public class AcmeClient
extends java.lang.Object
Modifier and Type | Class and Description |
---|---|
(package private) static class |
AcmeClient.AcmeOps
The ACME client command.
|
(package private) static class |
AcmeClient.InputParameters
Defines the ACME client input parameters.
|
(package private) class |
AcmeClient.RequestBuilder
Wraps functionality of acme4j certificate request builder required to build a certificate
request for the target domains.
|
(package private) static class |
AcmeClient.RequestInfo
Defines certificate requests data fields.
|
Modifier and Type | Field and Description |
---|---|
private static long |
ACCEPT_CHALLENGE_TIMEOUT
If the challenge is not accepted for this period, then the client process is stopped.
|
private java.lang.String |
acmeServerUri
ACME server URI "acme://letsencrypt.org/staging"
|
private static int |
CHALLENGE_TRIES
The number of tries to get validated challenge
|
(package private) static java.io.File |
DOMAIN_CHAIN_FILE
The signed certificate chain without a requested leaf certificate
|
(package private) static java.io.File |
DOMAIN_CRT_FILE
The signed domain certificate
|
(package private) static java.io.File |
DOMAIN_CSR_FILE
The certificate request for the signed target domain certificate
|
(package private) static java.io.File |
DOMAIN_FULLCHAIN_FILE
The signed certificate full chain that comprises from the requested leaf certificate and
the trusted certificates chain.
|
(package private) static java.io.File |
DOMAIN_KEY_FILE
The target domain private certificate
|
(package private) static java.io.File |
DOMAIN_REG_FILE
The certificate domain registration file
|
private java.lang.String |
host
The managed server host address, the domain IP address
|
private static int |
KEY_SIZE
The default RSA key size of generated key pairs
|
private static org.slf4j.Logger |
LOG
The class logger
|
private ManagedWebServer |
mws
The instance of the managed web server
|
private int |
port
The managed server port
|
private org.shredzone.acme4j.Registration |
registration
The ACME client account
|
private org.shredzone.acme4j.Session |
session
The current session with ACME server
|
private static long |
UPDATE_CHALLENGE_TIMEOUT
The polling interval between challenge updates
|
(package private) static java.io.File |
USER_KEY_FILE
The user private certificate
|
(package private) static java.io.File |
USER_REG_FILE
The user registration URI
|
Constructor and Description |
---|
AcmeClient(java.lang.String acmeServerUri,
java.lang.String host,
int port)
Setups the ACME client to use the provided ACME server for its requests and the given
ACME accessible host and port.
|
Modifier and Type | Method and Description |
---|---|
private boolean |
acceptTlsSniChallenge(java.lang.String subject,
long timeout)
Prepares the challenge validation that starts the managed web server for the provided
subject.
|
private void |
addContact(java.lang.String contact)
Updates the registered account with new contact information.
|
SSLCertFactory.CertificateSuite |
askCertificates(java.util.Map<AcmeClient.RequestInfo,java.lang.String> certRequestInfo,
java.util.List<java.lang.String> domains)
Requests certificates for the given domains.
|
private void |
authorize(java.lang.String domain)
Authorize a domain.
|
private void |
changeUserKey(java.security.KeyPair userKeyPair)
Change the registered account key.
|
private static java.security.KeyPair |
createKeyPair(java.io.File file)
Creates a new private certificate and saves it in the specified file.
|
private static void |
deleteFile(java.io.File file)
Delete file and log results
|
SSLCertFactory.CertificateSuite |
getCertificates(java.lang.String contact,
java.util.Map<AcmeClient.RequestInfo,java.lang.String> subjectFields,
java.util.List<java.lang.String> domains,
java.io.File userKeyFile,
java.io.File userKeyRegFile)
Connects to the ACME server on behalf of the provided user private key and gets signed
certificates for the requested domains.
|
private static java.security.KeyPair |
loadKeyPair(java.io.File file)
Loads a key pair from the specified file.
|
private static java.security.KeyPair |
loadOrCreateKeyPair(java.io.File file)
Loads a key pair from specified file.
|
private void |
loginAccount(java.security.KeyPair userKeyPair,
java.net.URI regAccount)
Login the registered account.
|
static void |
main(java.lang.String[] args)
Runs ACME client to get certificates for the target domains.
|
static java.util.List<java.lang.String> |
parseDomains(java.lang.String domains)
Returns the list of requested domains for the given string presentation in which domains
separated by spaces.
|
private static java.net.URI |
readURI(java.io.File file)
Reads the target registration URI from the given file.
|
private java.net.URI |
registerAccount(java.security.KeyPair userKeyPair,
java.util.List<java.lang.String> contacts)
Registers new account or login into the existing one.
|
private void |
remove(java.net.URI regAccount,
java.security.KeyPair userKeyPair)
Remove the target registration account.
|
private void |
revoke(java.net.URI domainCertUri,
java.security.KeyPair userKeyPair)
Revoke the target certificate.
|
private static void |
serializeURI(java.net.URI regUri,
java.io.File file)
Serializes the target registration URI into the given file.
|
private void |
setAgreement(java.net.URI agreement)
Confirms the Terms of Service given by its URI.
|
void |
shutdown()
Shutdown the managed web server.
|
private org.shredzone.acme4j.challenge.Challenge |
tlsSniChallenge(org.shredzone.acme4j.Authorization auth,
java.lang.String domain)
Prepares the TLS-SNI challenge.
|
static final java.io.File USER_KEY_FILE
static final java.io.File USER_REG_FILE
static final java.io.File DOMAIN_KEY_FILE
static final java.io.File DOMAIN_CSR_FILE
static final java.io.File DOMAIN_FULLCHAIN_FILE
static final java.io.File DOMAIN_CHAIN_FILE
static final java.io.File DOMAIN_CRT_FILE
static final java.io.File DOMAIN_REG_FILE
private static final long ACCEPT_CHALLENGE_TIMEOUT
private static final int CHALLENGE_TRIES
private static final long UPDATE_CHALLENGE_TIMEOUT
private static final int KEY_SIZE
private static final org.slf4j.Logger LOG
private final java.lang.String acmeServerUri
private final java.lang.String host
private final int port
private ManagedWebServer mws
private org.shredzone.acme4j.Session session
private org.shredzone.acme4j.Registration registration
public AcmeClient(java.lang.String acmeServerUri, java.lang.String host, int port)
acmeServerUri
- The ACME server URIhost
- The ACME client host addressport
- The ACME client portpublic static java.util.List<java.lang.String> parseDomains(java.lang.String domains)
domains
- The domains listed in a string and separated by spaces.public SSLCertFactory.CertificateSuite askCertificates(java.util.Map<AcmeClient.RequestInfo,java.lang.String> certRequestInfo, java.util.List<java.lang.String> domains) throws java.io.IOException, org.shredzone.acme4j.exception.AcmeException
certRequestInfo
- The certificate request information that contains these keys and their values:
OU="organization unit", O="organization", L="locality(city)", S="state" and
C="Country Code".domains
- Domain to get a common certificate forjava.io.IOException
org.shredzone.acme4j.exception.AcmeException
public SSLCertFactory.CertificateSuite getCertificates(java.lang.String contact, java.util.Map<AcmeClient.RequestInfo,java.lang.String> subjectFields, java.util.List<java.lang.String> domains, java.io.File userKeyFile, java.io.File userKeyRegFile) throws org.shredzone.acme4j.exception.AcmeException
contact
- The provided contact informationsubjectFields
- The provideddomains
- The requested domainsuserKeyFile
- The user private certificateuserKeyRegFile
- The user registration data fileorg.shredzone.acme4j.exception.AcmeException
- If the request for getting target certificates is failed.public void shutdown()
private static java.security.KeyPair loadKeyPair(java.io.File file) throws java.io.IOException
file
