Search in sources :

Example 16 with PolicySpecification

use of com.venafi.vcert.sdk.policy.domain.PolicySpecification in project vcert-java by Venafi.

the class CloudConnectorTest method testExceptionValidatingPolicyLocalitiesWhenWildcards.

@Test
@DisplayName("Cloud - Testing Exception in Validation of Policy Localities with wildcard value")
public void testExceptionValidatingPolicyLocalitiesWhenWildcards() throws VCertException {
    classUnderTest.authenticate(new Authentication(null, null, "12345678-1234-1234-1234-123456789012"));
    PolicySpecification policySpecification = CloudTestUtils.getPolicySpecification();
    // setting the Localities to a list of values which contains ".*" to validate that the related VCertException is thrown
    policySpecification.policy().subject().localities(new String[] { PolicySpecificationConst.ALLOW_ALL, "Merida" });
    Exception exception = assertThrows(VCertException.class, () -> classUnderTest.setPolicy(CloudTestUtils.getRandomZone(), policySpecification));
    assertEquals(CloudTestUtils.getVCertExceptionMessage(CloudPolicySpecificationValidator.ATTRIBUTE_HAS_MORE_THAN_ONE_VALUE_CONTAINING_ALLOW_ALL_STRING_EXCEPTION_MESSAGE, PolicySpecificationConst.ATT_POLICY_SUBJECT_LOCALITIES), exception.getMessage());
}
Also used : PolicySpecification(com.venafi.vcert.sdk.policy.domain.PolicySpecification) Authentication(com.venafi.vcert.sdk.endpoint.Authentication) VCertException(com.venafi.vcert.sdk.VCertException) IOException(java.io.IOException) Test(org.junit.jupiter.api.Test) DisplayName(org.junit.jupiter.api.DisplayName)

Example 17 with PolicySpecification

use of com.venafi.vcert.sdk.policy.domain.PolicySpecification in project vcert-java by Venafi.

the class TppPolicyToPolicyConverter method convertToPolicy.

