Skip to content
This repository has been archived by the owner on Sep 16, 2023. It is now read-only.

Commit

Permalink
docs(samples): adding client library samples (#242)
Browse files Browse the repository at this point in the history
* feat: add samples for creating and activating subordinate ca

* feat: add sample for filtering certificate.

* feat: add sample for undeleting CA.

* fix: adding all pem certificates in chain.

* docs: lint fix

* refactor: filter conditions changed to arg

* test: added test cases

* 🦉 Updates from OwlBot

See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md

* fix: region tag mismatch

* fix: correct region tag mismatch

* refactor: added comments for certificate chain setting

* 🦉 Updates from OwlBot

See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md

* docs: lint fix

* 🦉 Updates from OwlBot

See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md

* 🦉 Updates from OwlBot

See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md

Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
  • Loading branch information
Sita04 and gcf-owl-bot[bot] authored Aug 27, 2021
1 parent 2f7e1a3 commit 7454cb0
Show file tree
Hide file tree
Showing 7 changed files with 684 additions and 8 deletions.
5 changes: 5 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -76,17 +76,22 @@ Samples are in the [`samples/`](https://github.com/googleapis/java-security-priv

| Sample | Source Code | Try it |
| --------------------------- | --------------------------------- | ------ |
| Activate Subordinate Ca | [source code](https://github.com/googleapis/java-security-private-ca/blob/master/samples/snippets/cloud-client/src/main/java/privateca/ActivateSubordinateCa.java) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/java-security-private-ca&page=editor&open_in_editor=samples/snippets/cloud-client/src/main/java/privateca/ActivateSubordinateCa.java) |
| Create Ca Pool | [source code](https://github.com/googleapis/java-security-private-ca/blob/master/samples/snippets/cloud-client/src/main/java/privateca/CreateCaPool.java) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/java-security-private-ca&page=editor&open_in_editor=samples/snippets/cloud-client/src/main/java/privateca/CreateCaPool.java) |
| Create Certificate | [source code](https://github.com/googleapis/java-security-private-ca/blob/master/samples/snippets/cloud-client/src/main/java/privateca/CreateCertificate.java) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/java-security-private-ca&page=editor&open_in_editor=samples/snippets/cloud-client/src/main/java/privateca/CreateCertificate.java) |
| Create Certificate Authority | [source code](https://github.com/googleapis/java-security-private-ca/blob/master/samples/snippets/cloud-client/src/main/java/privateca/CreateCertificateAuthority.java) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/java-security-private-ca&page=editor&open_in_editor=samples/snippets/cloud-client/src/main/java/privateca/CreateCertificateAuthority.java) |
| Create Certificate_CSR | [source code](https://github.com/googleapis/java-security-private-ca/blob/master/samples/snippets/cloud-client/src/main/java/privateca/CreateCertificate_CSR.java) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/java-security-private-ca&page=editor&open_in_editor=samples/snippets/cloud-client/src/main/java/privateca/CreateCertificate_CSR.java) |
| Create Subordinate Ca | [source code](https://github.com/googleapis/java-security-private-ca/blob/master/samples/snippets/cloud-client/src/main/java/privateca/CreateSubordinateCa.java) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/java-security-private-ca&page=editor&open_in_editor=samples/snippets/cloud-client/src/main/java/privateca/CreateSubordinateCa.java) |
| Delete Ca Pool | [source code](https://github.com/googleapis/java-security-private-ca/blob/master/samples/snippets/cloud-client/src/main/java/privateca/DeleteCaPool.java) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/java-security-private-ca&page=editor&open_in_editor=samples/snippets/cloud-client/src/main/java/privateca/DeleteCaPool.java) |
| Delete Certificate Authority | [source code](https://github.com/googleapis/java-security-private-ca/blob/master/samples/snippets/cloud-client/src/main/java/privateca/DeleteCertificateAuthority.java) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/java-security-private-ca&page=editor&open_in_editor=samples/snippets/cloud-client/src/main/java/privateca/DeleteCertificateAuthority.java) |
| Disable Certificate Authority | [source code](https://github.com/googleapis/java-security-private-ca/blob/master/samples/snippets/cloud-client/src/main/java/privateca/DisableCertificateAuthority.java) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/java-security-private-ca&page=editor&open_in_editor=samples/snippets/cloud-client/src/main/java/privateca/DisableCertificateAuthority.java) |
| Enable Certificate Authority | [source code](https://github.com/googleapis/java-security-private-ca/blob/master/samples/snippets/cloud-client/src/main/java/privateca/EnableCertificateAuthority.java) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/java-security-private-ca&page=editor&open_in_editor=samples/snippets/cloud-client/src/main/java/privateca/EnableCertificateAuthority.java) |
| Filter Certificates | [source code](https://github.com/googleapis/java-security-private-ca/blob/master/samples/snippets/cloud-client/src/main/java/privateca/FilterCertificates.java) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/java-security-private-ca&page=editor&open_in_editor=samples/snippets/cloud-client/src/main/java/privateca/FilterCertificates.java) |
| List Ca Pools | [source code](https://github.com/googleapis/java-security-private-ca/blob/master/samples/snippets/cloud-client/src/main/java/privateca/ListCaPools.java) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/java-security-private-ca&page=editor&open_in_editor=samples/snippets/cloud-client/src/main/java/privateca/ListCaPools.java) |
| List Certificate Authorities | [source code](https://github.com/googleapis/java-security-private-ca/blob/master/samples/snippets/cloud-client/src/main/java/privateca/ListCertificateAuthorities.java) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/java-security-private-ca&page=editor&open_in_editor=samples/snippets/cloud-client/src/main/java/privateca/ListCertificateAuthorities.java) |
| List Certificates | [source code](https://github.com/googleapis/java-security-private-ca/blob/master/samples/snippets/cloud-client/src/main/java/privateca/ListCertificates.java) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/java-security-private-ca&page=editor&open_in_editor=samples/snippets/cloud-client/src/main/java/privateca/ListCertificates.java) |
| Revoke Certificate | [source code](https://github.com/googleapis/java-security-private-ca/blob/master/samples/snippets/cloud-client/src/main/java/privateca/RevokeCertificate.java) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/java-security-private-ca&page=editor&open_in_editor=samples/snippets/cloud-client/src/main/java/privateca/RevokeCertificate.java) |
| Undelete Certificate Authority | [source code](https://github.com/googleapis/java-security-private-ca/blob/master/samples/snippets/cloud-client/src/main/java/privateca/UndeleteCertificateAuthority.java) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/java-security-private-ca&page=editor&open_in_editor=samples/snippets/cloud-client/src/main/java/privateca/UndeleteCertificateAuthority.java) |



Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,133 @@
/*
* Copyright 2021 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package privateca;

// [START privateca_activate_subordinateca]

import com.google.api.core.ApiFuture;
import com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest;
import com.google.cloud.security.privateca.v1.CertificateAuthorityName;
import com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient;
import com.google.cloud.security.privateca.v1.SubordinateConfig;
import com.google.longrunning.Operation;
import java.io.IOException;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;

public class ActivateSubordinateCa {

public static void main(String[] args)
throws InterruptedException, ExecutionException, IOException {
// TODO(developer): Replace these variables before running the sample.

// location: For a list of locations, see:
// https://cloud.google.com/certificate-authority-service/docs/locations
// pool_Id: Set a unique id for the CA pool.
// subordinateCaName: The CA to be activated.
// pemCACertificate: The signed certificate, obtained by signing the CSR.
String project = "your-project-id";
String location = "ca-location";
String pool_Id = "ca-pool-id";
String subordinateCaName = "subordinate-certificate-authority-name";
String pemCACertificate =
"-----BEGIN CERTIFICATE-----\n" + "sample-pem-certificate\n" + "-----END CERTIFICATE-----";

// certificateAuthorityName: The name of the certificate authority which signed the CSR.
// If an external CA (CA not present in Google Cloud) was used for signing,
// then use the CA's issuerCertificateChain.
String certificateAuthorityName = "certificate-authority-name";

activateSubordinateCA(
project, location, pool_Id, certificateAuthorityName, subordinateCaName, pemCACertificate);
}

// Activate a subordinate CA.
// *Prerequisite*: Get the CSR of the subordinate CA signed by another CA. Pass in the signed
// certificate and (issuer CA's name or the issuer CA's Certificate chain).
// *Post*: After activating the subordinate CA, it should be enabled before issuing certificates.
public static void activateSubordinateCA(
String project,
String location,
String pool_Id,
String certificateAuthorityName,
String subordinateCaName,
String pemCACertificate)
throws ExecutionException, InterruptedException, IOException {
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the `certificateAuthorityServiceClient.close()` method on the client to safely
// clean up any remaining background resources.
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
CertificateAuthorityServiceClient.create()) {
// Subordinate CA parent.
String subordinateCaParent =
CertificateAuthorityName.of(project, location, pool_Id, subordinateCaName).toString();

// Construct the "Activate CA Request".
ActivateCertificateAuthorityRequest activateCertificateAuthorityRequest =
ActivateCertificateAuthorityRequest.newBuilder()
.setName(subordinateCaParent)
// The signed certificate.
.setPemCaCertificate(pemCACertificate)
.setSubordinateConfig(
SubordinateConfig.newBuilder()
// Follow one of the below methods:

// Method 1: If issuer CA is in Google Cloud, set the Certificate Authority
// Name.
.setCertificateAuthority(
CertificateAuthorityName.of(
project, location, pool_Id, certificateAuthorityName)
.toString())

// Method 2: If issuer CA is external to Google Cloud, set the issuer's
// certificate chain.
// The certificate chain of the CA (which signed the CSR) from leaf to root.
// .setPemIssuerChain(
// SubordinateConfigChain.newBuilder()
// .addAllPemCertificates(issuerCertificateChain)
// .build())

.build())
.build();

// Activate the CA.
ApiFuture<Operation> futureCall =
certificateAuthorityServiceClient
.activateCertificateAuthorityCallable()
.futureCall(activateCertificateAuthorityRequest);

Operation response = futureCall.get();

if (response.hasError()) {
System.out.println("Error while activating the subordinate CA! " + response.getError());
return;
}

System.out.println(
"Subordinate Certificate Authority activated successfully ! !" + subordinateCaName);
TimeUnit.SECONDS.sleep(3);
// The current state will be STAGED.
// The Subordinate CA has to be ENABLED before issuing certificates.
System.out.println(
"Current State: "
+ certificateAuthorityServiceClient
.getCertificateAuthority(subordinateCaParent)
.getState());
}
}
}
// [END privateca_activate_subordinateca]
Original file line number Diff line number Diff line change
@@ -0,0 +1,108 @@
/*
* Copyright 2021 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package privateca;

// [START privateca_create_certificate_csr]

import com.google.api.core.ApiFuture;
import com.google.cloud.security.privateca.v1.CaPoolName;
import com.google.cloud.security.privateca.v1.Certificate;
import com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient;
import com.google.cloud.security.privateca.v1.CreateCertificateRequest;
import com.google.protobuf.Duration;
import java.io.IOException;
import java.util.concurrent.ExecutionException;

public class CreateCertificate_CSR {

public static void main(String[] args)
throws IOException, ExecutionException, InterruptedException {
// TODO(developer): Replace these variables before running the sample.

// location: For a list of locations, see:
// https://cloud.google.com/certificate-authority-service/docs/locations
// pool_Id: Set a unique id for the CA pool.
// certificateAuthorityName: The name of the certificate authority to sign the CSR.
// certificateName: Set a unique name for the certificate.
// pemCSR: Set the Certificate Issuing Request in the pem encoded format.
String project = "your-project-id";
String location = "ca-location";
String pool_Id = "ca-pool-id";
String certificateAuthorityName = "certificate-authority-name";
String certificateName = "certificate-name";
String pemCSR =
"-----BEGIN CERTIFICATE REQUEST-----\n"
+ "sample-pem-csr-format\n"
+ "-----END CERTIFICATE REQUEST-----";

createCertificateWithCSR(
project, location, pool_Id, certificateAuthorityName, certificateName, pemCSR);
}

// Create a Certificate which is issued by the specified Certificate Authority.
// The certificate details and the public key is provided as a CSR (Certificate Signing Request).
public static void createCertificateWithCSR(
String project,
String location,
String pool_Id,
String certificateAuthorityName,
String certificateName,
String pemCSR)
throws IOException, ExecutionException, InterruptedException {
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the `certificateAuthorityServiceClient.close()` method on the client to safely
// clean up any remaining background resources.
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
CertificateAuthorityServiceClient.create()) {
// certificateLifetime: The validity of the certificate in seconds.
long certificateLifetime = 1000L;

// Create certificate with CSR.
// The pemCSR contains the public key and the domain details required.
Certificate certificate =
Certificate.newBuilder()
.setPemCsr(pemCSR)
.setLifetime(Duration.newBuilder().setSeconds(certificateLifetime).build())
.build();

// Create the Certificate Request.
// Set the CA which is responsible for creating the certificate with the provided CSR.
CreateCertificateRequest certificateRequest =
CreateCertificateRequest.newBuilder()
.setParent(CaPoolName.of(project, location, pool_Id).toString())
.setIssuingCertificateAuthorityId(certificateAuthorityName)
.setCertificateId(certificateName)
.setCertificate(certificate)
.build();

// Get the certificate response.
ApiFuture<Certificate> future =
certificateAuthorityServiceClient
.createCertificateCallable()
.futureCall(certificateRequest);

Certificate certificateResponse = future.get();

System.out.println("Certificate created successfully : " + certificateResponse.getName());

// Get the signed certificate and the issuer chain list.
System.out.println("Signed certificate:\n " + certificateResponse.getPemCertificate());
System.out.println("Issuer chain list:\n" + certificateResponse.getPemCertificateChainList());
}
}
}
// [END privateca_create_certificate_csr]
Loading

0 comments on commit 7454cb0

Please sign in to comment.