Session session = new Session(letsEncryptUrl);
public CompletableFuture<AcmeInfo> fetchRemoteInfo() { try { Session session = new Session(config.getProviderLocation()); Metadata metadata = session.getMetadata(); URI termsOfServiceUri = metadata.getTermsOfService(); URL website = metadata.getWebsite(); return CompletableFuture.completedFuture(new AcmeInfo(termsOfServiceUri, website)); } catch(AcmeException e) { throw new RuntimeException(e); } }
/** * @return The list of challenges with tokens to create webpages for that remote end will call to verify we own the domain */ public CompletableFuture<ProxyOrder> placeOrder(URL accountUrl, KeyPair accountKeyPair) { try { log.info("reestablish account from location="+accountUrl+" and keypair"); Session session = new Session("acme://letsencrypt.org/staging"); Login login = session.login(accountUrl, accountKeyPair); Account account = login.getAccount(); log.info("create an order"); String domainTemp = "something.com"; Order order = account.newOrder() .domain(domainTemp) .create(); checkAuthStatii(order); List<ProxyAuthorization> auths = new ArrayList<>(); for(Authorization auth : order.getAuthorizations()) auths.add(new ProxyAuthorization(auth)); return CompletableFuture.completedFuture(new ProxyOrder(order, auths)); } catch (AcmeException e) { throw new RuntimeException(e); } }
if (recurrent && !session.getMetadata().isStarEnabled()) { throw new AcmeException("CA does not support short-term automatic renewals"); try (Connection conn = session.connect()) { JSONBuilder claims = new JSONBuilder(); claims.array("identifiers", identifierSet.stream().map(Identifier::toMap).collect(toList())); conn.sendSignedRequest(session.resourceUrl(Resource.NEW_ORDER), claims, login);
LOG.debug("revoke using the domain key pair"); URL resUrl = session.resourceUrl(Resource.REVOKE_CERT); if (resUrl == null) { throw new AcmeException("Server does not allow certificate revocation"); try (Connection conn = session.connect()) { JSONBuilder claims = new JSONBuilder(); claims.putBase64("certificate", cert.getEncoded());
/** * Cancels a recurrent order. * * @since 2.3 */ public void cancelRecurrent() throws AcmeException { if (!getSession().getMetadata().isStarEnabled()) { throw new AcmeException("CA does not support short-term automatic renewals"); } LOG.debug("cancel"); try (Connection conn = getSession().connect()) { JSONBuilder claims = new JSONBuilder(); claims.put("status", "canceled"); conn.sendSignedRequest(getLocation(), claims, getLogin()); JSON json = conn.readJsonResponse(); if (json != null) { setJSON(json); } } }
@Override public void resetNonce(Session session) throws AcmeException { assertConnectionIsClosed(); try { session.setNonce(null); URL newNonceUrl = session.resourceUrl(Resource.NEW_NONCE); LOG.debug("HEAD {}", newNonceUrl); conn = httpConnector.openConnection(newNonceUrl, session.getProxy()); conn.setRequestMethod("HEAD"); conn.setRequestProperty(ACCEPT_LANGUAGE_HEADER, session.getLocale().toLanguageTag()); conn.connect(); logHeaders(); int rc = conn.getResponseCode(); if (rc != HttpURLConnection.HTTP_OK && rc != HttpURLConnection.HTTP_NO_CONTENT) { throwAcmeException(); } String nonce = getNonce(); if (nonce == null) { throw new AcmeProtocolException("Server did not provide a nonce"); } session.setNonce(nonce); } catch (IOException ex) { throw new AcmeNetworkException(ex); } finally { conn = null; } }
throws AcmeException { try { if (session.getNonce() == null) { resetNonce(session); conn = httpConnector.openConnection(url, session.getProxy()); conn.setRequestMethod("POST"); conn.setRequestProperty(ACCEPT_HEADER, accept); conn.setRequestProperty(ACCEPT_CHARSET_HEADER, DEFAULT_CHARSET); conn.setRequestProperty(ACCEPT_LANGUAGE_HEADER, session.getLocale().toLanguageTag()); conn.setRequestProperty(CONTENT_TYPE_HEADER, "application/jose+json"); conn.setDoOutput(true); JsonWebSignature jws = new JsonWebSignature(); jws.setPayload(claimJson); jws.getHeaders().setObjectHeaderValue("nonce", session.getNonce()); jws.getHeaders().setObjectHeaderValue("url", url); if (accountLocation == null) { session.setNonce(getNonce());
conn = httpConnector.openConnection(url, session.getProxy()); conn.setRequestMethod("GET"); conn.setRequestProperty(ACCEPT_HEADER, accept); conn.setRequestProperty(ACCEPT_CHARSET_HEADER, DEFAULT_CHARSET); conn.setRequestProperty(ACCEPT_LANGUAGE_HEADER, session.getLocale().toLanguageTag()); conn.setDoOutput(false); session.setNonce(nonce);
/** * Reads the next batch of URLs from the server, and fills the queue with the URLs. If * there is a "next" header, it is used for the next batch of URLs. */ private void readAndQueue() throws AcmeException { Session session = login.getSession(); try (Connection conn = session.connect()) { conn.sendSignedPostAsGetRequest(nextUrl, login); JSON json = conn.readJsonResponse(); if (json != null) { fillUrlList(json); } nextUrl = conn.getLinks("next").stream().findFirst().orElse(null); } }
