Search in sources :

Example 16 with CertificateRequest

use of com.venafi.vcert.sdk.certificate.CertificateRequest in project vcert-java by Venafi.

the class VCertClientTest method requestCertificateWithServerError.

@Test
@DisplayName("Request certificate with server error")
void requestCertificateWithServerError() throws VCertException {
    final CertificateRequest certificateRequest = mock(CertificateRequest.class);
    final ZoneConfiguration zoneConfiguration = mock(ZoneConfiguration.class);
    zoneConfiguration.zoneId("test_zone");
    doThrow(new FeignException.InternalServerError("Error", request, "".getBytes())).when(connector).requestCertificate(certificateRequest, zoneConfiguration);
    assertThrows(VCertException.class, () -> classUnderTest.requestCertificate(certificateRequest, zoneConfiguration));
}
Also used : ZoneConfiguration(com.venafi.vcert.sdk.connectors.ZoneConfiguration) FeignException(feign.FeignException) CertificateRequest(com.venafi.vcert.sdk.certificate.CertificateRequest) Test(org.junit.jupiter.api.Test) DisplayName(org.junit.jupiter.api.DisplayName)

Example 17 with CertificateRequest

use of com.venafi.vcert.sdk.certificate.CertificateRequest in project vcert-java by Venafi.

the class ZoneConfigurationTest method invalidKeyPolices.

@Test
@DisplayName("Key Policies should fail if do not match")
void invalidKeyPolices() throws VCertException {
    final ZoneConfiguration zoneConfiguration = getBaseZoneConfiguration();
    final CertificateRequest certificateRequest = getDefaultCertificateRequest();
    certificateRequest.keyType(KeyType.ECDSA);
    final Throwable exception = assertThrows(VCertException.class, () -> zoneConfiguration.validateCertificateRequest(certificateRequest));
    assertThat(exception.getMessage()).contains("Key Type and Size do not match");
}
Also used : ZoneConfiguration(com.venafi.vcert.sdk.connectors.ZoneConfiguration) CertificateRequest(com.venafi.vcert.sdk.certificate.CertificateRequest) Test(org.junit.jupiter.api.Test) DisplayName(org.junit.jupiter.api.DisplayName)

Example 18 with CertificateRequest

use of com.venafi.vcert.sdk.certificate.CertificateRequest in project vcert-java by Venafi.

the class ZoneConfigurationTest method invalidProvince.

@Test
@DisplayName("Invalid match in the state province")
void invalidProvince() throws VCertException {
    final ZoneConfiguration zoneConfiguration = getBaseZoneConfiguration();
    final CertificateRequest certificateRequest = getDefaultCertificateRequest();
    certificateRequest.subject().province(Arrays.asList("Test"));
    final Throwable exception = assertThrows(VCertException.class, () -> zoneConfiguration.validateCertificateRequest(certificateRequest));
    assertThat(exception.getMessage()).contains("does not match any of the allowed State/Province");
}
Also used : ZoneConfiguration(com.venafi.vcert.sdk.connectors.ZoneConfiguration) CertificateRequest(com.venafi.vcert.sdk.certificate.CertificateRequest) Test(org.junit.jupiter.api.Test) DisplayName(org.junit.jupiter.api.DisplayName)

Example 19 with CertificateRequest

use of com.venafi.vcert.sdk.certificate.CertificateRequest in project vcert-java by Venafi.

the class TppTokenConnectorCertAT method retrieveCertificate.

