docs(samples): adding client library samples

README.md

@@ -76,17 +76,22 @@ Samples are in the [`samples/`](https://github.com/googleapis/java-security-priv
 
 | Sample                      | Source Code                       | Try it |
 | --------------------------- | --------------------------------- | ------ |
+| Activate Subordinate Ca | [source code](https://github.com/googleapis/java-security-private-ca/blob/master/samples/snippets/cloud-client/src/main/java/privateca/ActivateSubordinateCa.java) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/java-security-private-ca&page=editor&open_in_editor=samples/snippets/cloud-client/src/main/java/privateca/ActivateSubordinateCa.java) |
 | Create Ca Pool | [source code](https://github.com/googleapis/java-security-private-ca/blob/master/samples/snippets/cloud-client/src/main/java/privateca/CreateCaPool.java) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/java-security-private-ca&page=editor&open_in_editor=samples/snippets/cloud-client/src/main/java/privateca/CreateCaPool.java) |
 | Create Certificate | [source code](https://github.com/googleapis/java-security-private-ca/blob/master/samples/snippets/cloud-client/src/main/java/privateca/CreateCertificate.java) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/java-security-private-ca&page=editor&open_in_editor=samples/snippets/cloud-client/src/main/java/privateca/CreateCertificate.java) |
 | Create Certificate Authority | [source code](https://github.com/googleapis/java-security-private-ca/blob/master/samples/snippets/cloud-client/src/main/java/privateca/CreateCertificateAuthority.java) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/java-security-private-ca&page=editor&open_in_editor=samples/snippets/cloud-client/src/main/java/privateca/CreateCertificateAuthority.java) |
+| Create Certificate_CSR | [source code](https://github.com/googleapis/java-security-private-ca/blob/master/samples/snippets/cloud-client/src/main/java/privateca/CreateCertificate_CSR.java) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/java-security-private-ca&page=editor&open_in_editor=samples/snippets/cloud-client/src/main/java/privateca/CreateCertificate_CSR.java) |
+| Create Subordinate Ca | [source code](https://github.com/googleapis/java-security-private-ca/blob/master/samples/snippets/cloud-client/src/main/java/privateca/CreateSubordinateCa.java) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/java-security-private-ca&page=editor&open_in_editor=samples/snippets/cloud-client/src/main/java/privateca/CreateSubordinateCa.java) |
 | Delete Ca Pool | [source code](https://github.com/googleapis/java-security-private-ca/blob/master/samples/snippets/cloud-client/src/main/java/privateca/DeleteCaPool.java) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/java-security-private-ca&page=editor&open_in_editor=samples/snippets/cloud-client/src/main/java/privateca/DeleteCaPool.java) |
 | Delete Certificate Authority | [source code](https://github.com/googleapis/java-security-private-ca/blob/master/samples/snippets/cloud-client/src/main/java/privateca/DeleteCertificateAuthority.java) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/java-security-private-ca&page=editor&open_in_editor=samples/snippets/cloud-client/src/main/java/privateca/DeleteCertificateAuthority.java) |
 | Disable Certificate Authority | [source code](https://github.com/googleapis/java-security-private-ca/blob/master/samples/snippets/cloud-client/src/main/java/privateca/DisableCertificateAuthority.java) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/java-security-private-ca&page=editor&open_in_editor=samples/snippets/cloud-client/src/main/java/privateca/DisableCertificateAuthority.java) |
 | Enable Certificate Authority | [source code](https://github.com/googleapis/java-security-private-ca/blob/master/samples/snippets/cloud-client/src/main/java/privateca/EnableCertificateAuthority.java) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/java-security-private-ca&page=editor&open_in_editor=samples/snippets/cloud-client/src/main/java/privateca/EnableCertificateAuthority.java) |
+| Filter Certificates | [source code](https://github.com/googleapis/java-security-private-ca/blob/master/samples/snippets/cloud-client/src/main/java/privateca/FilterCertificates.java) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/java-security-private-ca&page=editor&open_in_editor=samples/snippets/cloud-client/src/main/java/privateca/FilterCertificates.java) |
 | List Ca Pools | [source code](https://github.com/googleapis/java-security-private-ca/blob/master/samples/snippets/cloud-client/src/main/java/privateca/ListCaPools.java) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/java-security-private-ca&page=editor&open_in_editor=samples/snippets/cloud-client/src/main/java/privateca/ListCaPools.java) |
 | List Certificate Authorities | [source code](https://github.com/googleapis/java-security-private-ca/blob/master/samples/snippets/cloud-client/src/main/java/privateca/ListCertificateAuthorities.java) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/java-security-private-ca&page=editor&open_in_editor=samples/snippets/cloud-client/src/main/java/privateca/ListCertificateAuthorities.java) |
 | List Certificates | [source code](https://github.com/googleapis/java-security-private-ca/blob/master/samples/snippets/cloud-client/src/main/java/privateca/ListCertificates.java) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/java-security-private-ca&page=editor&open_in_editor=samples/snippets/cloud-client/src/main/java/privateca/ListCertificates.java) |
 | Revoke Certificate | [source code](https://github.com/googleapis/java-security-private-ca/blob/master/samples/snippets/cloud-client/src/main/java/privateca/RevokeCertificate.java) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/java-security-private-ca&page=editor&open_in_editor=samples/snippets/cloud-client/src/main/java/privateca/RevokeCertificate.java) |
+| Undelete Certificate Authority | [source code](https://github.com/googleapis/java-security-private-ca/blob/master/samples/snippets/cloud-client/src/main/java/privateca/UndeleteCertificateAuthority.java) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/java-security-private-ca&page=editor&open_in_editor=samples/snippets/cloud-client/src/main/java/privateca/UndeleteCertificateAuthority.java) |
 
 
 

samples/snippets/cloud-client/src/main/java/privateca/ActivateSubordinateCa.java

@@ -0,0 +1,133 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package privateca;
+
+// [START privateca_activate_subordinateca]
+
+import com.google.api.core.ApiFuture;
+import com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest;
+import com.google.cloud.security.privateca.v1.CertificateAuthorityName;
+import com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient;
+import com.google.cloud.security.privateca.v1.SubordinateConfig;
+import com.google.longrunning.Operation;
+import java.io.IOException;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.TimeUnit;
+
+public class ActivateSubordinateCa {
+
+  public static void main(String[] args)
+      throws InterruptedException, ExecutionException, IOException {
+    // TODO(developer): Replace these variables before running the sample.
+
+    // location: For a list of locations, see:
+    // https://cloud.google.com/certificate-authority-service/docs/locations
+    // pool_Id: Set a unique id for the CA pool.
+    // subordinateCaName: The CA to be activated.
+    // pemCACertificate: The signed certificate, obtained by signing the CSR.
+    String project = "your-project-id";
+    String location = "ca-location";
+    String pool_Id = "ca-pool-id";
+    String subordinateCaName = "subordinate-certificate-authority-name";
+    String pemCACertificate =
+        "-----BEGIN CERTIFICATE-----\n" + "sample-pem-certificate\n" + "-----END CERTIFICATE-----";
+
+    // certificateAuthorityName: The name of the certificate authority which signed the CSR.
+    // If an external CA (CA not present in Google Cloud) was used for signing,
+    // then use the CA's issuerCertificateChain.
+    String certificateAuthorityName = "certificate-authority-name";
+
+    activateSubordinateCA(
+        project, location, pool_Id, certificateAuthorityName, subordinateCaName, pemCACertificate);
+  }
+
+  // Activate a subordinate CA.
+  // *Prerequisite*: Get the CSR of the subordinate CA signed by another CA. Pass in the signed
+  // certificate and (issuer CA's name or the issuer CA's Certificate chain).
+  // *Post*: After activating the subordinate CA, it should be enabled before issuing certificates.
+  public static void activateSubordinateCA(
+      String project,
+      String location,
+      String pool_Id,
+      String certificateAuthorityName,
+      String subordinateCaName,
+      String pemCACertificate)
+      throws ExecutionException, InterruptedException, IOException {
+    // Initialize client that will be used to send requests. This client only needs to be created
+    // once, and can be reused for multiple requests. After completing all of your requests, call
+    // the `certificateAuthorityServiceClient.close()` method on the client to safely
+    // clean up any remaining background resources.
+    try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+        CertificateAuthorityServiceClient.create()) {
+      // Subordinate CA parent.
+      String subordinateCaParent =
+          CertificateAuthorityName.of(project, location, pool_Id, subordinateCaName).toString();
+
+      // Construct the "Activate CA Request".
+      ActivateCertificateAuthorityRequest activateCertificateAuthorityRequest =
+          ActivateCertificateAuthorityRequest.newBuilder()
+              .setName(subordinateCaParent)
+              // The signed certificate.
+              .setPemCaCertificate(pemCACertificate)
+              .setSubordinateConfig(
+                  SubordinateConfig.newBuilder()
+                      // Follow one of the below methods:
+
+                      // Method 1: If issuer CA is in Google Cloud, set the Certificate Authority
+                      // Name.
+                      .setCertificateAuthority(
+                          CertificateAuthorityName.of(
+                                  project, location, pool_Id, certificateAuthorityName)
+                              .toString())
+
+                      // Method 2: If issuer CA is external to Google Cloud, set the issuer's
+                      // certificate chain.
+                      // The certificate chain of the CA (which signed the CSR) from leaf to root.
+                      // .setPemIssuerChain(
+                      //     SubordinateConfigChain.newBuilder()
+                      //         .addAllPemCertificates(issuerCertificateChain)
+                      //         .build())
+
+                      .build())
+              .build();
+
+      // Activate the CA.
+      ApiFuture<Operation> futureCall =
+          certificateAuthorityServiceClient
+              .activateCertificateAuthorityCallable()
+              .futureCall(activateCertificateAuthorityRequest);
+
+      Operation response = futureCall.get();
+
+      if (response.hasError()) {
+        System.out.println("Error while activating the subordinate CA! " + response.getError());
+        return;
+      }
+
+      System.out.println(
+          "Subordinate Certificate Authority activated successfully ! !" + subordinateCaName);
+      TimeUnit.SECONDS.sleep(3);
+      // The current state will be STAGED.
+      // The Subordinate CA has to be ENABLED before issuing certificates.
+      System.out.println(
+          "Current State: "
+              + certificateAuthorityServiceClient
+                  .getCertificateAuthority(subordinateCaParent)
+                  .getState());
+    }
+  }
+}
+// [END privateca_activate_subordinateca]