- The file containing the target PEM private certificate.KeyPair
.java.io.IOException
private static java.security.KeyPair createKeyPair(java.io.File file) throws java.io.IOException
file
- The file to store the created PEM private certificate.KeyPair
.java.io.IOException
private static java.security.KeyPair loadOrCreateKeyPair(java.io.File file) throws java.io.IOException
file
- The file containing the target PEM private certificate.KeyPair
.java.io.IOException
private static void serializeURI(java.net.URI regUri, java.io.File file)
regUri
- The registration URIfile
- The given file to store the client registration.private static java.net.URI readURI(java.io.File file) throws java.io.FileNotFoundException, java.io.IOException, java.lang.ClassNotFoundException
file
- The given file with the client registration.java.io.IOException
- Iff IO read operation is failedjava.io.FileNotFoundException
- Iff the target file doesn't existjava.lang.ClassNotFoundException
- Iff the serialized class is not foundprivate static void deleteFile(java.io.File file)
file
- The target file to deleteprivate void authorize(java.lang.String domain) throws org.shredzone.acme4j.exception.AcmeException
domain
- Name of the domain to authorizeorg.shredzone.acme4j.exception.AcmeException
- iff the tls-sni-01 challenge validation is failed.private org.shredzone.acme4j.challenge.Challenge tlsSniChallenge(org.shredzone.acme4j.Authorization auth, java.lang.String domain) throws org.shredzone.acme4j.exception.AcmeException
auth
- Authorization
to find the challenge indomain
- Domain name to be authorizedChallenge
to verifyorg.shredzone.acme4j.exception.AcmeException
private boolean acceptTlsSniChallenge(java.lang.String subject, long timeout) throws org.shredzone.acme4j.exception.AcmeException
subject
- The provided subjecttimeout
- The waiting time until the server is ready or failed.org.shredzone.acme4j.exception.AcmeException
private void revoke(java.net.URI domainCertUri, java.security.KeyPair userKeyPair) throws org.shredzone.acme4j.exception.AcmeException
domainCertUri
- The domain certificate URI to revokeuserKeyPair
- The user private certificateorg.shredzone.acme4j.exception.AcmeException
- Iff the certificate revocation is not succeeded.private void remove(java.net.URI regAccount, java.security.KeyPair userKeyPair) throws org.shredzone.acme4j.exception.AcmeException
regAccount
- The registration account URI to removeuserKeyPair
- The user private certificateorg.shredzone.acme4j.exception.AcmeException
- Iff the removing registration account is not succeeded.private java.net.URI registerAccount(java.security.KeyPair userKeyPair, java.util.List<java.lang.String> contacts) throws org.shredzone.acme4j.exception.AcmeException
userKeyPair
- The user private certificatecontacts
- Contact informationorg.shredzone.acme4j.exception.AcmeException
- iff registration is failedprivate void loginAccount(java.security.KeyPair userKeyPair, java.net.URI regAccount) throws org.shredzone.acme4j.exception.AcmeException
userKeyPair
- The user private certificate associated with its account.regAccount
- The registered account URIorg.shredzone.acme4j.exception.AcmeException
- iff registration is failedprivate void addContact(java.lang.String contact) throws org.shredzone.acme4j.exception.AcmeException
contact
- New contact informationorg.shredzone.acme4j.exception.AcmeException
- iff this transaction is failed.private void setAgreement(java.net.URI agreement) throws org.shredzone.acme4j.exception.AcmeException
agreement
- The Terms of Service given by its URIorg.shredzone.acme4j.exception.AcmeException
- iff this transaction is failed.private void changeUserKey(java.security.KeyPair userKeyPair) throws org.shredzone.acme4j.exception.AcmeException
userKeyPair
- New user private certificateorg.shredzone.acme4j.exception.AcmeException
- iff this transaction is failed.public static void main(java.lang.String[] args)
args
- The provided parameters