Skip to content

Commit

Permalink
docs: client sample docs update (#219)
Browse files Browse the repository at this point in the history
* docs: update comments

* docs: update comments

* (docs): Adding README.md

* 🦉 Updates from OwlBot

See https://github.com/googleapis/repo-automation-bots/blob/master/packages/owl-bot/README.md

* docs: updated README.md

* refactor: replaced POOL_NAME with POOL_ID to align with cloud docs.

* docs: lint fix

* 🦉 Updates from OwlBot

See https://github.com/googleapis/repo-automation-bots/blob/master/packages/owl-bot/README.md

Co-authored-by: sitalakshmis <[email protected]>
Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
  • Loading branch information
3 people authored Aug 3, 2021
1 parent 618b17e commit 352439d
Show file tree
Hide file tree
Showing 13 changed files with 159 additions and 86 deletions.
75 changes: 75 additions & 0 deletions privateca/cloud-client/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
# Google Cloud Private Certificate Authority Service

<a href="https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/java-security-private-ca&page=editor&open_in_editor=samples/snippets/cloud-client/README.md">
<img alt="Open in Cloud Shell" src ="http://gstatic.com/cloudssh/images/open-btn.png"></a>

Google [Cloud Private Certificate Authority Service](https://cloud.google.com/certificate-authority-service) is a highly available, scalable Google Cloud service that enables you to simplify, automate, and customize the deployment, management, and security of private certificate authorities (CA).

These sample Java applications demonstrate how to access the Cloud CA API using the
Google Java API Client Libraries.

## Prerequisites

### Google Cloud Project

Set up a Google Cloud project with billing enabled.

### Enable the API

You must [enable the Google Private Certificate Authority Service API](https://console.cloud.google.com/flows/enableapi?apiid=privateca.googleapis.com) for your project in order to use these samples.

### Service account

A service account with private key credentials is required to create signed bearer tokens.
Create a [service account](https://console.cloud.google.com/iam-admin/serviceaccounts/create) and download the credentials file as JSON.

### Set Environment Variables

You must set your project ID and service account credentials in order to run the tests.

```
$ export GOOGLE_CLOUD_PROJECT="<google-project-id-here>"
$ export GOOGLE_APPLICATION_CREDENTIALS="<path-to-service-account-credentials-file>"
```

### Grant Permissions

You must ensure that the [user account or service account](https://cloud.google.com/iam/docs/service-accounts#differences_between_a_service_account_and_a_user_account) you used to authorize your gcloud session has the proper permissions to edit Private CA resources for your project. In the Cloud Console under IAM, add the following roles to the project whose service account you're using to test:

* Cloud CA Service Admin
* Cloud CA Service Certificate Requester
* Cloud CA Service Certificate Manager
* Cloud CA Service Certificate Template User
* Cloud CA Service Workload Certificate Requester
* Cloud CA Service Operation Manager
* Cloud CA Service Auditor

More information can be found in the [Google Private Certificate Authority Service Docs](https://cloud.google.com/certificate-authority-service/docs/reference/permissions-and-roles).


## Build and Run

The following instructions will help you prepare your development environment.

1. Download and install the [Java Development Kit (JDK)](https://www.oracle.com/java/technologies/javase-downloads.html).
Verify that the [JAVA_HOME](https://docs.oracle.com/javase/8/docs/technotes/guides/troubleshoot/envvars001.html) environment variable is set and points to your JDK installation.


2. Download and install [Apache Maven](http://maven.apache.org/download.cgi) by following the [Maven installation guide](http://maven.apache.org/install.html) for your specific operating system.


3. Clone the java-security-private-ca repository.
```
git clone https://github.com/googleapis/java-security-private-ca.git
```

4. Navigate to the sample code directory.

```
cd java-security-private-ca/samples/snippets/cloud-client
```

5. Run the **SnippetsIT** test file present under the test folder.

### Crypto frameworks
[Bouncy Castle](https://www.bouncycastle.org/documentation.html) cryptographic framework is used as a part of testing.
12 changes: 6 additions & 6 deletions privateca/cloud-client/src/main/java/privateca/CreateCaPool.java
Original file line number Diff line number Diff line change
Expand Up @@ -34,16 +34,16 @@ public static void main(String[] args)
// TODO(developer): Replace these variables before running the sample.
// location: For a list of locations, see:
// https://cloud.google.com/certificate-authority-service/docs/locations
// caPoolName: Set a unique name for the CA pool.
// pool_Id: Set a unique pool_Id for the CA pool.
String project = "your-project-id";
String location = "ca-location";
String caPoolName = "ca-pool-name";
createCaPool(project, location, caPoolName);
String pool_Id = "ca-pool-id";
createCaPool(project, location, pool_Id);
}

