Updates to support current Venafi Cloud API (#6)

* Updates:
- The latest Cloud API is used. Cloud zone can be specified as ID or name (e.g. ProjectName\ProjectZone).
- Support for proxy with or without authentication.
- Vendor name and version can be sent Venafi Trust Protection Platform.

* Code review comment applied:
- Use "APIKEY" environment variable instead of "TOKEN" when Venafi Cloud is used.

* Setting Feign to version 10.4.0 (previously 10.5.0) to support Java 8.

* Include all tests

* Code review comments applied:
- Fix the broken backward compatibility (requestCertificate() method)
- Cleanup of the examples

* Rename productNameAndVersion to appInfo (consistent with GO implementation).
Add "Venafi VCert-Java" as a default value of Origin (if not provided by appInfo).

Co-authored-by: Atanas Chuchev <atanas.chuchev@venafi.com>
Co-authored-by: Stanimir Komitov <stanimir.komitov@venafi.com>

Author: achuchev

README.md

@@ -78,10 +78,10 @@ ZoneConfiguration zoneConfiguration = client.readZoneConfiguration("Certificates
 certificateRequest = client.generateRequest(zoneConfiguration, certificateRequest);   
 
 // Submit the certificate request
-client.requestCertificate(certificateRequest, "Certificates\\VCert");
+client.requestCertificate(certificateRequest, zoneConfiguration);
 
 // Retrieve PEM collection from Venafi
-PEMCollection pemCollection = client.retrieveCertificate(certificateRequest);
+pemCollection = client.retrieveCertificate(certificateRequest);
 
 System.out.println(pemCollection.pemPrivateKey());
 System.out.println(pemCollection.pemCertificate());
@@ -117,7 +117,7 @@ certificateRequest = new CertificateRequest().csr(csr.getBytes())
         .emailAddresses(Arrays.asList("larry@venafi.example", "moe@venafi.example", "curly@venafi.example"));
 
 // Submit the certificate request
-client.requestCertificate(certificateRequest, "Certificates\\VCert");
+client.requestCertificate(certificateRequest, zoneConfiguration);
 
 // Retrieve PEM collection from Venafi
 pemCollection = client.retrieveCertificate(certificateRequest);
@@ -149,13 +149,13 @@ To run the acceptance tests the following environment variables must be set:
 
 | NAME | NOTES |
 |------|-------|
-| VENAFI_USER | Only for TPP connector tests |
-| VENAFI_PASSWORD | Only for TPP connector tests |
-| VENAFI_TPP_URL | Only for TPP connector tests |
-| VENAFI_API_KEY | Taken from account after logged into TPP |
-| VENAFI_CERT_COMMON_NAME | Used for cert creation, should match configured domains |
-| VENAFI_CLOUD_URL | Only for cloud connector tests |
-| VENAFI_ZONE | Policy folder for TPP |
+| TPPURL | Only for TPP connector tests |
+| TPPUSER | Only for TPP connector tests |
+| TPPPASSWORD | Only for TPP connector tests |
+| TPPZONE | Policy folder for TPP |
+| CLOUDURL | Only for Venafi Cloud connector tests |
+| APIKEY | Taken from account after logged into Venafi Cloud |
+| CLOUDZONE | Zone ID or ProjectName\ZoneName for Venafi Cloud |
 
 Acceptance test  are executed with:
 ```

examples/com/venafi/vcert/sdk/example/CloudClient.java

@@ -0,0 +1,67 @@
+package com.venafi.vcert.sdk.example;
+
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateEncodingException;
+import java.util.Arrays;
+import java.util.Collections;
+import com.venafi.vcert.sdk.Config;
+import com.venafi.vcert.sdk.VCertClient;
+import com.venafi.vcert.sdk.VCertException;
+import com.venafi.vcert.sdk.certificate.CertificateRequest;
+import com.venafi.vcert.sdk.certificate.KeyType;
+import com.venafi.vcert.sdk.certificate.PEMCollection;
+import com.venafi.vcert.sdk.connectors.tpp.ZoneConfiguration;
+import com.venafi.vcert.sdk.endpoint.Authentication;
+import com.venafi.vcert.sdk.endpoint.ConnectorType;
+
+public class CloudClient {
+  public static void main(String[] args) throws VCertException, CertificateEncodingException,
+      NoSuchAlgorithmException, KeyManagementException {
+    String url = System.getenv("CLOUDURL");
+    String zone = System.getenv("CLOUDZONE");
+    String appInfo = System.getenv("PRODUCT");
+    String apiKey = System.getenv("APIKEY");
+
+    if (zone == null) {
+      zone = "My Project\\My Zone"; // or by ID "38992cc0-0177-11ea-a3f0-2b5db8116980";
+    }
+    if (appInfo == null)
+      appInfo = "My Application 1.0.0.0";
+    if (apiKey == null)
+      apiKey = "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee";
+
+    Config config = Config.builder().connectorType(ConnectorType.CLOUD).baseUrl(url).appInfo(appInfo)
+        // To use proxy uncomment the lines below
+        // .proxy(new Proxy(Proxy.Type.HTTP, new InetSocketAddress("127.0.0.1", 8888)))
+        // .proxyUser("myUser")
+        // .proxyPassword("myPasscode")
+        .build();
+
+    Authentication auth = Authentication.builder().apiKey(apiKey).build();
+
+    VCertClient client = new VCertClient(config);
+    client.authenticate(auth);
+
+    ZoneConfiguration zoneConfiguration = client.readZoneConfiguration(zone);
+
+    // Generate a certificate
+    CertificateRequest certificateRequest = new CertificateRequest()
+        .subject(new CertificateRequest.PKIXName().commonName("vcert-java.venafi.example")
+            .organization(Collections.singletonList("Venafi, Inc."))
+            .organizationalUnit(Arrays.asList("Product Management"))
+            .country(Collections.singletonList("US"))
+            .locality(Collections.singletonList("Salt Lake City"))
+            .province(Collections.singletonList("Utah")))
+        .keyType(KeyType.RSA).keyLength(2048);
+
+    certificateRequest = client.generateRequest(zoneConfiguration, certificateRequest);
+
+    // Submit the certificate request
+    client.requestCertificate(certificateRequest, zoneConfiguration);
+
+    // Retrieve PEM collection from Venafi
+    PEMCollection pemCollection = client.retrieveCertificate(certificateRequest);
+    System.out.println(pemCollection.certificate());
+  }
+}

examples/TppClient.java …/venafi/vcert/sdk/example/TppClient.javaexamples/TppClient.java renamed to examples/com/venafi/vcert/sdk/example/TppClient.java examples/TppClient.java renamed to examples/com/venafi/vcert/sdk/example/TppClient.java

@@ -1,3 +1,7 @@
+package com.venafi.vcert.sdk.example;
+
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
 import java.security.cert.CertificateEncodingException;
 import java.util.Arrays;
 import java.util.Collections;
@@ -12,31 +16,40 @@
 import com.venafi.vcert.sdk.endpoint.ConnectorType;
 
 public class TppClient {
-  public static void main(String... args) throws VCertException, CertificateEncodingException {
-    String tpp_user = System.getenv("TPP_USER");
-    String tpp_passwd = System.getenv("TPP_PASSWORD");
-    String url = System.getenv("VENAFI_URL");
-    String zone = System.getenv("VENAFI_ZONE");
+  public static void main(String[] args) throws VCertException, CertificateEncodingException,
+      NoSuchAlgorithmException, KeyManagementException {
+
+    String url = System.getenv("TPPURL");
+    String zone = System.getenv("TPPZONE");
+    String appInfo = System.getenv("PRODUCT");
+    String tpp_user = System.getenv("TPPUSER");
+    String tpp_passwd = System.getenv("TPPPASSWORD");
 
     if (tpp_user == null)
       tpp_user = "local:admin";
     if (tpp_passwd == null)
-      tpp_passwd = "Passw0rd";
+      tpp_passwd = "password";
     if (url == null)
       url = "https://tpp.venafi.example/vedsdk";
     if (zone == null)
-      zone = "Default";
+      zone = "Certificates\\vcert\\";
+    if (appInfo == null)
+      appInfo = "My Application 1.0.0.0";
 
-    final Config config = Config.builder().connectorType(ConnectorType.TPP).baseUrl(url).build();
+    // Configuration
+    Config config = Config.builder().connectorType(ConnectorType.TPP).baseUrl(url).appInfo(appInfo)
+        // To use proxy uncomment the lines below
+        // .proxy(new Proxy(Proxy.Type.HTTP, new InetSocketAddress("127.0.0.1", 8888)))
+        // .proxyUser("myUser")
+        // .proxyPassword("myPasscode")
+        .build();
 
-    final VCertClient client = new VCertClient(config);
-
-    final Authentication auth =
-        Authentication.builder().user(tpp_user).password(tpp_passwd).build();
+    Authentication auth = Authentication.builder().user(tpp_user).password(tpp_passwd).build();
 
+    VCertClient client = new VCertClient(config);
     client.authenticate(auth);
 
