Search in sources :

Example 31 with CertificateRequest

use of com.venafi.vcert.sdk.certificate.CertificateRequest in project vcert-java by Venafi.

the class TppConnectorCertAT method createCertificateValidateValidityHours.

@Test
@DisplayName("Create a cerfiticate and validate specified validity hours - TPP")
void createCertificateValidateValidityHours() throws UnknownHostException, VCertException {
    TppConnector connector = connectorResource.connector();
    ZoneConfiguration zoneConfiguration = connectorResource.zoneConfiguration();
    CertificateRequest cr = connectorResource.certificateRequest().validityHours(TestUtils.VALID_HOURS).issuerHint("MICROSOFT");
    cr = connector.generateRequest(zoneConfiguration, cr);
    // Submit the certificate request
    connector.requestCertificate(cr, zoneConfiguration);
    // Retrieve PEM collection from Venafi
    PEMCollection pemCollection = connector.retrieveCertificate(cr);
    Date notAfter = pemCollection.certificate().getNotAfter();
    LocalDate notAfterDate = notAfter.toInstant().atOffset(ZoneOffset.UTC).toLocalDate();
    Instant now = Instant.now();
    LocalDateTime utcDateTime = LocalDateTime.ofInstant(now, ZoneOffset.UTC);
    int validityDays = VCertUtils.getValidityDays(TestUtils.VALID_HOURS);
    utcDateTime = utcDateTime.plusDays(validityDays);
    LocalDate nowDateInUTC = utcDateTime.toLocalDate();
    // Dates should be equals if not then it will fail
    assertTrue(notAfterDate.compareTo(nowDateInUTC) == 0);
}
Also used : LocalDateTime(java.time.LocalDateTime) PEMCollection(com.venafi.vcert.sdk.certificate.PEMCollection) Instant(java.time.Instant) ZoneConfiguration(com.venafi.vcert.sdk.connectors.ZoneConfiguration) CertificateRequest(com.venafi.vcert.sdk.certificate.CertificateRequest) LocalDate(java.time.LocalDate) Date(java.util.Date) LocalDate(java.time.LocalDate) Test(org.junit.jupiter.api.Test) DisplayName(org.junit.jupiter.api.DisplayName)

Example 32 with CertificateRequest

use of com.venafi.vcert.sdk.certificate.CertificateRequest in project vcert-java by Venafi.

the class TppConnectorCertAT method renewCertificate.

@Test
void renewCertificate() throws VCertException, UnknownHostException, SocketException, CertificateException, NoSuchAlgorithmException {
    TppConnector connector = connectorResource.connector();
    ZoneConfiguration zoneConfiguration = connectorResource.zoneConfiguration();
    CertificateRequest certificateRequest = connector.generateRequest(zoneConfiguration, connectorResource.certificateRequest());
    certificateRequest = connector.generateRequest(zoneConfiguration, certificateRequest);
    String certificateId = connector.requestCertificate(certificateRequest, zoneConfiguration);
    assertThat(certificateId).isNotNull();
    PEMCollection pemCollection = connector.retrieveCertificate(certificateRequest);
    X509Certificate cert = (X509Certificate) pemCollection.certificate();
    String thumbprint = DigestUtils.sha1Hex(cert.getEncoded()).toUpperCase();
    CertificateRequest certificateRequestToRenew = new CertificateRequest().subject(certificateRequest.subject()).dnsNames(certificateRequest.dnsNames()).ipAddresses(certificateRequest.ipAddresses()).keyType(certificateRequest.keyType()).keyLength(certificateRequest.keyLength());
    connector.generateRequest(zoneConfiguration, certificateRequestToRenew);
    String renewRequestId = connector.renewCertificate(new RenewalRequest().request(certificateRequestToRenew).thumbprint(thumbprint));
    assertThat(renewRequestId).isNotNull();
}
Also used : PEMCollection(com.venafi.vcert.sdk.certificate.PEMCollection) RenewalRequest(com.venafi.vcert.sdk.certificate.RenewalRequest) ZoneConfiguration(com.venafi.vcert.sdk.connectors.ZoneConfiguration) CertificateRequest(com.venafi.vcert.sdk.certificate.CertificateRequest) X509Certificate(java.security.cert.X509Certificate) Test(org.junit.jupiter.api.Test)

Example 33 with CertificateRequest

use of com.venafi.vcert.sdk.certificate.CertificateRequest in project vcert-java by Venafi.

the class TppConnectorTest method requestCertificate.

