Search in sources :

Example 36 with VCertException

use of com.venafi.vcert.sdk.VCertException in project vcert-java by Venafi.

the class CloudConnector method renewCertificate.

@Override
public String renewCertificate(RenewalRequest request) throws VCertException {
    String certificateRequestId = null;
    if (isNotBlank(request.thumbprint())) {
        Cloud.CertificateSearchResponse result = this.searchCertificatesByFingerprint(request.thumbprint());
        Set<String> requestIds = result.certificates().stream().map(c -> c.certificateRequestId()).collect(Collectors.toSet());
        if (requestIds.size() > 1) {
            throw new MoreThanOneCertificateRequestIdException(request.thumbprint());
        } else if (requestIds.size() == 0) {
            throw new CertificateNotFoundByThumbprintException(request.thumbprint());
        }
        certificateRequestId = requestIds.iterator().next();
    } else if (isNotBlank(request.certificateDN())) {
        certificateRequestId = request.certificateDN();
    } else {
        throw new CertificateDNOrThumbprintWasNotProvidedException();
    }
    final CertificateStatus status = cloud.certificateStatus(certificateRequestId, auth.apiKey());
    String certificateId = status.certificateIds().get(0);
    CertificateDetails certDetails = cloud.certificateDetails(certificateId, auth.apiKey());
    if (!certDetails.certificateRequestId().equals(certificateRequestId)) {
        final StringBuilder errorStr = new StringBuilder();
        errorStr.append("Certificate under requestId %s ");
        errorStr.append(isNotBlank(request.thumbprint()) ? String.format("with thumbprint %s ", request.thumbprint()) : "");
        errorStr.append("is not the latest under ManagedCertificateId %s. The latest request is %s. ");
        errorStr.append("This error may happen when revoked certificate is requested to be renewed.");
        throw new VCertException(String.format(errorStr.toString(), certificateRequestId, certDetails.id(), certDetails.certificateRequestId()));
    }
    final CertificateRequestsPayload certificateRequest = new CertificateRequestsPayload();
    certificateRequest.existingCertificateId(certDetails.id());
    certificateRequest.applicationId(status.applicationId());
    certificateRequest.certificateIssuingTemplateId(status.certificateIssuingTemplateId());
    // add client information
    VCertUtils.addApiClientInformation(certificateRequest);
    certificateRequest.reuseCSR(!(Objects.nonNull(request.request()) && request.request().csr().length > 0));
    if (!certificateRequest.reuseCSR) {
        certificateRequest.csr(Strings.fromByteArray(request.request().csr()));
    } else {
        throw new CSRNotProvidedException();
    }
    CertificateRequestsResponse response = cloud.certificateRequest(auth.apiKey(), certificateRequest);
    return response.certificateRequests().get(0).id();
}
Also used : ImportResponse(com.venafi.vcert.sdk.certificate.ImportResponse) CertificateStatus(com.venafi.vcert.sdk.certificate.CertificateStatus) SshCertRetrieveDetails(com.venafi.vcert.sdk.certificate.SshCertRetrieveDetails) StringUtils(org.apache.commons.lang3.StringUtils) CsrOriginOption(com.venafi.vcert.sdk.certificate.CsrOriginOption) CharStreams(com.google.common.io.CharStreams) com.venafi.vcert.sdk.connectors.cloud.domain(com.venafi.vcert.sdk.connectors.cloud.domain) SshCertificateRequest(com.venafi.vcert.sdk.certificate.SshCertificateRequest) SshConfig(com.venafi.vcert.sdk.certificate.SshConfig) ConnectorType(com.venafi.vcert.sdk.endpoint.ConnectorType) Collection(java.util.Collection) Set(java.util.Set) UUID(java.util.UUID) Instant(java.time.Instant) SerializedName(com.google.gson.annotations.SerializedName) Collectors(java.util.stream.Collectors) VCertException(com.venafi.vcert.sdk.VCertException) CertificateRequest(com.venafi.vcert.sdk.certificate.CertificateRequest) String.format(java.lang.String.format) CloudPolicy(com.venafi.vcert.sdk.policy.api.domain.CloudPolicy) Objects(java.util.Objects) PolicySpecification(com.venafi.vcert.sdk.policy.domain.PolicySpecification) Base64(java.util.Base64) List(java.util.List) StringUtils.isNotBlank(org.apache.commons.lang3.StringUtils.isNotBlank) OffsetDateTime(java.time.OffsetDateTime) ConnectorException(com.venafi.vcert.sdk.connectors.ConnectorException) ZERO(java.time.Duration.ZERO) Connector(com.venafi.vcert.sdk.connectors.Connector) Pattern(java.util.regex.Pattern) KeystoreRequest(com.venafi.vcert.sdk.connectors.cloud.endpoint.KeystoreRequest) Getter(lombok.Getter) RenewalRequest(com.venafi.vcert.sdk.certificate.RenewalRequest) ZoneConfiguration(com.venafi.vcert.sdk.connectors.ZoneConfiguration) PEMCollection(com.venafi.vcert.sdk.certificate.PEMCollection) ArrayList(java.util.ArrayList) SshCaTemplateRequest(com.venafi.vcert.sdk.certificate.SshCaTemplateRequest) Authentication(com.venafi.vcert.sdk.endpoint.Authentication) VCertUtils(com.venafi.vcert.sdk.utils.VCertUtils) Strings(org.bouncycastle.util.Strings) Response(feign.Response) CloudPolicySpecificationConverter(com.venafi.vcert.sdk.policy.converter.CloudPolicySpecificationConverter) Policy(com.venafi.vcert.sdk.connectors.Policy) IOException(java.io.IOException) TimeUnit(java.util.concurrent.TimeUnit) ImportRequest(com.venafi.vcert.sdk.certificate.ImportRequest) StringUtils.isBlank(org.apache.commons.lang3.StringUtils.isBlank) Data(lombok.Data) RevocationRequest(com.venafi.vcert.sdk.certificate.RevocationRequest) InputStream(java.io.InputStream) CertificateStatus(com.venafi.vcert.sdk.certificate.CertificateStatus) VCertException(com.venafi.vcert.sdk.VCertException)

Example 37 with VCertException

use of com.venafi.vcert.sdk.VCertException in project vcert-java by Venafi.

the class CloudConnector method setPolicy.

@Override
public void setPolicy(String policyName, PolicySpecification policySpecification) throws VCertException {
    try {
        CloudPolicy cloudPolicy = CloudPolicySpecificationConverter.INSTANCE.convertFromPolicySpecification(policySpecification);
        CloudConnectorUtils.setCit(policyName, cloudPolicy.certificateIssuingTemplate(), cloudPolicy.caInfo(), auth.apiKey(), cloud);
    } catch (Exception e) {
        throw new VCertException(e);
    }
}
Also used : VCertException(com.venafi.vcert.sdk.VCertException) CloudPolicy(com.venafi.vcert.sdk.policy.api.domain.CloudPolicy) VCertException(com.venafi.vcert.sdk.VCertException) ConnectorException(com.venafi.vcert.sdk.connectors.ConnectorException) IOException(java.io.IOException)

Example 38 with VCertException

use of com.venafi.vcert.sdk.VCertException in project vcert-java by Venafi.

the class CloudConnector method getPolicy.

private PolicySpecification getPolicy(String policyName, boolean removeRegexFromSubjectCN) throws VCertException {
    PolicySpecification policySpecification;
    try {
        CloudPolicy cloudPolicy = CloudConnectorUtils.getCloudPolicy(policyName, auth.apiKey(), cloud);
        cloudPolicy.removeRegexesFromSubjectCN(removeRegexFromSubjectCN);
        policySpecification = CloudPolicySpecificationConverter.INSTANCE.convertToPolicySpecification(cloudPolicy);
    } catch (Exception e) {
        throw new VCertException(e);
    }
    return policySpecification;
}
Also used : PolicySpecification(com.venafi.vcert.sdk.policy.domain.PolicySpecification) VCertException(com.venafi.vcert.sdk.VCertException) CloudPolicy(com.venafi.vcert.sdk.policy.api.domain.CloudPolicy) VCertException(com.venafi.vcert.sdk.VCertException) ConnectorException(com.venafi.vcert.sdk.connectors.ConnectorException) IOException(java.io.IOException)

Example 39 with VCertException

use of com.venafi.vcert.sdk.VCertException in project vcert-java by Venafi.

the class TppConnector method setPolicy.

