Search in sources :

Example 6 with SshCertificateRequest

use of com.venafi.vcert.sdk.certificate.SshCertificateRequest in project vcert-java by Venafi.

the class SshCertificateRequestRetrieveWithOutKeyPairProvided method main.

/**
 * @param args
 */
public static void main(String[] args) {
    try {
        // replace it by the key id value
        String keyId = "<KEY_ID>";
        // replace it by the CADN or the CA Name
        String template = "<TPP_SSH_CA>";
        // replace it by the TPP User
        String user = "<TPPUSER>";
        // replace it by the TPP Password
        String password = "<TPPPASSWORD>";
        // replace it by the TPP URL
        String baseUri = "<TPP_URL>";
        // 1. Get a VCertClient for TPP setting the scope to "ssh:manage"
        Authentication auth = Authentication.builder().user(user).password(password).scope("ssh:manage").build();
        Config config = Config.builder().connectorType(ConnectorType.TPP_TOKEN).baseUrl(baseUri).build();
        VCertTknClient client = new VCertTknClient(config);
        client.getAccessToken(auth);
        // 2. Get an instance of com.venafi.vcert.sdk.certificate.SshCertificateRequest class.
        SshCertificateRequest req = new SshCertificateRequest().keyId(keyId).validityPeriod(// if you omit it, then the validity period of the CIT will be used
        "4h").template(template);
        // 3. Use the VCertClient method requestSshCertificate() to request the creation of a new
        // SSH Certificate on TPP. This will return the DN of the created SSH Certificate which
        // will be used to retrieve the created SSH Certificate.
        String pickUpID = client.requestSshCertificate(req);
        // 4. Set the pickUp ID to the SshCertificateRequest created. You can create a new one
        // but in order to avoid the boilerplate, it's preferable to use the already one created.
        req.pickupID(pickUpID);
        // 4a. you can set a passphrase for the Private Key of the KeyPair that will be generated by TPP.
        req.privateKeyPassphrase("my-passphrase");
        // 5. Use the VCertClient method retrieveSshCertificate() to retrieve the created
        // SSH Certificate on TPP. It will return an instance of SshCertRetrieveDetails which
        // will contain the Ssh Certificate Data, the Public and Private Keys, etc.
        SshCertRetrieveDetails sshCertRetrieveDetails = client.retrieveSshCertificate(req);
        client.revokeAccessToken();
    } catch (Exception e) {
        e.printStackTrace();
    }
}
Also used : VCertTknClient(com.venafi.vcert.sdk.VCertTknClient) SshCertificateRequest(com.venafi.vcert.sdk.certificate.SshCertificateRequest) Authentication(com.venafi.vcert.sdk.endpoint.Authentication) Config(com.venafi.vcert.sdk.Config) SshCertRetrieveDetails(com.venafi.vcert.sdk.certificate.SshCertRetrieveDetails)

Aggregations

SshCertRetrieveDetails (com.venafi.vcert.sdk.certificate.SshCertRetrieveDetails)6 SshCertificateRequest (com.venafi.vcert.sdk.certificate.SshCertificateRequest)6 SshKeyPair (com.sshtools.common.ssh.components.SshKeyPair)5 DisplayName (org.junit.jupiter.api.DisplayName)4 Test (org.junit.jupiter.api.Test)4 Config (com.venafi.vcert.sdk.Config)2 VCertTknClient (com.venafi.vcert.sdk.VCertTknClient)2 Authentication (com.venafi.vcert.sdk.endpoint.Authentication)2