All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.venafi.vcert.sdk.connectors.tpp.TppConnectorUtils Maven / Gradle / Ivy

Go to download

VCert is a Java library, SDK, designed to simplify key generation and enrollment of machine identities (also known as SSL/TLS certificates and keys) that comply with enterprise security policy by using the Venafi Platform or Venafi Cloud.

There is a newer version: 0.9.3
Show newest version
package com.venafi.vcert.sdk.connectors.tpp;

import com.venafi.vcert.sdk.VCertException;
import com.venafi.vcert.sdk.connectors.tpp.endpoint.*;
import com.venafi.vcert.sdk.policy.api.domain.TPPPolicy;
import com.venafi.vcert.sdk.policy.converter.tpp.AltName;
import feign.Response;

import java.util.ArrayList;
import java.util.List;

public class TppConnectorUtils {

  public static boolean dnExist(String dn, TppAPI tppAPI) throws VCertException {
    try {
      DNIsValidResponse dnIsValidResponse = tppAPI.dnIsValid(new DNIsValidRequest(dn));

      if(dnIsValidResponse.result() == 1 && dnIsValidResponse.objectDN().dn()!=null)
        return true;
      else
      if( dnIsValidResponse.error() != null && dnIsValidResponse.result() == 400)
        return false;
      else
        throw new VCertException(dnIsValidResponse.error());
    } catch (Exception e) {
      throw new VCertException(e);
    }
  }

  public static void createPolicy(String dn, TppAPI tppAPI) throws VCertException {
    try {
      CreateDNResponse createDNResponse = tppAPI.createDN(new CreateDNRequest(dn));

      if( createDNResponse.error() != null)
        throw new VCertException(createDNResponse.error());
    } catch (Exception e) {
      throw new VCertException(e);
    }
  }

  public static void resetAttributes(String policyName, TppAPI tppAPI) throws VCertException {
    //reset Contact
    clearPolicyAttribute(policyName, TppPolicyConstants.TPP_CONTACT, tppAPI);

    //reset Approver
    clearPolicyAttribute(policyName, TppPolicyConstants.TPP_APPROVER, tppAPI);

    //reset Domain Suffix Whitelist
    clearPolicyAttribute(policyName, TppPolicyConstants.TPP_DOMAIN_SUFFIX_WHITELIST, tppAPI);

    //reset Prohibit Wildcard
    clearPolicyAttribute(policyName, TppPolicyConstants.TPP_PROHIBIT_WILDCARD, tppAPI);

    //reset Certificate Authority
    clearPolicyAttribute(policyName, TppPolicyConstants.TPP_CERTIFICATE_AUTHORITY, tppAPI);

    //reset Management Type
    clearPolicyAttribute(policyName, TppPolicyConstants.TPP_MANAGEMENT_TYPE, tppAPI);

    //reset Organization attribute
    clearPolicyAttribute(policyName, TppPolicyConstants.TPP_ORGANIZATION, tppAPI);

    //reset Organizational Unit attribute
    clearPolicyAttribute(policyName, TppPolicyConstants.TPP_ORGANIZATIONAL_UNIT, tppAPI);

    //reset City attribute
    clearPolicyAttribute(policyName, TppPolicyConstants.TPP_CITY, tppAPI);

    //reset State attribute
    clearPolicyAttribute(policyName, TppPolicyConstants.TPP_STATE, tppAPI);

    //reset Country attribute
    clearPolicyAttribute(policyName, TppPolicyConstants.TPP_COUNTRY, tppAPI);

    //reset Key Algorithm attribute
    clearPolicyAttribute(policyName, TppPolicyConstants.TPP_KEY_ALGORITHM, tppAPI);

    //reset Key Bit Strength
    clearPolicyAttribute(policyName, TppPolicyConstants.TPP_KEY_BIT_STRENGTH, tppAPI);

    //reset Elliptic Curve attribute
    clearPolicyAttribute(policyName, TppPolicyConstants.TPP_ELLIPTIC_CURVE, tppAPI);

    //reset Manual Csr attribute
    clearPolicyAttribute(policyName, TppPolicyConstants.TPP_MANUAL_CSR, tppAPI);

    //reset prohibited SAN Types attribute
    clearPolicyAttribute(policyName, TppPolicyConstants.TPP_PROHIBITED_SAN_TYPES, tppAPI);

