use of com.google.cloud.security.privateca.v1.CertificateName in project java-security-private-ca by googleapis.
the class SnippetsIT method testRevokeCertificate.
@Test
public void testRevokeCertificate() throws InterruptedException, ExecutionException, IOException {
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
// Revoke the certificate.
privateca.RevokeCertificate.revokeCertificate(PROJECT_ID, LOCATION, CA_POOL_ID, CERTIFICATE_NAME);
// Check if the certificate has revocation details. If it does, then the certificate is
// considered as revoked.
CertificateName certificateName = CertificateName.of(PROJECT_ID, LOCATION, CA_POOL_ID, CERTIFICATE_NAME);
Assert.assertTrue(certificateAuthorityServiceClient.getCertificate(certificateName).hasRevocationDetails());
}
}
use of com.google.cloud.security.privateca.v1.CertificateName in project java-security-private-ca by googleapis.
the class CreateCertificate_CSR method createCertificateWithCSR.
// Create a Certificate which is issued by the specified Certificate Authority.
// The certificate details and the public key is provided as a CSR (Certificate Signing Request).
public static void createCertificateWithCSR(String project, String location, String pool_Id, String certificateAuthorityName, String certificateName, String pemCSR) throws IOException, ExecutionException, InterruptedException {
// clean up any remaining background resources.
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
// certificateLifetime: The validity of the certificate in seconds.
long certificateLifetime = 1000L;
// Create certificate with CSR.
// The pemCSR contains the public key and the domain details required.
Certificate certificate = Certificate.newBuilder().setPemCsr(pemCSR).setLifetime(Duration.newBuilder().setSeconds(certificateLifetime).build()).build();
// Create the Certificate Request.
// Set the CA which is responsible for creating the certificate with the provided CSR.
CreateCertificateRequest certificateRequest = CreateCertificateRequest.newBuilder().setParent(CaPoolName.of(project, location, pool_Id).toString()).setIssuingCertificateAuthorityId(certificateAuthorityName).setCertificateId(certificateName).setCertificate(certificate).build();
// Get the certificate response.
ApiFuture<Certificate> future = certificateAuthorityServiceClient.createCertificateCallable().futureCall(certificateRequest);
Certificate certificateResponse = future.get();
System.out.println("Certificate created successfully : " + certificateResponse.getName());
// Get the signed certificate and the issuer chain list.
System.out.println("Signed certificate:\n " + certificateResponse.getPemCertificate());
System.out.println("Issuer chain list:\n" + certificateResponse.getPemCertificateChainList());
}
}
use of com.google.cloud.security.privateca.v1.CertificateName in project java-security-private-ca by googleapis.
the class RevokeCertificate method revokeCertificate.
// Revoke an issued certificate. Once revoked, the certificate will become invalid and will expire
// post its lifetime.
public static void revokeCertificate(String project, String location, String pool_Id, String certificateName) throws IOException, ExecutionException, InterruptedException {
// clean up any remaining background resources.
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
// Create Certificate Name.
CertificateName certificateNameParent = CertificateName.newBuilder().setProject(project).setLocation(location).setCaPool(pool_Id).setCertificate(certificateName).build();
// Create Revoke Certificate Request and specify the appropriate revocation reason.
RevokeCertificateRequest revokeCertificateRequest = RevokeCertificateRequest.newBuilder().setName(certificateNameParent.toString()).setReason(RevocationReason.PRIVILEGE_WITHDRAWN).build();
// Revoke certificate.
ApiFuture<Certificate> response = certificateAuthorityServiceClient.revokeCertificateCallable().futureCall(revokeCertificateRequest);
Certificate certificateResponse = response.get();
System.out.println("Certificate Revoked: " + certificateResponse.getName());
}
}
use of com.google.cloud.security.privateca.v1.CertificateName in project java-security-private-ca by googleapis.
the class CreateCertificate method createCertificate.
// Create a Certificate which is issued by the Certificate Authority present in the CA Pool.
// The public key used to sign the certificate can be generated using any crypto
// library/framework.
public static void createCertificate(String project, String location, String pool_Id, String certificateAuthorityName, String certificateName, ByteString publicKeyBytes) throws InterruptedException, ExecutionException, IOException {
// clean up any remaining background resources.
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
// commonName: Enter a title for your certificate.
// orgName: Provide the name of your company.
// domainName: List the fully qualified domain name.
// certificateLifetime: The validity of the certificate in seconds.
String commonName = "common-name";
String orgName = "org-name";
String domainName = "dns.your-domain.com";
long certificateLifetime = 1000L;
// Set the Public Key and its format.
PublicKey publicKey = PublicKey.newBuilder().setKey(publicKeyBytes).setFormat(KeyFormat.PEM).build();
SubjectConfig subjectConfig = SubjectConfig.newBuilder().setSubject(Subject.newBuilder().setCommonName(commonName).setOrganization(orgName).build()).setSubjectAltName(SubjectAltNames.newBuilder().addDnsNames(domainName).build()).build();
// Set the X.509 fields required for the certificate.
X509Parameters x509Parameters = X509Parameters.newBuilder().setKeyUsage(KeyUsage.newBuilder().setBaseKeyUsage(KeyUsageOptions.newBuilder().setDigitalSignature(true).setKeyEncipherment(true).setCertSign(true).build()).setExtendedKeyUsage(ExtendedKeyUsageOptions.newBuilder().setServerAuth(true).build()).build()).setCaOptions(CaOptions.newBuilder().setIsCa(true).buildPartial()).build();
// Create certificate.
Certificate certificate = Certificate.newBuilder().setConfig(CertificateConfig.newBuilder().setPublicKey(publicKey).setSubjectConfig(subjectConfig).setX509Config(x509Parameters).build()).setLifetime(Duration.newBuilder().setSeconds(certificateLifetime).build()).build();
// Create the Certificate Request.
CreateCertificateRequest certificateRequest = CreateCertificateRequest.newBuilder().setParent(CaPoolName.of(project, location, pool_Id).toString()).setCertificateId(certificateName).setCertificate(certificate).setIssuingCertificateAuthorityId(certificateAuthorityName).build();
// Get the Certificate response.
ApiFuture<Certificate> future = certificateAuthorityServiceClient.createCertificateCallable().futureCall(certificateRequest);
Certificate response = future.get();
// Get the PEM encoded, signed X.509 certificate.
System.out.println(response.getPemCertificate());
// To verify the obtained certificate, use this intermediate chain list.
System.out.println(response.getPemCertificateChainList());
}
}
use of com.google.cloud.security.privateca.v1.CertificateName in project java-security-private-ca by googleapis.
the class SnippetsIT method testCreateCertificate.
@Test
public void testCreateCertificate() throws IOException {
// Check if the certificate created during setup is successful.
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
CertificateName certificateName = CertificateName.of(PROJECT_ID, LOCATION, CA_POOL_ID, CERTIFICATE_NAME);
Certificate certificate = certificateAuthorityServiceClient.getCertificate(certificateName);
assertThat(certificate.getName()).contains(CERTIFICATE_NAME);
}
}
Aggregations