// Create a Certificate Authority Pool. All certificates created under this CA pool will
// follow the same issuance policy, IAM policies,etc.,
public static void createCaPool(String project, String location, String caPoolName)
public static void createCaPool(String project, String location, String pool_Id)
throws InterruptedException, ExecutionException, IOException {
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
Expand All @@ -59,7 +59,7 @@ Set the Tier (see: https://cloud.google.com/certificate-authority-service/docs/t
CreateCaPoolRequest caPoolRequest =
CreateCaPoolRequest.newBuilder()
.setParent(LocationName.of(project, location).toString())
.setCaPoolId(caPoolName)
.setCaPoolId(pool_Id)
.setCaPool(CaPool.newBuilder().setTier(Tier.ENTERPRISE).build())
.build();

Expand All @@ -73,7 +73,7 @@ Set the Tier (see: https://cloud.google.com/certificate-authority-service/docs/t
return;
}

System.out.println("CA pool created successfully: " + caPoolName);
System.out.println("CA pool created successfully: " + pool_Id);
}
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -47,18 +47,18 @@ public static void main(String[] args)
// publicKeyBytes: Public key used in signing the certificates.
// location: For a list of locations, see:
// https://cloud.google.com/certificate-authority-service/docs/locations
// caPoolName: Set a unique name for the CA pool.
// pool_Id: Set a unique id for the CA pool.
// certificateAuthorityName: The name of the certificate authority which issues the certificate.
// certificateName: Set a unique name for the certificate.
String project = "your-project-id";
ByteString publicKeyBytes = ByteString.copyFrom(new byte[] {});
String location = "ca-location";
String caPoolName = "ca-pool-name";
String pool_Id = "ca-pool_Id";
String certificateAuthorityName = "certificate-authority-name";
String certificateName = "certificate-name";

createCertificate(
project, location, caPoolName, certificateAuthorityName, certificateName, publicKeyBytes);
project, location, pool_Id, certificateAuthorityName, certificateName, publicKeyBytes);
}

// Create a Certificate which is issued by the Certificate Authority present in the CA Pool.
Expand All @@ -67,7 +67,7 @@ public static void main(String[] args)
public static void createCertificate(
String project,
String location,
String caPoolName,
String pool_Id,
String certificateAuthorityName,
String certificateName,
ByteString publicKeyBytes)
Expand Down Expand Up @@ -133,7 +133,7 @@ public static void createCertificate(
// Create the Certificate Request.
CreateCertificateRequest certificateRequest =
CreateCertificateRequest.newBuilder()
.setParent(CaPoolName.of(project, location, caPoolName).toString())
.setParent(CaPoolName.of(project, location, pool_Id).toString())
.setCertificateId(certificateName)
.setCertificate(certificate)
.setIssuingCertificateAuthorityId(certificateAuthorityName)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -43,19 +43,18 @@ public static void main(String[] args)
// TODO(developer): Replace these variables before running the sample.
// location: For a list of locations, see:
// https://cloud.google.com/certificate-authority-service/docs/locations
// caPoolName: Set it to the CA Pool under which the CA should be created.
// pool_Id: Set it to the CA Pool under which the CA should be created.
// certificateAuthorityName: Unique name for the CA.
String project = "your-project-id";
String location = "ca-location";
String caPoolName = "ca-pool-name";
String pool_Id = "ca-pool-id";
String certificateAuthorityName = "certificate-authority-name";
createCertificateAuthority(project, location, caPoolName, certificateAuthorityName);
createCertificateAuthority(project, location, pool_Id, certificateAuthorityName);
}

// Create Certificate Authority which is the root CA in the given CA Pool. This CA will be
// responsible for signing certificates within this pool.
// Create Certificate Authority which is the root CA in the given CA Pool.
public static void createCertificateAuthority(
String project, String location, String caPoolName, String certificateAuthorityName)
String project, String location, String pool_Id, String certificateAuthorityName)
throws InterruptedException, ExecutionException, IOException {
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
Expand All @@ -68,7 +67,7 @@ public static void createCertificateAuthority(
String orgName = "org-name";
int caDuration = 100000; // Validity of this CA in seconds.

