Examples with VCertTknClient com.venafi.vcert.sdk.VCertTknClient used on opensource projects

Example 1 with VCertTknClient

use of com.venafi.vcert.sdk.VCertTknClient in project vcert-java by Venafi.

the class SshCertificateRequestRetrieveWithKeyPairProvided method main.

/**
 * @param args
 */
public static void main(String[] args) {
    try {
        // replace it by the key id value
        String keyId = "<KEY_ID>";
        // replace it by the CADN or the CA Name
        String template = "<TPP_SSH_CA>";
        // replace it by the TPP User
        String user = "<TPPUSER>";
        // replace it by the TPP Password
        String password = "<TPPPASSWORD>";
        // replace it by the TPP URL
        String baseUri = "<TPP_URL>";
        // 1. Get a VCertClient for TPP setting the scope to "ssh:manage"
        Authentication auth = Authentication.builder().user(user).password(password).scope("ssh:manage").build();
        Config config = Config.builder().connectorType(ConnectorType.TPP_TOKEN).baseUrl(baseUri).build();
        VCertTknClient client = new VCertTknClient(config);
        client.getAccessToken(auth);
        // To work with the SSH KeyPair, we are going to use some utilities from
        // maverick-synergy project. For more information, please visit https://github.com/sshtools/maverick-synergy
        // 2. Get an SSH Key Pair with a key size of 3072 bits
        SshKeyPair pair = SshKeyPairGenerator.generateKeyPair(SshKeyPairGenerator.SSH2_RSA, 3072);
        // 3. Extract the Public Key and adding the KeyId as comment, at the end of the Public Key
        // because TPP returns the Public Key on that way
        String publicKeyData = SshKeyUtils.getFormattedKey(pair.getPublicKey(), keyId);
        // 4. Get an instance of com.venafi.vcert.sdk.certificate.SshCertificateRequest class.
        SshCertificateRequest req = new SshCertificateRequest().keyId(keyId).validityPeriod(// if you omit it, then the validity period of the CIT will be used
        "4h").publicKeyData(publicKeyData).template(template);
        // .sourceAddresses(new String[]{"test.com"});
        // 5. Use the VCertClient method requestSshCertificate() to request the creation of a new
        // SSH Certificate on TPP. This will return the DN of the created SSH Certificate which
        // will be used to retrieve the created SSH Certificate.
        String pickUpID = client.requestSshCertificate(req);
        // 4. Set the pickUp ID to the SshCertificateRequest created. You can create a new one
        // but in order to avoid the boilerplate, it's preferable to use the already one created.
        req.pickupID(pickUpID);
        // 5. Use the VCertClient method retrieveSshCertificate() to retrieve the created
        // SSH Certificate on TPP. It will return an instance of SshCertRetrieveDetails which
        // will contain the Ssh Certificate Data, the Public Key, etc.
        SshCertRetrieveDetails sshCertRetrieveDetails = client.retrieveSshCertificate(req);
        client.revokeAccessToken();
    } catch (Exception e) {
        e.printStackTrace();
    }
}

Example 2 with VCertTknClient

use of com.venafi.vcert.sdk.VCertTknClient in project vcert-java by Venafi.

the class PolicyManagementBuilderExample method main.

