Examples with PolicySpecification com.venafi.vcert.sdk.policy.domain.PolicySpecification used on opensource projects

Search in sources :

Example 31 with PolicySpecification

use of com.venafi.vcert.sdk.policy.domain.PolicySpecification in project vcert-java by Venafi.

the class CloudConnectorUtils method buildCsrAttributes.

public static CsrAttributes buildCsrAttributes(CertificateRequest request, PolicySpecification policySpecification) throws VCertException {
    CsrAttributes csrAttributes = new CsrAttributes();
    // computing the commonName
    String reqCN = request.subject() != null && isNotBlank(request.subject().commonName()) ? request.subject().commonName() : null;
    if (reqCN != null) {
        // validating that the request.subject.cn matches with the policy domains
        String[] policyDomains = Optional.ofNullable(policySpecification).map(ps -> ps.policy()).map(p -> p.domains()).orElse(null);
        if (policyDomains != null && !matchRegexes(reqCN, policyDomains))
            throw new PolicyMatchException("CN", reqCN, "domains", policyDomains);
        csrAttributes.commonName(reqCN);
    }
    // computing the organization
    List<String> reqOrganizations = Optional.ofNullable(request).map(req -> req.subject()).map(s -> s.organization()).orElse(null);
    if (reqOrganizations != null && reqOrganizations.size() > 0) {
        String[] reqOrgsArray = reqOrganizations.toArray(new String[0]);
        // validating that the req.subject.organization matches with the policy orgs
        String[] policyOrgs = Optional.ofNullable(policySpecification).map(ps -> ps.policy()).map(p -> p.subject()).map(s -> s.orgs()).orElse(null);
        if (policyOrgs != null && !matchRegexes(reqOrgsArray, policyOrgs))
            throw new PolicyMatchException("organization", reqOrgsArray, "organization", policyOrgs);
        csrAttributes.organization(reqOrgsArray[0]);
    } else {
        String defaultOrg = Optional.ofNullable(policySpecification).map(ps -> ps.defaults()).map(d -> d.subject()).map(s -> s.org()).orElse(null);
        if (isNotBlank(defaultOrg))
            csrAttributes.organization(defaultOrg);
    }
    // computing the organizational Units
    List<String> reqOrgUnits = Optional.ofNullable(request).map(req -> req.subject()).map(s -> s.organizationalUnit()).orElse(null);
    if (reqOrgUnits != null && reqOrgUnits.size() > 0) {
        String[] reqOrgUnitsArray = reqOrgUnits.toArray(new String[0]);
        // validating that the req.subject.organizationalUnit matches with the policy orgUnits
        String[] policyOrgUnits = Optional.ofNullable(policySpecification).map(ps -> ps.policy()).map(p -> p.subject()).map(s -> s.orgUnits()).orElse(null);
        if (policyOrgUnits != null && !matchRegexes(reqOrgUnitsArray, policyOrgUnits))
            throw new PolicyMatchException("org unit", reqOrgUnitsArray, "org unit", policyOrgUnits);
        csrAttributes.organizationalUnits(reqOrgUnitsArray);
    } else {
        String[] defaultOrgUnits = Optional.ofNullable(policySpecification).map(ps -> ps.defaults()).map(d -> d.subject()).map(s -> s.orgUnits()).orElse(null);
        if (defaultOrgUnits != null && defaultOrgUnits.length > 0)
            csrAttributes.organizationalUnits(defaultOrgUnits);
    }
    // computing the localities
    List<String> reqLocalities = Optional.ofNullable(request).map(req -> req.subject()).map(s -> s.locality()).orElse(null);
    if (reqLocalities != null && reqLocalities.size() > 0) {
        String[] reqLocalitiesArray = reqLocalities.toArray(new String[0]);
        // validating that the req.subject.locality matches with the policy localities
        String[] policyLocalities = Optional.ofNullable(policySpecification).map(ps -> ps.policy()).map(p -> p.subject()).map(s -> s.localities()).orElse(null);
        if (policyLocalities != null && !matchRegexes(reqLocalitiesArray, policyLocalities))
            throw new PolicyMatchException("locality", reqLocalitiesArray, "localities", policyLocalities);
        csrAttributes.locality(reqLocalitiesArray[0]);
    } else {
        String defaultLocality = Optional.ofNullable(policySpecification).map(ps -> ps.defaults()).map(d -> d.subject()).map(s -> s.locality()).orElse(null);
        if (isNotBlank(defaultLocality))
            csrAttributes.locality(defaultLocality);
    }
    // computing the province
    List<String> reqProvince = Optional.ofNullable(request).map(req -> req.subject()).map(s -> s.province()).orElse(null);
    if (reqProvince != null && reqProvince.size() > 0) {
        String[] reqProvinceArray = reqProvince.toArray(new String[0]);
        // validating that the req.subject.province matches with the policy states
        String[] policyStates = Optional.ofNullable(policySpecification).map(ps -> ps.policy()).map(p -> p.subject()).map(s -> s.states()).orElse(null);
        if (policyStates != null && !matchRegexes(reqProvinceArray, policyStates))
            throw new PolicyMatchException("state", reqProvinceArray, "states", policyStates);
        csrAttributes.state(reqProvinceArray[0]);
    } else {
        String defaultState = Optional.ofNullable(policySpecification).map(ps -> ps.defaults()).map(d -> d.subject()).map(s -> s.state()).orElse(null);
        if (isNotBlank(defaultState))
            csrAttributes.state(defaultState);
    }
    // computing the country
    List<String> reqCountries = Optional.ofNullable(request).map(req -> req.subject()).map(s -> s.country()).orElse(null);
    if (reqCountries != null && reqCountries.size() > 0) {
        String[] reqCountriesArray = reqCountries.toArray(new String[0]);
        // validating that the req.subject.country matches with the policy countries
        String[] policyCountries = Optional.ofNullable(policySpecification).map(ps -> ps.policy()).map(p -> p.subject()).map(s -> s.countries()).orElse(null);
        if (policyCountries != null && !matchRegexes(reqCountriesArray, policyCountries))
            throw new PolicyMatchException("state", reqCountriesArray, "states", policyCountries);
        csrAttributes.country(reqCountriesArray[0]);
    } else {
        String defaultCountry = Optional.ofNullable(policySpecification).map(ps -> ps.defaults()).map(d -> d.subject()).map(s -> s.country()).orElse(null);
        if (isNotBlank(defaultCountry))
            csrAttributes.country(defaultCountry);
    }
    if (request.dnsNames() != null && request.dnsNames().size() > 0) {
        SubjectAlternativeNamesByType subjectAlternativeNamesByType = new SubjectAlternativeNamesByType().dnsNames(request.dnsNames().toArray(new String[0]));
        csrAttributes.subjectAlternativeNamesByType(subjectAlternativeNamesByType);
    }
    return csrAttributes;
}
Also used : java.util(java.util) ZipInputStream(java.util.zip.ZipInputStream) ProductOption(com.venafi.vcert.sdk.connectors.cloud.endpoint.CAAccount.ProductOption) PEMCollection(com.venafi.vcert.sdk.certificate.PEMCollection) CertificateIssuingTemplate(com.venafi.vcert.sdk.connectors.cloud.domain.CertificateIssuingTemplate) KeyStoreZipCompressionRatioExceeded(com.venafi.vcert.sdk.connectors.ConnectorException.KeyStoreZipCompressionRatioExceeded) SubjectAlternativeNamesByType(com.venafi.vcert.sdk.connectors.cloud.CloudConnector.SubjectAlternativeNamesByType) UserDetails(com.venafi.vcert.sdk.connectors.cloud.domain.UserDetails) PolicyMatchException(com.venafi.vcert.sdk.connectors.ConnectorException.PolicyMatchException) com.venafi.vcert.sdk.connectors.cloud.endpoint(com.venafi.vcert.sdk.connectors.cloud.endpoint) CsrAttributes(com.venafi.vcert.sdk.connectors.cloud.CloudConnector.CsrAttributes) ZipEntry(java.util.zip.ZipEntry) FeignException(feign.FeignException) CloudZone(com.venafi.vcert.sdk.connectors.cloud.domain.CloudZone) PEMParser(org.bouncycastle.openssl.PEMParser) IOException(java.io.IOException) VCertException(com.venafi.vcert.sdk.VCertException) CertificateRequest(com.venafi.vcert.sdk.certificate.CertificateRequest) KeyStoreZipEntriesExceeded(com.venafi.vcert.sdk.connectors.ConnectorException.KeyStoreZipEntriesExceeded) CloudPolicy(com.venafi.vcert.sdk.policy.api.domain.CloudPolicy) DataFormat(com.venafi.vcert.sdk.certificate.DataFormat) PolicySpecification(com.venafi.vcert.sdk.policy.domain.PolicySpecification) StringUtils.isNotBlank(org.apache.commons.lang3.StringUtils.isNotBlank) StringReader(java.io.StringReader) PrivateKey(java.security.PrivateKey) ChainOption(com.venafi.vcert.sdk.certificate.ChainOption) Data(lombok.Data) KeyStoreUnzipedFilesBytesSizeExceeded(com.venafi.vcert.sdk.connectors.ConnectorException.KeyStoreUnzipedFilesBytesSizeExceeded) Pattern(java.util.regex.Pattern) AllArgsConstructor(lombok.AllArgsConstructor) Application(com.venafi.vcert.sdk.connectors.cloud.domain.Application) InputStream(java.io.InputStream) CsrAttributes(com.venafi.vcert.sdk.connectors.cloud.CloudConnector.CsrAttributes) PolicyMatchException(com.venafi.vcert.sdk.connectors.ConnectorException.PolicyMatchException) SubjectAlternativeNamesByType(com.venafi.vcert.sdk.connectors.cloud.CloudConnector.SubjectAlternativeNamesByType)

Example 32 with PolicySpecification

use of com.venafi.vcert.sdk.policy.domain.PolicySpecification in project vcert-java by Venafi.

the class TppConnector method getPolicy.

@Override
public PolicySpecification getPolicy(String policyName) throws VCertException {
    PolicySpecification policySpecification;
    try {
        TPPPolicy tppPolicy = getTPPPolicy(policyName);
        policySpecification = TPPPolicySpecificationConverter.INSTANCE.convertToPolicySpecification(tppPolicy);
    } catch (Exception e) {
        throw new VCertException(e);
    }
    return policySpecification;
}
Also used : TPPPolicy(com.venafi.vcert.sdk.policy.api.domain.TPPPolicy) PolicySpecification(com.venafi.vcert.sdk.policy.domain.PolicySpecification) VCertException(com.venafi.vcert.sdk.VCertException) RetrieveCertificateTimeoutException(com.venafi.vcert.sdk.connectors.ConnectorException.RetrieveCertificateTimeoutException) TppRequestCertificateNotAllowedException(com.venafi.vcert.sdk.connectors.ConnectorException.TppRequestCertificateNotAllowedException) CertificateDNOrThumbprintWasNotProvidedException(com.venafi.vcert.sdk.connectors.ConnectorException.CertificateDNOrThumbprintWasNotProvidedException) RenewFailureException(com.venafi.vcert.sdk.connectors.ConnectorException.RenewFailureException) CertificateNotFoundByThumbprintException(com.venafi.vcert.sdk.connectors.ConnectorException.CertificateNotFoundByThumbprintException) CSRNotProvidedByUserException(com.venafi.vcert.sdk.connectors.ConnectorException.CSRNotProvidedByUserException) MissingCredentialsException(com.venafi.vcert.sdk.connectors.ConnectorException.MissingCredentialsException) TppManualCSRNotEnabledException(com.venafi.vcert.sdk.connectors.ConnectorException.TppManualCSRNotEnabledException) CertificatePendingException(com.venafi.vcert.sdk.connectors.ConnectorException.CertificatePendingException) VCertException(com.venafi.vcert.sdk.VCertException) MoreThanOneCertificateWithSameThumbprintException(com.venafi.vcert.sdk.connectors.ConnectorException.MoreThanOneCertificateWithSameThumbprintException) AttemptToRetryException(com.venafi.vcert.sdk.connectors.ConnectorException.AttemptToRetryException) RevokeFailureException(com.venafi.vcert.sdk.connectors.ConnectorException.RevokeFailureException) CouldNotParseRevokeReasonException(com.venafi.vcert.sdk.connectors.ConnectorException.CouldNotParseRevokeReasonException) TppPingException(com.venafi.vcert.sdk.connectors.ConnectorException.TppPingException)

