use of com.venafi.vcert.sdk.VCertException in project vcert-java by Venafi.
the class CloudConnector method renewCertificate.
@Override
public String renewCertificate(RenewalRequest request) throws VCertException {
String certificateRequestId = null;
if (isNotBlank(request.thumbprint())) {
Cloud.CertificateSearchResponse result = this.searchCertificatesByFingerprint(request.thumbprint());
Set<String> requestIds = result.certificates().stream().map(c -> c.certificateRequestId()).collect(Collectors.toSet());
if (requestIds.size() > 1) {
throw new MoreThanOneCertificateRequestIdException(request.thumbprint());
} else if (requestIds.size() == 0) {
throw new CertificateNotFoundByThumbprintException(request.thumbprint());
}
certificateRequestId = requestIds.iterator().next();
} else if (isNotBlank(request.certificateDN())) {
certificateRequestId = request.certificateDN();
} else {
throw new CertificateDNOrThumbprintWasNotProvidedException();
}
final CertificateStatus status = cloud.certificateStatus(certificateRequestId, auth.apiKey());
String certificateId = status.certificateIds().get(0);
CertificateDetails certDetails = cloud.certificateDetails(certificateId, auth.apiKey());
if (!certDetails.certificateRequestId().equals(certificateRequestId)) {
final StringBuilder errorStr = new StringBuilder();
errorStr.append("Certificate under requestId %s ");
errorStr.append(isNotBlank(request.thumbprint()) ? String.format("with thumbprint %s ", request.thumbprint()) : "");
errorStr.append("is not the latest under ManagedCertificateId %s. The latest request is %s. ");
errorStr.append("This error may happen when revoked certificate is requested to be renewed.");
throw new VCertException(String.format(errorStr.toString(), certificateRequestId, certDetails.id(), certDetails.certificateRequestId()));
}
final CertificateRequestsPayload certificateRequest = new CertificateRequestsPayload();
certificateRequest.existingCertificateId(certDetails.id());
certificateRequest.applicationId(status.applicationId());
certificateRequest.certificateIssuingTemplateId(status.certificateIssuingTemplateId());
// add client information
VCertUtils.addApiClientInformation(certificateRequest);
certificateRequest.reuseCSR(!(Objects.nonNull(request.request()) && request.request().csr().length > 0));
if (!certificateRequest.reuseCSR) {
certificateRequest.csr(Strings.fromByteArray(request.request().csr()));
} else {
throw new CSRNotProvidedException();
}
CertificateRequestsResponse response = cloud.certificateRequest(auth.apiKey(), certificateRequest);
return response.certificateRequests().get(0).id();
}
use of com.venafi.vcert.sdk.VCertException in project vcert-java by Venafi.
the class CloudConnector method setPolicy.
@Override
public void setPolicy(String policyName, PolicySpecification policySpecification) throws VCertException {
try {
CloudPolicy cloudPolicy = CloudPolicySpecificationConverter.INSTANCE.convertFromPolicySpecification(policySpecification);
CloudConnectorUtils.setCit(policyName, cloudPolicy.certificateIssuingTemplate(), cloudPolicy.caInfo(), auth.apiKey(), cloud);
} catch (Exception e) {
throw new VCertException(e);
}
}
use of com.venafi.vcert.sdk.VCertException in project vcert-java by Venafi.
the class CloudConnector method getPolicy.
private PolicySpecification getPolicy(String policyName, boolean removeRegexFromSubjectCN) throws VCertException {
PolicySpecification policySpecification;
try {
CloudPolicy cloudPolicy = CloudConnectorUtils.getCloudPolicy(policyName, auth.apiKey(), cloud);
cloudPolicy.removeRegexesFromSubjectCN(removeRegexFromSubjectCN);
policySpecification = CloudPolicySpecificationConverter.INSTANCE.convertToPolicySpecification(cloudPolicy);
} catch (Exception e) {
throw new VCertException(e);
}
return policySpecification;
}
use of com.venafi.vcert.sdk.VCertException in project vcert-java by Venafi.
the class TppConnector method setPolicy.
@Override
public void setPolicy(String policyName, PolicySpecification policySpecification) throws VCertException {
try {
TPPPolicy tppPolicy = TPPPolicySpecificationConverter.INSTANCE.convertFromPolicySpecification(policySpecification);
setPolicy(policyName, tppPolicy);
} catch (Exception e) {
throw new VCertException(e);
}
}
use of com.venafi.vcert.sdk.VCertException in project vcert-java by Venafi.
the class CloudConnectorUtils method getPEMCollectionFromKeyStoreAsStream.
public static PEMCollection getPEMCollectionFromKeyStoreAsStream(InputStream keyStoreAsInputStream, String certId, ChainOption chainOption, String keyPassword, DataFormat dataFormat) throws VCertException {
String certificateAsPem = null;
String pemFileSuffix = null;
if (chainOption == ChainOption.ChainOptionRootFirst)
pemFileSuffix = "_root-first.pem";
else
pemFileSuffix = "_root-last.pem";
PrivateKey privateKey = null;
try (ZipInputStream zis = new ZipInputStream(keyStoreAsInputStream)) {
// The next constants are in order to be on safe about of the zip bomb attacks
// The expected number of files in the zip returned by the call to
final int MAX_ENTRIES = 10;
// the API "POST /outagedetection/v1/certificates/{id}/keystore"
// 1 MB
final int MAX_UNZIPED_FILES_SIZE = 1000000;
int entriesCount = 0;
int unzipedAcumulatedSize = 0;
ZipEntry zipEntry;
while ((zipEntry = zis.getNextEntry()) != null) {
entriesCount++;
// If the number of entries is major that the expected max number of entries
if (entriesCount > MAX_ENTRIES)
throw new KeyStoreZipEntriesExceeded(certId, MAX_ENTRIES);
String zipEntryContent = readZipEntry(zipEntry, zis, certId);
String fileName = zipEntry.getName();
if (fileName.endsWith(".key")) {
// Getting the PrivateKey in PKCS8 and decrypting it
PEMParser pemParser = new PEMParser(new StringReader(zipEntryContent));
privateKey = PEMCollection.decryptPKCS8PrivateKey(pemParser, keyPassword);
} else {
if (fileName.endsWith(pemFileSuffix)) {
certificateAsPem = zipEntryContent;
}
}
unzipedAcumulatedSize += zipEntryContent.getBytes().length;
// maximum number of bytes.
if (unzipedAcumulatedSize > MAX_UNZIPED_FILES_SIZE)
throw new KeyStoreUnzipedFilesBytesSizeExceeded(certId, MAX_UNZIPED_FILES_SIZE);
}
} catch (Exception e) {
throw new VCertException(e);
}
return PEMCollection.fromStringPEMCollection(certificateAsPem, chainOption, privateKey, keyPassword, dataFormat);
}
Aggregations