public PolicySpecification convertToPolicy(TPPPolicy tppPolicy) throws Exception {
    PolicySpecification policySpecification = new PolicySpecification();
    policySpecification.name(tppPolicy.policyName());
    policySpecification.users(tppPolicy.contact() != null && tppPolicy.contact().length > 0 ? tppPolicy.contact() : null);
    policySpecification.approvers(tppPolicy.approver() != null && tppPolicy.approver().length > 0 ? tppPolicy.approver() : null);
    if (tppPolicy.domainSuffixWhiteList() != null && tppPolicy.domainSuffixWhiteList().length > 0)
        getPolicyFromPolicySpecification(policySpecification).domains(tppPolicy.domainSuffixWhiteList());
    if (tppPolicy.prohibitWildcard() != null)
        getPolicyFromPolicySpecification(policySpecification).wildcardAllowed(!(tppPolicy.prohibitWildcard() == 1));
    if (tppPolicy.certificateAuthority() != null && !tppPolicy.certificateAuthority().equals(""))
        getPolicyFromPolicySpecification(policySpecification).certificateAuthority(tppPolicy.certificateAuthority());
    // resolving management type
    switch(shouldCreateAttribute(tppPolicy, TPPPolicy::managementType)) {
        case NORMAL:
            getPolicyFromPolicySpecification(policySpecification).autoInstalled(ManagementTypes.from(tppPolicy.managementType().values()[0]).psValue);
            break;
    }
    // resolving org/orgs
    switch(shouldCreateAttribute(tppPolicy, TPPPolicy::organization)) {
        case NORMAL:
            getSubjectFromPolicySpecification(policySpecification).orgs(tppPolicy.organization().values());
            break;
        case DEFAULT:
            getDefaultsSubjectFromPolicySpecification(policySpecification).org(tppPolicy.organization().values()[0]);
    }
    // resolving orgUnits
    switch(shouldCreateAttribute(tppPolicy, TPPPolicy::organizationalUnit)) {
        case NORMAL:
            getSubjectFromPolicySpecification(policySpecification).orgUnits(tppPolicy.organizationalUnit().values());
            break;
        case DEFAULT:
            getDefaultsSubjectFromPolicySpecification(policySpecification).orgUnits(tppPolicy.organizationalUnit().values());
    }
    // resolving localities/locality
    switch(shouldCreateAttribute(tppPolicy, TPPPolicy::city)) {
        case NORMAL:
            getSubjectFromPolicySpecification(policySpecification).localities(tppPolicy.city().values());
            break;
        case DEFAULT:
            getDefaultsSubjectFromPolicySpecification(policySpecification).locality(tppPolicy.city().values()[0]);
    }
    // resolving state/states
    switch(shouldCreateAttribute(tppPolicy, TPPPolicy::state)) {
        case NORMAL:
            getSubjectFromPolicySpecification(policySpecification).states(tppPolicy.state().values());
            break;
        case DEFAULT:
            getDefaultsSubjectFromPolicySpecification(policySpecification).state(tppPolicy.state().values()[0]);
    }
    // resolving country/countries
    switch(shouldCreateAttribute(tppPolicy, TPPPolicy::country)) {
        case NORMAL:
            getSubjectFromPolicySpecification(policySpecification).countries(tppPolicy.country().values());
            break;
        case DEFAULT:
            getDefaultsSubjectFromPolicySpecification(policySpecification).country(tppPolicy.country().values()[0]);
    }
    // resolve keyTypes
    switch(shouldCreateAttribute(tppPolicy, TPPPolicy::keyAlgorithm)) {
        case NORMAL:
            getKeyPairFromPolicySpecification(policySpecification).keyTypes(tppPolicy.keyAlgorithm().values());
            break;
        case DEFAULT:
            getDefaultsKeyPairFromPolicySpecification(policySpecification).keyType(tppPolicy.keyAlgorithm().values()[0]);
    }
    // resolve rsaKeySizes
    Integer[] keyBitStrength;
    switch(shouldCreateAttribute(tppPolicy, TPPPolicy::keyBitStrength)) {
        case NORMAL:
            keyBitStrength = Stream.of(tppPolicy.keyBitStrength().values()).mapToInt(Integer::parseInt).boxed().toArray(Integer[]::new);
            getKeyPairFromPolicySpecification(policySpecification).rsaKeySizes(keyBitStrength);
            break;
        case DEFAULT:
            keyBitStrength = Stream.of(tppPolicy.keyBitStrength().values()).mapToInt(Integer::parseInt).boxed().toArray(Integer[]::new);
            getDefaultsKeyPairFromPolicySpecification(policySpecification).rsaKeySize(keyBitStrength[0]);
    }
    // resolve ellipticCurves
    switch(shouldCreateAttribute(tppPolicy, TPPPolicy::ellipticCurve)) {
        case NORMAL:
            getKeyPairFromPolicySpecification(policySpecification).ellipticCurves(tppPolicy.ellipticCurve().values());
            break;
        case DEFAULT:
            getDefaultsKeyPairFromPolicySpecification(policySpecification).ellipticCurve(tppPolicy.ellipticCurve().values()[0]);
    }
    // resolve serviceGenerated
    switch(shouldCreateAttribute(tppPolicy, TPPPolicy::manualCsr)) {
        case NORMAL:
            getKeyPairFromPolicySpecification(policySpecification).serviceGenerated(tppPolicy.manualCsr().values()[0].equals("0"));
            break;
        case DEFAULT:
            getDefaultsKeyPairFromPolicySpecification(policySpecification).serviceGenerated(tppPolicy.manualCsr().values()[0].equals("0"));
    }
    // so if one of these two values is set then apply the value to  ReuseAllowed
    if (shouldCreateAttribute(tppPolicy, TPPPolicy::allowPrivateKeyReuse) == TypePSAToCreate.NORMAL)
        getKeyPairFromPolicySpecification(policySpecification).reuseAllowed(tppPolicy.allowPrivateKeyReuse().values()[0].equals("1"));
    else if (shouldCreateAttribute(tppPolicy, TPPPolicy::wantRenewal) == TypePSAToCreate.NORMAL)
        getKeyPairFromPolicySpecification(policySpecification).reuseAllowed(tppPolicy.wantRenewal().values()[0].equals("1"));
    // resolve subjectAltNames
    resolveSubjectAltNames(tppPolicy, policySpecification);
    return policySpecification;
}
Also used : TPPPolicy(com.venafi.vcert.sdk.policy.api.domain.TPPPolicy) PolicySpecification(com.venafi.vcert.sdk.policy.domain.PolicySpecification)

