Search in sources :

Example 21 with CertificateAuthorityServiceClient

use of com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient in project java-security-private-ca by googleapis.

the class FilterCertificates method filterCertificates.

// Filter certificates based on a condition and list them.
public static void filterCertificates(String project, String location, String pool_Id) throws IOException {
    // clean up any remaining background resources.
    try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
        CaPoolName caPool = CaPoolName.newBuilder().setProject(project).setLocation(location).setCaPool(pool_Id).build();
        // Create the certificate request and set the filter condition.
        ListCertificatesRequest listCertificatesRequest = ListCertificatesRequest.newBuilder().setParent(caPool.toString()).setFilter("certificate_description.subject_description.subject.organization=csr-org-name").build();
        // Retrieve and print the certificate names.
        System.out.println("Available certificates: ");
        for (Certificate certificate : certificateAuthorityServiceClient.listCertificates(listCertificatesRequest).iterateAll()) {
            System.out.println(certificate.getName());
        }
    }
}
Also used : CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient) ListCertificatesRequest(com.google.cloud.security.privateca.v1.ListCertificatesRequest) CaPoolName(com.google.cloud.security.privateca.v1.CaPoolName) Certificate(com.google.cloud.security.privateca.v1.Certificate)

Example 22 with CertificateAuthorityServiceClient

use of com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient in project java-security-private-ca by googleapis.

the class ListCertificateTemplates method listCertificateTemplates.

// Lists the certificate templates present in the given project and location.
public static void listCertificateTemplates(String project, String location) throws IOException, ExecutionException, InterruptedException, TimeoutException {
    /* Initialize client that will be used to send requests. This client only needs to be created
    once, and can be reused for multiple requests. After completing all of your requests, call
    the `certificateAuthorityServiceClient.close()` method on the client to safely
    clean up any remaining background resources. */
    try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
        // Set the parent name to list the certificate templates.
        ListCertificateTemplatesRequest request = ListCertificateTemplatesRequest.newBuilder().setParent(LocationName.of(project, location).toString()).build();
        ApiFuture<ListCertificateTemplatesResponse> futureCall = certificateAuthorityServiceClient.listCertificateTemplatesCallable().futureCall(request);
        // Get the response.
        ListCertificateTemplatesResponse response = futureCall.get(60, TimeUnit.SECONDS);
        // List all templates.
        for (CertificateTemplate template : response.getCertificateTemplatesList()) {
            System.out.println(template.getName());
        }
    }
}
Also used : CertificateTemplate(com.google.cloud.security.privateca.v1.CertificateTemplate) ListCertificateTemplatesResponse(com.google.cloud.security.privateca.v1.ListCertificateTemplatesResponse) CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient) ListCertificateTemplatesRequest(com.google.cloud.security.privateca.v1.ListCertificateTemplatesRequest)

Example 23 with CertificateAuthorityServiceClient

use of com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient in project java-security-private-ca by googleapis.

the class ListCertificates method listCertificates.

// List Certificates present in the given CA pool.
public static void listCertificates(String project, String location, String pool_Id) throws IOException {
    // clean up any remaining background resources.
    try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
        CaPoolName caPool = CaPoolName.newBuilder().setProject(project).setLocation(location).setCaPool(pool_Id).build();
        // Retrieve and print the certificate names.
        System.out.println("Available certificates: ");
        for (Certificate certificate : certificateAuthorityServiceClient.listCertificates(caPool).iterateAll()) {
            System.out.println(certificate.getName());
        }
    }
}
Also used : CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient) CaPoolName(com.google.cloud.security.privateca.v1.CaPoolName) Certificate(com.google.cloud.security.privateca.v1.Certificate)

Example 24 with CertificateAuthorityServiceClient

use of com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient in project java-security-private-ca by googleapis.

the class UndeleteCertificateAuthority method undeleteCertificateAuthority.

// Restore a deleted CA, if still within the grace period of 30 days.
public static void undeleteCertificateAuthority(String project, String location, String pool_Id, String certificateAuthorityName) throws IOException, ExecutionException, InterruptedException, TimeoutException {
    // clean up any remaining background resources.
    try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
        String certificateAuthorityParent = CertificateAuthorityName.of(project, location, pool_Id, certificateAuthorityName).toString();
        // Confirm if the CA is in DELETED stage.
        if (getCurrentState(certificateAuthorityServiceClient, certificateAuthorityParent) != State.DELETED) {
            System.out.println("CA is not deleted !");
            return;
        }
        // Create the Request.
        UndeleteCertificateAuthorityRequest undeleteCertificateAuthorityRequest = UndeleteCertificateAuthorityRequest.newBuilder().setName(certificateAuthorityParent).build();
        // Undelete the CA.
        ApiFuture<Operation> futureCall = certificateAuthorityServiceClient.undeleteCertificateAuthorityCallable().futureCall(undeleteCertificateAuthorityRequest);
        Operation response = futureCall.get(5, TimeUnit.SECONDS);
        // Confirm if the CA is DISABLED.
        if (response.hasError() || getCurrentState(certificateAuthorityServiceClient, certificateAuthorityParent) != State.DISABLED) {
            System.out.println("Unable to restore the Certificate Authority! Please try again !" + response.getError());
            return;
        }
        // The CA will be in the DISABLED state. Enable before use.
        System.out.println("Successfully restored the Certificate Authority ! " + certificateAuthorityName);
    }
}
Also used : UndeleteCertificateAuthorityRequest(com.google.cloud.security.privateca.v1.UndeleteCertificateAuthorityRequest) CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient) Operation(com.google.longrunning.Operation)

Example 25 with CertificateAuthorityServiceClient

use of com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient in project java-security-private-ca by googleapis.

the class UpdateCaPool_IssuancePolicy method updateCaPoolIssuancePolicy.

