + caState);
}
}
}
Aggregations