    //reset Private Key Reuse" & "Want Renewal
    clearPolicyAttribute(policyName, TppPolicyConstants.TPP_ALLOW_PRIVATE_KEY_REUSE, tppAPI);

    //reset Want Renewal attribute
    clearPolicyAttribute(policyName, TppPolicyConstants.TPP_WANT_RENEWAL, tppAPI);
  }

  public static void setPolicyAttributes(TPPPolicy tppPolicy, TppAPI tppAPI) throws VCertException {
    //create Contact
    if (tppPolicy.contact() != null)
      setPolicyAttribute(tppPolicy.policyName(), TppPolicyConstants.TPP_CONTACT, tppPolicy.contact(), true, tppAPI);

    //create Approver
    if (tppPolicy.approver() != null)
      setPolicyAttribute(tppPolicy.policyName(), TppPolicyConstants.TPP_APPROVER, tppPolicy.approver(), true, tppAPI);

    //create Domain Suffix Whitelist
    if (tppPolicy.domainSuffixWhiteList() != null)
      setPolicyAttribute(tppPolicy.policyName(), TppPolicyConstants.TPP_DOMAIN_SUFFIX_WHITELIST, tppPolicy.domainSuffixWhiteList(), true, tppAPI);

    //create Prohibit Wildcard
    if (tppPolicy.prohibitWildcard() != null)
      setPolicyAttribute(tppPolicy.policyName(), TppPolicyConstants.TPP_PROHIBIT_WILDCARD, new Integer[]{tppPolicy.prohibitWildcard()}, false, tppAPI);

    //create Certificate Authority
    if (tppPolicy.certificateAuthority() != null)
      setPolicyAttribute(tppPolicy.policyName(), TppPolicyConstants.TPP_CERTIFICATE_AUTHORITY, new String[]{tppPolicy.certificateAuthority()}, false, tppAPI);

    //create Management Type
    if (tppPolicy.managementType() != null)
      setPolicyAttribute(tppPolicy.policyName(), TppPolicyConstants.TPP_MANAGEMENT_TYPE, tppPolicy.managementType().values(), tppPolicy.managementType().lock(), tppAPI);
    else
      clearPolicyAttribute(tppPolicy.policyName(), TppPolicyConstants.TPP_MANAGEMENT_TYPE, tppAPI);

    //create Organization attribute
    if (tppPolicy.organization() != null)
      setPolicyAttribute(tppPolicy.policyName(), TppPolicyConstants.TPP_ORGANIZATION, tppPolicy.organization().values(), tppPolicy.organization().lock(), tppAPI);
    else
      clearPolicyAttribute(tppPolicy.policyName(), TppPolicyConstants.TPP_ORGANIZATION, tppAPI);

    //create Organizational Unit attribute
    if (tppPolicy.organizationalUnit() != null)
      setPolicyAttribute(tppPolicy.policyName(), TppPolicyConstants.TPP_ORGANIZATIONAL_UNIT, tppPolicy.organizationalUnit().values(), tppPolicy.organizationalUnit().lock(), tppAPI);
    else
      clearPolicyAttribute(tppPolicy.policyName(), TppPolicyConstants.TPP_ORGANIZATIONAL_UNIT, tppAPI);

    //create City attribute
    if (tppPolicy.city() != null)
      setPolicyAttribute(tppPolicy.policyName(), TppPolicyConstants.TPP_CITY, tppPolicy.city().values(), tppPolicy.city().lock(), tppAPI);
    else
      clearPolicyAttribute(tppPolicy.policyName(), TppPolicyConstants.TPP_CITY, tppAPI);

    //create State attribute
    if (tppPolicy.state() != null)
      setPolicyAttribute(tppPolicy.policyName(), TppPolicyConstants.TPP_STATE, tppPolicy.state().values(), tppPolicy.state().lock(), tppAPI);
    else
      clearPolicyAttribute(tppPolicy.policyName(), TppPolicyConstants.TPP_STATE, tppAPI);

    //create Country attribute
    if (tppPolicy.country() != null)
      setPolicyAttribute(tppPolicy.policyName(), TppPolicyConstants.TPP_COUNTRY, tppPolicy.country().values(), tppPolicy.country().lock(), tppAPI);
    else
      clearPolicyAttribute(tppPolicy.policyName(), TppPolicyConstants.TPP_COUNTRY, tppAPI);