// Set the types of Algorithm used to create a cloud KMS key.
// Set the type of Algorithm.
KeyVersionSpec keyVersionSpec =
KeyVersionSpec.newBuilder().setAlgorithm(SignHashAlgorithm.RSA_PKCS1_4096_SHA256).build();

Expand Down Expand Up @@ -108,7 +107,7 @@ public static void createCertificateAuthority(
// Create the CertificateAuthorityRequest.
CreateCertificateAuthorityRequest certificateAuthorityRequest =
CreateCertificateAuthorityRequest.newBuilder()
.setParent(CaPoolName.of(project, location, caPoolName).toString())
.setParent(CaPoolName.of(project, location, pool_Id).toString())
.setCertificateAuthorityId(certificateAuthorityName)
.setCertificateAuthority(certificateAuthority)
.build();
Expand Down
16 changes: 8 additions & 8 deletions privateca/cloud-client/src/main/java/privateca/DeleteCaPool.java
Original file line number Diff line number Diff line change
Expand Up @@ -33,16 +33,16 @@ public static void main(String[] args)
// TODO(developer): Replace these variables before running the sample.
// location: For a list of locations, see:
// https://cloud.google.com/certificate-authority-service/docs/locations
// caPoolName: The name of the CA pool to be deleted.
// pool_Id: The id of the CA pool to be deleted.
String project = "your-project-id";
String location = "ca-location";
String caPoolName = "ca-pool-name";
deleteCaPool(project, location, caPoolName);
String pool_Id = "ca-pool-id";
deleteCaPool(project, location, pool_Id);
}

// Delete the CA pool as mentioned by the caPoolName.
// Delete the CA pool as mentioned by the pool_Id.
// Before deleting the pool, all CAs in the pool MUST BE deleted.
public static void deleteCaPool(String project, String location, String caPoolName)
public static void deleteCaPool(String project, String location, String pool_Id)
throws InterruptedException, ExecutionException, IOException {
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
Expand All @@ -51,12 +51,12 @@ public static void deleteCaPool(String project, String location, String caPoolNa
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
CertificateAuthorityServiceClient.create()) {

// Set the project, location and caPoolName to delete.
// Set the project, location and pool_Id to delete.
CaPoolName caPool =
CaPoolName.newBuilder()
.setProject(project)
.setLocation(location)
.setCaPool(caPoolName)
.setCaPool(pool_Id)
.build();

// Create the Delete request.
Expand All @@ -73,7 +73,7 @@ public static void deleteCaPool(String project, String location, String caPoolNa
return;
}

System.out.println("Deleted CA Pool: " + caPoolName);
System.out.println("Deleted CA Pool: " + pool_Id);
}
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -33,19 +33,19 @@ public static void main(String[] args)
// TODO(developer): Replace these variables before running the sample.
// location: For a list of locations, see:
// https://cloud.google.com/certificate-authority-service/docs/locations
// caPoolName: The name of the CA pool under which the CA is present.
// pool_Id: The id of the CA pool under which the CA is present.
// certificateAuthorityName: The name of the CA to be deleted.
String project = "your-project-id";
String location = "ca-location";
String caPoolName = "ca-pool-name";
String pool_Id = "ca-pool-id";
String certificateAuthorityName = "certificate-authority-name";
deleteCertificateAuthority(project, location, caPoolName, certificateAuthorityName);
deleteCertificateAuthority(project, location, pool_Id, certificateAuthorityName);
}

// Delete the Certificate Authority from the specified CA pool.
// Before deletion, the CA must be disabled and must not contain any active certificates.
public static void deleteCertificateAuthority(
String project, String location, String caPoolName, String certificateAuthorityName)
String project, String location, String pool_Id, String certificateAuthorityName)
throws IOException, ExecutionException, InterruptedException {
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
Expand All @@ -58,7 +58,7 @@ public static void deleteCertificateAuthority(
CertificateAuthorityName.newBuilder()
.setProject(project)
.setLocation(location)
.setCaPool(caPoolName)
.setCaPool(pool_Id)
.setCertificateAuthority(certificateAuthorityName)
.build();

