Search in sources :

Example 1 with CaOptions

use of com.google.cloud.security.privateca.v1.X509Parameters.CaOptions in project java-security-private-ca by googleapis.

the class CreateCertificateTemplate method createCertificateTemplate.

/* Creates a Certificate template. These templates can be reused for common
  certificate issuance scenarios. */
public static void createCertificateTemplate(String project, String location, String certificateTemplateId) throws IOException, ExecutionException, InterruptedException, TimeoutException {
    /* Initialize client that will be used to send requests. This client only needs to be created
    once, and can be reused for multiple requests. After completing all of your requests, call
    the `certificateAuthorityServiceClient.close()` method on the client to safely
    clean up any remaining background resources. */
    try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
        /* Describes any predefined X.509 values set by this template.
      The provided extensions are copied over to certificate requests that use this template.*/
        KeyUsage keyUsage = KeyUsage.newBuilder().setBaseKeyUsage(KeyUsageOptions.newBuilder().setDigitalSignature(true).setKeyEncipherment(true).build()).setExtendedKeyUsage(ExtendedKeyUsageOptions.newBuilder().setServerAuth(true).build()).build();
        CaOptions caOptions = CaOptions.newBuilder().setIsCa(false).build();
        /* CEL expression that is evaluated against the Subject and
      Subject Alternative Name of the certificate before it is issued. */
        Expr expr = Expr.newBuilder().setExpression("subject_alt_names.all(san, san.type == DNS)").build();
        // Set the certificate issuance schema.
        CertificateTemplate certificateTemplate = CertificateTemplate.newBuilder().setPredefinedValues(X509Parameters.newBuilder().setKeyUsage(keyUsage).setCaOptions(caOptions).build()).setIdentityConstraints(CertificateIdentityConstraints.newBuilder().setCelExpression(expr).setAllowSubjectPassthrough(false).setAllowSubjectAltNamesPassthrough(false).build()).build();
        // Set the parent and certificate template properties.
        CreateCertificateTemplateRequest certificateTemplateRequest = CreateCertificateTemplateRequest.newBuilder().setParent(LocationName.of(project, location).toString()).setCertificateTemplate(certificateTemplate).setCertificateTemplateId(certificateTemplateId).build();
        // Create Template request.
        ApiFuture<Operation> futureCall = certificateAuthorityServiceClient.createCertificateTemplateCallable().futureCall(certificateTemplateRequest);
        Operation response = futureCall.get(60, TimeUnit.SECONDS);
        if (response.hasError()) {
            System.out.println("Error creating certificate template ! " + response.getError());
            return;
        }
        System.out.println("Successfully created certificate template ! " + response.getName());
    }
}
Also used : CreateCertificateTemplateRequest(com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest) Expr(com.google.type.Expr) CertificateTemplate(com.google.cloud.security.privateca.v1.CertificateTemplate) CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient) KeyUsage(com.google.cloud.security.privateca.v1.KeyUsage) CaOptions(com.google.cloud.security.privateca.v1.X509Parameters.CaOptions) Operation(com.google.longrunning.Operation)

Aggregations

CertificateAuthorityServiceClient (com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient)1 CertificateTemplate (com.google.cloud.security.privateca.v1.CertificateTemplate)1 CreateCertificateTemplateRequest (com.google.cloud.security.privateca.v1.CreateCertificateTemplateRequest)1 KeyUsage (com.google.cloud.security.privateca.v1.KeyUsage)1 CaOptions (com.google.cloud.security.privateca.v1.X509Parameters.CaOptions)1 Operation (com.google.longrunning.Operation)1 Expr (com.google.type.Expr)1