Search in sources :

Example 1 with SubjectAlternativeNamesByType

use of com.venafi.vcert.sdk.connectors.cloud.CloudConnector.SubjectAlternativeNamesByType in project vcert-java by Venafi.

the class CloudConnectorUtils method buildCsrAttributes.

public static CsrAttributes buildCsrAttributes(CertificateRequest request, PolicySpecification policySpecification) throws VCertException {
    CsrAttributes csrAttributes = new CsrAttributes();
    // computing the commonName
    String reqCN = request.subject() != null && isNotBlank(request.subject().commonName()) ? request.subject().commonName() : null;
    if (reqCN != null) {
        // validating that the request.subject.cn matches with the policy domains
        String[] policyDomains = Optional.ofNullable(policySpecification).map(ps -> ps.policy()).map(p -> p.domains()).orElse(null);
        if (policyDomains != null && !matchRegexes(reqCN, policyDomains))
            throw new PolicyMatchException("CN", reqCN, "domains", policyDomains);
        csrAttributes.commonName(reqCN);
    }
    // computing the organization
    List<String> reqOrganizations = Optional.ofNullable(request).map(req -> req.subject()).map(s -> s.organization()).orElse(null);
    if (reqOrganizations != null && reqOrganizations.size() > 0) {
        String[] reqOrgsArray = reqOrganizations.toArray(new String[0]);
        // validating that the req.subject.organization matches with the policy orgs
        String[] policyOrgs = Optional.ofNullable(policySpecification).map(ps -> ps.policy()).map(p -> p.subject()).map(s -> s.orgs()).orElse(null);
        if (policyOrgs != null && !matchRegexes(reqOrgsArray, policyOrgs))
            throw new PolicyMatchException("organization", reqOrgsArray, "organization", policyOrgs);
        csrAttributes.organization(reqOrgsArray[0]);
    } else {
        String defaultOrg = Optional.ofNullable(policySpecification).map(ps -> ps.defaults()).map(d -> d.subject()).map(s -> s.org()).orElse(null);
        if (isNotBlank(defaultOrg))
            csrAttributes.organization(defaultOrg);
    }
    // computing the organizational Units
    List<String> reqOrgUnits = Optional.ofNullable(request).map(req -> req.subject()).map(s -> s.organizationalUnit()).orElse(null);
    if (reqOrgUnits != null && reqOrgUnits.size() > 0) {
        String[] reqOrgUnitsArray = reqOrgUnits.toArray(new String[0]);
        // validating that the req.subject.organizationalUnit matches with the policy orgUnits
        String[] policyOrgUnits = Optional.ofNullable(policySpecification).map(ps -> ps.policy()).map(p -> p.subject()).map(s -> s.orgUnits()).orElse(null);
        if (policyOrgUnits != null && !matchRegexes(reqOrgUnitsArray, policyOrgUnits))
            throw new PolicyMatchException("org unit", reqOrgUnitsArray, "org unit", policyOrgUnits);
        csrAttributes.organizationalUnits(reqOrgUnitsArray);
    } else {
        String[] defaultOrgUnits = Optional.ofNullable(policySpecification).map(ps -> ps.defaults()).map(d -> d.subject()).map(s -> s.orgUnits()).orElse(null);
        if (defaultOrgUnits != null && defaultOrgUnits.length > 0)
            csrAttributes.organizationalUnits(defaultOrgUnits);
    }
    // computing the localities
    List<String> reqLocalities = Optional.ofNullable(request).map(req -> req.subject()).map(s -> s.locality()).orElse(null);
    if (reqLocalities != null && reqLocalities.size() > 0) {
        String[] reqLocalitiesArray = reqLocalities.toArray(new String[0]);
        // validating that the req.subject.locality matches with the policy localities
        String[] policyLocalities = Optional.ofNullable(policySpecification).map(ps -> ps.policy()).map(p -> p.subject()).map(s -> s.localities()).orElse(null);
        if (policyLocalities != null && !matchRegexes(reqLocalitiesArray, policyLocalities))
            throw new PolicyMatchException("locality", reqLocalitiesArray, "localities", policyLocalities);
        csrAttributes.locality(reqLocalitiesArray[0]);
    } else {
        String defaultLocality = Optional.ofNullable(policySpecification).map(ps -> ps.defaults()).map(d -> d.subject()).map(s -> s.locality()).orElse(null);
        if (isNotBlank(defaultLocality))
            csrAttributes.locality(defaultLocality);
    }
    // computing the province
    List<String> reqProvince = Optional.ofNullable(request).map(req -> req.subject()).map(s -> s.province()).orElse(null);
    if (reqProvince != null && reqProvince.size() > 0) {
        String[] reqProvinceArray = reqProvince.toArray(new String[0]);
        // validating that the req.subject.province matches with the policy states
        String[] policyStates = Optional.ofNullable(policySpecification).map(ps -> ps.policy()).map(p -> p.subject()).map(s -> s.states()).orElse(null);
        if (policyStates != null && !matchRegexes(reqProvinceArray, policyStates))
            throw new PolicyMatchException("state", reqProvinceArray, "states", policyStates);
        csrAttributes.state(reqProvinceArray[0]);
    } else {
        String defaultState = Optional.ofNullable(policySpecification).map(ps -> ps.defaults()).map(d -> d.subject()).map(s -> s.state()).orElse(null);
        if (isNotBlank(defaultState))
            csrAttributes.state(defaultState);
    }
    // computing the country
    List<String> reqCountries = Optional.ofNullable(request).map(req -> req.subject()).map(s -> s.country()).orElse(null);
    if (reqCountries != null && reqCountries.size() > 0) {
        String[] reqCountriesArray = reqCountries.toArray(new String[0]);
        // validating that the req.subject.country matches with the policy countries
        String[] policyCountries = Optional.ofNullable(policySpecification).map(ps -> ps.policy()).map(p -> p.subject()).map(s -> s.countries()).orElse(null);
        if (policyCountries != null && !matchRegexes(reqCountriesArray, policyCountries))
            throw new PolicyMatchException("state", reqCountriesArray, "states", policyCountries);
        csrAttributes.country(reqCountriesArray[0]);
    } else {
        String defaultCountry = Optional.ofNullable(policySpecification).map(ps -> ps.defaults()).map(d -> d.subject()).map(s -> s.country()).orElse(null);
        if (isNotBlank(defaultCountry))
            csrAttributes.country(defaultCountry);
    }
    if (request.dnsNames() != null && request.dnsNames().size() > 0) {
        SubjectAlternativeNamesByType subjectAlternativeNamesByType = new SubjectAlternativeNamesByType().dnsNames(request.dnsNames().toArray(new String[0]));
        csrAttributes.subjectAlternativeNamesByType(subjectAlternativeNamesByType);
    }
    return csrAttributes;
}
Also used : java.util(java.util) ZipInputStream(java.util.zip.ZipInputStream) ProductOption(com.venafi.vcert.sdk.connectors.cloud.endpoint.CAAccount.ProductOption) PEMCollection(com.venafi.vcert.sdk.certificate.PEMCollection) CertificateIssuingTemplate(com.venafi.vcert.sdk.connectors.cloud.domain.CertificateIssuingTemplate) KeyStoreZipCompressionRatioExceeded(com.venafi.vcert.sdk.connectors.ConnectorException.KeyStoreZipCompressionRatioExceeded) SubjectAlternativeNamesByType(com.venafi.vcert.sdk.connectors.cloud.CloudConnector.SubjectAlternativeNamesByType) UserDetails(com.venafi.vcert.sdk.connectors.cloud.domain.UserDetails) PolicyMatchException(com.venafi.vcert.sdk.connectors.ConnectorException.PolicyMatchException) com.venafi.vcert.sdk.connectors.cloud.endpoint(com.venafi.vcert.sdk.connectors.cloud.endpoint) CsrAttributes(com.venafi.vcert.sdk.connectors.cloud.CloudConnector.CsrAttributes) ZipEntry(java.util.zip.ZipEntry) FeignException(feign.FeignException) CloudZone(com.venafi.vcert.sdk.connectors.cloud.domain.CloudZone) PEMParser(org.bouncycastle.openssl.PEMParser) IOException(java.io.IOException) VCertException(com.venafi.vcert.sdk.VCertException) CertificateRequest(com.venafi.vcert.sdk.certificate.CertificateRequest) KeyStoreZipEntriesExceeded(com.venafi.vcert.sdk.connectors.ConnectorException.KeyStoreZipEntriesExceeded) CloudPolicy(com.venafi.vcert.sdk.policy.api.domain.CloudPolicy) DataFormat(com.venafi.vcert.sdk.certificate.DataFormat) PolicySpecification(com.venafi.vcert.sdk.policy.domain.PolicySpecification) StringUtils.isNotBlank(org.apache.commons.lang3.StringUtils.isNotBlank) StringReader(java.io.StringReader) PrivateKey(java.security.PrivateKey) ChainOption(com.venafi.vcert.sdk.certificate.ChainOption) Data(lombok.Data) KeyStoreUnzipedFilesBytesSizeExceeded(com.venafi.vcert.sdk.connectors.ConnectorException.KeyStoreUnzipedFilesBytesSizeExceeded) Pattern(java.util.regex.Pattern) AllArgsConstructor(lombok.AllArgsConstructor) Application(com.venafi.vcert.sdk.connectors.cloud.domain.Application) InputStream(java.io.InputStream) CsrAttributes(com.venafi.vcert.sdk.connectors.cloud.CloudConnector.CsrAttributes) PolicyMatchException(com.venafi.vcert.sdk.connectors.ConnectorException.PolicyMatchException) SubjectAlternativeNamesByType(com.venafi.vcert.sdk.connectors.cloud.CloudConnector.SubjectAlternativeNamesByType)

Aggregations

VCertException (com.venafi.vcert.sdk.VCertException)1 CertificateRequest (com.venafi.vcert.sdk.certificate.CertificateRequest)1 ChainOption (com.venafi.vcert.sdk.certificate.ChainOption)1 DataFormat (com.venafi.vcert.sdk.certificate.DataFormat)1 PEMCollection (com.venafi.vcert.sdk.certificate.PEMCollection)1 KeyStoreUnzipedFilesBytesSizeExceeded (com.venafi.vcert.sdk.connectors.ConnectorException.KeyStoreUnzipedFilesBytesSizeExceeded)1 KeyStoreZipCompressionRatioExceeded (com.venafi.vcert.sdk.connectors.ConnectorException.KeyStoreZipCompressionRatioExceeded)1 KeyStoreZipEntriesExceeded (com.venafi.vcert.sdk.connectors.ConnectorException.KeyStoreZipEntriesExceeded)1 PolicyMatchException (com.venafi.vcert.sdk.connectors.ConnectorException.PolicyMatchException)1 CsrAttributes (com.venafi.vcert.sdk.connectors.cloud.CloudConnector.CsrAttributes)1 SubjectAlternativeNamesByType (com.venafi.vcert.sdk.connectors.cloud.CloudConnector.SubjectAlternativeNamesByType)1 Application (com.venafi.vcert.sdk.connectors.cloud.domain.Application)1 CertificateIssuingTemplate (com.venafi.vcert.sdk.connectors.cloud.domain.CertificateIssuingTemplate)1 CloudZone (com.venafi.vcert.sdk.connectors.cloud.domain.CloudZone)1 UserDetails (com.venafi.vcert.sdk.connectors.cloud.domain.UserDetails)1 com.venafi.vcert.sdk.connectors.cloud.endpoint (com.venafi.vcert.sdk.connectors.cloud.endpoint)1 ProductOption (com.venafi.vcert.sdk.connectors.cloud.endpoint.CAAccount.ProductOption)1 CloudPolicy (com.venafi.vcert.sdk.policy.api.domain.CloudPolicy)1 PolicySpecification (com.venafi.vcert.sdk.policy.domain.PolicySpecification)1 FeignException (feign.FeignException)1