use of com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest in project java-security-private-ca by googleapis.
the class CreateCertificateAuthority method createCertificateAuthority.
// Create Certificate Authority which is the root CA in the given CA Pool.
public static void createCertificateAuthority(String project, String location, String pool_Id, String certificateAuthorityName) throws InterruptedException, ExecutionException, IOException {
// clean up any remaining background resources.
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
String commonName = "common-name";
String orgName = "org-name";
// Validity of this CA in seconds.
int caDuration = 100000;
// Set the type of Algorithm.
KeyVersionSpec keyVersionSpec = KeyVersionSpec.newBuilder().setAlgorithm(SignHashAlgorithm.RSA_PKCS1_4096_SHA256).build();
// Set CA subject config.
SubjectConfig subjectConfig = SubjectConfig.newBuilder().setSubject(Subject.newBuilder().setCommonName(commonName).setOrganization(orgName).build()).build();
// Set the key usage options for X.509 fields.
X509Parameters x509Parameters = X509Parameters.newBuilder().setKeyUsage(KeyUsage.newBuilder().setBaseKeyUsage(KeyUsageOptions.newBuilder().setCrlSign(true).setCertSign(true).build()).build()).setCaOptions(CaOptions.newBuilder().setIsCa(true).build()).build();
// Set certificate authority settings.
CertificateAuthority certificateAuthority = CertificateAuthority.newBuilder().setType(CertificateAuthority.Type.SELF_SIGNED).setKeySpec(keyVersionSpec).setConfig(CertificateConfig.newBuilder().setSubjectConfig(subjectConfig).setX509Config(x509Parameters).build()).setLifetime(Duration.newBuilder().setSeconds(caDuration).build()).build();
// Create the CertificateAuthorityRequest.
CreateCertificateAuthorityRequest certificateAuthorityRequest = CreateCertificateAuthorityRequest.newBuilder().setParent(CaPoolName.of(project, location, pool_Id).toString()).setCertificateAuthorityId(certificateAuthorityName).setCertificateAuthority(certificateAuthority).build();
// Create Certificate Authority.
ApiFuture<Operation> futureCall = certificateAuthorityServiceClient.createCertificateAuthorityCallable().futureCall(certificateAuthorityRequest);
Operation response = futureCall.get();
if (response.hasError()) {
System.out.println("Error while creating CA !" + response.getError());
return;
}
System.out.println("Certificate Authority created successfully : " + certificateAuthorityName);
}
}
use of com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest in project java-security-private-ca by googleapis.
the class CreateSubordinateCa method createSubordinateCertificateAuthority.
public static void createSubordinateCertificateAuthority(String project, String location, String pool_Id, String subordinateCaName) throws IOException, ExecutionException, InterruptedException {
// clean up any remaining background resources.
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
String commonName = "common-name";
String orgName = "csr-org-name";
String domainName = "dns.your-domain.com";
// Validity of this CA in seconds.
int caDuration = 100000;
// Set the type of Algorithm.
KeyVersionSpec keyVersionSpec = KeyVersionSpec.newBuilder().setAlgorithm(SignHashAlgorithm.RSA_PKCS1_4096_SHA256).build();
// Set CA subject config.
SubjectConfig subjectConfig = SubjectConfig.newBuilder().setSubject(Subject.newBuilder().setCommonName(commonName).setOrganization(orgName).build()).setSubjectAltName(SubjectAltNames.newBuilder().addDnsNames(domainName).build()).build();
// Set the key usage options for X.509 fields.
X509Parameters x509Parameters = X509Parameters.newBuilder().setKeyUsage(KeyUsage.newBuilder().setBaseKeyUsage(KeyUsageOptions.newBuilder().setCrlSign(true).setCertSign(true).build()).build()).setCaOptions(CaOptions.newBuilder().setIsCa(true).build()).build();
// Set certificate authority settings.
CertificateAuthority subCertificateAuthority = CertificateAuthority.newBuilder().setType(CertificateAuthority.Type.SUBORDINATE).setKeySpec(keyVersionSpec).setConfig(CertificateConfig.newBuilder().setSubjectConfig(subjectConfig).setX509Config(x509Parameters).build()).setLifetime(Duration.newBuilder().setSeconds(caDuration).build()).build();
// Create the CertificateAuthorityRequest.
CreateCertificateAuthorityRequest subCertificateAuthorityRequest = CreateCertificateAuthorityRequest.newBuilder().setParent(CaPoolName.of(project, location, pool_Id).toString()).setCertificateAuthorityId(subordinateCaName).setCertificateAuthority(subCertificateAuthority).build();
// Create Subordinate CA.
ApiFuture<Operation> futureCall = certificateAuthorityServiceClient.createCertificateAuthorityCallable().futureCall(subCertificateAuthorityRequest);
Operation response = futureCall.get();
if (response.hasError()) {
System.out.println("Error while creating Subordinate CA !" + response.getError());
return;
}
System.out.println("Subordinate Certificate Authority created successfully : " + subordinateCaName);
}
}
Aggregations