Search in sources :

Example 11 with PublicKey

use of com.google.cloud.security.privateca.v1.PublicKey in project java-docs-samples by GoogleCloudPlatform.

the class GetPublicKey method getPublicKey.

// Get the public key associated with an asymmetric key.
public void getPublicKey(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId) throws IOException, GeneralSecurityException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the key version name from the project, location, key ring, key,
        // and key version.
        CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
        // Get the public key.
        PublicKey publicKey = client.getPublicKey(keyVersionName);
        // https://cloud.google.com/kms/docs/data-integrity-guidelines
        if (!publicKey.getName().equals(keyVersionName.toString())) {
            throw new IOException("GetPublicKey: request to server corrupted");
        }
        // See helper below.
        if (!crcMatches(publicKey.getPemCrc32C().getValue(), publicKey.getPemBytes().toByteArray())) {
            throw new IOException("GetPublicKey: response from server corrupted");
        }
        System.out.printf("Public key: %s%n", publicKey.getPem());
    }
}
Also used : CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName) PublicKey(com.google.cloud.kms.v1.PublicKey) IOException(java.io.IOException) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Example 12 with PublicKey

use of com.google.cloud.security.privateca.v1.PublicKey in project java-kms by googleapis.

the class EncryptAsymmetric method encryptAsymmetric.

// Encrypt data that was encrypted using the public key component of the given
// key version.
public void encryptAsymmetric(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId, String plaintext) throws IOException, GeneralSecurityException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the key version name from the project, location, key ring, key,
        // and key version.
        CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
        // Get the public key.
        PublicKey publicKey = client.getPublicKey(keyVersionName);
        // Convert the public PEM key to a DER key (see helper below).
        byte[] derKey = convertPemToDer(publicKey.getPem());
        X509EncodedKeySpec keySpec = new X509EncodedKeySpec(derKey);
        java.security.PublicKey rsaKey = KeyFactory.getInstance("RSA").generatePublic(keySpec);
        // Encrypt plaintext for the 'RSA_DECRYPT_OAEP_2048_SHA256' key.
        // For other key algorithms:
        // https://docs.oracle.com/javase/7/docs/api/javax/crypto/Cipher.html
        Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
        OAEPParameterSpec oaepParams = new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT);
        cipher.init(Cipher.ENCRYPT_MODE, rsaKey, oaepParams);
        byte[] ciphertext = cipher.doFinal(plaintext.getBytes(StandardCharsets.UTF_8));
        System.out.printf("Ciphertext: %s%n", ciphertext);
    }
}
Also used : CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName) PublicKey(com.google.cloud.kms.v1.PublicKey) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) Cipher(javax.crypto.Cipher) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient) OAEPParameterSpec(javax.crypto.spec.OAEPParameterSpec)

Example 13 with PublicKey

use of com.google.cloud.security.privateca.v1.PublicKey in project gapic-generator-java by googleapis.

the class AsyncGetPublicKey method asyncGetPublicKey.

public static void asyncGetPublicKey() throws Exception {
    // It may require modifications to work in your environment.
    try (KeyManagementServiceClient keyManagementServiceClient = KeyManagementServiceClient.create()) {
        GetPublicKeyRequest request = GetPublicKeyRequest.newBuilder().setName(CryptoKeyVersionName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]", "[CRYPTO_KEY_VERSION]").toString()).build();
        ApiFuture<PublicKey> future = keyManagementServiceClient.getPublicKeyCallable().futureCall(request);
        // Do something.
        PublicKey response = future.get();
    }
}
Also used : GetPublicKeyRequest(com.google.cloud.kms.v1.GetPublicKeyRequest) PublicKey(com.google.cloud.kms.v1.PublicKey) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Example 14 with PublicKey

use of com.google.cloud.security.privateca.v1.PublicKey in project gapic-generator-java by googleapis.

the class SyncGetPublicKeyString method syncGetPublicKeyString.

public static void syncGetPublicKeyString() throws Exception {
    // It may require modifications to work in your environment.
    try (KeyManagementServiceClient keyManagementServiceClient = KeyManagementServiceClient.create()) {
        String name = CryptoKeyVersionName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]", "[CRYPTO_KEY_VERSION]").toString();
        PublicKey response = keyManagementServiceClient.getPublicKey(name);
    }
}
Also used : PublicKey(com.google.cloud.kms.v1.PublicKey) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Example 15 with PublicKey

use of com.google.cloud.security.privateca.v1.PublicKey in project java-security-private-ca by googleapis.

the class CreateCertificate method createCertificate.

// Create a Certificate which is issued by the Certificate Authority present in the CA Pool.
// The public key used to sign the certificate can be generated using any crypto
// library/framework.
public static void createCertificate(String project, String location, String pool_Id, String certificateAuthorityName, String certificateName, ByteString publicKeyBytes) throws InterruptedException, ExecutionException, IOException {
    // clean up any remaining background resources.
    try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
        // commonName: Enter a title for your certificate.
        // orgName: Provide the name of your company.
        // domainName: List the fully qualified domain name.
        // certificateLifetime: The validity of the certificate in seconds.
        String commonName = "common-name";
        String orgName = "org-name";
        String domainName = "dns.your-domain.com";
        long certificateLifetime = 1000L;
        // Set the Public Key and its format.
        PublicKey publicKey = PublicKey.newBuilder().setKey(publicKeyBytes).setFormat(KeyFormat.PEM).build();
        SubjectConfig subjectConfig = SubjectConfig.newBuilder().setSubject(Subject.newBuilder().setCommonName(commonName).setOrganization(orgName).build()).setSubjectAltName(SubjectAltNames.newBuilder().addDnsNames(domainName).build()).build();
        // Set the X.509 fields required for the certificate.
        X509Parameters x509Parameters = X509Parameters.newBuilder().setKeyUsage(KeyUsage.newBuilder().setBaseKeyUsage(KeyUsageOptions.newBuilder().setDigitalSignature(true).setKeyEncipherment(true).setCertSign(true).build()).setExtendedKeyUsage(ExtendedKeyUsageOptions.newBuilder().setServerAuth(true).build()).build()).setCaOptions(CaOptions.newBuilder().setIsCa(true).buildPartial()).build();
        // Create certificate.
        Certificate certificate = Certificate.newBuilder().setConfig(CertificateConfig.newBuilder().setPublicKey(publicKey).setSubjectConfig(subjectConfig).setX509Config(x509Parameters).build()).setLifetime(Duration.newBuilder().setSeconds(certificateLifetime).build()).build();
        // Create the Certificate Request.
        CreateCertificateRequest certificateRequest = CreateCertificateRequest.newBuilder().setParent(CaPoolName.of(project, location, pool_Id).toString()).setCertificateId(certificateName).setCertificate(certificate).setIssuingCertificateAuthorityId(certificateAuthorityName).build();
        // Get the Certificate response.
        ApiFuture<Certificate> future = certificateAuthorityServiceClient.createCertificateCallable().futureCall(certificateRequest);
        Certificate response = future.get();
        // Get the PEM encoded, signed X.509 certificate.
        System.out.println(response.getPemCertificate());
        // To verify the obtained certificate, use this intermediate chain list.
        System.out.println(response.getPemCertificateChainList());
    }
}
Also used : SubjectConfig(com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig) X509Parameters(com.google.cloud.security.privateca.v1.X509Parameters) CreateCertificateRequest(com.google.cloud.security.privateca.v1.CreateCertificateRequest) PublicKey(com.google.cloud.security.privateca.v1.PublicKey) CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient) ByteString(com.google.protobuf.ByteString) Certificate(com.google.cloud.security.privateca.v1.Certificate)

Aggregations

KeyManagementServiceClient (com.google.cloud.kms.v1.KeyManagementServiceClient)14 PublicKey (com.google.cloud.kms.v1.PublicKey)14 CryptoKeyVersionName (com.google.cloud.kms.v1.CryptoKeyVersionName)11 X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)8 Signature (java.security.Signature)4 Cipher (javax.crypto.Cipher)4 OAEPParameterSpec (javax.crypto.spec.OAEPParameterSpec)4 ByteString (com.google.protobuf.ByteString)3 GetPublicKeyRequest (com.google.cloud.kms.v1.GetPublicKeyRequest)2 Test (org.junit.Test)2 Certificate (com.google.cloud.security.privateca.v1.Certificate)1 CertificateAuthorityServiceClient (com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient)1 SubjectConfig (com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig)1 CreateCertificateRequest (com.google.cloud.security.privateca.v1.CreateCertificateRequest)1 PublicKey (com.google.cloud.security.privateca.v1.PublicKey)1 X509Parameters (com.google.cloud.security.privateca.v1.X509Parameters)1 IOException (java.io.IOException)1