Search in sources :

Example 1 with CertificateNotFoundByThumbprintException

use of com.venafi.vcert.sdk.connectors.ConnectorException.CertificateNotFoundByThumbprintException in project vcert-java by Venafi.

the class CloudConnectorCertAT method renewCertificate.

@Test
void renewCertificate() throws VCertException, UnknownHostException, CertificateException {
    CloudConnector connector = connectorResource.connector();
    ZoneConfiguration zoneConfiguration = connectorResource.zoneConfiguration();
    CertificateRequest certificateRequest = connector.generateRequest(zoneConfiguration, connectorResource.certificateRequest());
    String certificateId = connector.requestCertificate(certificateRequest, zoneConfiguration);
    assertThat(certificateId).isNotNull();
    PEMCollection pemCollection = connector.retrieveCertificate(certificateRequest);
    X509Certificate cert = (X509Certificate) pemCollection.certificate();
    String thumbprint = DigestUtils.sha1Hex(cert.getEncoded()).toUpperCase();
    CertificateRequest certificateRequestToRenew = new CertificateRequest().subject(certificateRequest.subject()).dnsNames(certificateRequest.dnsNames());
    connector.generateRequest(zoneConfiguration, certificateRequestToRenew);
    String renewRequestId = null;
    try {
        renewRequestId = connector.renewCertificate(new RenewalRequest().request(certificateRequestToRenew).thumbprint(thumbprint));
    } catch (CertificateNotFoundByThumbprintException e) {
        // wait for 5 sec, it's very probably that the Certificate is not ready at this point
        logger.warn("Failed to renewCertificate, because it's very probably that the Certificate is not ready yet. Waiting 5 sec to attempt one more time...");
        try {
            Thread.sleep(5000);
        } catch (InterruptedException e1) {
            e1.printStackTrace();
        }
        renewRequestId = connector.renewCertificate(new RenewalRequest().request(certificateRequestToRenew).thumbprint(thumbprint));
    }
    assertThat(renewRequestId).isNotNull();
}
Also used : PEMCollection(com.venafi.vcert.sdk.certificate.PEMCollection) CertificateNotFoundByThumbprintException(com.venafi.vcert.sdk.connectors.ConnectorException.CertificateNotFoundByThumbprintException) RenewalRequest(com.venafi.vcert.sdk.certificate.RenewalRequest) ZoneConfiguration(com.venafi.vcert.sdk.connectors.ZoneConfiguration) CertificateRequest(com.venafi.vcert.sdk.certificate.CertificateRequest) X509Certificate(java.security.cert.X509Certificate) Test(org.junit.jupiter.api.Test)

Example 2 with CertificateNotFoundByThumbprintException

use of com.venafi.vcert.sdk.connectors.ConnectorException.CertificateNotFoundByThumbprintException in project vcert-java by Venafi.

the class TppTokenConnectorTest method renewCertificateWithFingeprintNoSearchResults.

@Test
@DisplayName("Renew Certificate with fingerprint not found")
void renewCertificateWithFingeprintNoSearchResults() throws VCertException {
    final RenewalRequest renewalRequest = mock(RenewalRequest.class);
    final Tpp.CertificateSearchResponse certificateSearchResponse = mock(Tpp.CertificateSearchResponse.class);
    when(renewalRequest.thumbprint()).thenReturn("1111:1111:1111:1111");
    when(tpp.searchCertificatesToken(any(), eq(HEADER_AUTHORIZATION))).thenReturn(certificateSearchResponse);
    final Throwable throwable = assertThrows(VCertException.class, () -> classUnderTest.renewCertificate(renewalRequest));
    assertThat(throwable instanceof CertificateNotFoundByThumbprintException);
}
Also used : CertificateNotFoundByThumbprintException(com.venafi.vcert.sdk.connectors.ConnectorException.CertificateNotFoundByThumbprintException) RenewalRequest(com.venafi.vcert.sdk.certificate.RenewalRequest) Test(org.junit.jupiter.api.Test) DisplayName(org.junit.jupiter.api.DisplayName)

Example 3 with CertificateNotFoundByThumbprintException

use of com.venafi.vcert.sdk.connectors.ConnectorException.CertificateNotFoundByThumbprintException in project vcert-java by Venafi.

the class TppConnector method retrieveCertificate.

@Override
public PEMCollection retrieveCertificate(CertificateRequest request) throws VCertException {
    boolean includeChain = request.chainOption() != ChainOption.ChainOptionIgnore;
    boolean rootFirstOrder = includeChain && request.chainOption() == ChainOption.ChainOptionRootFirst;
    if (isNotBlank(request.pickupId()) && isNotBlank(request.thumbprint())) {
        Tpp.CertificateSearchResponse searchResult = searchCertificatesByFingerprint(request.thumbprint());
        if (searchResult.certificates().size() == 0)
            throw new CertificateNotFoundByThumbprintException(request.thumbprint());
        if (searchResult.certificates().size() > 1)
            throw new MoreThanOneCertificateWithSameThumbprintException(request.thumbprint());
        request.pickupId(searchResult.certificates().get(0).certificateRequestId());
    }
    CertificateRetrieveRequest certReq = new CertificateRetrieveRequest().certificateDN(request.pickupId()).format(request.dataFormat() == DataFormat.PKCS8 ? PKCS8_DATA_FORMAT : LEGACY_DATA_FORMAT).rootFirstOrder(rootFirstOrder).includeChain(includeChain);
    if (request.csrOrigin() == CsrOriginOption.ServiceGeneratedCSR || request.fetchPrivateKey()) {
        certReq.includePrivateKey(true);
        certReq.password(request.keyPassword());
    }
    // TODO move this retry logic to feign client
    Instant startTime = Instant.now();
    while (true) {
        Tpp.CertificateRetrieveResponse retrieveResponse = retrieveCertificateOnce(certReq);
        if (isNotBlank(retrieveResponse.certificateData())) {
            PEMCollection pemCollection = PEMCollection.fromStringPEMCollection(org.bouncycastle.util.Strings.fromByteArray(Base64.getDecoder().decode(retrieveResponse.certificateData())), request.chainOption(), request.privateKey(), request.keyPassword(), request.dataFormat());
            request.checkCertificate(pemCollection.certificate());
            return pemCollection;
        }
        if (ZERO.equals(request.timeout()))
            throw new CertificatePendingException(request.pickupId());
        if (Instant.now().isAfter(startTime.plus(request.timeout())))
            throw new RetrieveCertificateTimeoutException(request.pickupId());
        try {
            TimeUnit.SECONDS.sleep(2);
        } catch (InterruptedException e) {
            // Restore interrupted state...
            Thread.currentThread().interrupt();
            throw new AttemptToRetryException(e);
        }
    }
}
Also used : Instant(java.time.Instant) MoreThanOneCertificateWithSameThumbprintException(com.venafi.vcert.sdk.connectors.ConnectorException.MoreThanOneCertificateWithSameThumbprintException) CertificatePendingException(com.venafi.vcert.sdk.connectors.ConnectorException.CertificatePendingException) PEMCollection(com.venafi.vcert.sdk.certificate.PEMCollection) CertificateNotFoundByThumbprintException(com.venafi.vcert.sdk.connectors.ConnectorException.CertificateNotFoundByThumbprintException) AttemptToRetryException(com.venafi.vcert.sdk.connectors.ConnectorException.AttemptToRetryException) CertificateSearchResponse(com.venafi.vcert.sdk.connectors.tpp.Tpp.CertificateSearchResponse) CertificateRetrieveResponse(com.venafi.vcert.sdk.connectors.tpp.Tpp.CertificateRetrieveResponse) RetrieveCertificateTimeoutException(com.venafi.vcert.sdk.connectors.ConnectorException.RetrieveCertificateTimeoutException)

Example 4 with CertificateNotFoundByThumbprintException

use of com.venafi.vcert.sdk.connectors.ConnectorException.CertificateNotFoundByThumbprintException in project vcert-java by Venafi.

the class TppConnector method renewCertificate.

@Override
public String renewCertificate(RenewalRequest request) throws VCertException {
    String certificateDN;
    if (isNotBlank(request.thumbprint()) && isBlank(request.certificateDN())) {
        Tpp.CertificateSearchResponse searchResult = searchCertificatesByFingerprint(request.thumbprint());
        if (searchResult.certificates().isEmpty())
            throw new CertificateNotFoundByThumbprintException(request.thumbprint());
        if (searchResult.certificates().size() > 1)
            throw new MoreThanOneCertificateWithSameThumbprintException(request.thumbprint());
        certificateDN = searchResult.certificates().get(0).certificateRequestId();
    } else {
        certificateDN = request.certificateDN();
    }
    if (isNull(certificateDN))
        throw new CertificateDNOrThumbprintWasNotProvidedException();
    final CertificateRenewalRequest renewalRequest = new CertificateRenewalRequest();
    renewalRequest.certificateDN(certificateDN);
    if (nonNull(request.request()) && nonNull(request.request().csr()) && request.request().csr().length > 0) {
        String pkcs10 = org.bouncycastle.util.Strings.fromByteArray(request.request().csr());
        renewalRequest.PKCS10(pkcs10);
    }
    final Tpp.CertificateRenewalResponse response = tppAPI.renewCertificate(renewalRequest);
    if (!response.success())
        throw new RenewFailureException(response.error());
    return certificateDN;
}
Also used : CertificateNotFoundByThumbprintException(com.venafi.vcert.sdk.connectors.ConnectorException.CertificateNotFoundByThumbprintException) CertificateSearchResponse(com.venafi.vcert.sdk.connectors.tpp.Tpp.CertificateSearchResponse) CertificateDNOrThumbprintWasNotProvidedException(com.venafi.vcert.sdk.connectors.ConnectorException.CertificateDNOrThumbprintWasNotProvidedException) RenewFailureException(com.venafi.vcert.sdk.connectors.ConnectorException.RenewFailureException) CertificateRenewalResponse(com.venafi.vcert.sdk.connectors.tpp.Tpp.CertificateRenewalResponse) MoreThanOneCertificateWithSameThumbprintException(com.venafi.vcert.sdk.connectors.ConnectorException.MoreThanOneCertificateWithSameThumbprintException)

Example 5 with CertificateNotFoundByThumbprintException

use of com.venafi.vcert.sdk.connectors.ConnectorException.CertificateNotFoundByThumbprintException in project vcert-java by Venafi.

the class TppConnectorTest method renewCertificateWithFingeprintNoSearchResults.

@Test
@DisplayName("Renew Certificate with fingerprint not found")
void renewCertificateWithFingeprintNoSearchResults() throws VCertException {
    final RenewalRequest renewalRequest = mock(RenewalRequest.class);
    final Tpp.CertificateSearchResponse certificateSearchResponse = mock(Tpp.CertificateSearchResponse.class);
    when(renewalRequest.thumbprint()).thenReturn("1111:1111:1111:1111");
    when(tpp.searchCertificates(any(), eq(API_KEY))).thenReturn(certificateSearchResponse);
    final Throwable throwable = assertThrows(VCertException.class, () -> classUnderTest.renewCertificate(renewalRequest));
    assertThat(throwable instanceof CertificateNotFoundByThumbprintException);
}
Also used : CertificateNotFoundByThumbprintException(com.venafi.vcert.sdk.connectors.ConnectorException.CertificateNotFoundByThumbprintException) RenewalRequest(com.venafi.vcert.sdk.certificate.RenewalRequest) Test(org.junit.jupiter.api.Test) DisplayName(org.junit.jupiter.api.DisplayName)

Aggregations

CertificateNotFoundByThumbprintException (com.venafi.vcert.sdk.connectors.ConnectorException.CertificateNotFoundByThumbprintException)5 RenewalRequest (com.venafi.vcert.sdk.certificate.RenewalRequest)3 Test (org.junit.jupiter.api.Test)3 PEMCollection (com.venafi.vcert.sdk.certificate.PEMCollection)2 MoreThanOneCertificateWithSameThumbprintException (com.venafi.vcert.sdk.connectors.ConnectorException.MoreThanOneCertificateWithSameThumbprintException)2 CertificateSearchResponse (com.venafi.vcert.sdk.connectors.tpp.Tpp.CertificateSearchResponse)2 DisplayName (org.junit.jupiter.api.DisplayName)2 CertificateRequest (com.venafi.vcert.sdk.certificate.CertificateRequest)1 AttemptToRetryException (com.venafi.vcert.sdk.connectors.ConnectorException.AttemptToRetryException)1 CertificateDNOrThumbprintWasNotProvidedException (com.venafi.vcert.sdk.connectors.ConnectorException.CertificateDNOrThumbprintWasNotProvidedException)1 CertificatePendingException (com.venafi.vcert.sdk.connectors.ConnectorException.CertificatePendingException)1 RenewFailureException (com.venafi.vcert.sdk.connectors.ConnectorException.RenewFailureException)1 RetrieveCertificateTimeoutException (com.venafi.vcert.sdk.connectors.ConnectorException.RetrieveCertificateTimeoutException)1 ZoneConfiguration (com.venafi.vcert.sdk.connectors.ZoneConfiguration)1 CertificateRenewalResponse (com.venafi.vcert.sdk.connectors.tpp.Tpp.CertificateRenewalResponse)1 CertificateRetrieveResponse (com.venafi.vcert.sdk.connectors.tpp.Tpp.CertificateRetrieveResponse)1 X509Certificate (java.security.cert.X509Certificate)1 Instant (java.time.Instant)1