-    final ZoneConfiguration zoneConfiguration = client.readZoneConfiguration(zone);
+    ZoneConfiguration zoneConfiguration = client.readZoneConfiguration(zone);
 
     // Generate a certificate
     CertificateRequest certificateRequest = new CertificateRequest()
@@ -46,17 +59,15 @@ public static void main(String... args) throws VCertException, CertificateEncodi
             .country(Collections.singletonList("US"))
             .locality(Collections.singletonList("Salt Lake City"))
             .province(Collections.singletonList("Utah")))
-
         .keyType(KeyType.RSA).keyLength(2048);
 
     certificateRequest = client.generateRequest(zoneConfiguration, certificateRequest);
 
     // Submit the certificate request
-    String newCertId = client.requestCertificate(certificateRequest, zone);
+    client.requestCertificate(certificateRequest, zoneConfiguration);
 
     // Retrieve PEM collection from Venafi
-    final CertificateRequest pickupRequest = new CertificateRequest().pickupId(newCertId);
-    PEMCollection pemCollection = client.retrieveCertificate(pickupRequest);
+    PEMCollection pemCollection = client.retrieveCertificate(certificateRequest);
     System.out.println(pemCollection.certificate());
   }
 }

pom.xml

@@ -6,12 +6,12 @@
 
     <groupId>com.venafi.vcert.sdk</groupId>
     <artifactId>vcert-java</artifactId>
-    <version>0.1.1</version>
+    <version>0.1.2</version>
 
     <properties>
         <lombok.version>1.18.6</lombok.version>
         <bouncycastle.version>1.61</bouncycastle.version>
-        <feign.version>10.2.0</feign.version>
+        <feign.version>10.4.0</feign.version>
         <guava.version>23.0</guava.version>
         <log4j.version>2.11.2</log4j.version>
         <junit.version>5.3.1</junit.version>
@@ -139,20 +139,13 @@
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-plugin</artifactId>
                 <version>3.0.0-M3</version>
-                <executions>
-                    <execution>
-                        <id>integration-test</id>
-                        <goals>
-                            <goal>test</goal>
-                        </goals>
-                        <phase>integration-test</phase>
-                        <configuration>
-                            <includes>
-                                <include>**/*IT.java</include>
-                            </includes>
-                        </configuration>
-                    </execution>
-                </executions>
+                <configuration>
+                    <includes>
+                        <include>**/*IT.java</include>
+                        <include>**/*AT.java</include>
+                        <include>**/*Test</include>
+                    </includes>
+                </configuration>
             </plugin>
         </plugins>
     </build>
@@ -164,4 +157,4 @@
         </repository>
     </repositories>
 
-</project>
+</project>

src/main/java/com/venafi/vcert/sdk/Config.java

@@ -2,11 +2,13 @@
 
 import static java.util.Arrays.asList;
 import java.io.IOException;
+import java.net.Proxy;
 import java.nio.file.Path;
 import java.util.List;
 import java.util.Objects;
 import org.ini4j.Profile;
 import org.ini4j.Wini;
+import feign.Client;
 import lombok.Builder;
 import lombok.Data;
 import com.venafi.vcert.sdk.endpoint.Authentication;
@@ -16,20 +18,26 @@
 @Builder
 public class Config {
   public static final String DEFAULT_SECTION = "?";
-  public static final List<String> VALID_TPP_KEYS =
-      asList("tpp_url", "tpp_user", "tpp_password", "tpp_zone", "trust_bundle");
+  public static final List<String> VALID_TPP_KEYS = asList("tpp_url", "tpp_user", "tpp_password",
+      "tpp_zone", "trust_bundle", "app_info");
 
-  public static final List<String> VALID_CLOUD_KEYS =
-      asList("cloud_url", "cloud_apikey", "cloud_zone", "trust_bundle");
+  public static final List<String> VALID_CLOUD_KEYS = asList("cloud_url", "cloud_apikey",
+      "cloud_zone", "trust_bundle", "cloud_project", "app_info");
 
   private ConnectorType connectorType;
   private String baseUrl;
+  private String project;
   private String zone;
   private Authentication credentials;
   private String connectionTrust;
   private boolean logVerbose;
   private String configFile;
   private String configSection;
+  private String appInfo;
+  private Proxy proxy;
+  private String proxyUser;
+  private String proxyPassword;
+  private Client client;
 
 
   public static Config loadConfigFromFile(Path path) throws VCertException {
@@ -55,10 +63,20 @@ public static Config loadConfigFromFile(Path path) throws VCertException {
         if (defaultSection.containsKey("cloud_url")) {
           builder.baseUrl(defaultSection.get("cloud_url"));
         }
+
         if (defaultSection.containsKey("cloud_zone")) {
           builder.zone(defaultSection.get("cloud_zone"));
         }
+
+        if (defaultSection.containsKey("cloud_project")) {
+          builder.project(defaultSection.get("cloud_project"));
+        }
       }
+
+      if (defaultSection.containsKey("app_info")) {
+        builder.appInfo(defaultSection.get("app_info"));
+      }
+
       builder.credentials(authBuilder.build());
       return builder.build();
     } catch (IOException e) {
@@ -99,5 +117,4 @@ private static void validateConfigFile(Profile.Section defaultSection) throws VC
           defaultSection.getName()));
     }
   }
-
 }