public static void main(String[] args) {
    try {
        String ca = "<TPP_CA_NAME>";
        String policyName = "<TPP_POLICY_MANAGEMENT_SAMPLE>";
        String user = "<TPPUSER>";
        String password = "<TPPPASSWORD>";
        String baseUri = "<TPP_URL>";
        // 1. Get an instance of com.venafi.vcert.sdk.policy.domain.PolicySpecification class.
        // That can be done using the builder provided by the PolicySpecification
        PolicySpecification policySpecification = PolicySpecification.builder().policy(Policy.builder().domains(new String[] { "venafi.com" }).maxValidDays(120).certificateAuthority(ca).wildcardAllowed(true).subject(Subject.builder().orgs(new String[] { "venafi" }).orgUnits(new String[] { "DevOps", "OpenSource" }).localities(new String[] { "Merida" }).states(new String[] { "Yucatan" }).countries(new String[] { "MX" }).build()).keyPair(KeyPair.builder().keyTypes(new String[] { "RSA" }).rsaKeySizes(new Integer[] { 1024 }).serviceGenerated(true).reuseAllowed(true).build()).subjectAltNames(SubjectAltNames.builder().dnsAllowed(false).emailAllowed(true).build()).build()).build();
        // 2. Get a VCertClient. For this time, it is being to use a VCertClient for TPP.
        Authentication auth = Authentication.builder().user(user).password(password).clientId("api-all-access").scope("certificate:manage;configuration:manage").build();
        Config config = Config.builder().connectorType(ConnectorType.TPP_TOKEN).baseUrl(baseUri).build();
        VCertTknClient client = new VCertTknClient(config);
        client.getAccessToken(auth);
        // 3. Use the VCertClient method setPolicy() to set a Policy.
        // If the the policy doesn't exist then it will be created.
        // If the the policy exists then it will be updated.
        client.setPolicy(policyName, policySpecification);
        // 4. You can get the Policy which you created/updated using the getPolicy method
        PolicySpecification policyTemp = client.getPolicy(policyName);
        // 5. Then use it to write it in Yaml format.
        // This time we will use the Jackson parser to get the Yaml string.
        // You can learn more about Jackson parser in https://github.com/FasterXML/jackson
        // and http://tutorials.jenkov.com/java-json/jackson-objectmapper.html
        ObjectMapper mapper = new ObjectMapper(new YAMLFactory());
        mapper.setVisibility(PropertyAccessor.FIELD, JsonAutoDetect.Visibility.ANY);
        mapper.setSerializationInclusion(JsonInclude.Include.NON_NULL);
        String policyAsString = mapper.writeValueAsString(policyTemp);
        System.out.println(policyAsString);
        client.revokeAccessToken();
    } catch (Exception e) {
        e.printStackTrace();
    }
}

Example 3 with VCertTknClient

use of com.venafi.vcert.sdk.VCertTknClient in project vcert-java by Venafi.

the class SshCertificateRequestRetrieveWithOutKeyPairProvided method main.

/**
 * @param args
 */
public static void main(String[] args) {
    try {
        // replace it by the key id value
        String keyId = "<KEY_ID>";
        // replace it by the CADN or the CA Name
        String template = "<TPP_SSH_CA>";
        // replace it by the TPP User
        String user = "<TPPUSER>";
        // replace it by the TPP Password
        String password = "<TPPPASSWORD>";
        // replace it by the TPP URL
        String baseUri = "<TPP_URL>";
        // 1. Get a VCertClient for TPP setting the scope to "ssh:manage"
        Authentication auth = Authentication.builder().user(user).password(password).scope("ssh:manage").build();
        Config config = Config.builder().connectorType(ConnectorType.TPP_TOKEN).baseUrl(baseUri).build();
        VCertTknClient client = new VCertTknClient(config);
        client.getAccessToken(auth);
        // 2. Get an instance of com.venafi.vcert.sdk.certificate.SshCertificateRequest class.
        SshCertificateRequest req = new SshCertificateRequest().keyId(keyId).validityPeriod(// if you omit it, then the validity period of the CIT will be used
        "4h").template(template);
        // 3. Use the VCertClient method requestSshCertificate() to request the creation of a new
        // SSH Certificate on TPP. This will return the DN of the created SSH Certificate which
        // will be used to retrieve the created SSH Certificate.
        String pickUpID = client.requestSshCertificate(req);
        // 4. Set the pickUp ID to the SshCertificateRequest created. You can create a new one
        // but in order to avoid the boilerplate, it's preferable to use the already one created.
        req.pickupID(pickUpID);
        // 4a. you can set a passphrase for the Private Key of the KeyPair that will be generated by TPP.
        req.privateKeyPassphrase("my-passphrase");
        // 5. Use the VCertClient method retrieveSshCertificate() to retrieve the created
        // SSH Certificate on TPP. It will return an instance of SshCertRetrieveDetails which
        // will contain the Ssh Certificate Data, the Public and Private Keys, etc.
        SshCertRetrieveDetails sshCertRetrieveDetails = client.retrieveSshCertificate(req);
        client.revokeAccessToken();
    } catch (Exception e) {
        e.printStackTrace();
    }
}

