Search in sources :

Example 1 with KeyType

use of com.venafi.vcert.sdk.certificate.KeyType in project vcert-java by Venafi.

the class ServerPolicy method toPolicy.

public Policy toPolicy() {
    Function<String, String> escapeOne = s -> addStartEnd.apply(Pattern.quote(s));
    Function<Collection<String>, Collection<String>> escapeCollection = in -> in.stream().map(escapeOne).collect(Collectors.toList());
    Function<LockableValue<String>, Collection<String>> selectValue = in -> {
        if (null == in) {
            // Go would provide empty structs with
            return Collections.singleton(allAllowedRegex);
        // default values, so in Java, we have to
        // deal with null instead
        }
        return in.locked() ? Collections.singleton(escapeOne.apply(in.value())) : Collections.singleton(allAllowedRegex);
    };
    Function<Boolean, Collection<String>> allOrNothing = bool -> bool ? Collections.singleton(allAllowedRegex) : Collections.emptyList();
    Policy policy = new Policy().allowedKeyConfigurations(new ArrayList<>());
    if (Is.blank(whitelistedDomains)) {
        policy.subjectCNRegexes(Collections.singleton(allAllowedRegex));
    } else {
        ArrayList<String> subjectCNRegexes = new ArrayList<>(whitelistedDomains.size());
        for (String whitelistedDomain : whitelistedDomains()) {
            if (wildcardsAllowed()) {
                subjectCNRegexes.add(addStartEnd.apply(allAllowedRegex + Pattern.quote("." + whitelistedDomain)));
            } else {
                subjectCNRegexes.add(escapeOne.apply(whitelistedDomain));
            }
        }
        policy.subjectCNRegexes(subjectCNRegexes);
    }
    if (this.subject.organizationalUnit().locked()) {
        policy.subjectOURegexes(escapeCollection.apply(this.subject.organizationalUnit().values()));
    } else {
        policy.subjectOURegexes(Collections.singleton(allAllowedRegex));
    }
    policy.subjectORegexes(selectValue.apply(subject.organization()));
    policy.subjectLRegexes(selectValue.apply(subject.city()));
    policy.subjectSTRegexes(selectValue.apply(subject.state()));
    policy.subjectCRegexes(selectValue.apply(subject.country()));
    if (subjAltNameDnsAllowed) {
        if (Is.blank(whitelistedDomains)) {
            policy.dnsSanRegExs(Collections.singleton(allAllowedRegex));
        } else {
            List<String> regExs = new ArrayList<>(whitelistedDomains.size());
            for (String whitelistedDomain : whitelistedDomains) {
                if (wildcardsAllowed) {
                    regExs.add(addStartEnd.apply(allAllowedRegex + Pattern.quote("." + whitelistedDomain)));
                } else {
                    regExs.add(escapeOne.apply(whitelistedDomain));
                }
            }
            policy.dnsSanRegExs(regExs);
        }
    } else {
        policy.dnsSanRegExs(Collections.emptyList());
    }
    policy.ipSanRegExs(allOrNothing.apply(subjAltNameIpAllowed));
    policy.emailSanRegExs(allOrNothing.apply(subjAltNameEmailAllowed));
    policy.uriSanRegExs(allOrNothing.apply(subjAltNameUriAllowed));
    policy.upnSanRegExs(allOrNothing.apply(subjAltNameUpnAllowed));
    if (keyPair.keyAlgorithm().locked()) {
        KeyType keyType = KeyType.from(keyPair.keyAlgorithm().value());
        AllowedKeyConfiguration key = new AllowedKeyConfiguration().keyType(keyType).keySizes(new ArrayList<Integer>()).keyCurves(new ArrayList<EllipticCurve>());
        if (KeyType.RSA.equals(keyType)) {
            if (keyPair.keySize().locked()) {
                for (Integer keySize : KeyType.allSupportedKeySizes()) {
                    if (keySize >= keyPair.keySize().value() || keyPair.keySize().value() == null) {
                        key.keySizes().add(keySize);
                    }
                }
            } else {
                key.keySizes(KeyType.allSupportedKeySizes());
            }
        } else {
            if (keyPair.ellipticCurve().locked()) {
                EllipticCurve curve = EllipticCurve.from(keyPair.ellipticCurve().value());
                key.keyCurves().add(curve);
            } else {
                key.keyCurves(EllipticCurve.allSupportedCures());
            }
        }
        policy.allowedKeyConfigurations().add(key);
    } else {
        policy.allowedKeyConfigurations().add(new AllowedKeyConfiguration().keyType(KeyType.RSA).keySizes(KeyType.allSupportedKeySizes()));
        policy.allowedKeyConfigurations().add(new AllowedKeyConfiguration().keyType(KeyType.ECDSA).keyCurves(EllipticCurve.allSupportedCures()));
    }
    policy.allowWildcards(wildcardsAllowed);
    policy.allowKeyReuse(privateKeyReuseAllowed);
    return policy;
}
Also used : SignatureAlgorithm(com.venafi.vcert.sdk.SignatureAlgorithm) KeyType(com.venafi.vcert.sdk.certificate.KeyType) Collection(java.util.Collection) HashMap(java.util.HashMap) Function(java.util.function.Function) Collectors(java.util.stream.Collectors) ArrayList(java.util.ArrayList) List(java.util.List) Data(lombok.Data) EllipticCurve(com.venafi.vcert.sdk.certificate.EllipticCurve) Is(com.venafi.vcert.sdk.utils.Is) Pattern(java.util.regex.Pattern) VisibleForTesting(com.google.common.annotations.VisibleForTesting) AllArgsConstructor(lombok.AllArgsConstructor) AllowedKeyConfiguration(com.venafi.vcert.sdk.endpoint.AllowedKeyConfiguration) Collections(java.util.Collections) NoArgsConstructor(lombok.NoArgsConstructor) KeyType(com.venafi.vcert.sdk.certificate.KeyType) ArrayList(java.util.ArrayList) EllipticCurve(com.venafi.vcert.sdk.certificate.EllipticCurve) Collection(java.util.Collection) AllowedKeyConfiguration(com.venafi.vcert.sdk.endpoint.AllowedKeyConfiguration)

Aggregations

VisibleForTesting (com.google.common.annotations.VisibleForTesting)1 SignatureAlgorithm (com.venafi.vcert.sdk.SignatureAlgorithm)1 EllipticCurve (com.venafi.vcert.sdk.certificate.EllipticCurve)1 KeyType (com.venafi.vcert.sdk.certificate.KeyType)1 AllowedKeyConfiguration (com.venafi.vcert.sdk.endpoint.AllowedKeyConfiguration)1 Is (com.venafi.vcert.sdk.utils.Is)1 ArrayList (java.util.ArrayList)1 Collection (java.util.Collection)1 Collections (java.util.Collections)1 HashMap (java.util.HashMap)1 List (java.util.List)1 Function (java.util.function.Function)1 Pattern (java.util.regex.Pattern)1 Collectors (java.util.stream.Collectors)1 AllArgsConstructor (lombok.AllArgsConstructor)1 Data (lombok.Data)1 NoArgsConstructor (lombok.NoArgsConstructor)1