Example 1 with EllipticCurve
use of com.venafi.vcert.sdk.certificate.EllipticCurve in project vcert-java by Venafi.
the class ServerPolicy method toPolicy.
public Policy toPolicy() {
Function<String, String> escapeOne = s -> addStartEnd.apply(Pattern.quote(s));
Function<Collection<String>, Collection<String>> escapeCollection = in -> in.stream().map(escapeOne).collect(Collectors.toList());
Function<LockableValue<String>, Collection<String>> selectValue = in -> {
if (null == in) {
// Go would provide empty structs with
return Collections.singleton(allAllowedRegex);
// default values, so in Java, we have to
// deal with null instead
}
return in.locked() ? Collections.singleton(escapeOne.apply(in.value())) : Collections.singleton(allAllowedRegex);
};
Function<Boolean, Collection<String>> allOrNothing = bool -> bool ? Collections.singleton(allAllowedRegex) : Collections.emptyList();
Policy policy = new Policy().allowedKeyConfigurations(new ArrayList<>());
if (Is.blank(whitelistedDomains)) {
policy.subjectCNRegexes(Collections.singleton(allAllowedRegex));
} else {
ArrayList<String> subjectCNRegexes = new ArrayList<>(whitelistedDomains.size());
for (String whitelistedDomain : whitelistedDomains()) {
if (wildcardsAllowed()) {
subjectCNRegexes.add(addStartEnd.apply(allAllowedRegex + Pattern.quote("." + whitelistedDomain)));
} else {
subjectCNRegexes.add(escapeOne.apply(whitelistedDomain));
}
}
policy.subjectCNRegexes(subjectCNRegexes);
}
if (this.subject.organizationalUnit().locked()) {
policy.subjectOURegexes(escapeCollection.apply(this.subject.organizationalUnit().values()));
} else {
policy.subjectOURegexes(Collections.singleton(allAllowedRegex));
}
policy.subjectORegexes(selectValue.apply(subject.organization()));
policy.subjectLRegexes(selectValue.apply(subject.city()));
policy.subjectSTRegexes(selectValue.apply(subject.state()));
policy.subjectCRegexes(selectValue.apply(subject.country()));
if (subjAltNameDnsAllowed) {
if (Is.blank(whitelistedDomains)) {
policy.dnsSanRegExs(Collections.singleton(allAllowedRegex));
} else {
List<String> regExs = new ArrayList<>(whitelistedDomains.size());
for (String whitelistedDomain : whitelistedDomains) {
if (wildcardsAllowed) {
regExs.add(addStartEnd.apply(allAllowedRegex + Pattern.quote("." + whitelistedDomain)));
} else {
regExs.add(escapeOne.apply(whitelistedDomain));
}
}
policy.dnsSanRegExs(regExs);
}
} else {
policy.dnsSanRegExs(Collections.emptyList());
}
policy.ipSanRegExs(allOrNothing.apply(subjAltNameIpAllowed));
policy.emailSanRegExs(allOrNothing.apply(subjAltNameEmailAllowed));
policy.uriSanRegExs(allOrNothing.apply(subjAltNameUriAllowed));
policy.upnSanRegExs(allOrNothing.apply(subjAltNameUpnAllowed));
if (keyPair.keyAlgorithm().locked()) {
KeyType keyType = KeyType.from(keyPair.keyAlgorithm().value());
AllowedKeyConfiguration key = new AllowedKeyConfiguration().keyType(keyType).keySizes(new ArrayList<Integer>()).keyCurves(new ArrayList<EllipticCurve>());
if (KeyType.RSA.equals(keyType)) {
if (keyPair.keySize().locked()) {
for (Integer keySize : KeyType.allSupportedKeySizes()) {
if (keySize >= keyPair.keySize().value() || keyPair.keySize().value() == null) {
key.keySizes().add(keySize);
}
}
} else {
key.keySizes(KeyType.allSupportedKeySizes());
}
} else {
if (keyPair.ellipticCurve().locked()) {
EllipticCurve curve = EllipticCurve.from(keyPair.ellipticCurve().value());
key.keyCurves().add(curve);
} else {
key.keyCurves(EllipticCurve.allSupportedCures());
}
}
policy.allowedKeyConfigurations().add(key);
} else {
policy.allowedKeyConfigurations().add(new AllowedKeyConfiguration().keyType(KeyType.RSA).keySizes(KeyType.allSupportedKeySizes()));
policy.allowedKeyConfigurations().add(new AllowedKeyConfiguration().keyType(KeyType.ECDSA).keyCurves(EllipticCurve.allSupportedCures()));
}
policy.allowWildcards(wildcardsAllowed);
policy.allowKeyReuse(privateKeyReuseAllowed);
return policy;
}
Also used :
SignatureAlgorithm(com.venafi.vcert.sdk.SignatureAlgorithm)
KeyType(com.venafi.vcert.sdk.certificate.KeyType)
Collection(java.util.Collection)
HashMap(java.util.HashMap)
Function(java.util.function.Function)
Collectors(java.util.stream.Collectors)
ArrayList(java.util.ArrayList)
List(java.util.List)
Data(lombok.Data)
EllipticCurve(com.venafi.vcert.sdk.certificate.EllipticCurve)
Is(com.venafi.vcert.sdk.utils.Is)
Pattern(java.util.regex.Pattern)
VisibleForTesting(com.google.common.annotations.VisibleForTesting)
AllArgsConstructor(lombok.AllArgsConstructor)
AllowedKeyConfiguration(com.venafi.vcert.sdk.endpoint.AllowedKeyConfiguration)
Collections(java.util.Collections)
NoArgsConstructor(lombok.NoArgsConstructor)
KeyType(com.venafi.vcert.sdk.certificate.KeyType)
ArrayList(java.util.ArrayList)
EllipticCurve(com.venafi.vcert.sdk.certificate.EllipticCurve)
Collection(java.util.Collection)
AllowedKeyConfiguration(com.venafi.vcert.sdk.endpoint.AllowedKeyConfiguration)
Aggregations
VisibleForTesting (com.google.common.annotations.VisibleForTesting)1
SignatureAlgorithm (com.venafi.vcert.sdk.SignatureAlgorithm)1
EllipticCurve (com.venafi.vcert.sdk.certificate.EllipticCurve)1
KeyType (com.venafi.vcert.sdk.certificate.KeyType)1
AllowedKeyConfiguration (com.venafi.vcert.sdk.endpoint.AllowedKeyConfiguration)1
Is (com.venafi.vcert.sdk.utils.Is)1
ArrayList (java.util.ArrayList)1
Collection (java.util.Collection)1
Collections (java.util.Collections)1
HashMap (java.util.HashMap)1
List (java.util.List)1
Function (java.util.function.Function)1
Pattern (java.util.regex.Pattern)1
Collectors (java.util.stream.Collectors)1
AllArgsConstructor (lombok.AllArgsConstructor)1
Data (lombok.Data)1
NoArgsConstructor (lombok.NoArgsConstructor)1