@Test
@DisplayName("Request a certificate from TPP")
void requestCertificate() throws VCertException {
    Security.addProvider(new BouncyCastleProvider());
    TppConnector.ReadZoneConfigurationRequest expectedRZCRequest = new TppConnector.ReadZoneConfigurationRequest("\\VED\\Policy\\myZone");
    when(tpp.readZoneConfiguration(eq(expectedRZCRequest), eq(API_KEY))).thenReturn(new TppConnector.ReadZoneConfigurationResponse().policy(new ServerPolicy().subject(new ServerPolicy.Subject().organizationalUnit(new LockableValues<String>(false, Collections.singletonList("OU"))).state(new LockableValue<>(false, "state")).city(new LockableValue<>(false, "city")).country(new LockableValue<>(false, "country")).organization(new LockableValue<>(false, "organization"))).keyPair(new ServerPolicy.KeyPair(new LockableValue<>(false, "keyAlgo"), new LockableValue<>(false, 1024), null))));
    when(tpp.requestCertificate(any(TppConnector.CertificateRequestsPayload.class), eq(API_KEY))).thenReturn(new Tpp.CertificateRequestResponse().certificateDN("reqId"));
    String zoneTag = "myZone";
    ZoneConfiguration zoneConfig = classUnderTest.readZoneConfiguration(classUnderTest.getPolicyDN(zoneTag));
    String cn = String.format("t%d-%s.venafi.xample.com", Instant.now().getEpochSecond(), RandomStringUtils.randomAlphabetic(4).toLowerCase());
    CertificateRequest request = new CertificateRequest().subject(new CertificateRequest.PKIXName().commonName(cn).organization(Collections.singletonList("Venafi, Inc.")).organizationalUnit(Collections.singletonList("Automated Tests")).locality(Collections.singletonList("Las Vegas")).province(Collections.singletonList("Nevada")).country(Collections.singletonList("US"))).friendlyName(cn).keyLength(512);
    classUnderTest.generateRequest(zoneConfig, request);
    logger.info("getPolicyDN(ZoneTag) = %s", classUnderTest.getPolicyDN(zoneTag));
    ZoneConfiguration zoneConfiguration = new ZoneConfiguration();
    zoneConfiguration.zoneId(classUnderTest.getPolicyDN(zoneTag));
    String requestId = classUnderTest.requestCertificate(request, zoneConfiguration);
    assertEquals("reqId", requestId);
}
Also used : ServerPolicy(com.venafi.vcert.sdk.connectors.ServerPolicy) ZoneConfiguration(com.venafi.vcert.sdk.connectors.ZoneConfiguration) LockableValue(com.venafi.vcert.sdk.connectors.LockableValue) CertificateRequest(com.venafi.vcert.sdk.certificate.CertificateRequest) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider) Test(org.junit.jupiter.api.Test) DisplayName(org.junit.jupiter.api.DisplayName)

Example 34 with CertificateRequest

use of com.venafi.vcert.sdk.certificate.CertificateRequest in project vcert-java by Venafi.

the class TppTokenConnectorCertAT method renewCertificate.