    //create Key Algorithm attribute
    if (tppPolicy.keyAlgorithm() != null)
      setPolicyAttribute(tppPolicy.policyName(), TppPolicyConstants.TPP_KEY_ALGORITHM, tppPolicy.keyAlgorithm().values(), tppPolicy.keyAlgorithm().lock(), tppAPI);
    else
      clearPolicyAttribute(tppPolicy.policyName(), TppPolicyConstants.TPP_KEY_ALGORITHM, tppAPI);

    //create Key Bit Strength
    if (tppPolicy.keyBitStrength() != null)
      setPolicyAttribute(tppPolicy.policyName(), TppPolicyConstants.TPP_KEY_BIT_STRENGTH, tppPolicy.keyBitStrength().values(), tppPolicy.keyBitStrength().lock(), tppAPI);
    else
      clearPolicyAttribute(tppPolicy.policyName(), TppPolicyConstants.TPP_KEY_BIT_STRENGTH, tppAPI);

    //create Elliptic Curve attribute
    if (tppPolicy.ellipticCurve() != null)
      setPolicyAttribute(tppPolicy.policyName(), TppPolicyConstants.TPP_ELLIPTIC_CURVE, tppPolicy.ellipticCurve().values(), tppPolicy.ellipticCurve().lock(), tppAPI);
    else
      clearPolicyAttribute(tppPolicy.policyName(), TppPolicyConstants.TPP_ELLIPTIC_CURVE, tppAPI);

    //create Manual Csr attribute
    if (tppPolicy.manualCsr() != null)
      setPolicyAttribute(tppPolicy.policyName(), TppPolicyConstants.TPP_MANUAL_CSR, tppPolicy.manualCsr().values(), tppPolicy.manualCsr().lock(), tppAPI);
    else
      clearPolicyAttribute(tppPolicy.policyName(), TppPolicyConstants.TPP_MANUAL_CSR, tppAPI);

    //create prohibited SAN Types attribute
    if (tppPolicy.prohibitedSANTypes() != null)
      setPolicyAttribute(tppPolicy.policyName(), TppPolicyConstants.TPP_PROHIBITED_SAN_TYPES, tppPolicy.prohibitedSANTypes(), false, tppAPI);

    //Allow Private Key Reuse" & "Want Renewal
    if (tppPolicy.allowPrivateKeyReuse() != null)
      setPolicyAttribute(tppPolicy.policyName(), TppPolicyConstants.TPP_ALLOW_PRIVATE_KEY_REUSE, tppPolicy.allowPrivateKeyReuse().values(), tppPolicy.allowPrivateKeyReuse().lock(), tppAPI);

    //create Want Renewal attribute
    if (tppPolicy.wantRenewal() != null)
      setPolicyAttribute(tppPolicy.policyName(), TppPolicyConstants.TPP_WANT_RENEWAL, tppPolicy.wantRenewal().values(), tppPolicy.wantRenewal().lock(), tppAPI);
  }

  public static void setPolicyAttribute(String dn, String attributeName, Object[] values, boolean locked, TppAPI tppAPI) throws VCertException {
    try {
      SetPolicyAttributeResponse setPolicyAttributeResponse = tppAPI.setPolicyAttribute(new SetPolicyAttributeRequest(dn, attributeName, values, locked));

      if(setPolicyAttributeResponse.result() != 1)
        throw new VCertException(setPolicyAttributeResponse.error());
    } catch (Exception e) {
      throw new VCertException(e);
    }
  }

  public static void clearPolicyAttribute(String dn, String attributeName, TppAPI tppAPI) throws VCertException {
    try {
      Response clearPolicyAttributeResponse = tppAPI.clearPolicyAttribute(new ClearPolicyAttributeRequest(dn, attributeName));

      if(clearPolicyAttributeResponse.status() != 200)
        throw new VCertException("It was no possible to reset the attribute "+attributeName);
    } catch (Exception e) {
      throw new VCertException(e);
    }
  }

  public static TPPPolicy populatePolicy(TPPPolicy tppPolicy, TppAPI tppAPI) throws VCertException {
    GetPolicyResponse getPolicyResponse;
    try {
      getPolicyResponse = tppAPI.getPolicy(new GetPolicyRequest(tppPolicy.policyName()));
    } catch (Exception e) {
      throw new VCertException(e);
    }

    if(getPolicyResponse != null && getPolicyResponse.error() != null)
      throw new VCertException(getPolicyResponse.error());

    PolicyResponse policyResponse = getPolicyResponse.policy();

    if ( policyResponse != null ){
      //Domain suffix white list
      tppPolicy.domainSuffixWhiteList( policyResponse.whitelistedDomains() );

      //Prohibited wildcard
      tppPolicy.prohibitWildcard( policyResponse.wildcardsAllowed() ? 0 : 1);

      //Certificate authority
      tppPolicy.certificateAuthority( policyResponse.certificateAuthority() != null ? policyResponse.certificateAuthority().value() : null);

      //management type
      if( policyResponse.managementType() != null)
        tppPolicy.managementType( policyResponse.managementType().value(), policyResponse.managementType().locked() );

      //Subject
      SubjectResponse subjectResponse = policyResponse.subject();

      if( subjectResponse != null ) {
        //Organization
        if ( subjectResponse.organization() != null )
          tppPolicy.organization( subjectResponse.organization().value(), subjectResponse.organization().locked());

        //Org Unit
        if ( subjectResponse.organizationalUnit() != null )
          tppPolicy.organizationalUnit( subjectResponse.organizationalUnit().values(), subjectResponse.organizationalUnit().locked() );

        //City
        if ( subjectResponse.city() != null )
          tppPolicy.city( subjectResponse.city().value(), subjectResponse.city().locked() );

        //State
        if ( subjectResponse.state() != null )
          tppPolicy.state( subjectResponse.state().value(), subjectResponse.state().locked() );

        //country
        if ( subjectResponse.country() != null )
          tppPolicy.country( subjectResponse.country().value(), subjectResponse.country().locked()  );
      }

      //KeyPair
      KeyPairResponse keyPairResponse = policyResponse.keyPair();

      if ( keyPairResponse != null ) {
        //KeyAlgorithm
        if( keyPairResponse.keyAlgorithm() != null )
          tppPolicy.keyAlgorithm( keyPairResponse.keyAlgorithm().value(), keyPairResponse.keyAlgorithm().locked());

        //Key Bit Strength
        if( keyPairResponse.keySize() != null )
          tppPolicy.keyBitStrength( keyPairResponse.keySize().value().toString(), keyPairResponse.keySize().locked() );


        //Elliptic Curve
        if( keyPairResponse.ellipticCurve() != null )
          tppPolicy.ellipticCurve( keyPairResponse.ellipticCurve().value(), keyPairResponse.ellipticCurve().locked() );
      }

      //Manual Csr
      if( policyResponse.csrGeneration() != null)
        if( policyResponse.csrGeneration().value().equals("ServiceGenerated") )
          tppPolicy.manualCsr("0", policyResponse.csrGeneration().locked());
        else
        if( policyResponse.csrGeneration().value().equals("UserProvided") )
          tppPolicy.manualCsr("1", policyResponse.csrGeneration().locked());

      //AllowPrivate Key Reuse
      tppPolicy.allowPrivateKeyReuse( policyResponse.privateKeyReuseAllowed() ? "1" : "0", true );

      //TppWantRenewal
      tppPolicy.wantRenewal( policyResponse.privateKeyReuseAllowed() ? "1" : "0", true );

      //Prohibited SAN Types
      setProhibitedSANTypes(tppPolicy, policyResponse);
    }

    return tppPolicy;
  }

  public static void setProhibitedSANTypes( TPPPolicy tppPolicy, PolicyResponse policyResponse ) {

    List prohibitedSANTypes = new ArrayList<>();

    if ( policyResponse.subjAltNameDnsAllowed() )
      prohibitedSANTypes.add(AltName.DNS.value);

    if ( policyResponse.subjAltNameIpAllowed() )
      prohibitedSANTypes.add(AltName.IP.value);

    if ( policyResponse.subjAltNameEmailAllowed() )
      prohibitedSANTypes.add(AltName.EMAIL.value);

    if ( policyResponse.subjAltNameUriAllowed() )
      prohibitedSANTypes.add(AltName.URI.value);

    if ( policyResponse.subjAltNameUpnAllowed() )
      prohibitedSANTypes.add(AltName.UPN.value);

    if( prohibitedSANTypes.size()>0 )
      tppPolicy.prohibitedSANTypes(prohibitedSANTypes.toArray(new String[0]));
  }

}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy