com.venafi.vcert.sdk.policy.converter.cloud.CloudPolicyToPolicyConverter Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of vcert-java Show documentation
Show all versions of vcert-java Show documentation
VCert is a Java library, SDK, designed to simplify key generation and enrollment of machine identities (also known as SSL/TLS certificates and keys) that comply with enterprise security policy by using the Venafi Platform or Venafi Cloud.
package com.venafi.vcert.sdk.policy.converter.cloud;
import com.venafi.vcert.sdk.connectors.cloud.domain.CertificateIssuingTemplate;
import com.venafi.vcert.sdk.policy.api.domain.CloudPolicy;
import com.venafi.vcert.sdk.policy.domain.Policy;
import com.venafi.vcert.sdk.policy.domain.PolicySpecification;
import com.venafi.vcert.sdk.policy.converter.ToPolicyConverterAbstract;
import java.util.List;
public class CloudPolicyToPolicyConverter extends ToPolicyConverterAbstract {
public static CloudPolicyToPolicyConverter INSTANCE = new CloudPolicyToPolicyConverter();
private CloudPolicyToPolicyConverter(){}
public PolicySpecification convertToPolicy(CloudPolicy cloudPolicy) throws Exception {
PolicySpecification policySpecification = new PolicySpecification();
CertificateIssuingTemplate cit = cloudPolicy.certificateIssuingTemplate();
policySpecification.name( cit.name() );
processPolicy( policySpecification, cloudPolicy);
processDefaults( policySpecification, cloudPolicy);
return policySpecification;
}
private void processPolicy( PolicySpecification policySpecification, CloudPolicy cloudPolicy) throws Exception {
CertificateIssuingTemplate cit = cloudPolicy.certificateIssuingTemplate();
processDomainsAndWildcard( policySpecification, cit);
processMaxValidDays( policySpecification, cit);
processCertificateAuthority( policySpecification, cloudPolicy.caInfo());
processSubject( policySpecification, cloudPolicy);
processKeyPair( policySpecification, cloudPolicy);
processSubjectAltNames( policySpecification, cloudPolicy);
}
private void processDomainsAndWildcard( PolicySpecification policySpecification, CertificateIssuingTemplate cit ) throws Exception{
List subjectCNRegexes = cit.subjectCNRegexes;
if ( subjectCNRegexes != null && subjectCNRegexes.size() > 0 && !subjectCNRegexes.get(0).equals(".*") ) {
Policy policy = getPolicyFromPolicySpecification( policySpecification );
policy.domains( subjectCNRegexes.toArray(new String[0]) );
boolean wildcardFound = false;
boolean wildcardNotFound = false;
for ( String subjectCNRegex : subjectCNRegexes) {
if ( subjectCNRegex.startsWith("[*"))
wildcardFound = true;
else
wildcardNotFound = true;
}
if ( wildcardFound && !wildcardNotFound )
policy.wildcardAllowed(true);
else
if ( !wildcardFound && wildcardNotFound )
policy.wildcardAllowed(false);
} else {
//domains will not set
}
}
private void processMaxValidDays( PolicySpecification policySpecification,CertificateIssuingTemplate cit ) throws Exception {
if ( cit.validityPeriod() != null ) {
String validityPeriod = cit.validityPeriod();
if ( validityPeriod.matches("P[0-9]*D")) {
getPolicyFromPolicySpecification( policySpecification ).maxValidDays( Integer.valueOf( validityPeriod.substring(1, validityPeriod.length()-1)) );
}
}
}
private void processCertificateAuthority( PolicySpecification policySpecification, CloudPolicy.CAInfo caInfo ) throws Exception {
if ( caInfo != null ) {
getPolicyFromPolicySpecification( policySpecification ).certificateAuthority( caInfo.certificateAuthorityString() );
}
}
private void processSubject( PolicySpecification policySpecification, CloudPolicy cloudPolicy) throws Exception {
CertificateIssuingTemplate cit = cloudPolicy.certificateIssuingTemplate();
if (cit.subjectORegexes() != null)
getSubjectFromPolicySpecification( policySpecification ).orgs( cit.subjectORegexes.toArray(new String[0]));
if (cit.subjectOURegexes() != null)
getSubjectFromPolicySpecification( policySpecification ).orgUnits( cit.subjectOURegexes.toArray(new String[0]));
if (cit.subjectLRegexes() != null)
getSubjectFromPolicySpecification( policySpecification ).localities( cit.subjectLRegexes.toArray(new String[0]));
if (cit.subjectSTRegexes() != null)
getSubjectFromPolicySpecification( policySpecification ).states( cit.subjectSTRegexes.toArray(new String[0]));
if (cit.subjectCValues() != null)
getSubjectFromPolicySpecification( policySpecification ).countries( cit.subjectCValues.toArray(new String[0]));
}
private void processKeyPair( PolicySpecification policySpecification, CloudPolicy cloudPolicy) throws Exception {
CertificateIssuingTemplate cit = cloudPolicy.certificateIssuingTemplate();
if ( cit.keyReuse() != null )
getKeyPairFromPolicySpecification( policySpecification ).reuseAllowed( cit.keyReuse() );
if ( cit.keyTypes() != null && cit.keyTypes().size() > 0)
processKeyTypes(policySpecification, cit.keyTypes().get(0));
}
private void processKeyTypes( PolicySpecification policySpecification, CertificateIssuingTemplate.AllowedKeyType keyType) throws Exception {
if( keyType.keyType() != null ) {
String[] keyTypes = { keyType.keyType() };
getKeyPairFromPolicySpecification( policySpecification ).keyTypes( keyTypes );
}
if( keyType.keyLengths() != null && keyType.keyLengths().size() > 0 ) {
getKeyPairFromPolicySpecification( policySpecification ).rsaKeySizes( keyType.keyLengths().toArray( new Integer[0]) );
}
}
private void processSubjectAltNames( PolicySpecification policySpecification, CloudPolicy cloudPolicy) throws Exception {
processSubjectAltNames( policySpecification, cloudPolicy.certificateIssuingTemplate());
}
private void processSubjectAltNames(PolicySpecification policySpecification, CertificateIssuingTemplate cit ) throws Exception {
List subjectCNRegexes = cit.sanDnsNameRegexes();
if (subjectCNRegexes != null && subjectCNRegexes.size() > 0 && !subjectCNRegexes.get(0).equals(".*"))
getSubjectAltNamesFromPolicySpecification(policySpecification).dnsAllowed(true);
}
private void processDefaults( PolicySpecification policySpecification, CloudPolicy cloudPolicy ) throws Exception {
if ( cloudPolicy.certificateIssuingTemplate().recommendedSettings() != null ) {
CertificateIssuingTemplate.RecommendedSettings recommendedSettings = cloudPolicy.certificateIssuingTemplate().recommendedSettings();
processDefaultsSubject( policySpecification, recommendedSettings);
processDefaultsKeyPair( policySpecification, recommendedSettings);
}
}
private void processDefaultsSubject( PolicySpecification policySpecification, CertificateIssuingTemplate.RecommendedSettings recommendedSettings ) throws Exception {
if ( recommendedSettings.subjectOValue() != null )
getDefaultsSubjectFromPolicySpecification( policySpecification ).org( recommendedSettings.subjectOValue() );
if ( recommendedSettings.subjectOUValue() != null ) {
String[] subjectOUValues = {recommendedSettings.subjectOUValue()};
getDefaultsSubjectFromPolicySpecification(policySpecification).orgUnits(subjectOUValues);
}
if ( recommendedSettings.subjectLValue() != null )
getDefaultsSubjectFromPolicySpecification( policySpecification ).locality( recommendedSettings.subjectLValue() );
if ( recommendedSettings.subjectSTValue() != null )
getDefaultsSubjectFromPolicySpecification( policySpecification ).state( recommendedSettings.subjectSTValue() );
if ( recommendedSettings.subjectCValue() != null )
getDefaultsSubjectFromPolicySpecification( policySpecification ).country( recommendedSettings.subjectCValue() );
}
private void processDefaultsKeyPair( PolicySpecification policySpecification, CertificateIssuingTemplate.RecommendedSettings recommendedSettings) throws Exception {
processDefaultsKeyType( policySpecification, recommendedSettings);
}
private void processDefaultsKeyType( PolicySpecification policySpecification, CertificateIssuingTemplate.RecommendedSettings recommendedSettings) throws Exception {
if( recommendedSettings.key() != null ) {
if( recommendedSettings.key().type() != null )
getDefaultsKeyPairFromPolicySpecification(policySpecification).keyType(recommendedSettings.key().type());
if( recommendedSettings.key().length() != null )
getDefaultsKeyPairFromPolicySpecification(policySpecification).rsaKeySize(recommendedSettings.key().length());
}
}
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy