Examples with Config com.venafi.vcert.sdk.Config used on opensource projects

Example 1 with Config

use of com.venafi.vcert.sdk.Config in project vcert-java by Venafi.

the class SshCertificateRequestRetrieveWithKeyPairProvided method main.

/**
 * @param args
 */
public static void main(String[] args) {
    try {
        // replace it by the key id value
        String keyId = "<KEY_ID>";
        // replace it by the CADN or the CA Name
        String template = "<TPP_SSH_CA>";
        // replace it by the TPP User
        String user = "<TPPUSER>";
        // replace it by the TPP Password
        String password = "<TPPPASSWORD>";
        // replace it by the TPP URL
        String baseUri = "<TPP_URL>";
        // 1. Get a VCertClient for TPP setting the scope to "ssh:manage"
        Authentication auth = Authentication.builder().user(user).password(password).scope("ssh:manage").build();
        Config config = Config.builder().connectorType(ConnectorType.TPP_TOKEN).baseUrl(baseUri).build();
        VCertTknClient client = new VCertTknClient(config);
        client.getAccessToken(auth);
        // To work with the SSH KeyPair, we are going to use some utilities from
        // maverick-synergy project. For more information, please visit https://github.com/sshtools/maverick-synergy
        // 2. Get an SSH Key Pair with a key size of 3072 bits
        SshKeyPair pair = SshKeyPairGenerator.generateKeyPair(SshKeyPairGenerator.SSH2_RSA, 3072);
        // 3. Extract the Public Key and adding the KeyId as comment, at the end of the Public Key
        // because TPP returns the Public Key on that way
        String publicKeyData = SshKeyUtils.getFormattedKey(pair.getPublicKey(), keyId);
        // 4. Get an instance of com.venafi.vcert.sdk.certificate.SshCertificateRequest class.
        SshCertificateRequest req = new SshCertificateRequest().keyId(keyId).validityPeriod(// if you omit it, then the validity period of the CIT will be used
        "4h").publicKeyData(publicKeyData).template(template);
        // .sourceAddresses(new String[]{"test.com"});
        // 5. Use the VCertClient method requestSshCertificate() to request the creation of a new
        // SSH Certificate on TPP. This will return the DN of the created SSH Certificate which
        // will be used to retrieve the created SSH Certificate.
        String pickUpID = client.requestSshCertificate(req);
        // 4. Set the pickUp ID to the SshCertificateRequest created. You can create a new one
        // but in order to avoid the boilerplate, it's preferable to use the already one created.
        req.pickupID(pickUpID);
        // 5. Use the VCertClient method retrieveSshCertificate() to retrieve the created
        // SSH Certificate on TPP. It will return an instance of SshCertRetrieveDetails which
        // will contain the Ssh Certificate Data, the Public Key, etc.
        SshCertRetrieveDetails sshCertRetrieveDetails = client.retrieveSshCertificate(req);
        client.revokeAccessToken();
    } catch (Exception e) {
        e.printStackTrace();
    }
}

Example 2 with Config

use of com.venafi.vcert.sdk.Config in project vcert-java by Venafi.

the class PolicyManagementBuilderExample method main.

public static void main(String[] args) {
    try {
        String ca = "<TPP_CA_NAME>";
        String policyName = "<TPP_POLICY_MANAGEMENT_SAMPLE>";
        String user = "<TPPUSER>";
        String password = "<TPPPASSWORD>";
        String baseUri = "<TPP_URL>";
        // 1. Get an instance of com.venafi.vcert.sdk.policy.domain.PolicySpecification class.
        // That can be done using the builder provided by the PolicySpecification
        PolicySpecification policySpecification = PolicySpecification.builder().policy(Policy.builder().domains(new String[] { "venafi.com" }).maxValidDays(120).certificateAuthority(ca).wildcardAllowed(true).subject(Subject.builder().orgs(new String[] { "venafi" }).orgUnits(new String[] { "DevOps", "OpenSource" }).localities(new String[] { "Merida" }).states(new String[] { "Yucatan" }).countries(new String[] { "MX" }).build()).keyPair(KeyPair.builder().keyTypes(new String[] { "RSA" }).rsaKeySizes(new Integer[] { 1024 }).serviceGenerated(true).reuseAllowed(true).build()).subjectAltNames(SubjectAltNames.builder().dnsAllowed(false).emailAllowed(true).build()).build()).build();
        // 2. Get a VCertClient. For this time, it is being to use a VCertClient for TPP.
        Authentication auth = Authentication.builder().user(user).password(password).clientId("api-all-access").scope("certificate:manage;configuration:manage").build();
        Config config = Config.builder().connectorType(ConnectorType.TPP_TOKEN).baseUrl(baseUri).build();
        VCertTknClient client = new VCertTknClient(config);
        client.getAccessToken(auth);
        // 3. Use the VCertClient method setPolicy() to set a Policy.
        // If the the policy doesn't exist then it will be created.
        // If the the policy exists then it will be updated.
        client.setPolicy(policyName, policySpecification);
        // 4. You can get the Policy which you created/updated using the getPolicy method
        PolicySpecification policyTemp = client.getPolicy(policyName);
        // 5. Then use it to write it in Yaml format.
        // This time we will use the Jackson parser to get the Yaml string.
        // You can learn more about Jackson parser in https://github.com/FasterXML/jackson
        // and http://tutorials.jenkov.com/java-json/jackson-objectmapper.html
        ObjectMapper mapper = new ObjectMapper(new YAMLFactory());
        mapper.setVisibility(PropertyAccessor.FIELD, JsonAutoDetect.Visibility.ANY);
        mapper.setSerializationInclusion(JsonInclude.Include.NON_NULL);
        String policyAsString = mapper.writeValueAsString(policyTemp);
        System.out.println(policyAsString);
        client.revokeAccessToken();
    } catch (Exception e) {
        e.printStackTrace();
    }
}

Example 3 with Config

use of com.venafi.vcert.sdk.Config in project vcert-java by Venafi.

the class PolicyManagementYamlExample method main.

public static void main(String[] args) {
    try {
        // replace it by the policy full name
        String policyName = "<APP_NAME>\\<CIT_ALIAS>";
        // replace it by the api-key
        String tppl_api_key = "<APIKEY>";
        // replace it by the path where the policy_specification.yaml file will be
        String yaml_source_file = "<PARENT_PATH>/policy_specification.yaml";
        // replace it by the path where the policy_specification_result.yaml file will be
        String yaml_target_file = "<PARENT_PATH>/policy_specification_result.yaml";
        // 1. Get an instance of com.venafi.vcert.sdk.policy.domain.PolicySpecification class.
        // At this time it's being to use the Jackson parser to get an instance of PolicySpecification given a Yaml file.
        // You can learn more about Jackson parser in https://github.com/FasterXML/jackson
        // and http://tutorials.jenkov.com/java-json/jackson-objectmapper.html
        ObjectMapper mapper = new ObjectMapper(new YAMLFactory());
        mapper.setVisibility(PropertyAccessor.FIELD, JsonAutoDetect.Visibility.ANY);
        mapper.setSerializationInclusion(JsonInclude.Include.NON_NULL);
        PolicySpecification policySpecification = mapper.readValue(new File(yaml_source_file), PolicySpecification.class);
        // 2. Get a VCertClient. For this time, it's going to use a VCertClient for Cloud.
        Authentication auth = Authentication.builder().apiKey(tppl_api_key).build();
        Config config = Config.builder().connectorType(ConnectorType.CLOUD).build();
        VCertClient client = new VCertClient(config);
        client.authenticate(auth);
        // 3. Use the VCertClient method setPolicy() to set a Policy.
        // If the the policy doesn't exist then it will be created.
        // If the the policy exists then it will be updated.
        client.setPolicy(policyName, policySpecification);
        // 4. You can get the Policy which you created/updated using the getPolicy method and then use it
        // to write it in json format using the Jackson parser.
        PolicySpecification policyTemp = client.getPolicy(policyName);
        mapper.writeValue(new File(yaml_target_file), policyTemp);
    } catch (Exception e) {
        e.printStackTrace();
    }
}

Example 4 with Config

use of com.venafi.vcert.sdk.Config in project vcert-java by Venafi.

the class CloudClient method main.

public static void main(String[] args) throws VCertException, CertificateEncodingException, NoSuchAlgorithmException, KeyManagementException {
    String url = System.getenv("CLOUDURL");
    String zone = System.getenv("CLOUDZONE");
    String appInfo = System.getenv("PRODUCT");
    String apiKey = System.getenv("APIKEY");
    if (zone == null) {
        // or by ID "38992cc0-0177-11ea-a3f0-2b5db8116980";
        zone = "My Project\\My Zone";
    }
    if (appInfo == null)
        appInfo = "My Application 1.0.0.0";
    if (apiKey == null)
        apiKey = "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee";
    Config config = Config.builder().connectorType(ConnectorType.CLOUD).baseUrl(url).appInfo(appInfo).build();
    Authentication auth = Authentication.builder().apiKey(apiKey).build();
    VCertClient client = new VCertClient(config);
    client.authenticate(auth);
    ZoneConfiguration zoneConfiguration = client.readZoneConfiguration(zone);
    // Generate a certificate
    CertificateRequest certificateRequest = new CertificateRequest().subject(new CertificateRequest.PKIXName().commonName("vcert-java.venafi.example").organization(Collections.singletonList("Venafi, Inc.")).organizationalUnit(Arrays.asList("Product Management")).country(Collections.singletonList("US")).locality(Collections.singletonList("Salt Lake City")).province(Collections.singletonList("Utah"))).keyType(KeyType.RSA).keyLength(2048);
    certificateRequest = client.generateRequest(zoneConfiguration, certificateRequest);
    // Submit the certificate request
    client.requestCertificate(certificateRequest, zoneConfiguration);
    // Retrieve PEM collection from Venafi
    PEMCollection pemCollection = client.retrieveCertificate(certificateRequest);
    System.out.println(pemCollection.certificate());
}

Example 5 with Config

use of com.venafi.vcert.sdk.Config in project vcert-java by Venafi.

the class SshCertificateRequestRetrieveWithOutKeyPairProvided method main.

/**
 * @param args
 */
public static void main(String[] args) {
    try {
        // replace it by the key id value
        String keyId = "<KEY_ID>";
        // replace it by the CADN or the CA Name
        String template = "<TPP_SSH_CA>";
        // replace it by the TPP User
        String user = "<TPPUSER>";
        // replace it by the TPP Password
        String password = "<TPPPASSWORD>";
        // replace it by the TPP URL
        String baseUri = "<TPP_URL>";
        // 1. Get a VCertClient for TPP setting the scope to "ssh:manage"
        Authentication auth = Authentication.builder().user(user).password(password).scope("ssh:manage").build();
        Config config = Config.builder().connectorType(ConnectorType.TPP_TOKEN).baseUrl(baseUri).build();
        VCertTknClient client = new VCertTknClient(config);
        client.getAccessToken(auth);
        // 2. Get an instance of com.venafi.vcert.sdk.certificate.SshCertificateRequest class.
        SshCertificateRequest req = new SshCertificateRequest().keyId(keyId).validityPeriod(// if you omit it, then the validity period of the CIT will be used
        "4h").template(template);
        // 3. Use the VCertClient method requestSshCertificate() to request the creation of a new
        // SSH Certificate on TPP. This will return the DN of the created SSH Certificate which
        // will be used to retrieve the created SSH Certificate.
        String pickUpID = client.requestSshCertificate(req);
        // 4. Set the pickUp ID to the SshCertificateRequest created. You can create a new one
        // but in order to avoid the boilerplate, it's preferable to use the already one created.
        req.pickupID(pickUpID);
        // 4a. you can set a passphrase for the Private Key of the KeyPair that will be generated by TPP.
        req.privateKeyPassphrase("my-passphrase");
        // 5. Use the VCertClient method retrieveSshCertificate() to retrieve the created
        // SSH Certificate on TPP. It will return an instance of SshCertRetrieveDetails which
        // will contain the Ssh Certificate Data, the Public and Private Keys, etc.
        SshCertRetrieveDetails sshCertRetrieveDetails = client.retrieveSshCertificate(req);
        client.revokeAccessToken();
    } catch (Exception e) {
        e.printStackTrace();
    }
}