use of com.venafi.vcert.sdk.VCertTknClient in project vcert-java by Venafi.
the class SshCertificateRequestRetrieveWithKeyPairProvided method main.
/**
* @param args
*/
public static void main(String[] args) {
try {
// replace it by the key id value
String keyId = "<KEY_ID>";
// replace it by the CADN or the CA Name
String template = "<TPP_SSH_CA>";
// replace it by the TPP User
String user = "<TPPUSER>";
// replace it by the TPP Password
String password = "<TPPPASSWORD>";
// replace it by the TPP URL
String baseUri = "<TPP_URL>";
// 1. Get a VCertClient for TPP setting the scope to "ssh:manage"
Authentication auth = Authentication.builder().user(user).password(password).scope("ssh:manage").build();
Config config = Config.builder().connectorType(ConnectorType.TPP_TOKEN).baseUrl(baseUri).build();
VCertTknClient client = new VCertTknClient(config);
client.getAccessToken(auth);
// To work with the SSH KeyPair, we are going to use some utilities from
// maverick-synergy project. For more information, please visit https://github.com/sshtools/maverick-synergy
// 2. Get an SSH Key Pair with a key size of 3072 bits
SshKeyPair pair = SshKeyPairGenerator.generateKeyPair(SshKeyPairGenerator.SSH2_RSA, 3072);
// 3. Extract the Public Key and adding the KeyId as comment, at the end of the Public Key
// because TPP returns the Public Key on that way
String publicKeyData = SshKeyUtils.getFormattedKey(pair.getPublicKey(), keyId);
// 4. Get an instance of com.venafi.vcert.sdk.certificate.SshCertificateRequest class.
SshCertificateRequest req = new SshCertificateRequest().keyId(keyId).validityPeriod(// if you omit it, then the validity period of the CIT will be used
"4h").publicKeyData(publicKeyData).template(template);
// .sourceAddresses(new String[]{"test.com"});
// 5. Use the VCertClient method requestSshCertificate() to request the creation of a new
// SSH Certificate on TPP. This will return the DN of the created SSH Certificate which
// will be used to retrieve the created SSH Certificate.
String pickUpID = client.requestSshCertificate(req);
// 4. Set the pickUp ID to the SshCertificateRequest created. You can create a new one
// but in order to avoid the boilerplate, it's preferable to use the already one created.
req.pickupID(pickUpID);
// 5. Use the VCertClient method retrieveSshCertificate() to retrieve the created
// SSH Certificate on TPP. It will return an instance of SshCertRetrieveDetails which
// will contain the Ssh Certificate Data, the Public Key, etc.
SshCertRetrieveDetails sshCertRetrieveDetails = client.retrieveSshCertificate(req);
client.revokeAccessToken();
} catch (Exception e) {
e.printStackTrace();
}
}
use of com.venafi.vcert.sdk.VCertTknClient in project vcert-java by Venafi.
the class PolicyManagementBuilderExample method main.
public static void main(String[] args) {
try {
String ca = "<TPP_CA_NAME>";
String policyName = "<TPP_POLICY_MANAGEMENT_SAMPLE>";
String user = "<TPPUSER>";
String password = "<TPPPASSWORD>";
String baseUri = "<TPP_URL>";
// 1. Get an instance of com.venafi.vcert.sdk.policy.domain.PolicySpecification class.
// That can be done using the builder provided by the PolicySpecification
PolicySpecification policySpecification = PolicySpecification.builder().policy(Policy.builder().domains(new String[] { "venafi.com" }).maxValidDays(120).certificateAuthority(ca).wildcardAllowed(true).subject(Subject.builder().orgs(new String[] { "venafi" }).orgUnits(new String[] { "DevOps", "OpenSource" }).localities(new String[] { "Merida" }).states(new String[] { "Yucatan" }).countries(new String[] { "MX" }).build()).keyPair(KeyPair.builder().keyTypes(new String[] { "RSA" }).rsaKeySizes(new Integer[] { 1024 }).serviceGenerated(true).reuseAllowed(true).build()).subjectAltNames(SubjectAltNames.builder().dnsAllowed(false).emailAllowed(true).build()).build()).build();
// 2. Get a VCertClient. For this time, it is being to use a VCertClient for TPP.
Authentication auth = Authentication.builder().user(user).password(password).clientId("api-all-access").scope("certificate:manage;configuration:manage").build();
Config config = Config.builder().connectorType(ConnectorType.TPP_TOKEN).baseUrl(baseUri).build();
VCertTknClient client = new VCertTknClient(config);
client.getAccessToken(auth);
// 3. Use the VCertClient method setPolicy() to set a Policy.
// If the the policy doesn't exist then it will be created.
// If the the policy exists then it will be updated.
client.setPolicy(policyName, policySpecification);
// 4. You can get the Policy which you created/updated using the getPolicy method
PolicySpecification policyTemp = client.getPolicy(policyName);
// 5. Then use it to write it in Yaml format.
// This time we will use the Jackson parser to get the Yaml string.
// You can learn more about Jackson parser in https://github.com/FasterXML/jackson
// and http://tutorials.jenkov.com/java-json/jackson-objectmapper.html
ObjectMapper mapper = new ObjectMapper(new YAMLFactory());
mapper.setVisibility(PropertyAccessor.FIELD, JsonAutoDetect.Visibility.ANY);
mapper.setSerializationInclusion(JsonInclude.Include.NON_NULL);
String policyAsString = mapper.writeValueAsString(policyTemp);
System.out.println(policyAsString);
client.revokeAccessToken();
} catch (Exception e) {
e.printStackTrace();
}
}
use of com.venafi.vcert.sdk.VCertTknClient in project vcert-java by Venafi.
the class SshCertificateRequestRetrieveWithOutKeyPairProvided method main.