@Test
void retrieveCertificate() throws VCertException, SocketException, UnknownHostException {
    TppTokenConnector connector = connectorResource.connector();
    ZoneConfiguration zoneConfiguration = connectorResource.zoneConfiguration();
    CertificateRequest certificateRequest = connectorResource.certificateRequest();
    certificateRequest = connector.generateRequest(zoneConfiguration, certificateRequest);
    String certificateId = connector.requestCertificate(certificateRequest, zoneConfiguration);
    assertThat(certificateId).isNotNull();
    PEMCollection pemCollection = connector.retrieveCertificate(certificateRequest);
    assertThat(pemCollection.certificate()).isNotNull();
    assertThat(pemCollection.privateKey()).isNotNull();
}
Also used : PEMCollection(com.venafi.vcert.sdk.certificate.PEMCollection) ZoneConfiguration(com.venafi.vcert.sdk.connectors.ZoneConfiguration) CertificateRequest(com.venafi.vcert.sdk.certificate.CertificateRequest) Test(org.junit.jupiter.api.Test)

Example 20 with CertificateRequest

use of com.venafi.vcert.sdk.certificate.CertificateRequest in project vcert-java by Venafi.

the class CloudConnectorUtils method buildCsrAttributes.

public static CsrAttributes buildCsrAttributes(CertificateRequest request, PolicySpecification policySpecification) throws VCertException {
    CsrAttributes csrAttributes = new CsrAttributes();
    // computing the commonName
    String reqCN = request.subject() != null && isNotBlank(request.subject().commonName()) ? request.subject().commonName() : null;
    if (reqCN != null) {
        // validating that the request.subject.cn matches with the policy domains
        String[] policyDomains = Optional.ofNullable(policySpecification).map(ps -> ps.policy()).map(p -> p.domains()).orElse(null);
        if (policyDomains != null && !matchRegexes(reqCN, policyDomains))
            throw new PolicyMatchException("CN", reqCN, "domains", policyDomains);
        csrAttributes.commonName(reqCN);
    }
    // computing the organization
    List<String> reqOrganizations = Optional.ofNullable(request).map(req -> req.subject()).map(s -> s.organization()).orElse(null);
    if (reqOrganizations != null && reqOrganizations.size() > 0) {
        String[] reqOrgsArray = reqOrganizations.toArray(new String[0]);
        // validating that the req.subject.organization matches with the policy orgs
        String[] policyOrgs = Optional.ofNullable(policySpecification).map(ps -> ps.policy()).map(p -> p.subject()).map(s -> s.orgs()).orElse(null);
        if (policyOrgs != null && !matchRegexes(reqOrgsArray, policyOrgs))
            throw new PolicyMatchException("organization", reqOrgsArray, "organization", policyOrgs);
        csrAttributes.organization(reqOrgsArray[0]);
    } else {
        String defaultOrg = Optional.ofNullable(policySpecification).map(ps -> ps.defaults()).map(d -> d.subject()).map(s -> s.org()).orElse(null);
        if (isNotBlank(defaultOrg))
            csrAttributes.organization(defaultOrg);
    }
    // computing the organizational Units
    List<String> reqOrgUnits = Optional.ofNullable(request).map(req -> req.subject()).map(s -> s.organizationalUnit()).orElse(null);
    if (reqOrgUnits != null && reqOrgUnits.size() > 0) {
        String[] reqOrgUnitsArray = reqOrgUnits.toArray(new String[0]);
        // validating that the req.subject.organizationalUnit matches with the policy orgUnits
        String[] policyOrgUnits = Optional.ofNullable(policySpecification).map(ps -> ps.policy()).map(p -> p.subject()).map(s -> s.orgUnits()).orElse(null);
        if (policyOrgUnits != null && !matchRegexes(reqOrgUnitsArray, policyOrgUnits))
            throw new PolicyMatchException("org unit", reqOrgUnitsArray, "org unit", policyOrgUnits);
        csrAttributes.organizationalUnits(reqOrgUnitsArray);
    } else {
        String[] defaultOrgUnits = Optional.ofNullable(policySpecification).map(ps -> ps.defaults()).map(d -> d.subject()).map(s -> s.orgUnits()).orElse(null);
        if (defaultOrgUnits != null && defaultOrgUnits.length > 0)
            csrAttributes.organizationalUnits(defaultOrgUnits);
    }
    // computing the localities
    List<String> reqLocalities = Optional.ofNullable(request).map(req -> req.subject()).map(s -> s.locality()).orElse(null);
    if (reqLocalities != null && reqLocalities.size() > 0) {
        String[] reqLocalitiesArray = reqLocalities.toArray(new String[0]);
        // validating that the req.subject.locality matches with the policy localities
        String[] policyLocalities = Optional.ofNullable(policySpecification).map(ps -> ps.policy()).map(p -> p.subject()).map(s -> s.localities()).orElse(null);
        if (policyLocalities != null && !matchRegexes(reqLocalitiesArray, policyLocalities))
            throw new PolicyMatchException("locality", reqLocalitiesArray, "localities", policyLocalities);
        csrAttributes.locality(reqLocalitiesArray[0]);
    } else {
