This repository has been archived by the owner on Sep 16, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs(samples): adding client library samples (#242)
* feat: add samples for creating and activating subordinate ca * feat: add sample for filtering certificate. * feat: add sample for undeleting CA. * fix: adding all pem certificates in chain. * docs: lint fix * refactor: filter conditions changed to arg * test: added test cases * 🦉 Updates from OwlBot See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * fix: region tag mismatch * fix: correct region tag mismatch * refactor: added comments for certificate chain setting * 🦉 Updates from OwlBot See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * docs: lint fix * 🦉 Updates from OwlBot See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * 🦉 Updates from OwlBot See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
- Loading branch information
1 parent
2f7e1a3
commit 7454cb0
Showing
7 changed files
with
684 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
133 changes: 133 additions & 0 deletions
133
samples/snippets/cloud-client/src/main/java/privateca/ActivateSubordinateCa.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,133 @@ | ||
/* | ||
* Copyright 2021 Google LLC | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* https://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
package privateca; | ||
|
||
// [START privateca_activate_subordinateca] | ||
|
||
import com.google.api.core.ApiFuture; | ||
import com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest; | ||
import com.google.cloud.security.privateca.v1.CertificateAuthorityName; | ||
import com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient; | ||
import com.google.cloud.security.privateca.v1.SubordinateConfig; | ||
import com.google.longrunning.Operation; | ||
import java.io.IOException; | ||
import java.util.concurrent.ExecutionException; | ||
import java.util.concurrent.TimeUnit; | ||
|
||
public class ActivateSubordinateCa { | ||
|
||
public static void main(String[] args) | ||
throws InterruptedException, ExecutionException, IOException { | ||
// TODO(developer): Replace these variables before running the sample. | ||
|
||
// location: For a list of locations, see: | ||
// https://cloud.google.com/certificate-authority-service/docs/locations | ||
// pool_Id: Set a unique id for the CA pool. | ||
// subordinateCaName: The CA to be activated. | ||
// pemCACertificate: The signed certificate, obtained by signing the CSR. | ||
String project = "your-project-id"; | ||
String location = "ca-location"; | ||
String pool_Id = "ca-pool-id"; | ||
String subordinateCaName = "subordinate-certificate-authority-name"; | ||
String pemCACertificate = | ||
"-----BEGIN CERTIFICATE-----\n" + "sample-pem-certificate\n" + "-----END CERTIFICATE-----"; | ||
|
||
// certificateAuthorityName: The name of the certificate authority which signed the CSR. | ||
// If an external CA (CA not present in Google Cloud) was used for signing, | ||
// then use the CA's issuerCertificateChain. | ||
String certificateAuthorityName = "certificate-authority-name"; | ||
|
||
activateSubordinateCA( | ||
project, location, pool_Id, certificateAuthorityName, subordinateCaName, pemCACertificate); | ||
} | ||
|
||
// Activate a subordinate CA. | ||
// *Prerequisite*: Get the CSR of the subordinate CA signed by another CA. Pass in the signed | ||
// certificate and (issuer CA's name or the issuer CA's Certificate chain). | ||
// *Post*: After activating the subordinate CA, it should be enabled before issuing certificates. | ||
public static void activateSubordinateCA( | ||
String project, | ||
String location, | ||
String pool_Id, | ||
String certificateAuthorityName, | ||
String subordinateCaName, | ||
String pemCACertificate) | ||
throws ExecutionException, InterruptedException, IOException { | ||
// Initialize client that will be used to send requests. This client only needs to be created | ||
// once, and can be reused for multiple requests. After completing all of your requests, call | ||
// the `certificateAuthorityServiceClient.close()` method on the client to safely | ||
// clean up any remaining background resources. | ||
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = | ||
CertificateAuthorityServiceClient.create()) { | ||
// Subordinate CA parent. | ||
String subordinateCaParent = | ||
CertificateAuthorityName.of(project, location, pool_Id, subordinateCaName).toString(); | ||
|
||
// Construct the "Activate CA Request". | ||
ActivateCertificateAuthorityRequest activateCertificateAuthorityRequest = | ||
ActivateCertificateAuthorityRequest.newBuilder() | ||
.setName(subordinateCaParent) | ||
// The signed certificate. | ||
.setPemCaCertificate(pemCACertificate) | ||
.setSubordinateConfig( | ||
SubordinateConfig.newBuilder() | ||
// Follow one of the below methods: | ||
|
||
// Method 1: If issuer CA is in Google Cloud, set the Certificate Authority | ||
// Name. | ||
.setCertificateAuthority( | ||
CertificateAuthorityName.of( | ||
project, location, pool_Id, certificateAuthorityName) | ||
.toString()) | ||
|
||
// Method 2: If issuer CA is external to Google Cloud, set the issuer's | ||
// certificate chain. | ||
// The certificate chain of the CA (which signed the CSR) from leaf to root. | ||
// .setPemIssuerChain( | ||
// SubordinateConfigChain.newBuilder() | ||
// .addAllPemCertificates(issuerCertificateChain) | ||
// .build()) | ||
|
||
.build()) | ||
.build(); | ||
|
||
// Activate the CA. | ||
ApiFuture<Operation> futureCall = | ||
certificateAuthorityServiceClient | ||
.activateCertificateAuthorityCallable() | ||
.futureCall(activateCertificateAuthorityRequest); | ||
|
||
Operation response = futureCall.get(); | ||
|
||
if (response.hasError()) { | ||
System.out.println("Error while activating the subordinate CA! " + response.getError()); | ||
return; | ||
} | ||
|
||
System.out.println( | ||
"Subordinate Certificate Authority activated successfully ! !" + subordinateCaName); | ||
TimeUnit.SECONDS.sleep(3); | ||
// The current state will be STAGED. | ||
// The Subordinate CA has to be ENABLED before issuing certificates. | ||
System.out.println( | ||
"Current State: " | ||
+ certificateAuthorityServiceClient | ||
.getCertificateAuthority(subordinateCaParent) | ||
.getState()); | ||
} | ||
} | ||
} | ||
// [END privateca_activate_subordinateca] |
108 changes: 108 additions & 0 deletions
108
samples/snippets/cloud-client/src/main/java/privateca/CreateCertificate_CSR.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,108 @@ | ||
/* | ||
* Copyright 2021 Google LLC | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* https://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
package privateca; | ||
|
||
// [START privateca_create_certificate_csr] | ||
|
||
import com.google.api.core.ApiFuture; | ||
import com.google.cloud.security.privateca.v1.CaPoolName; | ||
import com.google.cloud.security.privateca.v1.Certificate; | ||
import com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient; | ||
import com.google.cloud.security.privateca.v1.CreateCertificateRequest; | ||
import com.google.protobuf.Duration; | ||
import java.io.IOException; | ||
import java.util.concurrent.ExecutionException; | ||
|
||
public class CreateCertificate_CSR { | ||
|
||
public static void main(String[] args) | ||
throws IOException, ExecutionException, InterruptedException { | ||
// TODO(developer): Replace these variables before running the sample. | ||
|
||
// location: For a list of locations, see: | ||
// https://cloud.google.com/certificate-authority-service/docs/locations | ||
// pool_Id: Set a unique id for the CA pool. | ||
// certificateAuthorityName: The name of the certificate authority to sign the CSR. | ||
// certificateName: Set a unique name for the certificate. | ||
// pemCSR: Set the Certificate Issuing Request in the pem encoded format. | ||
String project = "your-project-id"; | ||
String location = "ca-location"; | ||
String pool_Id = "ca-pool-id"; | ||
String certificateAuthorityName = "certificate-authority-name"; | ||
String certificateName = "certificate-name"; | ||
String pemCSR = | ||
"-----BEGIN CERTIFICATE REQUEST-----\n" | ||
+ "sample-pem-csr-format\n" | ||
+ "-----END CERTIFICATE REQUEST-----"; | ||
|
||
createCertificateWithCSR( | ||
project, location, pool_Id, certificateAuthorityName, certificateName, pemCSR); | ||
} | ||
|
||
// Create a Certificate which is issued by the specified Certificate Authority. | ||
// The certificate details and the public key is provided as a CSR (Certificate Signing Request). | ||
public static void createCertificateWithCSR( | ||
String project, | ||
String location, | ||
String pool_Id, | ||
String certificateAuthorityName, | ||
String certificateName, | ||
String pemCSR) | ||
throws IOException, ExecutionException, InterruptedException { | ||
// Initialize client that will be used to send requests. This client only needs to be created | ||
// once, and can be reused for multiple requests. After completing all of your requests, call | ||
// the `certificateAuthorityServiceClient.close()` method on the client to safely | ||
// clean up any remaining background resources. | ||
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = | ||
CertificateAuthorityServiceClient.create()) { | ||
// certificateLifetime: The validity of the certificate in seconds. | ||
long certificateLifetime = 1000L; | ||
|
||
// Create certificate with CSR. | ||
// The pemCSR contains the public key and the domain details required. | ||
Certificate certificate = | ||
Certificate.newBuilder() | ||
.setPemCsr(pemCSR) | ||
.setLifetime(Duration.newBuilder().setSeconds(certificateLifetime).build()) | ||
.build(); | ||
|
||
// Create the Certificate Request. | ||
// Set the CA which is responsible for creating the certificate with the provided CSR. | ||
CreateCertificateRequest certificateRequest = | ||
CreateCertificateRequest.newBuilder() | ||
.setParent(CaPoolName.of(project, location, pool_Id).toString()) | ||
.setIssuingCertificateAuthorityId(certificateAuthorityName) | ||
.setCertificateId(certificateName) | ||
.setCertificate(certificate) | ||
.build(); | ||
|
||
// Get the certificate response. | ||
ApiFuture<Certificate> future = | ||
certificateAuthorityServiceClient | ||
.createCertificateCallable() | ||
.futureCall(certificateRequest); | ||
|
||
Certificate certificateResponse = future.get(); | ||
|
||
System.out.println("Certificate created successfully : " + certificateResponse.getName()); | ||
|
||
// Get the signed certificate and the issuer chain list. | ||
System.out.println("Signed certificate:\n " + certificateResponse.getPemCertificate()); | ||
System.out.println("Issuer chain list:\n" + certificateResponse.getPemCertificateChainList()); | ||
} | ||
} | ||
} | ||
// [END privateca_create_certificate_csr] |
Oops, something went wrong.