@Override
public void setPolicy(String policyName, PolicySpecification policySpecification) throws VCertException {
    try {
        TPPPolicy tppPolicy = TPPPolicySpecificationConverter.INSTANCE.convertFromPolicySpecification(policySpecification);
        setPolicy(policyName, tppPolicy);
    } catch (Exception e) {
        throw new VCertException(e);
    }
}
Also used : TPPPolicy(com.venafi.vcert.sdk.policy.api.domain.TPPPolicy) VCertException(com.venafi.vcert.sdk.VCertException) RetrieveCertificateTimeoutException(com.venafi.vcert.sdk.connectors.ConnectorException.RetrieveCertificateTimeoutException) TppRequestCertificateNotAllowedException(com.venafi.vcert.sdk.connectors.ConnectorException.TppRequestCertificateNotAllowedException) CertificateDNOrThumbprintWasNotProvidedException(com.venafi.vcert.sdk.connectors.ConnectorException.CertificateDNOrThumbprintWasNotProvidedException) RenewFailureException(com.venafi.vcert.sdk.connectors.ConnectorException.RenewFailureException) CertificateNotFoundByThumbprintException(com.venafi.vcert.sdk.connectors.ConnectorException.CertificateNotFoundByThumbprintException) CSRNotProvidedByUserException(com.venafi.vcert.sdk.connectors.ConnectorException.CSRNotProvidedByUserException) MissingCredentialsException(com.venafi.vcert.sdk.connectors.ConnectorException.MissingCredentialsException) TppManualCSRNotEnabledException(com.venafi.vcert.sdk.connectors.ConnectorException.TppManualCSRNotEnabledException) CertificatePendingException(com.venafi.vcert.sdk.connectors.ConnectorException.CertificatePendingException) VCertException(com.venafi.vcert.sdk.VCertException) MoreThanOneCertificateWithSameThumbprintException(com.venafi.vcert.sdk.connectors.ConnectorException.MoreThanOneCertificateWithSameThumbprintException) AttemptToRetryException(com.venafi.vcert.sdk.connectors.ConnectorException.AttemptToRetryException) RevokeFailureException(com.venafi.vcert.sdk.connectors.ConnectorException.RevokeFailureException) CouldNotParseRevokeReasonException(com.venafi.vcert.sdk.connectors.ConnectorException.CouldNotParseRevokeReasonException) TppPingException(com.venafi.vcert.sdk.connectors.ConnectorException.TppPingException)

Example 40 with VCertException

use of com.venafi.vcert.sdk.VCertException in project vcert-java by Venafi.

the class CloudConnectorUtils method getPEMCollectionFromKeyStoreAsStream.