Example 33 with PolicySpecification

use of com.venafi.vcert.sdk.policy.domain.PolicySpecification in project vcert-java by Venafi.

the class PolicyManagementYamlExample method main.

public static void main(String[] args) {
    try {
        // replace it by the policy full name
        String policyName = "<APP_NAME>\\<CIT_ALIAS>";
        // replace it by the api-key
        String tppl_api_key = "<APIKEY>";
        // replace it by the path where the policy_specification.yaml file will be
        String yaml_source_file = "<PARENT_PATH>/policy_specification.yaml";
        // replace it by the path where the policy_specification_result.yaml file will be
        String yaml_target_file = "<PARENT_PATH>/policy_specification_result.yaml";
        // 1. Get an instance of com.venafi.vcert.sdk.policy.domain.PolicySpecification class.
        // At this time it's being to use the Jackson parser to get an instance of PolicySpecification given a Yaml file.
        // You can learn more about Jackson parser in https://github.com/FasterXML/jackson
        // and http://tutorials.jenkov.com/java-json/jackson-objectmapper.html
        ObjectMapper mapper = new ObjectMapper(new YAMLFactory());
        mapper.setVisibility(PropertyAccessor.FIELD, JsonAutoDetect.Visibility.ANY);
        mapper.setSerializationInclusion(JsonInclude.Include.NON_NULL);
        PolicySpecification policySpecification = mapper.readValue(new File(yaml_source_file), PolicySpecification.class);
        // 2. Get a VCertClient. For this time, it's going to use a VCertClient for Cloud.
        Authentication auth = Authentication.builder().apiKey(tppl_api_key).build();
        Config config = Config.builder().connectorType(ConnectorType.CLOUD).build();
        VCertClient client = new VCertClient(config);
        client.authenticate(auth);
        // 3. Use the VCertClient method setPolicy() to set a Policy.
        // If the the policy doesn't exist then it will be created.
        // If the the policy exists then it will be updated.
        client.setPolicy(policyName, policySpecification);
        // 4. You can get the Policy which you created/updated using the getPolicy method and then use it
        // to write it in json format using the Jackson parser.
        PolicySpecification policyTemp = client.getPolicy(policyName);
        mapper.writeValue(new File(yaml_target_file), policyTemp);
    } catch (Exception e) {
        e.printStackTrace();
    }
}
Also used : PolicySpecification(com.venafi.vcert.sdk.policy.domain.PolicySpecification) Authentication(com.venafi.vcert.sdk.endpoint.Authentication) Config(com.venafi.vcert.sdk.Config) VCertClient(com.venafi.vcert.sdk.VCertClient) YAMLFactory(com.fasterxml.jackson.dataformat.yaml.YAMLFactory) File(java.io.File) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)

Example 34 with PolicySpecification

use of com.venafi.vcert.sdk.policy.domain.PolicySpecification in project vcert-java by Venafi.

the class CloudConnector method getPolicy.