@Test
void renewCertificate() throws VCertException, UnknownHostException, SocketException, CertificateException, NoSuchAlgorithmException {
    TppTokenConnector connector = connectorResource.connector();
    ZoneConfiguration zoneConfiguration = connectorResource.zoneConfiguration();
    CertificateRequest certificateRequest = connector.generateRequest(zoneConfiguration, connectorResource.certificateRequest());
    String certificateId = connector.requestCertificate(certificateRequest, zoneConfiguration);
    assertThat(certificateId).isNotNull();
    PEMCollection pemCollection = connector.retrieveCertificate(certificateRequest);
    X509Certificate cert = (X509Certificate) pemCollection.certificate();
    String thumbprint = DigestUtils.sha1Hex(cert.getEncoded()).toUpperCase();
    CertificateRequest certificateRequestToRenew = new CertificateRequest().subject(certificateRequest.subject()).dnsNames(certificateRequest.dnsNames()).ipAddresses(certificateRequest.ipAddresses()).keyType(certificateRequest.keyType()).keyLength(certificateRequest.keyLength());
    connector.generateRequest(zoneConfiguration, certificateRequestToRenew);
    String renewRequestId = connector.renewCertificate(new RenewalRequest().request(certificateRequestToRenew).thumbprint(thumbprint));
    assertThat(renewRequestId).isNotNull();
}
Also used : PEMCollection(com.venafi.vcert.sdk.certificate.PEMCollection) RenewalRequest(com.venafi.vcert.sdk.certificate.RenewalRequest) ZoneConfiguration(com.venafi.vcert.sdk.connectors.ZoneConfiguration) CertificateRequest(com.venafi.vcert.sdk.certificate.CertificateRequest) X509Certificate(java.security.cert.X509Certificate) Test(org.junit.jupiter.api.Test)

Example 35 with CertificateRequest

use of com.venafi.vcert.sdk.certificate.CertificateRequest in project vcert-java by Venafi.

the class TppTokenConnectorCertAT method revokeCertificate.

@Test
void revokeCertificate() throws VCertException, SocketException, UnknownHostException {
    TppTokenConnector connector = connectorResource.connector();
    ZoneConfiguration zoneConfiguration = connectorResource.zoneConfiguration();
    CertificateRequest certificateRequest = connector.generateRequest(zoneConfiguration, connectorResource.certificateRequest());
    String certificateId = connector.requestCertificate(certificateRequest, zoneConfiguration);
    assertThat(certificateId).isNotNull();
    // just wait for the certificate issuance
    connector.retrieveCertificate(certificateRequest);
    RevocationRequest revocationRequest = new RevocationRequest();
    revocationRequest.reason("key-compromise");
    revocationRequest.certificateDN(certificateRequest.pickupId());
    connector.revokeCertificate(revocationRequest);
}
Also used : RevocationRequest(com.venafi.vcert.sdk.certificate.RevocationRequest) ZoneConfiguration(com.venafi.vcert.sdk.connectors.ZoneConfiguration) CertificateRequest(com.venafi.vcert.sdk.certificate.CertificateRequest) Test(org.junit.jupiter.api.Test)

Aggregations

CertificateRequest (com.venafi.vcert.sdk.certificate.CertificateRequest)53 Test (org.junit.jupiter.api.Test)44 ZoneConfiguration (com.venafi.vcert.sdk.connectors.ZoneConfiguration)43 DisplayName (org.junit.jupiter.api.DisplayName)24 PEMCollection (com.venafi.vcert.sdk.certificate.PEMCollection)20 RenewalRequest (com.venafi.vcert.sdk.certificate.RenewalRequest)9 Authentication (com.venafi.vcert.sdk.endpoint.Authentication)8 StringReader (java.io.StringReader)8 FeignException (feign.FeignException)7 X509Certificate (java.security.cert.X509Certificate)7 RevocationRequest (com.venafi.vcert.sdk.certificate.RevocationRequest)6 VCertException (com.venafi.vcert.sdk.VCertException)5 IOException (java.io.IOException)5 ArrayList (java.util.ArrayList)5 PEMParser (org.bouncycastle.openssl.PEMParser)5 CsrOriginOption (com.venafi.vcert.sdk.certificate.CsrOriginOption)4 DataFormat (com.venafi.vcert.sdk.certificate.DataFormat)4 Instant (java.time.Instant)4 BouncyCastleProvider (org.bouncycastle.jce.provider.BouncyCastleProvider)4 PKCS10CertificationRequest (org.bouncycastle.pkcs.PKCS10CertificationRequest)4