add support for specifying validity hours when requesting a certificate

Author: angelmoo

.gitignore

@@ -22,7 +22,7 @@
 # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
 hs_err_pid*
 
-
+*.DS_Store
 .idea/
 *.iml
 target/

src/main/java/com/venafi/vcert/sdk/certificate/CertificateRequest.java

@@ -69,6 +69,8 @@ public class CertificateRequest {
   private boolean fetchPrivateKey;
   private String thumbprint;
   private Duration timeout;
+  private int validityHours;
+  private String issuerHint;
 
   public CertificateRequest() {
     this.dnsNames = emptyList();

src/main/java/com/venafi/vcert/sdk/connectors/cloud/CloudConnector.java

@@ -216,9 +216,21 @@ public String requestCertificate(CertificateRequest request, ZoneConfiguration z
     if (user == null || user.company() == null) {
       throw new VCertException("Must be authenticated to request a certificate");
     }
+    
+    CertificateRequestsPayload payload = new CertificateRequestsPayload()
+    .zoneId(zoneConfiguration.zoneId()).csr(new String(request.csr()));
+    
+    //support for validity hours begins
+    if( request.validityHours() > 0 ) {	
+    	
+    	String validityHours =  "PT" + request.validityHours() + "H";
+    	payload.validityPeriod(validityHours);
+    	
+    }
+    //support for validity hours ends 
+    
     CertificateRequestsResponse response =
-        cloud.certificateRequest(auth.apiKey(), new CertificateRequestsPayload()
-            .zoneId(zoneConfiguration.zoneId()).csr(new String(request.csr())));
+        cloud.certificateRequest( auth.apiKey(), payload );
 
     String requestId = response.certificateRequests().get(0).id();
     request.pickupId(requestId);
@@ -480,6 +492,7 @@ static class CertificateRequestsPayload {
     private String zoneId;
     private String existingManagedCertificateId;
     private boolean reuseCSR;
+    private String validityPeriod;
   }
 
   @Data

src/main/java/com/venafi/vcert/sdk/connectors/tpp/AbstractTppConnector.java

@@ -149,7 +149,7 @@ protected static class SANItem {
 
     @Data
     @AllArgsConstructor
-    protected static class NameValuePair<K, V> {
+    public static class NameValuePair<K, V> {
         private K name;
         private V value;
     }

src/main/java/com/venafi/vcert/sdk/connectors/tpp/TppConnector.java

@@ -6,6 +6,7 @@
 import static java.util.stream.Collectors.toList;
 import static org.apache.commons.lang3.StringUtils.isBlank;
 import static org.apache.commons.lang3.StringUtils.isNotBlank;
+
 import java.net.InetAddress;
 import java.text.MessageFormat;
 import java.time.Instant;
@@ -20,9 +21,8 @@
 import java.util.Objects;
 import java.util.Optional;
 import java.util.concurrent.TimeUnit;
+
 import com.google.common.annotations.VisibleForTesting;
-import feign.Response;
-import lombok.Getter;
 import com.venafi.vcert.sdk.VCertException;
 import com.venafi.vcert.sdk.certificate.CertificateRequest;
 import com.venafi.vcert.sdk.certificate.ChainOption;
@@ -41,6 +41,10 @@
 import com.venafi.vcert.sdk.endpoint.Authentication;
 import com.venafi.vcert.sdk.endpoint.ConnectorType;
 import com.venafi.vcert.sdk.utils.Is;
+import com.venafi.vcert.sdk.utils.VCertUtils;
+
+import feign.Response;
+import lombok.Getter;
 
 
 public class TppConnector extends AbstractTppConnector implements Connector {
@@ -232,6 +236,12 @@ private CertificateRequestsPayload prepareRequest(CertificateRequest request, St
         break;
       }
     }
+    
+    
+    //support for validity hours begins
+    VCertUtils.addExpirationDateAttribute(request, payload);
+   //support for validity hours ends
+    
     return payload;
   }
 

src/main/java/com/venafi/vcert/sdk/connectors/tpp/TppTokenConnector.java

@@ -1,31 +1,53 @@
 package com.venafi.vcert.sdk.connectors.tpp;
 