/* Update the Issuance policy for a CA Pool. All certificates issued from this CA Pool should
  meet the issuance policy. */
public static void updateCaPoolIssuancePolicy(String project, String location, String pool_Id) throws IOException, ExecutionException, InterruptedException, TimeoutException {
    /* Initialize client that will be used to send requests. This client only needs to be created
    once, and can be reused for multiple requests. After completing all of your requests, call
    the `certificateAuthorityServiceClient.close()` method on the client to safely
    clean up any remaining background resources. */
    try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
        /* Set the updated issuance policy for the CA Pool.
      This particular issuance policy allows only SANs that
      have DNS Names as "us.google.org" or ending in ".google.com". */
        String expr = "subject_alt_names.all(san, san.type == DNS && (san.value == \"us.google.org\"" + " || san.value.endsWith(\".google.com\")) )";
        CaPool.IssuancePolicy issuancePolicy = IssuancePolicy.newBuilder().setIdentityConstraints(CertificateIdentityConstraints.newBuilder().setAllowSubjectPassthrough(true).setAllowSubjectAltNamesPassthrough(true).setCelExpression(Expr.newBuilder().setExpression(expr).build()).build()).build();
        CaPool caPool = CaPool.newBuilder().setName(CaPoolName.of(project, location, pool_Id).toString()).setIssuancePolicy(issuancePolicy).build();
        /* 1. Set the CA pool with updated values.
      2. Set the update mask to specify which properties of the CA Pool should be updated.
      Only the properties specified in the mask will be updated. Make sure that the mask fields
      match the updated issuance policy.
      For more info on constructing path for update mask, see:
      https://cloud.google.com/certificate-authority-service/docs/reference/rest/v1/projects.locations.caPools#issuancepolicy */
        UpdateCaPoolRequest updateCaPoolRequest = UpdateCaPoolRequest.newBuilder().setCaPool(caPool).setUpdateMask(FieldMask.newBuilder(FieldMask.newBuilder().addPaths("issuance_policy.identity_constraints.allow_subject_passthrough").addPaths("issuance_policy.identity_constraints.allow_subject_alt_names_passthrough").addPaths("issuance_policy.identity_constraints.cel_expression").build())).build();
        // Update CA Pool request.
        ApiFuture<Operation> futureCall = certificateAuthorityServiceClient.updateCaPoolCallable().futureCall(updateCaPoolRequest);
        Operation operation = futureCall.get(60, TimeUnit.SECONDS);
        // Check for errors.
        if (operation.hasError()) {
            System.out.println("Error in updating CA Pool Issuance policy ! " + operation.getError());
            return;
        }
        // Get the CA Pool's issuance policy and verify if the fields have been successfully updated.
        IssuancePolicy response = certificateAuthorityServiceClient.getCaPool(CaPoolName.of(project, location, pool_Id).toString()).getIssuancePolicy();
        // Similarly, you can check for other modified fields as well.
        if (response.getIdentityConstraints().getAllowSubjectPassthrough() && response.getIdentityConstraints().getAllowSubjectAltNamesPassthrough()) {
            System.out.println("CA Pool Issuance policy has been updated successfully ! ");
            return;
        }
        System.out.println("Error in updating CA Pool Issuance policy ! Please try again ! " + response);
    }
}
Also used : UpdateCaPoolRequest(com.google.cloud.security.privateca.v1.UpdateCaPoolRequest) CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient) IssuancePolicy(com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy) CaPool(com.google.cloud.security.privateca.v1.CaPool) Operation(com.google.longrunning.Operation) IssuancePolicy(com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy)

Aggregations

CertificateAuthorityServiceClient (com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient)31 Operation (com.google.longrunning.Operation)14 Test (org.junit.Test)9 Certificate (com.google.cloud.security.privateca.v1.Certificate)8 ByteString (com.google.protobuf.ByteString)6 CertificateAuthority (com.google.cloud.security.privateca.v1.CertificateAuthority)5 CaPoolName (com.google.cloud.security.privateca.v1.CaPoolName)3 State (com.google.cloud.security.privateca.v1.CertificateAuthority.State)3 CertificateAuthorityName (com.google.cloud.security.privateca.v1.CertificateAuthorityName)3 SubjectConfig (com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig)3 CertificateName (com.google.cloud.security.privateca.v1.CertificateName)3 CertificateTemplate (com.google.cloud.security.privateca.v1.CertificateTemplate)3 X509Parameters (com.google.cloud.security.privateca.v1.X509Parameters)3 CaPool (com.google.cloud.security.privateca.v1.CaPool)2 IssuancePolicy (com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy)2 KeyVersionSpec (com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec)2 CreateCertificateAuthorityRequest (com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest)2 CreateCertificateRequest (com.google.cloud.security.privateca.v1.CreateCertificateRequest)2 ActivateCertificateAuthorityRequest (com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest)1 CertificateIdentityConstraints (com.google.cloud.security.privateca.v1.CertificateIdentityConstraints)1