private PolicySpecification getPolicy(String policyName, boolean removeRegexFromSubjectCN) throws VCertException {
    PolicySpecification policySpecification;
    try {
        CloudPolicy cloudPolicy = CloudConnectorUtils.getCloudPolicy(policyName, auth.apiKey(), cloud);
        cloudPolicy.removeRegexesFromSubjectCN(removeRegexFromSubjectCN);
        policySpecification = CloudPolicySpecificationConverter.INSTANCE.convertToPolicySpecification(cloudPolicy);
    } catch (Exception e) {
        throw new VCertException(e);
    }
    return policySpecification;
}
Also used : PolicySpecification(com.venafi.vcert.sdk.policy.domain.PolicySpecification) VCertException(com.venafi.vcert.sdk.VCertException) CloudPolicy(com.venafi.vcert.sdk.policy.api.domain.CloudPolicy) VCertException(com.venafi.vcert.sdk.VCertException) ConnectorException(com.venafi.vcert.sdk.connectors.ConnectorException) IOException(java.io.IOException)

Example 35 with PolicySpecification

use of com.venafi.vcert.sdk.policy.domain.PolicySpecification in project vcert-java by Venafi.

the class CloudConnector method buildRequestCertificatePayload.

private CertificateRequestsPayload buildRequestCertificatePayload(CertificateRequest request, ZoneConfiguration zoneConfiguration) throws VCertException {
    CertificateRequestsPayload payload = new CertificateRequestsPayload();
    if (CsrOriginOption.ServiceGeneratedCSR == request.csrOrigin()) {
        payload.isVaaSGenerated(true);
        payload.applicationServerTypeId(APPLICATION_SERVER_TYPE_ID);
        PolicySpecification policySpecification = getPolicy(zoneConfiguration.zoneId(), false);
        payload.csrAttributes(CloudConnectorUtils.buildCsrAttributes(request, policySpecification));
    } else {
        payload.csr(new String(request.csr()));
    }
    // support for validity hours begins
    if (request.validityHours() > 0) {
        String validityHours = "PT" + request.validityHours() + "H";
        payload.validityPeriod(validityHours);
    }
    // support for validity hours ends
    // add certificateIssuingTemplate and applicationId
    payload.applicationId(zoneConfiguration.applicationId());
    payload.certificateIssuingTemplateId(zoneConfiguration.certificateIssuingTemplateId());
    // add client information
    VCertUtils.addApiClientInformation(payload);
    return payload;
}
Also used : PolicySpecification(com.venafi.vcert.sdk.policy.domain.PolicySpecification)

Aggregations

PolicySpecification (com.venafi.vcert.sdk.policy.domain.PolicySpecification)57 DisplayName (org.junit.jupiter.api.DisplayName)49 Test (org.junit.jupiter.api.Test)49 VCertException (com.venafi.vcert.sdk.VCertException)48 CertificateDNOrThumbprintWasNotProvidedException (com.venafi.vcert.sdk.connectors.ConnectorException.CertificateDNOrThumbprintWasNotProvidedException)24 CertificateNotFoundByThumbprintException (com.venafi.vcert.sdk.connectors.ConnectorException.CertificateNotFoundByThumbprintException)24 MoreThanOneCertificateWithSameThumbprintException (com.venafi.vcert.sdk.connectors.ConnectorException.MoreThanOneCertificateWithSameThumbprintException)24 Authentication (com.venafi.vcert.sdk.endpoint.Authentication)24 FeignException (feign.FeignException)24 IOException (java.io.IOException)24 FailedToRevokeTokenException (com.venafi.vcert.sdk.connectors.ConnectorException.FailedToRevokeTokenException)23 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)2 Config (com.venafi.vcert.sdk.Config)2 VCertClient (com.venafi.vcert.sdk.VCertClient)2 CertificateIssuingTemplate (com.venafi.vcert.sdk.connectors.cloud.domain.CertificateIssuingTemplate)2 TPPPolicy (com.venafi.vcert.sdk.policy.api.domain.TPPPolicy)2 YAMLFactory (com.fasterxml.jackson.dataformat.yaml.YAMLFactory)1 CertificateRequest (com.venafi.vcert.sdk.certificate.CertificateRequest)1 ChainOption (com.venafi.vcert.sdk.certificate.ChainOption)1 DataFormat (com.venafi.vcert.sdk.certificate.DataFormat)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial