use of com.venafi.vcert.sdk.certificate.CertificateRequest in project vcert-java by Venafi.
the class CloudClient method main.
public static void main(String[] args) throws VCertException, CertificateEncodingException, NoSuchAlgorithmException, KeyManagementException {
String url = System.getenv("CLOUDURL");
String zone = System.getenv("CLOUDZONE");
String appInfo = System.getenv("PRODUCT");
String apiKey = System.getenv("APIKEY");
if (zone == null) {
// or by ID "38992cc0-0177-11ea-a3f0-2b5db8116980";
zone = "My Project\\My Zone";
}
if (appInfo == null)
appInfo = "My Application 1.0.0.0";
if (apiKey == null)
apiKey = "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee";
Config config = Config.builder().connectorType(ConnectorType.CLOUD).baseUrl(url).appInfo(appInfo).build();
Authentication auth = Authentication.builder().apiKey(apiKey).build();
VCertClient client = new VCertClient(config);
client.authenticate(auth);
ZoneConfiguration zoneConfiguration = client.readZoneConfiguration(zone);
// Generate a certificate
CertificateRequest certificateRequest = new CertificateRequest().subject(new CertificateRequest.PKIXName().commonName("vcert-java.venafi.example").organization(Collections.singletonList("Venafi, Inc.")).organizationalUnit(Arrays.asList("Product Management")).country(Collections.singletonList("US")).locality(Collections.singletonList("Salt Lake City")).province(Collections.singletonList("Utah"))).keyType(KeyType.RSA).keyLength(2048);
certificateRequest = client.generateRequest(zoneConfiguration, certificateRequest);
// Submit the certificate request
client.requestCertificate(certificateRequest, zoneConfiguration);
// Retrieve PEM collection from Venafi
PEMCollection pemCollection = client.retrieveCertificate(certificateRequest);
System.out.println(pemCollection.certificate());
}
use of com.venafi.vcert.sdk.certificate.CertificateRequest in project vcert-java by Venafi.
the class ZoneConfiguration method applyCertificateRequestDefaultSettingsIfNeeded.
/**
* UpdateCertificateRequest updates a certificate request based on the zone configuration
* retrieved from the remote endpoint
*/
public void applyCertificateRequestDefaultSettingsIfNeeded(CertificateRequest request) {
CertificateRequest.PKIXName subject = request.subject();
subject.organization(Entity.of(subject.organization(), organization).resolve());
if (Is.blank(subject.organizationalUnit()) && !Is.blank(organizationalUnit)) {
subject.organizationalUnit(organizationalUnit);
}
subject.country(Entity.of(subject.country(), country).resolve());
subject.province(Entity.of(subject.province(), province).resolve());
subject.locality(Entity.of(subject.locality(), locality).resolve());
// apply defaults for settings that weren't specified and then make sure they comply with policy
if (request.keyType() == null) {
request.keyType(keyConfig != null && keyConfig.keyType() != null ? keyConfig.keyType() : KeyType.defaultKeyType());
}
switch(request.keyType()) {
case ECDSA:
if (request.keyCurve() == null) {
request.keyCurve(EllipticCurve.ellipticCurveDefault());
}
if (request.signatureAlgorithm() == SignatureAlgorithm.UnknownSignatureAlgorithm) {
request.signatureAlgorithm(SignatureAlgorithm.ECDSAWithSHA256);
}
break;
default:
if (request.keyLength() < KeyType.defaultRsaLength()) {
request.keyLength(keyConfig != null && !Is.blank(keyConfig.keySizes()) && keyConfig.keySizes().get(0) >= KeyType.defaultRsaLength() ? keyConfig.keySizes().get(0) : KeyType.defaultRsaLength());
}
if (request.signatureAlgorithm() == SignatureAlgorithm.UnknownSignatureAlgorithm) {
request.signatureAlgorithm(SignatureAlgorithm.SHA256WithRSA);
}
break;
}
if (!Is.blank(policy.allowedKeyConfigurations())) {
for (AllowedKeyConfiguration keyConf : policy.allowedKeyConfigurations()) {
if (keyConf.keyType() == request.keyType()) {
switch(request.keyType()) {
case ECDSA:
{
if (!Is.blank(keyConf.keyCurves())) {
if (!keyConf.keyCurves().contains(request.keyCurve())) {
request.keyCurve(keyConf.keyCurves().get(0));
}
}
break;
}
case RSA:
{
if (!Is.blank(keyConf.keySizes())) {
boolean sizeOK = false;
for (Integer size : keyConf.keySizes()) {
if (size.equals(request.keyLength())) {
sizeOK = true;
}
}
if (!sizeOK) {
request.keyLength(keyConf.keySizes().get(0));
}
}
break;
}
}
}
}
}
}
use of com.venafi.vcert.sdk.certificate.CertificateRequest in project vcert-java by Venafi.
the class CloudConnector method renewCertificate.
@Override
public String renewCertificate(RenewalRequest request) throws VCertException {
String certificateRequestId = null;
if (isNotBlank(request.thumbprint())) {
Cloud.CertificateSearchResponse result = this.searchCertificatesByFingerprint(request.thumbprint());
Set<String> requestIds = result.certificates().stream().map(c -> c.certificateRequestId()).collect(Collectors.toSet());
if (requestIds.size() > 1) {
throw new MoreThanOneCertificateRequestIdException(request.thumbprint());
} else if (requestIds.size() == 0) {
throw new CertificateNotFoundByThumbprintException(request.thumbprint());
}
certificateRequestId = requestIds.iterator().next();
} else if (isNotBlank(request.certificateDN())) {
certificateRequestId = request.certificateDN();
} else {
throw new CertificateDNOrThumbprintWasNotProvidedException();
}
final CertificateStatus status = cloud.certificateStatus(certificateRequestId, auth.apiKey());
String certificateId = status.certificateIds().get(0);
CertificateDetails certDetails = cloud.certificateDetails(certificateId, auth.apiKey());
if (!certDetails.certificateRequestId().equals(certificateRequestId)) {
final StringBuilder errorStr = new StringBuilder();
errorStr.append("Certificate under requestId %s ");
errorStr.append(isNotBlank(request.thumbprint()) ? String.format("with thumbprint %s ", request.thumbprint()) : "");
errorStr.append("is not the latest under ManagedCertificateId %s. The latest request is %s. ");
errorStr.append("This error may happen when revoked certificate is requested to be renewed.");
throw new VCertException(String.format(errorStr.toString(), certificateRequestId, certDetails.id(), certDetails.certificateRequestId()));
}
final CertificateRequestsPayload certificateRequest = new CertificateRequestsPayload();
certificateRequest.existingCertificateId(certDetails.id());
certificateRequest.applicationId(status.applicationId());
certificateRequest.certificateIssuingTemplateId(status.certificateIssuingTemplateId());
// add client information
VCertUtils.addApiClientInformation(certificateRequest);
certificateRequest.reuseCSR(!(Objects.nonNull(request.request()) && request.request().csr().length > 0));
if (!certificateRequest.reuseCSR) {
certificateRequest.csr(Strings.fromByteArray(request.request().csr()));
} else {
throw new CSRNotProvidedException();
}
CertificateRequestsResponse response = cloud.certificateRequest(auth.apiKey(), certificateRequest);
return response.certificateRequests().get(0).id();
}
use of com.venafi.vcert.sdk.certificate.CertificateRequest in project vcert-java by Venafi.
the class Examples method main.
public static void main(String... args) throws VCertException, CertificateEncodingException {
final Config config = Config.builder().connectorType(ConnectorType.CLOUD).zone("Default").build();
final VCertClient client = new VCertClient(config);
final Authentication auth = Authentication.builder().apiKey("xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx").build();
client.authenticate(auth);
final ZoneConfiguration zoneConfiguration = client.readZoneConfiguration("My Project\\My Zone");
// Generate a certificate
CertificateRequest certificateRequest = new CertificateRequest().subject(new CertificateRequest.PKIXName().commonName("cert.test").organization(Collections.singletonList("Venafi, Inc.")).organizationalUnit(Arrays.asList("Engineering")).country(Collections.singletonList("US")).locality(Collections.singletonList("SLC")).province(Collections.singletonList("Utah"))).keyType(KeyType.RSA);
certificateRequest = client.generateRequest(zoneConfiguration, certificateRequest);
// Submit the certificate request
String newCertId = client.requestCertificate(certificateRequest, zoneConfiguration);
// Retrieve PEM collection from Venafi
final CertificateRequest pickupRequest = new CertificateRequest().pickupId(newCertId);
PEMCollection pemCollection = client.retrieveCertificate(pickupRequest);
System.out.println(pemCollection.certificate());
// Renew the certificate
X509Certificate cert = (X509Certificate) pemCollection.certificate();
String thumbprint = DigestUtils.sha1Hex(cert.getEncoded()).toUpperCase();
final CertificateRequest certificateRequestToRenew = new CertificateRequest().subject(new CertificateRequest.PKIXName().commonName("cert.test").organization(Collections.singletonList("Venafi, Inc.")).organizationalUnit(Arrays.asList("Engineering")).country(Collections.singletonList("US")).locality(Collections.singletonList("SLC")).province(Collections.singletonList("Utah")));
client.generateRequest(zoneConfiguration, certificateRequestToRenew);
final RenewalRequest renewalRequest = new RenewalRequest().thumbprint(thumbprint).request(certificateRequestToRenew);
final String renewedCertificate = client.renewCertificate(renewalRequest);
// Retrieve PEM collection from Venafi
final CertificateRequest renewPickupRequest = new CertificateRequest().pickupId(renewedCertificate);
PEMCollection pemCollectionRenewed = client.retrieveCertificate(pickupRequest);
System.out.println(pemCollectionRenewed.certificate());
}
use of com.venafi.vcert.sdk.certificate.CertificateRequest in project vcert-java by Venafi.
the class VCertClientTest method generateRequestWithServerError.
@Test
@DisplayName("Generate request with server error")
void generateRequestWithServerError() throws VCertException {
final ZoneConfiguration zoneConfiguration = mock(ZoneConfiguration.class);
final CertificateRequest certificateRequest = mock(CertificateRequest.class);
doThrow(new FeignException.InternalServerError("Error", request, "".getBytes())).when(connector).generateRequest(zoneConfiguration, certificateRequest);
assertThrows(VCertException.class, () -> classUnderTest.generateRequest(zoneConfiguration, certificateRequest));
}
Aggregations