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -33,18 +33,18 @@ public static void main(String[] args)
// TODO(developer): Replace these variables before running the sample.
// location: For a list of locations, see:
// https://cloud.google.com/certificate-authority-service/docs/locations
// caPoolName: The name of the CA pool under which the CA is present.
// pool_Id: The id of the CA pool under which the CA is present.
// certificateAuthorityName: The name of the CA to be disabled.
String project = "your-project-id";
String location = "ca-location";
String caPoolName = "ca-pool-name";
String pool_Id = "ca-pool-id";
String certificateAuthorityName = "certificate-authority-name";
disableCertificateAuthority(project, location, caPoolName, certificateAuthorityName);
disableCertificateAuthority(project, location, pool_Id, certificateAuthorityName);
}

// Disable a Certificate Authority which is present in the given CA pool.
public static void disableCertificateAuthority(
String project, String location, String caPoolName, String certificateAuthorityName)
String project, String location, String pool_Id, String certificateAuthorityName)
throws IOException, ExecutionException, InterruptedException {
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
Expand All @@ -58,7 +58,7 @@ public static void disableCertificateAuthority(
CertificateAuthorityName.newBuilder()
.setProject(project)
.setLocation(location)
.setCaPool(caPoolName)
.setCaPool(pool_Id)
.setCertificateAuthority(certificateAuthorityName)
.build();

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -33,19 +33,19 @@ public static void main(String[] args)
// TODO(developer): Replace these variables before running the sample.
// location: For a list of locations, see:
// https://cloud.google.com/certificate-authority-service/docs/locations
// caPoolName: The name of the CA pool under which the CA is present.
// pool_Id: The id of the CA pool under which the CA is present.
// certificateAuthorityName: The name of the CA to be enabled.
String project = "your-project-id";
String location = "ca-location";
String caPoolName = "ca-pool-name";
String pool_Id = "ca-pool-id";
String certificateAuthorityName = "certificate-authority-name";
enableCertificateAuthority(project, location, caPoolName, certificateAuthorityName);
enableCertificateAuthority(project, location, pool_Id, certificateAuthorityName);
}

// Enable the Certificate Authority present in the given ca pool.
// CA cannot be enabled if it has been already deleted.
public static void enableCertificateAuthority(
String project, String location, String caPoolName, String certificateAuthorityName)
String project, String location, String pool_Id, String certificateAuthorityName)
throws IOException, ExecutionException, InterruptedException {
try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
CertificateAuthorityServiceClient.create()) {
Expand All @@ -54,7 +54,7 @@ public static void enableCertificateAuthority(
CertificateAuthorityName.newBuilder()
.setProject(project)
.setLocation(location)
.setCaPool(caPoolName)
.setCaPool(pool_Id)
.setCertificateAuthority(certificateAuthorityName)
.build();

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -54,8 +54,8 @@ public static void listCaPools(String project, String location) throws IOExcepti
certificateAuthorityServiceClient.listCaPools(locationName).iterateAll()) {
caPoolName = caPool.getName();
// caPoolName represents the full resource name of the
// format 'projects/{project-id}/locations/{location}/ca-pools/{ca-pool-name}'.
// Hence stripping it down to just pool name.
// format 'projects/{project-id}/locations/{location}/ca-pools/{ca-pool-id}'.
// Hence stripping it down to just CA pool id.
System.out.println(
caPoolName.substring(caPoolName.lastIndexOf("/") + 1) + " " + caPool.isInitialized());
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,15 +28,15 @@ public static void main(String[] args) throws IOException {
// TODO(developer): Replace these variables before running the sample.
// location: For a list of locations, see:
// https://cloud.google.com/certificate-authority-service/docs/locations
// caPoolName: The name of the CA pool under which the CAs to be listed are present.
// pool_Id: The id of the CA pool under which the CAs to be listed are present.
String project = "your-project-id";
String location = "ca-location";
String caPoolName = "ca-pool-name";
listCertificateAuthority(project, location, caPoolName);
String pool_Id = "ca-pool-id";
listCertificateAuthority(project, location, pool_Id);
}

// List all Certificate authorities present in the given CA Pool.
public static void listCertificateAuthority(String project, String location, String caPoolName)
public static void listCertificateAuthority(String project, String location, String pool_Id)
throws IOException {
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
Expand All @@ -50,7 +50,7 @@ public static void listCertificateAuthority(String project, String location, Str
CaPoolName.newBuilder()
.setProject(project)
.setLocation(location)
.setCaPool(caPoolName)
.setCaPool(pool_Id)
.build();

// List the CA name and its corresponding state.
Expand Down
Loading

0 comments on commit 352439d

Please sign in to comment.