samples/snippets/cloud-client/src/main/java/privateca/CreateCertificate_CSR.java

@@ -0,0 +1,108 @@
+/*
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package privateca;
+
+// [START privateca_create_certificate_csr]
+
+import com.google.api.core.ApiFuture;
+import com.google.cloud.security.privateca.v1.CaPoolName;
+import com.google.cloud.security.privateca.v1.Certificate;
+import com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient;
+import com.google.cloud.security.privateca.v1.CreateCertificateRequest;
+import com.google.protobuf.Duration;
+import java.io.IOException;
+import java.util.concurrent.ExecutionException;
+
+public class CreateCertificate_CSR {
+
+  public static void main(String[] args)
+      throws IOException, ExecutionException, InterruptedException {
+    // TODO(developer): Replace these variables before running the sample.
+
+    // location: For a list of locations, see:
+    // https://cloud.google.com/certificate-authority-service/docs/locations
+    // pool_Id: Set a unique id for the CA pool.
+    // certificateAuthorityName: The name of the certificate authority to sign the CSR.
+    // certificateName: Set a unique name for the certificate.
+    // pemCSR: Set the Certificate Issuing Request in the pem encoded format.
+    String project = "your-project-id";
+    String location = "ca-location";
+    String pool_Id = "ca-pool-id";
+    String certificateAuthorityName = "certificate-authority-name";
+    String certificateName = "certificate-name";
+    String pemCSR =
+        "-----BEGIN CERTIFICATE REQUEST-----\n"
+            + "sample-pem-csr-format\n"
+            + "-----END CERTIFICATE REQUEST-----";
+
+    createCertificateWithCSR(
+        project, location, pool_Id, certificateAuthorityName, certificateName, pemCSR);
+  }
+
+  // Create a Certificate which is issued by the specified Certificate Authority.
+  // The certificate details and the public key is provided as a CSR (Certificate Signing Request).
+  public static void createCertificateWithCSR(
+      String project,
+      String location,
+      String pool_Id,
+      String certificateAuthorityName,
+      String certificateName,
+      String pemCSR)
+      throws IOException, ExecutionException, InterruptedException {
+    // Initialize client that will be used to send requests. This client only needs to be created
+    // once, and can be reused for multiple requests. After completing all of your requests, call
+    // the `certificateAuthorityServiceClient.close()` method on the client to safely
+    // clean up any remaining background resources.
+    try (CertificateAuthorityServiceClient certificateAuthorityServiceClient =
+        CertificateAuthorityServiceClient.create()) {
+      // certificateLifetime: The validity of the certificate in seconds.
+      long certificateLifetime = 1000L;
+
+      // Create certificate with CSR.
+      // The pemCSR contains the public key and the domain details required.
+      Certificate certificate =
+          Certificate.newBuilder()
+              .setPemCsr(pemCSR)
+              .setLifetime(Duration.newBuilder().setSeconds(certificateLifetime).build())
+              .build();
+
+      // Create the Certificate Request.
+      // Set the CA which is responsible for creating the certificate with the provided CSR.
+      CreateCertificateRequest certificateRequest =
+          CreateCertificateRequest.newBuilder()
+              .setParent(CaPoolName.of(project, location, pool_Id).toString())
+              .setIssuingCertificateAuthorityId(certificateAuthorityName)
+              .setCertificateId(certificateName)
+              .setCertificate(certificate)
+              .build();
+
+      // Get the certificate response.
+      ApiFuture<Certificate> future =
+          certificateAuthorityServiceClient
+              .createCertificateCallable()
+              .futureCall(certificateRequest);
+
+      Certificate certificateResponse = future.get();
+
+      System.out.println("Certificate created successfully : " + certificateResponse.getName());
+
+      // Get the signed certificate and the issuer chain list.
+      System.out.println("Signed certificate:\n " + certificateResponse.getPemCertificate());
+      System.out.println("Issuer chain list:\n" + certificateResponse.getPemCertificateChainList());
+    }
+  }
+}
+// [END privateca_create_certificate_csr]