Example 18 with PolicySpecification

use of com.venafi.vcert.sdk.policy.domain.PolicySpecification in project vcert-java by Venafi.

the class CloudPolicyToPolicyConverter method convertToPolicy.

public PolicySpecification convertToPolicy(CloudPolicy cloudPolicy) throws Exception {
    PolicySpecification policySpecification = new PolicySpecification();
    CertificateIssuingTemplate cit = cloudPolicy.certificateIssuingTemplate();
    policySpecification.name(cit.name());
    processPolicy(policySpecification, cloudPolicy);
    processDefaults(policySpecification, cloudPolicy);
    return policySpecification;
}
Also used : PolicySpecification(com.venafi.vcert.sdk.policy.domain.PolicySpecification) CertificateIssuingTemplate(com.venafi.vcert.sdk.connectors.cloud.domain.CertificateIssuingTemplate)

Example 19 with PolicySpecification

use of com.venafi.vcert.sdk.policy.domain.PolicySpecification in project vcert-java by Venafi.

the class TppTokenConnectorTest method testExceptionValidatingDefaultKeyTypeDoesntMatchWithPolicyKeyType.

@Test
@DisplayName("TPP - Testing Exception in Validation of Default KeyType with a value not matching with the Policy KeyType")
public void testExceptionValidatingDefaultKeyTypeDoesntMatchWithPolicyKeyType() throws VCertException {
    PolicySpecification policySpecification = TppTestUtils.getPolicySpecification();
    // setting the default KeyType to a value which is not matching with
    // the Policy KeyType to validate that the related VCertException is thrown
    policySpecification.defaults().keyPair().keyType("ECDSA");
    Exception exception = assertThrows(VCertException.class, () -> classUnderTest.setPolicy(TppTestUtils.getRandomZone(), policySpecification));
    Assertions.assertEquals(TppTestUtils.getVCertExceptionMessage(TPPPolicySpecificationValidator.DEFAULT_ATTRIBUTE_DOESNT_MATCH_EXCEPTION_MESSAGE, PolicySpecificationConst.ATT_DEFAULTS_KEYPAIR_KEY_TYPE, PolicySpecificationConst.ATT_POLICY_KEYPAIR_KEY_TYPES), exception.getMessage());
}
Also used : PolicySpecification(com.venafi.vcert.sdk.policy.domain.PolicySpecification) CertificateDNOrThumbprintWasNotProvidedException(com.venafi.vcert.sdk.connectors.ConnectorException.CertificateDNOrThumbprintWasNotProvidedException) MoreThanOneCertificateWithSameThumbprintException(com.venafi.vcert.sdk.connectors.ConnectorException.MoreThanOneCertificateWithSameThumbprintException) CertificateNotFoundByThumbprintException(com.venafi.vcert.sdk.connectors.ConnectorException.CertificateNotFoundByThumbprintException) FeignException(feign.FeignException) VCertException(com.venafi.vcert.sdk.VCertException) FailedToRevokeTokenException(com.venafi.vcert.sdk.connectors.ConnectorException.FailedToRevokeTokenException) Test(org.junit.jupiter.api.Test) DisplayName(org.junit.jupiter.api.DisplayName)

Example 20 with PolicySpecification

use of com.venafi.vcert.sdk.policy.domain.PolicySpecification in project vcert-java by Venafi.

the class TppTokenConnectorTest method testExceptionValidatingDefaultECContainsUnsupportedValue.