/**
* @param args
*/
public static void main(String[] args) {
try {
// replace it by the key id value
String keyId = "<KEY_ID>";
// replace it by the CADN or the CA Name
String template = "<TPP_SSH_CA>";
// replace it by the TPP User
String user = "<TPPUSER>";
// replace it by the TPP Password
String password = "<TPPPASSWORD>";
// replace it by the TPP URL
String baseUri = "<TPP_URL>";
// 1. Get a VCertClient for TPP setting the scope to "ssh:manage"
Authentication auth = Authentication.builder().user(user).password(password).scope("ssh:manage").build();
Config config = Config.builder().connectorType(ConnectorType.TPP_TOKEN).baseUrl(baseUri).build();
VCertTknClient client = new VCertTknClient(config);
client.getAccessToken(auth);
// 2. Get an instance of com.venafi.vcert.sdk.certificate.SshCertificateRequest class.
SshCertificateRequest req = new SshCertificateRequest().keyId(keyId).validityPeriod(// if you omit it, then the validity period of the CIT will be used
"4h").template(template);
// 3. Use the VCertClient method requestSshCertificate() to request the creation of a new
// SSH Certificate on TPP. This will return the DN of the created SSH Certificate which
// will be used to retrieve the created SSH Certificate.
String pickUpID = client.requestSshCertificate(req);
// 4. Set the pickUp ID to the SshCertificateRequest created. You can create a new one
// but in order to avoid the boilerplate, it's preferable to use the already one created.
req.pickupID(pickUpID);
// 4a. you can set a passphrase for the Private Key of the KeyPair that will be generated by TPP.
req.privateKeyPassphrase("my-passphrase");
// 5. Use the VCertClient method retrieveSshCertificate() to retrieve the created
// SSH Certificate on TPP. It will return an instance of SshCertRetrieveDetails which
// will contain the Ssh Certificate Data, the Public and Private Keys, etc.
SshCertRetrieveDetails sshCertRetrieveDetails = client.retrieveSshCertificate(req);
client.revokeAccessToken();
} catch (Exception e) {
e.printStackTrace();
}
}
use of com.venafi.vcert.sdk.VCertTknClient in project vcert-java by Venafi.
the class TppTokenClient method main.
public static void main(String[] args) throws VCertException, CertificateEncodingException, NoSuchAlgorithmException, KeyManagementException {
String url = System.getenv("TPP_TOKEN_URL");
String zone = System.getenv("TPPZONE");
String appInfo = System.getenv("PRODUCT");
String tpp_user = System.getenv("TPPUSER");
String tpp_passwd = System.getenv("TPPPASSWORD");
if (tpp_user == null)
tpp_user = "local:admin";
if (tpp_passwd == null)
tpp_passwd = "password";
if (url == null)
url = "https://tpp.venafi.example/vedsdk";
if (zone == null)
zone = "Certificates\\vcert\\";
if (appInfo == null)
appInfo = "CompanyName AppName";
// Configuration
Config config = Config.builder().connectorType(ConnectorType.TPP_TOKEN).baseUrl(url).appInfo(appInfo).build();
Authentication auth = Authentication.builder().user(tpp_user).password(tpp_passwd).build();
VCertTknClient client = new VCertTknClient(config);
TokenInfo tknInfo = client.getAccessToken(auth);
ZoneConfiguration zoneConfiguration = client.readZoneConfiguration(zone);
// Generate a certificate
CertificateRequest certificateRequest = new CertificateRequest().subject(new CertificateRequest.PKIXName().commonName("vcert-java.venafi.example").organization(Collections.singletonList("Venafi, Inc.")).organizationalUnit(Arrays.asList("Product Management")).country(Collections.singletonList("US")).locality(Collections.singletonList("Salt Lake City")).province(Collections.singletonList("Utah"))).keyType(KeyType.RSA).keyLength(2048);
certificateRequest = client.generateRequest(zoneConfiguration, certificateRequest);
// Submit the certificate request
client.requestCertificate(certificateRequest, zoneConfiguration);
// Retrieve PEM collection from Venafi
PEMCollection pemCollection = client.retrieveCertificate(certificateRequest);
System.out.println(pemCollection.certificate());
}
use of com.venafi.vcert.sdk.VCertTknClient in project vcert-java by Venafi.
the class SshConfigRetrieving method main.
/**
* @param args
*/
public static void main(String[] args) {
try {
// replace it by the CADN or the CA Name
String template = "<TPP_SSH_CA>";
// replace it by the TPP User
String user = "<TPPUSER>";
// replace it by the TPP Password
String password = "<TPPPASSWORD>";
// replace it by the TPP URL
String baseUri = "<TPP_URL>";
// 1. Get a VCertClient for TPP setting the scope to "ssh:manage"
// 1.a The Authentication is optional, but if that is not provided,
// then the principals of the returned SshConfig object will not be retrieved.
Authentication auth = Authentication.builder().user(user).password(password).scope("ssh:manage").build();
Config config = Config.builder().connectorType(ConnectorType.TPP_TOKEN).baseUrl(baseUri).build();
VCertTknClient client = new VCertTknClient(config);
client.getAccessToken(auth);
// 2. Get an instance of com.venafi.vcert.sdk.certificate.SshCaTemplateRequest class.
SshCaTemplateRequest req = new SshCaTemplateRequest().template(template);
// 3. Use the VCertClient method retrieveSshConfig() to retrieve the Config of the given
// SSH CA on TPP.
// 3.a Remember that Authentication is optional, but if that is not provided,
// then the principals attribute of the returned SshConfig object will not be retrieved.
SshConfig sshConfig = client.retrieveSshConfig(req);
client.revokeAccessToken();
} catch (Exception e) {
e.printStackTrace();
}
}
Aggregations