        String defaultLocality = Optional.ofNullable(policySpecification).map(ps -> ps.defaults()).map(d -> d.subject()).map(s -> s.locality()).orElse(null);
        if (isNotBlank(defaultLocality))
            csrAttributes.locality(defaultLocality);
    }
    // computing the province
    List<String> reqProvince = Optional.ofNullable(request).map(req -> req.subject()).map(s -> s.province()).orElse(null);
    if (reqProvince != null && reqProvince.size() > 0) {
        String[] reqProvinceArray = reqProvince.toArray(new String[0]);
        // validating that the req.subject.province matches with the policy states
        String[] policyStates = Optional.ofNullable(policySpecification).map(ps -> ps.policy()).map(p -> p.subject()).map(s -> s.states()).orElse(null);
        if (policyStates != null && !matchRegexes(reqProvinceArray, policyStates))
            throw new PolicyMatchException("state", reqProvinceArray, "states", policyStates);
        csrAttributes.state(reqProvinceArray[0]);
    } else {
        String defaultState = Optional.ofNullable(policySpecification).map(ps -> ps.defaults()).map(d -> d.subject()).map(s -> s.state()).orElse(null);
        if (isNotBlank(defaultState))
            csrAttributes.state(defaultState);
    }
    // computing the country
    List<String> reqCountries = Optional.ofNullable(request).map(req -> req.subject()).map(s -> s.country()).orElse(null);
    if (reqCountries != null && reqCountries.size() > 0) {
        String[] reqCountriesArray = reqCountries.toArray(new String[0]);
        // validating that the req.subject.country matches with the policy countries
        String[] policyCountries = Optional.ofNullable(policySpecification).map(ps -> ps.policy()).map(p -> p.subject()).map(s -> s.countries()).orElse(null);
        if (policyCountries != null && !matchRegexes(reqCountriesArray, policyCountries))
            throw new PolicyMatchException("state", reqCountriesArray, "states", policyCountries);
        csrAttributes.country(reqCountriesArray[0]);
    } else {
        String defaultCountry = Optional.ofNullable(policySpecification).map(ps -> ps.defaults()).map(d -> d.subject()).map(s -> s.country()).orElse(null);
        if (isNotBlank(defaultCountry))
            csrAttributes.country(defaultCountry);
    }
    if (request.dnsNames() != null && request.dnsNames().size() > 0) {
        SubjectAlternativeNamesByType subjectAlternativeNamesByType = new SubjectAlternativeNamesByType().dnsNames(request.dnsNames().toArray(new String[0]));
        csrAttributes.subjectAlternativeNamesByType(subjectAlternativeNamesByType);
    }
    return csrAttributes;
}
Also used : java.util(java.util) ZipInputStream(java.util.zip.ZipInputStream) ProductOption(com.venafi.vcert.sdk.connectors.cloud.endpoint.CAAccount.ProductOption) PEMCollection(com.venafi.vcert.sdk.certificate.PEMCollection) CertificateIssuingTemplate(com.venafi.vcert.sdk.connectors.cloud.domain.CertificateIssuingTemplate) KeyStoreZipCompressionRatioExceeded(com.venafi.vcert.sdk.connectors.ConnectorException.KeyStoreZipCompressionRatioExceeded) SubjectAlternativeNamesByType(com.venafi.vcert.sdk.connectors.cloud.CloudConnector.SubjectAlternativeNamesByType) UserDetails(com.venafi.vcert.sdk.connectors.cloud.domain.UserDetails) PolicyMatchException(com.venafi.vcert.sdk.connectors.ConnectorException.PolicyMatchException) com.venafi.vcert.sdk.connectors.cloud.endpoint(com.venafi.vcert.sdk.connectors.cloud.endpoint) CsrAttributes(com.venafi.vcert.sdk.connectors.cloud.CloudConnector.CsrAttributes) ZipEntry(java.util.zip.ZipEntry) FeignException(feign.FeignException) CloudZone(com.venafi.vcert.sdk.connectors.cloud.domain.CloudZone) PEMParser(org.bouncycastle.openssl.PEMParser) IOException(java.io.IOException) VCertException(com.venafi.vcert.sdk.VCertException) CertificateRequest(com.venafi.vcert.sdk.certificate.CertificateRequest) KeyStoreZipEntriesExceeded(com.venafi.vcert.sdk.connectors.ConnectorException.KeyStoreZipEntriesExceeded) CloudPolicy(com.venafi.vcert.sdk.policy.api.domain.CloudPolicy) DataFormat(com.venafi.vcert.sdk.certificate.DataFormat) PolicySpecification(com.venafi.vcert.sdk.policy.domain.PolicySpecification) StringUtils.isNotBlank(org.apache.commons.lang3.StringUtils.isNotBlank) StringReader(java.io.StringReader) PrivateKey(java.security.PrivateKey) ChainOption(com.venafi.vcert.sdk.certificate.ChainOption) Data(lombok.Data) KeyStoreUnzipedFilesBytesSizeExceeded(com.venafi.vcert.sdk.connectors.ConnectorException.KeyStoreUnzipedFilesBytesSizeExceeded) Pattern(java.util.regex.Pattern) AllArgsConstructor(lombok.AllArgsConstructor) Application(com.venafi.vcert.sdk.connectors.cloud.domain.Application) InputStream(java.io.InputStream) CsrAttributes(com.venafi.vcert.sdk.connectors.cloud.CloudConnector.CsrAttributes) PolicyMatchException(com.venafi.vcert.sdk.connectors.ConnectorException.PolicyMatchException) SubjectAlternativeNamesByType(com.venafi.vcert.sdk.connectors.cloud.CloudConnector.SubjectAlternativeNamesByType)

