Mettre à jour un modèle de certificat

Mettez à jour un modèle de certificat existant.

Exemple de code

Java

Pour vous authentifier auprès du service d'autorité de certification, configurez les Identifiants par défaut de l'application. Pour en savoir plus, consultez Configurer l'authentification pour un environnement de développement local. 


import com.google.api.core.ApiFuture;
import com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient;
import com.google.cloud.security.privateca.v1.CertificateIdentityConstraints;
import com.google.cloud.security.privateca.v1.CertificateTemplate;
import com.google.cloud.security.privateca.v1.CertificateTemplateName;
import com.google.cloud.security.privateca.v1.UpdateCertificateTemplateRequest;
import com.google.longrunning.Operation;
import com.google.protobuf.FieldMask;
import java.io.IOException;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;

public class UpdateCertificateTemplate {

  public static void main(String[] args)
      throws IOException, ExecutionException, InterruptedException, TimeoutException {
    // TODO(developer): Replace these variables before running the sample.
    // location: For a list of locations, see:
    // https://cloud.google.com/certificate-authority-service/docs/locations
    // certificateTemplateId: Id of the certificate template to update.
    String project = "your-project-id";
    String location = "ca-location";
    String certificateTemplateId = "certificate-template-id";

    updateCertificateTemplate(project, location, certificateTemplateId);
  }

  // Updates an existing certificate template.
  public static void updateCertificateTemplate(
      String project, String location, String certificateTemplateId)
      throws IOException, ExecutionException, InterruptedException, TimeoutException {
    /* Initialize client that will be used to send requests. This client only needs to be created
    once, and can be reused for multiple requests. After completing all of your requests, call
    the `certificateAuthorityServiceClient.close()` method on the client to safely
    clean up any remaining background resources. */
    try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
        CertificateAuthorityServiceClient.create()) {

      String certificateTemplateName =
          CertificateTemplateName.of(project, location, certificateTemplateId).toString();

      // Set the parent name and the properties to be updated.
      CertificateTemplate certificateTemplate =
          CertificateTemplate.newBuilder()
              .setName(certificateTemplateName)
              .setIdentityConstraints(
                  CertificateIdentityConstraints.newBuilder()
                      .setAllowSubjectPassthrough(false)
                      .setAllowSubjectAltNamesPassthrough(true)
                      .build())
              .build();

      // Set the mask corresponding to the properties updated above.
      FieldMask fieldMask =
          FieldMask.newBuilder()
              .addPaths("identity_constraints.allow_subject_alt_names_passthrough")
              .addPaths("identity_constraints.allow_subject_passthrough")
              .build();

      /* Set the new template.
      Set the mask to specify which properties of the template should be updated. */
      UpdateCertificateTemplateRequest request =
          UpdateCertificateTemplateRequest.newBuilder()
              .setCertificateTemplate(certificateTemplate)
              .setUpdateMask(fieldMask)
              .build();

      // Create the update certificate template request.
      ApiFuture<Operation> futureCall =
          certificateAuthorityServiceClient.updateCertificateTemplateCallable().futureCall(request);

      Operation response = futureCall.get(60, TimeUnit.SECONDS);

      // Check for errors.
      if (response.hasError()) {
        System.out.println("Error in updating certificate template ! " + response.getError());
        return;
      }

      // Get the updated certificate template and check if the properties have been updated.
      CertificateIdentityConstraints updatedCertificateIdentityConstraints =
          certificateAuthorityServiceClient
              .getCertificateTemplate(certificateTemplateName)
              .getIdentityConstraints();

      if (!updatedCertificateIdentityConstraints.getAllowSubjectPassthrough()
          && updatedCertificateIdentityConstraints.getAllowSubjectAltNamesPassthrough()) {
        System.out.println("Successfully updated the certificate template ! " + response.getName());
        return;
      }

      System.out.println("Error in updating certificate template ! ");
    }
  }
}

Python

Pour vous authentifier auprès du service d'autorité de certification, configurez les Identifiants par défaut de l'application. Pour en savoir plus, consultez Configurer l'authentification pour un environnement de développement local. 

import google.cloud.security.privateca_v1 as privateca_v1
from google.protobuf import field_mask_pb2


def update_certificate_template(
    project_id: str,
    location: str,
    certificate_template_id: str,
) -> None:
    """
    Update an existing certificate template.

    Args:
        project_id: project ID or project number of the Cloud project you want to use.
        location: location you want to use. For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations.
        certificate_template_id: set a unique name for the certificate template.
    """

    caServiceClient = privateca_v1.CertificateAuthorityServiceClient()

    certificate_name = caServiceClient.certificate_template_path(
        project_id,
        location,
        certificate_template_id,
    )

    # Set the parent name and the properties to be updated.
    certificate_template = privateca_v1.CertificateTemplate(
        name=certificate_name,
        identity_constraints=privateca_v1.CertificateIdentityConstraints(
            allow_subject_passthrough=False,
            allow_subject_alt_names_passthrough=True,
        ),
    )

    # Set the mask corresponding to the properties updated above.
    field_mask = field_mask_pb2.FieldMask(
        paths=[
            "identity_constraints.allow_subject_alt_names_passthrough",
            "identity_constraints.allow_subject_passthrough",
        ],
    )

    # Set the new template.
    # Set the mask to specify which properties of the template should be updated.
    request = privateca_v1.UpdateCertificateTemplateRequest(
        certificate_template=certificate_template,
        update_mask=field_mask,
    )
    operation = caServiceClient.update_certificate_template(request=request)
    result = operation.result()

    print("Operation result", result)

    # Get the updated certificate template and check if the properties have been updated.
    cert_identity_constraints = caServiceClient.get_certificate_template(
        name=certificate_name
    ).identity_constraints

    if (
        not cert_identity_constraints.allow_subject_passthrough
        and cert_identity_constraints.allow_subject_alt_names_passthrough
    ):
        print("Successfully updated the certificate template!")
        return

    print("Error in updating certificate template!")

Étape suivante

Pour rechercher et filtrer des exemples de code pour d'autres produits Google Cloud, consultez l'explorateur d'exemples Google Cloud.