Example 4 with VCertTknClient

use of com.venafi.vcert.sdk.VCertTknClient in project vcert-java by Venafi.

the class TppTokenClient method main.

public static void main(String[] args) throws VCertException, CertificateEncodingException, NoSuchAlgorithmException, KeyManagementException {
    String url = System.getenv("TPP_TOKEN_URL");
    String zone = System.getenv("TPPZONE");
    String appInfo = System.getenv("PRODUCT");
    String tpp_user = System.getenv("TPPUSER");
    String tpp_passwd = System.getenv("TPPPASSWORD");
    if (tpp_user == null)
        tpp_user = "local:admin";
    if (tpp_passwd == null)
        tpp_passwd = "password";
    if (url == null)
        url = "https://tpp.venafi.example/vedsdk";
    if (zone == null)
        zone = "Certificates\\vcert\\";
    if (appInfo == null)
        appInfo = "CompanyName AppName";
    // Configuration
    Config config = Config.builder().connectorType(ConnectorType.TPP_TOKEN).baseUrl(url).appInfo(appInfo).build();
    Authentication auth = Authentication.builder().user(tpp_user).password(tpp_passwd).build();
    VCertTknClient client = new VCertTknClient(config);
    TokenInfo tknInfo = client.getAccessToken(auth);
    ZoneConfiguration zoneConfiguration = client.readZoneConfiguration(zone);
    // Generate a certificate
    CertificateRequest certificateRequest = new CertificateRequest().subject(new CertificateRequest.PKIXName().commonName("vcert-java.venafi.example").organization(Collections.singletonList("Venafi, Inc.")).organizationalUnit(Arrays.asList("Product Management")).country(Collections.singletonList("US")).locality(Collections.singletonList("Salt Lake City")).province(Collections.singletonList("Utah"))).keyType(KeyType.RSA).keyLength(2048);
    certificateRequest = client.generateRequest(zoneConfiguration, certificateRequest);
    // Submit the certificate request
    client.requestCertificate(certificateRequest, zoneConfiguration);
    // Retrieve PEM collection from Venafi
    PEMCollection pemCollection = client.retrieveCertificate(certificateRequest);
    System.out.println(pemCollection.certificate());
}

Example 5 with VCertTknClient

use of com.venafi.vcert.sdk.VCertTknClient in project vcert-java by Venafi.

the class SshConfigRetrieving method main.

/**
 * @param args
 */
public static void main(String[] args) {
    try {
        // replace it by the CADN or the CA Name
        String template = "<TPP_SSH_CA>";
        // replace it by the TPP User
        String user = "<TPPUSER>";
        // replace it by the TPP Password
        String password = "<TPPPASSWORD>";
        // replace it by the TPP URL
        String baseUri = "<TPP_URL>";
        // 1. Get a VCertClient for TPP setting the scope to "ssh:manage"
        // 1.a The Authentication is optional, but if that is not provided,
        // then the principals of the returned SshConfig object will not be retrieved.
        Authentication auth = Authentication.builder().user(user).password(password).scope("ssh:manage").build();
        Config config = Config.builder().connectorType(ConnectorType.TPP_TOKEN).baseUrl(baseUri).build();
        VCertTknClient client = new VCertTknClient(config);
        client.getAccessToken(auth);
        // 2. Get an instance of com.venafi.vcert.sdk.certificate.SshCaTemplateRequest class.
        SshCaTemplateRequest req = new SshCaTemplateRequest().template(template);
        // 3. Use the VCertClient method retrieveSshConfig() to retrieve the Config of the given
        // SSH CA on TPP.
        // 3.a Remember that Authentication is optional, but if that is not provided,
        // then the principals attribute of the returned SshConfig object will not be retrieved.
        SshConfig sshConfig = client.retrieveSshConfig(req);
        client.revokeAccessToken();
    } catch (Exception e) {
        e.printStackTrace();
    }
}