@Test
@DisplayName("TPP - Testing Exception in Validation of Default EC that has unsupported value")
public void testExceptionValidatingDefaultECContainsUnsupportedValue() throws VCertException {
    PolicySpecification policySpecification = TppTestUtils.getPolicySpecification();
    // setting the default EC to a value which is not supported
    // to validate that the related VCertException is thrown
    policySpecification.defaults().keyPair().ellipticCurve("P224");
    Exception exception = assertThrows(VCertException.class, () -> classUnderTest.setPolicy(TppTestUtils.getRandomZone(), policySpecification));
    Assertions.assertEquals(TppTestUtils.getVCertExceptionMessage(TPPPolicySpecificationValidator.DEFAULT_ATTRIBUTE_DOESNT_MATCH_WITH_ACCEPTED_VALUES_EXCEPTION_MESSAGE, PolicySpecificationConst.ATT_DEFAULTS_KEYPAIR_ELLIPTIC_CURVE), exception.getMessage());
}
Also used : PolicySpecification(com.venafi.vcert.sdk.policy.domain.PolicySpecification) CertificateDNOrThumbprintWasNotProvidedException(com.venafi.vcert.sdk.connectors.ConnectorException.CertificateDNOrThumbprintWasNotProvidedException) MoreThanOneCertificateWithSameThumbprintException(com.venafi.vcert.sdk.connectors.ConnectorException.MoreThanOneCertificateWithSameThumbprintException) CertificateNotFoundByThumbprintException(com.venafi.vcert.sdk.connectors.ConnectorException.CertificateNotFoundByThumbprintException) FeignException(feign.FeignException) VCertException(com.venafi.vcert.sdk.VCertException) FailedToRevokeTokenException(com.venafi.vcert.sdk.connectors.ConnectorException.FailedToRevokeTokenException) Test(org.junit.jupiter.api.Test) DisplayName(org.junit.jupiter.api.DisplayName)

Aggregations

PolicySpecification (com.venafi.vcert.sdk.policy.domain.PolicySpecification)57 DisplayName (org.junit.jupiter.api.DisplayName)49 Test (org.junit.jupiter.api.Test)49 VCertException (com.venafi.vcert.sdk.VCertException)48 CertificateDNOrThumbprintWasNotProvidedException (com.venafi.vcert.sdk.connectors.ConnectorException.CertificateDNOrThumbprintWasNotProvidedException)24 CertificateNotFoundByThumbprintException (com.venafi.vcert.sdk.connectors.ConnectorException.CertificateNotFoundByThumbprintException)24 MoreThanOneCertificateWithSameThumbprintException (com.venafi.vcert.sdk.connectors.ConnectorException.MoreThanOneCertificateWithSameThumbprintException)24 Authentication (com.venafi.vcert.sdk.endpoint.Authentication)24 FeignException (feign.FeignException)24 IOException (java.io.IOException)24 FailedToRevokeTokenException (com.venafi.vcert.sdk.connectors.ConnectorException.FailedToRevokeTokenException)23 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)2 Config (com.venafi.vcert.sdk.Config)2 VCertClient (com.venafi.vcert.sdk.VCertClient)2 CertificateIssuingTemplate (com.venafi.vcert.sdk.connectors.cloud.domain.CertificateIssuingTemplate)2 TPPPolicy (com.venafi.vcert.sdk.policy.api.domain.TPPPolicy)2 YAMLFactory (com.fasterxml.jackson.dataformat.yaml.YAMLFactory)1 CertificateRequest (com.venafi.vcert.sdk.certificate.CertificateRequest)1 ChainOption (com.venafi.vcert.sdk.certificate.ChainOption)1 DataFormat (com.venafi.vcert.sdk.certificate.DataFormat)1