Aggregations

CertificateRequest (com.venafi.vcert.sdk.certificate.CertificateRequest)53 Test (org.junit.jupiter.api.Test)44 ZoneConfiguration (com.venafi.vcert.sdk.connectors.ZoneConfiguration)43 DisplayName (org.junit.jupiter.api.DisplayName)24 PEMCollection (com.venafi.vcert.sdk.certificate.PEMCollection)20 RenewalRequest (com.venafi.vcert.sdk.certificate.RenewalRequest)9 Authentication (com.venafi.vcert.sdk.endpoint.Authentication)8 StringReader (java.io.StringReader)8 FeignException (feign.FeignException)7 X509Certificate (java.security.cert.X509Certificate)7 RevocationRequest (com.venafi.vcert.sdk.certificate.RevocationRequest)6 VCertException (com.venafi.vcert.sdk.VCertException)5 IOException (java.io.IOException)5 ArrayList (java.util.ArrayList)5 PEMParser (org.bouncycastle.openssl.PEMParser)5 CsrOriginOption (com.venafi.vcert.sdk.certificate.CsrOriginOption)4 DataFormat (com.venafi.vcert.sdk.certificate.DataFormat)4 Instant (java.time.Instant)4 BouncyCastleProvider (org.bouncycastle.jce.provider.BouncyCastleProvider)4 PKCS10CertificationRequest (org.bouncycastle.pkcs.PKCS10CertificationRequest)4