use of com.venafi.vcert.sdk.policy.domain.PolicySpecification in project vcert-java by Venafi.
the class CloudConnectorTest method testExceptionValidatingPolicyLocalitiesWhenWildcards.
@Test
@DisplayName("Cloud - Testing Exception in Validation of Policy Localities with wildcard value")
public void testExceptionValidatingPolicyLocalitiesWhenWildcards() throws VCertException {
classUnderTest.authenticate(new Authentication(null, null, "12345678-1234-1234-1234-123456789012"));
PolicySpecification policySpecification = CloudTestUtils.getPolicySpecification();
// setting the Localities to a list of values which contains ".*" to validate that the related VCertException is thrown
policySpecification.policy().subject().localities(new String[] { PolicySpecificationConst.ALLOW_ALL, "Merida" });
Exception exception = assertThrows(VCertException.class, () -> classUnderTest.setPolicy(CloudTestUtils.getRandomZone(), policySpecification));
assertEquals(CloudTestUtils.getVCertExceptionMessage(CloudPolicySpecificationValidator.ATTRIBUTE_HAS_MORE_THAN_ONE_VALUE_CONTAINING_ALLOW_ALL_STRING_EXCEPTION_MESSAGE, PolicySpecificationConst.ATT_POLICY_SUBJECT_LOCALITIES), exception.getMessage());
}
use of com.venafi.vcert.sdk.policy.domain.PolicySpecification in project vcert-java by Venafi.
the class TppPolicyToPolicyConverter method convertToPolicy.
public PolicySpecification convertToPolicy(TPPPolicy tppPolicy) throws Exception {
PolicySpecification policySpecification = new PolicySpecification();
policySpecification.name(tppPolicy.policyName());
policySpecification.users(tppPolicy.contact() != null && tppPolicy.contact().length > 0 ? tppPolicy.contact() : null);
policySpecification.approvers(tppPolicy.approver() != null && tppPolicy.approver().length > 0 ? tppPolicy.approver() : null);
if (tppPolicy.domainSuffixWhiteList() != null && tppPolicy.domainSuffixWhiteList().length > 0)
getPolicyFromPolicySpecification(policySpecification).domains(tppPolicy.domainSuffixWhiteList());
if (tppPolicy.prohibitWildcard() != null)
getPolicyFromPolicySpecification(policySpecification).wildcardAllowed(!(tppPolicy.prohibitWildcard() == 1));
if (tppPolicy.certificateAuthority() != null && !tppPolicy.certificateAuthority().equals(""))
getPolicyFromPolicySpecification(policySpecification).certificateAuthority(tppPolicy.certificateAuthority());
// resolving management type
switch(shouldCreateAttribute(tppPolicy, TPPPolicy::managementType)) {
case NORMAL:
getPolicyFromPolicySpecification(policySpecification).autoInstalled(ManagementTypes.from(tppPolicy.managementType().values()[0]).psValue);
break;
}
// resolving org/orgs
switch(shouldCreateAttribute(tppPolicy, TPPPolicy::organization)) {
case NORMAL:
getSubjectFromPolicySpecification(policySpecification).orgs(tppPolicy.organization().values());
break;
case DEFAULT:
getDefaultsSubjectFromPolicySpecification(policySpecification).org(tppPolicy.organization().values()[0]);
}
// resolving orgUnits
switch(shouldCreateAttribute(tppPolicy, TPPPolicy::organizationalUnit)) {
case NORMAL:
getSubjectFromPolicySpecification(policySpecification).orgUnits(tppPolicy.organizationalUnit().values());
break;
case DEFAULT:
getDefaultsSubjectFromPolicySpecification(policySpecification).orgUnits(tppPolicy.organizationalUnit().values());
}
// resolving localities/locality
switch(shouldCreateAttribute(tppPolicy, TPPPolicy::city)) {
case NORMAL:
getSubjectFromPolicySpecification(policySpecification).localities(tppPolicy.city().values());
break;
case DEFAULT:
getDefaultsSubjectFromPolicySpecification(policySpecification).locality(tppPolicy.city().values()[0]);
}
// resolving state/states
switch(shouldCreateAttribute(tppPolicy, TPPPolicy::state)) {
case NORMAL:
getSubjectFromPolicySpecification(policySpecification).states(tppPolicy.state().values());
break;
case DEFAULT:
getDefaultsSubjectFromPolicySpecification(policySpecification).state(tppPolicy.state().values()[0]);
}
// resolving country/countries
switch(shouldCreateAttribute(tppPolicy, TPPPolicy::country)) {
case NORMAL:
getSubjectFromPolicySpecification(policySpecification).countries(tppPolicy.country().values());
break;
case DEFAULT:
getDefaultsSubjectFromPolicySpecification(policySpecification).country(tppPolicy.country().values()[0]);
}
// resolve keyTypes
switch(shouldCreateAttribute(tppPolicy, TPPPolicy::keyAlgorithm)) {
case NORMAL:
getKeyPairFromPolicySpecification(policySpecification).keyTypes(tppPolicy.keyAlgorithm().values());
break;
case DEFAULT:
getDefaultsKeyPairFromPolicySpecification(policySpecification).keyType(tppPolicy.keyAlgorithm().values()[0]);
}
// resolve rsaKeySizes
Integer[] keyBitStrength;
switch(shouldCreateAttribute(tppPolicy, TPPPolicy::keyBitStrength)) {
case NORMAL:
keyBitStrength = Stream.of(tppPolicy.keyBitStrength().values()).mapToInt(Integer::parseInt).boxed().toArray(Integer[]::new);
getKeyPairFromPolicySpecification(policySpecification).rsaKeySizes(keyBitStrength);
break;
case DEFAULT:
keyBitStrength = Stream.of(tppPolicy.keyBitStrength().values()).mapToInt(Integer::parseInt).boxed().toArray(Integer[]::new);
getDefaultsKeyPairFromPolicySpecification(policySpecification).rsaKeySize(keyBitStrength[0]);
}
// resolve ellipticCurves
switch(shouldCreateAttribute(tppPolicy, TPPPolicy::ellipticCurve)) {
case NORMAL:
getKeyPairFromPolicySpecification(policySpecification).ellipticCurves(tppPolicy.ellipticCurve().values());
break;
case DEFAULT:
getDefaultsKeyPairFromPolicySpecification(policySpecification).ellipticCurve(tppPolicy.ellipticCurve().values()[0]);
}
// resolve serviceGenerated
switch(shouldCreateAttribute(tppPolicy, TPPPolicy::manualCsr)) {
case NORMAL:
getKeyPairFromPolicySpecification(policySpecification).serviceGenerated(tppPolicy.manualCsr().values()[0].equals("0"));
break;
case DEFAULT:
getDefaultsKeyPairFromPolicySpecification(policySpecification).serviceGenerated(tppPolicy.manualCsr().values()[0].equals("0"));
}
// so if one of these two values is set then apply the value to ReuseAllowed
if (shouldCreateAttribute(tppPolicy, TPPPolicy::allowPrivateKeyReuse) == TypePSAToCreate.NORMAL)
getKeyPairFromPolicySpecification(policySpecification).reuseAllowed(tppPolicy.allowPrivateKeyReuse().values()[0].equals("1"));
else if (shouldCreateAttribute(tppPolicy, TPPPolicy::wantRenewal) == TypePSAToCreate.NORMAL)
getKeyPairFromPolicySpecification(policySpecification).reuseAllowed(tppPolicy.wantRenewal().values()[0].equals("1"));
// resolve subjectAltNames
resolveSubjectAltNames(tppPolicy, policySpecification);
return policySpecification;
}
use of com.venafi.vcert.sdk.policy.domain.PolicySpecification in project vcert-java by Venafi.
the class CloudPolicyToPolicyConverter method convertToPolicy.
public PolicySpecification convertToPolicy(CloudPolicy cloudPolicy) throws Exception {
PolicySpecification policySpecification = new PolicySpecification();
CertificateIssuingTemplate cit = cloudPolicy.certificateIssuingTemplate();
policySpecification.name(cit.name());
processPolicy(policySpecification, cloudPolicy);
processDefaults(policySpecification, cloudPolicy);
return policySpecification;
}
use of com.venafi.vcert.sdk.policy.domain.PolicySpecification in project vcert-java by Venafi.
the class TppTokenConnectorTest method testExceptionValidatingDefaultKeyTypeDoesntMatchWithPolicyKeyType.
@Test
@DisplayName("TPP - Testing Exception in Validation of Default KeyType with a value not matching with the Policy KeyType")
public void testExceptionValidatingDefaultKeyTypeDoesntMatchWithPolicyKeyType() throws VCertException {
PolicySpecification policySpecification = TppTestUtils.getPolicySpecification();
// setting the default KeyType to a value which is not matching with
// the Policy KeyType to validate that the related VCertException is thrown
policySpecification.defaults().keyPair().keyType("ECDSA");
Exception exception = assertThrows(VCertException.class, () -> classUnderTest.setPolicy(TppTestUtils.getRandomZone(), policySpecification));
Assertions.assertEquals(TppTestUtils.getVCertExceptionMessage(TPPPolicySpecificationValidator.DEFAULT_ATTRIBUTE_DOESNT_MATCH_EXCEPTION_MESSAGE, PolicySpecificationConst.ATT_DEFAULTS_KEYPAIR_KEY_TYPE, PolicySpecificationConst.ATT_POLICY_KEYPAIR_KEY_TYPES), exception.getMessage());
}
use of com.venafi.vcert.sdk.policy.domain.PolicySpecification in project vcert-java by Venafi.
the class TppTokenConnectorTest method testExceptionValidatingDefaultECContainsUnsupportedValue.
@Test
@DisplayName("TPP - Testing Exception in Validation of Default EC that has unsupported value")
public void testExceptionValidatingDefaultECContainsUnsupportedValue() throws VCertException {
PolicySpecification policySpecification = TppTestUtils.getPolicySpecification();
// setting the default EC to a value which is not supported
// to validate that the related VCertException is thrown
policySpecification.defaults().keyPair().ellipticCurve("P224");
Exception exception = assertThrows(VCertException.class, () -> classUnderTest.setPolicy(TppTestUtils.getRandomZone(), policySpecification));
Assertions.assertEquals(TppTestUtils.getVCertExceptionMessage(TPPPolicySpecificationValidator.DEFAULT_ATTRIBUTE_DOESNT_MATCH_WITH_ACCEPTED_VALUES_EXCEPTION_MESSAGE, PolicySpecificationConst.ATT_DEFAULTS_KEYPAIR_ELLIPTIC_CURVE), exception.getMessage());
}
Aggregations