/** * Finds your {@link Account} at the ACME server. It will be found by your user's * public key. If your key is not known to the server yet, a new account will be * created. * <p> * This is a simple way of finding your {@link Account}. A better way is to get the * URL and KeyIdentifier of your new account with {@link Account#getLocation()} * {@link Session#getKeyIdentifier()} and store it somewhere. If you need to get * access to your account later, reconnect to it via * {@link Account#bind(Session, URI)} by using the stored location. * * @param session * {@link Session} to bind with * @return {@link Login} that is connected to your account */ private Account findOrRegisterAccount(Session session, KeyPair accountKey) throws AcmeException { // Ask the user to accept the TOS, if server provides us with a link. URI tos = session.getMetadata().getTermsOfService(); if (tos != null) { acceptAgreement(tos); } Account account = new AccountBuilder() .agreeToTermsOfService() .useKeyPair(accountKey) .create(session); LOG.info("Registered a new user, URL: {}", account.getLocation()); return account; }
private void login() { KeyPair accountKeyPair = RSATools.createKeyPair(RSACrypt.RSA_CRYPT.loadKeysPemFromString(config.getAccountKeypairPem())); LOGGER.info("Registering account"); try { account = new AccountBuilder() // .addContact("mailto:" + config.getContactEmail()) // .agreeToTermsOfService() // .useKeyPair(accountKeyPair) // .create(session); } catch (AcmeException e) { LOGGER.error("Problem logging in", e); throw new LetsencryptException("Problem logging in", e); } URL accountLocationUrl = account.getLocation(); session.login(accountLocationUrl, accountKeyPair); // Get the location LOGGER.info("AcmeClient location: {}", accountLocationUrl); }
if (recurrent && !session.getMetadata().isStarEnabled()) { throw new AcmeException("CA does not support short-term automatic renewals"); try (Connection conn = session.connect()) { JSONBuilder claims = new JSONBuilder(); claims.array("identifiers", identifierSet.stream().map(Identifier::toMap).collect(toList())); conn.sendSignedRequest(session.resourceUrl(Resource.NEW_ORDER), claims, login);
LOG.debug("revoke using the domain key pair"); URL resUrl = session.resourceUrl(Resource.REVOKE_CERT); if (resUrl == null) { throw new AcmeException("Server does not allow certificate revocation"); try (Connection conn = session.connect()) { JSONBuilder claims = new JSONBuilder(); claims.putBase64("certificate", cert.getEncoded());
/** * Cancels a recurrent order. * * @since 2.3 */ public void cancelRecurrent() throws AcmeException { if (!getSession().getMetadata().isStarEnabled()) { throw new AcmeException("CA does not support short-term automatic renewals"); } LOG.debug("cancel"); try (Connection conn = getSession().connect()) { JSONBuilder claims = new JSONBuilder(); claims.put("status", "canceled"); conn.sendSignedRequest(getLocation(), claims, getLogin()); JSON json = conn.readJsonResponse(); if (json != null) { setJSON(json); } } }
@Override public void resetNonce(Session session) throws AcmeException { assertConnectionIsClosed(); try { session.setNonce(null); URL newNonceUrl = session.resourceUrl(Resource.NEW_NONCE); LOG.debug("HEAD {}", newNonceUrl); conn = httpConnector.openConnection(newNonceUrl, session.getProxy()); conn.setRequestMethod("HEAD"); conn.setRequestProperty(ACCEPT_LANGUAGE_HEADER, session.getLocale().toLanguageTag()); conn.connect(); logHeaders(); int rc = conn.getResponseCode(); if (rc != HttpURLConnection.HTTP_OK && rc != HttpURLConnection.HTTP_NO_CONTENT) { throwAcmeException(); } String nonce = getNonce(); if (nonce == null) { throw new AcmeProtocolException("Server did not provide a nonce"); } session.setNonce(nonce); } catch (IOException ex) { throw new AcmeNetworkException(ex); } finally { conn = null; } }
throws AcmeException { try { if (session.getNonce() == null) { resetNonce(session); conn = httpConnector.openConnection(url, session.getProxy()); conn.setRequestMethod("POST"); conn.setRequestProperty(ACCEPT_HEADER, accept); conn.setRequestProperty(ACCEPT_CHARSET_HEADER, DEFAULT_CHARSET); conn.setRequestProperty(ACCEPT_LANGUAGE_HEADER, session.getLocale().toLanguageTag()); conn.setRequestProperty(CONTENT_TYPE_HEADER, "application/jose+json"); conn.setDoOutput(true); JsonWebSignature jws = new JsonWebSignature(); jws.setPayload(claimJson); jws.getHeaders().setObjectHeaderValue("nonce", session.getNonce()); jws.getHeaders().setObjectHeaderValue("url", url); if (accountLocation == null) { session.setNonce(getNonce());
conn = httpConnector.openConnection(url, session.getProxy()); conn.setRequestMethod("GET"); conn.setRequestProperty(ACCEPT_HEADER, accept); conn.setRequestProperty(ACCEPT_CHARSET_HEADER, DEFAULT_CHARSET); conn.setRequestProperty(ACCEPT_LANGUAGE_HEADER, session.getLocale().toLanguageTag()); conn.setDoOutput(false); session.setNonce(nonce);
/** * Reads the next batch of URLs from the server, and fills the queue with the URLs. If * there is a "next" header, it is used for the next batch of URLs. */ private void readAndQueue() throws AcmeException { Session session = login.getSession(); try (Connection conn = session.connect()) { conn.sendSignedPostAsGetRequest(nextUrl, login); JSON json = conn.readJsonResponse(); if (json != null) { fillUrlList(json); } nextUrl = conn.getLinks("next").stream().findFirst().orElse(null); } }
public AcmeServiceImpl(LetsencryptConfig config) { this.config = config; try { LOGGER.info("Logging to {}", config.getUrl()); session = new Session(new URI(config.getUrl())); login(); } catch (Exception e) { throw new LetsencryptException("Problem connecting to ACME", e); } }