+import static java.lang.String.format;
+import static java.time.Duration.ZERO;
+import static java.util.Objects.isNull;
+import static java.util.stream.Collectors.toList;
+import static org.apache.commons.lang3.StringUtils.isBlank;
+import static org.apache.commons.lang3.StringUtils.isNotBlank;
+
+import java.net.InetAddress;
+import java.text.MessageFormat;
+import java.time.Instant;
+import java.util.ArrayList;
+import java.util.Base64;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import java.util.Optional;
+import java.util.concurrent.TimeUnit;
+
 import com.google.common.annotations.VisibleForTesting;
 import com.venafi.vcert.sdk.VCertException;
-import com.venafi.vcert.sdk.certificate.*;
-import com.venafi.vcert.sdk.connectors.*;
+import com.venafi.vcert.sdk.certificate.CertificateRequest;
+import com.venafi.vcert.sdk.certificate.ChainOption;
+import com.venafi.vcert.sdk.certificate.CsrOriginOption;
+import com.venafi.vcert.sdk.certificate.ImportRequest;
+import com.venafi.vcert.sdk.certificate.ImportResponse;
+import com.venafi.vcert.sdk.certificate.KeyType;
+import com.venafi.vcert.sdk.certificate.PEMCollection;
+import com.venafi.vcert.sdk.certificate.PublicKeyAlgorithm;
+import com.venafi.vcert.sdk.certificate.RenewalRequest;
+import com.venafi.vcert.sdk.certificate.RevocationRequest;
+import com.venafi.vcert.sdk.connectors.Policy;
+import com.venafi.vcert.sdk.connectors.ServerPolicy;
+import com.venafi.vcert.sdk.connectors.TokenConnector;
+import com.venafi.vcert.sdk.connectors.ZoneConfiguration;
 import com.venafi.vcert.sdk.endpoint.Authentication;
 import com.venafi.vcert.sdk.endpoint.ConnectorType;
 import com.venafi.vcert.sdk.utils.Is;
+import com.venafi.vcert.sdk.utils.VCertUtils;
+
 import feign.FeignException;
 import feign.FeignException.BadRequest;
 import feign.FeignException.Unauthorized;
 import feign.Response;
 import lombok.Setter;
 
-import java.net.InetAddress;
-import java.text.MessageFormat;
-import java.time.Instant;
-import java.util.*;
-import java.util.concurrent.TimeUnit;
-
-import static java.lang.String.format;
-import static java.time.Duration.ZERO;
-import static java.util.Objects.isNull;
-import static java.util.stream.Collectors.toList;
-import static org.apache.commons.lang3.StringUtils.isBlank;
-import static org.apache.commons.lang3.StringUtils.isNotBlank;
-
 public class TppTokenConnector extends AbstractTppConnector implements TokenConnector {
 
     public TppTokenConnector(Tpp tpp){ super(tpp); }
@@ -285,6 +307,11 @@ private CertificateRequestsPayload prepareRequest(CertificateRequest request, St
                 break;
             }
         }
+        
+        //support for validity hours begins
+        VCertUtils.addExpirationDateAttribute(request, payload);
+       //support for validity hours ends
+        
         return payload;
     }
 

src/main/java/com/venafi/vcert/sdk/utils/VCertUtils.java

@@ -0,0 +1,82 @@
+package com.venafi.vcert.sdk.utils;
+
+import java.time.Instant;
+import java.time.LocalDateTime;
+import java.time.ZoneOffset;
+import java.time.format.DateTimeFormatter;
+
+import com.venafi.vcert.sdk.certificate.CertificateRequest;
+import com.venafi.vcert.sdk.connectors.tpp.AbstractTppConnector.CertificateRequestsPayload;
+import com.venafi.vcert.sdk.connectors.tpp.AbstractTppConnector.NameValuePair;
+
+public class VCertUtils {
+
+	public static void addExpirationDateAttribute( CertificateRequest request, CertificateRequestsPayload payload ) {
+
+		if ( request.validityHours() > 0 ) {
+
+			Instant now = Instant.now();
+			LocalDateTime utcTime = LocalDateTime.ofInstant(now, ZoneOffset.UTC);
+
+			int validityDays = request.validityHours() / 24;
+
+			if ( request.validityHours() % 24 > 0 ) {
+
+				validityDays = validityDays + 1;
+
+			}
+
+			utcTime = utcTime.plusDays( validityDays );
+			String expirationDate = DateTimeFormatter.ofPattern( "yyyy-MM-dd HH:mm:ss" ).format( utcTime );
+
+			// determine issuer hint.
+
+			String issuerHint = "";
+			String expirationDateAttribute = "";
+
+			if ( request.issuerHint() != null) {
+
+				issuerHint = String.valueOf( request.issuerHint().charAt(0) );
+				issuerHint = issuerHint.toUpperCase();
+
+			}
+
+			switch ( issuerHint ) {
+
+			case "M":
+				expirationDateAttribute = "Microsoft CA:Specific End Date";
+				break;
+
+			case "D":
+				expirationDateAttribute = "DigiCert CA:Specific End Date";
+				break;
+
+			case "E":
+				expirationDateAttribute = "EntrustNET CA:Specific End Date";
+				break;
+
+			default:
+				expirationDateAttribute = "Specific End Date";
+				break;
+			}
+
+			payload.caSpecificAttributes()
+			.add( new NameValuePair<String, String>(expirationDateAttribute, expirationDate) );
+		}
+
+	}
+
+	public static int getValidDays( int validHours ) {
+
+		int validDays = validHours / 24;
+
+		if ( validHours % 24 > 0 ) {
+
+			validDays = validDays + 1;
+
+		}
+
+		return validDays;
+	}
+
+}