public static PEMCollection getPEMCollectionFromKeyStoreAsStream(InputStream keyStoreAsInputStream, String certId, ChainOption chainOption, String keyPassword, DataFormat dataFormat) throws VCertException {
    String certificateAsPem = null;
    String pemFileSuffix = null;
    if (chainOption == ChainOption.ChainOptionRootFirst)
        pemFileSuffix = "_root-first.pem";
    else
        pemFileSuffix = "_root-last.pem";
    PrivateKey privateKey = null;
    try (ZipInputStream zis = new ZipInputStream(keyStoreAsInputStream)) {
        // The next constants are in order to be on safe about of the zip bomb attacks
        // The expected number of files in the zip returned by the call to
        final int MAX_ENTRIES = 10;
        // the API "POST /outagedetection/v1/certificates/{id}/keystore"
        // 1 MB
        final int MAX_UNZIPED_FILES_SIZE = 1000000;
        int entriesCount = 0;
        int unzipedAcumulatedSize = 0;
        ZipEntry zipEntry;
        while ((zipEntry = zis.getNextEntry()) != null) {
            entriesCount++;
            // If the number of entries is major that the expected max number of entries
            if (entriesCount > MAX_ENTRIES)
                throw new KeyStoreZipEntriesExceeded(certId, MAX_ENTRIES);
            String zipEntryContent = readZipEntry(zipEntry, zis, certId);
            String fileName = zipEntry.getName();
            if (fileName.endsWith(".key")) {
                // Getting the PrivateKey in PKCS8 and decrypting it
                PEMParser pemParser = new PEMParser(new StringReader(zipEntryContent));
                privateKey = PEMCollection.decryptPKCS8PrivateKey(pemParser, keyPassword);
            } else {
                if (fileName.endsWith(pemFileSuffix)) {
                    certificateAsPem = zipEntryContent;
                }
            }
            unzipedAcumulatedSize += zipEntryContent.getBytes().length;
            // maximum number of bytes.
            if (unzipedAcumulatedSize > MAX_UNZIPED_FILES_SIZE)
                throw new KeyStoreUnzipedFilesBytesSizeExceeded(certId, MAX_UNZIPED_FILES_SIZE);
        }
    } catch (Exception e) {
        throw new VCertException(e);
    }
    return PEMCollection.fromStringPEMCollection(certificateAsPem, chainOption, privateKey, keyPassword, dataFormat);
}
Also used : ZipInputStream(java.util.zip.ZipInputStream) PrivateKey(java.security.PrivateKey) PEMParser(org.bouncycastle.openssl.PEMParser) KeyStoreUnzipedFilesBytesSizeExceeded(com.venafi.vcert.sdk.connectors.ConnectorException.KeyStoreUnzipedFilesBytesSizeExceeded) KeyStoreZipEntriesExceeded(com.venafi.vcert.sdk.connectors.ConnectorException.KeyStoreZipEntriesExceeded) VCertException(com.venafi.vcert.sdk.VCertException) ZipEntry(java.util.zip.ZipEntry) StringReader(java.io.StringReader) com.venafi.vcert.sdk.connectors.cloud.endpoint(com.venafi.vcert.sdk.connectors.cloud.endpoint) PolicyMatchException(com.venafi.vcert.sdk.connectors.ConnectorException.PolicyMatchException) FeignException(feign.FeignException) IOException(java.io.IOException) VCertException(com.venafi.vcert.sdk.VCertException)

Aggregations

VCertException (com.venafi.vcert.sdk.VCertException)68 PolicySpecification (com.venafi.vcert.sdk.policy.domain.PolicySpecification)49 DisplayName (org.junit.jupiter.api.DisplayName)48 Test (org.junit.jupiter.api.Test)48 IOException (java.io.IOException)34 CertificateNotFoundByThumbprintException (com.venafi.vcert.sdk.connectors.ConnectorException.CertificateNotFoundByThumbprintException)26 CertificateDNOrThumbprintWasNotProvidedException (com.venafi.vcert.sdk.connectors.ConnectorException.CertificateDNOrThumbprintWasNotProvidedException)25 MoreThanOneCertificateWithSameThumbprintException (com.venafi.vcert.sdk.connectors.ConnectorException.MoreThanOneCertificateWithSameThumbprintException)25 FeignException (feign.FeignException)25 FailedToRevokeTokenException (com.venafi.vcert.sdk.connectors.ConnectorException.FailedToRevokeTokenException)23 Authentication (com.venafi.vcert.sdk.endpoint.Authentication)23 StringReader (java.io.StringReader)7 CertificateRequest (com.venafi.vcert.sdk.certificate.CertificateRequest)5 PEMCollection (com.venafi.vcert.sdk.certificate.PEMCollection)5 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)5 CsrOriginOption (com.venafi.vcert.sdk.certificate.CsrOriginOption)4 DataFormat (com.venafi.vcert.sdk.certificate.DataFormat)4 ImportResponse (com.venafi.vcert.sdk.certificate.ImportResponse)4 RenewalRequest (com.venafi.vcert.sdk.certificate.RenewalRequest)4 RevocationRequest (com.venafi.vcert.sdk.certificate.RevocationRequest)4