Example 1 with CertificateNotFoundByThumbprintException
use of com.venafi.vcert.sdk.connectors.ConnectorException.CertificateNotFoundByThumbprintException in project vcert-java by Venafi.
the class CloudConnectorCertAT method renewCertificate.
@Test
void renewCertificate() throws VCertException, UnknownHostException, CertificateException {
CloudConnector connector = connectorResource.connector();
ZoneConfiguration zoneConfiguration = connectorResource.zoneConfiguration();
CertificateRequest certificateRequest = connector.generateRequest(zoneConfiguration, connectorResource.certificateRequest());
String certificateId = connector.requestCertificate(certificateRequest, zoneConfiguration);
assertThat(certificateId).isNotNull();
PEMCollection pemCollection = connector.retrieveCertificate(certificateRequest);
X509Certificate cert = (X509Certificate) pemCollection.certificate();
String thumbprint = DigestUtils.sha1Hex(cert.getEncoded()).toUpperCase();
CertificateRequest certificateRequestToRenew = new CertificateRequest().subject(certificateRequest.subject()).dnsNames(certificateRequest.dnsNames());
connector.generateRequest(zoneConfiguration, certificateRequestToRenew);
String renewRequestId = null;
try {
renewRequestId = connector.renewCertificate(new RenewalRequest().request(certificateRequestToRenew).thumbprint(thumbprint));
} catch (CertificateNotFoundByThumbprintException e) {
// wait for 5 sec, it's very probably that the Certificate is not ready at this point
logger.warn("Failed to renewCertificate, because it's very probably that the Certificate is not ready yet. Waiting 5 sec to attempt one more time...");
try {
Thread.sleep(5000);
} catch (InterruptedException e1) {
e1.printStackTrace();
}
renewRequestId = connector.renewCertificate(new RenewalRequest().request(certificateRequestToRenew).thumbprint(thumbprint));
}
assertThat(renewRequestId).isNotNull();
}
Also used :
PEMCollection(com.venafi.vcert.sdk.certificate.PEMCollection)
CertificateNotFoundByThumbprintException(com.venafi.vcert.sdk.connectors.ConnectorException.CertificateNotFoundByThumbprintException)
RenewalRequest(com.venafi.vcert.sdk.certificate.RenewalRequest)
ZoneConfiguration(com.venafi.vcert.sdk.connectors.ZoneConfiguration)
CertificateRequest(com.venafi.vcert.sdk.certificate.CertificateRequest)
X509Certificate(java.security.cert.X509Certificate)
Test(org.junit.jupiter.api.Test)
Example 2 with CertificateNotFoundByThumbprintException
use of com.venafi.vcert.sdk.connectors.ConnectorException.CertificateNotFoundByThumbprintException in project vcert-java by Venafi.
the class TppTokenConnectorTest method renewCertificateWithFingeprintNoSearchResults.
@Test
@DisplayName("Renew Certificate with fingerprint not found")
void renewCertificateWithFingeprintNoSearchResults() throws VCertException {
final RenewalRequest renewalRequest = mock(RenewalRequest.class);
final Tpp.CertificateSearchResponse certificateSearchResponse = mock(Tpp.CertificateSearchResponse.class);
when(renewalRequest.thumbprint()).thenReturn("1111:1111:1111:1111");
when(tpp.searchCertificatesToken(any(), eq(HEADER_AUTHORIZATION))).thenReturn(certificateSearchResponse);
final Throwable throwable = assertThrows(VCertException.class, () -> classUnderTest.renewCertificate(renewalRequest));
assertThat(throwable instanceof CertificateNotFoundByThumbprintException);
}
Also used :
CertificateNotFoundByThumbprintException(com.venafi.vcert.sdk.connectors.ConnectorException.CertificateNotFoundByThumbprintException)
RenewalRequest(com.venafi.vcert.sdk.certificate.RenewalRequest)
Test(org.junit.jupiter.api.Test)
DisplayName(org.junit.jupiter.api.DisplayName)
Example 3 with CertificateNotFoundByThumbprintException
use of com.venafi.vcert.sdk.connectors.ConnectorException.CertificateNotFoundByThumbprintException in project vcert-java by Venafi.
the class TppConnector method retrieveCertificate.
@Override
public PEMCollection retrieveCertificate(CertificateRequest request) throws VCertException {
boolean includeChain = request.chainOption() != ChainOption.ChainOptionIgnore;
boolean rootFirstOrder = includeChain && request.chainOption() == ChainOption.ChainOptionRootFirst;
if (isNotBlank(request.pickupId()) && isNotBlank(request.thumbprint())) {
Tpp.CertificateSearchResponse searchResult = searchCertificatesByFingerprint(request.thumbprint());
if (searchResult.certificates().size() == 0)
throw new CertificateNotFoundByThumbprintException(request.thumbprint());
if (searchResult.certificates().size() > 1)
throw new MoreThanOneCertificateWithSameThumbprintException(request.thumbprint());
request.pickupId(searchResult.certificates().get(0).certificateRequestId());
}
CertificateRetrieveRequest certReq = new CertificateRetrieveRequest().certificateDN(request.pickupId()).format(request.dataFormat() == DataFormat.PKCS8 ? PKCS8_DATA_FORMAT : LEGACY_DATA_FORMAT).rootFirstOrder(rootFirstOrder).includeChain(includeChain);
if (request.csrOrigin() == CsrOriginOption.ServiceGeneratedCSR || request.fetchPrivateKey()) {
certReq.includePrivateKey(true);
certReq.password(request.keyPassword());
}
// TODO move this retry logic to feign client
Instant startTime = Instant.now();
while (true) {
Tpp.CertificateRetrieveResponse retrieveResponse = retrieveCertificateOnce(certReq);
if (isNotBlank(retrieveResponse.certificateData())) {
PEMCollection pemCollection = PEMCollection.fromStringPEMCollection(org.bouncycastle.util.Strings.fromByteArray(Base64.getDecoder().decode(retrieveResponse.certificateData())), request.chainOption(), request.privateKey(), request.keyPassword(), request.dataFormat());
request.checkCertificate(pemCollection.certificate());
return pemCollection;
}
if (ZERO.equals(request.timeout()))
throw new CertificatePendingException(request.pickupId());
if (Instant.now().isAfter(startTime.plus(request.timeout())))
throw new RetrieveCertificateTimeoutException(request.pickupId());
try {
TimeUnit.SECONDS.sleep(2);
} catch (InterruptedException e) {
// Restore interrupted state...
Thread.currentThread().interrupt();
throw new AttemptToRetryException(e);
}
}
}
Also used :
Instant(java.time.Instant)
MoreThanOneCertificateWithSameThumbprintException(com.venafi.vcert.sdk.connectors.ConnectorException.MoreThanOneCertificateWithSameThumbprintException)
CertificatePendingException(com.venafi.vcert.sdk.connectors.ConnectorException.CertificatePendingException)
PEMCollection(com.venafi.vcert.sdk.certificate.PEMCollection)
CertificateNotFoundByThumbprintException(com.venafi.vcert.sdk.connectors.ConnectorException.CertificateNotFoundByThumbprintException)
AttemptToRetryException(com.venafi.vcert.sdk.connectors.ConnectorException.AttemptToRetryException)
CertificateSearchResponse(com.venafi.vcert.sdk.connectors.tpp.Tpp.CertificateSearchResponse)
CertificateRetrieveResponse(com.venafi.vcert.sdk.connectors.tpp.Tpp.CertificateRetrieveResponse)
RetrieveCertificateTimeoutException(com.venafi.vcert.sdk.connectors.ConnectorException.RetrieveCertificateTimeoutException)
Example 4 with CertificateNotFoundByThumbprintException
use of com.venafi.vcert.sdk.connectors.ConnectorException.CertificateNotFoundByThumbprintException in project vcert-java by Venafi.
the class TppConnector method renewCertificate.
@Override
public String renewCertificate(RenewalRequest request) throws VCertException {
String certificateDN;
if (isNotBlank(request.thumbprint()) && isBlank(request.certificateDN())) {
Tpp.CertificateSearchResponse searchResult = searchCertificatesByFingerprint(request.thumbprint());
if (searchResult.certificates().isEmpty())
throw new CertificateNotFoundByThumbprintException(request.thumbprint());
if (searchResult.certificates().size() > 1)
throw new MoreThanOneCertificateWithSameThumbprintException(request.thumbprint());
certificateDN = searchResult.certificates().get(0).certificateRequestId();
} else {
certificateDN = request.certificateDN();
}
if (isNull(certificateDN))
throw new CertificateDNOrThumbprintWasNotProvidedException();
final CertificateRenewalRequest renewalRequest = new CertificateRenewalRequest();
renewalRequest.certificateDN(certificateDN);
if (nonNull(request.request()) && nonNull(request.request().csr()) && request.request().csr().length > 0) {
String pkcs10 = org.bouncycastle.util.Strings.fromByteArray(request.request().csr());
renewalRequest.PKCS10(pkcs10);
}
final Tpp.CertificateRenewalResponse response = tppAPI.renewCertificate(renewalRequest);
if (!response.success())
throw new RenewFailureException(response.error());
return certificateDN;
}
Also used :
CertificateNotFoundByThumbprintException(com.venafi.vcert.sdk.connectors.ConnectorException.CertificateNotFoundByThumbprintException)
CertificateSearchResponse(com.venafi.vcert.sdk.connectors.tpp.Tpp.CertificateSearchResponse)
CertificateDNOrThumbprintWasNotProvidedException(com.venafi.vcert.sdk.connectors.ConnectorException.CertificateDNOrThumbprintWasNotProvidedException)
RenewFailureException(com.venafi.vcert.sdk.connectors.ConnectorException.RenewFailureException)
CertificateRenewalResponse(com.venafi.vcert.sdk.connectors.tpp.Tpp.CertificateRenewalResponse)
MoreThanOneCertificateWithSameThumbprintException(com.venafi.vcert.sdk.connectors.ConnectorException.MoreThanOneCertificateWithSameThumbprintException)
Example 5 with CertificateNotFoundByThumbprintException
use of com.venafi.vcert.sdk.connectors.ConnectorException.CertificateNotFoundByThumbprintException in project vcert-java by Venafi.
the class TppConnectorTest method renewCertificateWithFingeprintNoSearchResults.
@Test
@DisplayName("Renew Certificate with fingerprint not found")
void renewCertificateWithFingeprintNoSearchResults() throws VCertException {
final RenewalRequest renewalRequest = mock(RenewalRequest.class);
final Tpp.CertificateSearchResponse certificateSearchResponse = mock(Tpp.CertificateSearchResponse.class);
when(renewalRequest.thumbprint()).thenReturn("1111:1111:1111:1111");
when(tpp.searchCertificates(any(), eq(API_KEY))).thenReturn(certificateSearchResponse);
final Throwable throwable = assertThrows(VCertException.class, () -> classUnderTest.renewCertificate(renewalRequest));
assertThat(throwable instanceof CertificateNotFoundByThumbprintException);
}
Also used :
CertificateNotFoundByThumbprintException(com.venafi.vcert.sdk.connectors.ConnectorException.CertificateNotFoundByThumbprintException)
RenewalRequest(com.venafi.vcert.sdk.certificate.RenewalRequest)
Test(org.junit.jupiter.api.Test)
DisplayName(org.junit.jupiter.api.DisplayName)
Aggregations
CertificateNotFoundByThumbprintException (com.venafi.vcert.sdk.connectors.ConnectorException.CertificateNotFoundByThumbprintException)5
RenewalRequest (com.venafi.vcert.sdk.certificate.RenewalRequest)3
Test (org.junit.jupiter.api.Test)3
PEMCollection (com.venafi.vcert.sdk.certificate.PEMCollection)2
MoreThanOneCertificateWithSameThumbprintException (com.venafi.vcert.sdk.connectors.ConnectorException.MoreThanOneCertificateWithSameThumbprintException)2
CertificateSearchResponse (com.venafi.vcert.sdk.connectors.tpp.Tpp.CertificateSearchResponse)2
DisplayName (org.junit.jupiter.api.DisplayName)2
CertificateRequest (com.venafi.vcert.sdk.certificate.CertificateRequest)1
AttemptToRetryException (com.venafi.vcert.sdk.connectors.ConnectorException.AttemptToRetryException)1
CertificateDNOrThumbprintWasNotProvidedException (com.venafi.vcert.sdk.connectors.ConnectorException.CertificateDNOrThumbprintWasNotProvidedException)1
CertificatePendingException (com.venafi.vcert.sdk.connectors.ConnectorException.CertificatePendingException)1
RenewFailureException (com.venafi.vcert.sdk.connectors.ConnectorException.RenewFailureException)1
RetrieveCertificateTimeoutException (com.venafi.vcert.sdk.connectors.ConnectorException.RetrieveCertificateTimeoutException)1
ZoneConfiguration (com.venafi.vcert.sdk.connectors.ZoneConfiguration)1
CertificateRenewalResponse (com.venafi.vcert.sdk.connectors.tpp.Tpp.CertificateRenewalResponse)1
CertificateRetrieveResponse (com.venafi.vcert.sdk.connectors.tpp.Tpp.CertificateRetrieveResponse)1
X509Certificate (java.security.cert.X509Certificate)1
Instant (java.time.Instant)1
