private static String getEncodedProtectedHeader(String algHeader, PublicKey publicKey, String resourceUrl) { JsonObject protectedHeader = Json.createObjectBuilder() .add(ALG, algHeader) .add(JWK, getJwk(publicKey, algHeader)) .add(URL, resourceUrl) .build(); return getEncodedJson(protectedHeader); }
private String getEncodedProtectedHeader(boolean useJwk, String resourceUrl, AcmeAccount account, boolean staging) throws AcmeException { JsonObjectBuilder protectedHeaderBuilder = Json.createObjectBuilder().add(ALG, account.getAlgHeader()); if (useJwk) { protectedHeaderBuilder.add(JWK, getJwk(account.getPublicKey(), account.getAlgHeader())); } else { protectedHeaderBuilder.add(KID, getAccountUrl(account, staging)); } protectedHeaderBuilder .add(NONCE, base64UrlEncode(getNonce(account, staging))) .add(URL, resourceUrl); return getEncodedJson(protectedHeaderBuilder.build()); }
/** * Deactivate the given ACME account. It is not possible to reactivate an ACME account after it has * been deactivated. * * @param account the ACME account information to use (must not be {@code null}) * @param staging whether or not the staging server URL should be used * @throws AcmeException if an error occurs while attempting to deactivate the given ACME account */ public void deactivateAccount(AcmeAccount account, boolean staging) throws AcmeException { Assert.checkNotNullParam("account", account); JsonObject payload = Json.createObjectBuilder() .add(STATUS, DEACTIVATED) .build(); sendPostRequestWithRetries(account, staging, getAccountUrl(account, staging), false, getEncodedJson(payload), HttpURLConnection.HTTP_OK); }
/** * Deactivate an authorization. * * @param account the ACME account information to use (must not be {@code null}) * @param staging whether or not the staging server URL should be used * @param authorizationUrl the authorization url (must not be {@code null}) * @throws AcmeException if an error occurs while attempting to deactivate an authorization for the given identifier */ public void deactivateAuthorization(AcmeAccount account, boolean staging, String authorizationUrl) throws AcmeException { Assert.checkNotNullParam("account", account); Assert.checkNotNullParam("authorizationUrl", authorizationUrl); JsonObject payload = Json.createObjectBuilder() .add(STATUS, DEACTIVATED) .build(); sendPostRequestWithRetries(account, staging, authorizationUrl, false, getEncodedJson(payload), HttpURLConnection.HTTP_OK); }
/** * Revoke the given certificate. * * @param account the ACME account information to use (must not be {@code null}) * @param staging whether or not the staging server URL should be used * @param certificate the certificate to be revoked (must not be {@code null}) * @param reason the optional reason why the certificate is being revoked (may be {@code null}) * @throws AcmeException if an error occurs while attempting to revoke the given certificate */ public void revokeCertificate(AcmeAccount account, boolean staging, X509Certificate certificate, CRLReason reason) throws AcmeException { Assert.checkNotNullParam("account", account); Assert.checkNotNullParam("certificate", certificate); final String revokeCertUrl = getResourceUrl(account, AcmeResource.REVOKE_CERT, staging).toString(); byte[] encodedCertificate; try { encodedCertificate = certificate.getEncoded(); } catch (CertificateEncodingException e) { throw acme.unableToGetEncodedFormOfCertificateToBeRevoked(e); } JsonObjectBuilder payloadBuilder = Json.createObjectBuilder() .add(CERTIFICATE, base64UrlEncode(encodedCertificate)); if (reason != null) { payloadBuilder.add(REASON, reason.ordinal()); } sendPostRequestWithRetries(account, staging, revokeCertUrl, false, getEncodedJson(payloadBuilder.build()), HttpURLConnection.HTTP_OK); }
/** * Change the key that is associated with the given ACME account. * * @param account the ACME account information to use (must not be {@code null}) * @param staging whether or not the staging server URL should be used * @param certificate the new certificate to associate with the given ACME account (must not be {@code null}) * @param privateKey the new private key to associate with the given ACME account (must not be {@code null}) * @throws AcmeException if an error occurs while attempting to change the key that is associated with the given ACME account */ public void changeAccountKey(AcmeAccount account, boolean staging, X509Certificate certificate, PrivateKey privateKey) throws AcmeException { Assert.checkNotNullParam("account", account); Assert.checkNotNullParam("certificate", certificate); Assert.checkNotNullParam("privateKey", privateKey); final String keyChangeUrl = getResourceUrl(account, AcmeResource.KEY_CHANGE, staging).toString(); final String signatureAlgorithm = getDefaultCompatibleSignatureAlgorithmName(privateKey); final String algHeader = getAlgHeaderFromSignatureAlgorithm(signatureAlgorithm); final String innerEncodedProtectedHeader = getEncodedProtectedHeader(algHeader, certificate.getPublicKey(), keyChangeUrl); JsonObjectBuilder innerPayloadBuilder = Json.createObjectBuilder() .add(ACCOUNT, getAccountUrl(account, staging)) .add(OLD_KEY, getJwk(account.getPublicKey(), account.getAlgHeader())); final String innerEncodedPayload = getEncodedJson(innerPayloadBuilder.build()); final String innerEncodedSignature = getEncodedSignature(privateKey, signatureAlgorithm, innerEncodedProtectedHeader, innerEncodedPayload); final String outerEncodedPayload = getEncodedJson(getJws(innerEncodedProtectedHeader, innerEncodedPayload, innerEncodedSignature)); sendPostRequestWithRetries(account, staging, keyChangeUrl, false, outerEncodedPayload, HttpURLConnection.HTTP_OK); account.changeCertificateAndPrivateKey(certificate, privateKey); // update account info }
/** * Update an account with an ACME server using the given account information. * * @param account the ACME account information to use (must not be {@code null}) * @param staging whether or not the staging server URL should be used * @param termsOfServiceAgreed the new value for whether or not the terms of service have been agreed to * @param contactUrls the new account contact URLs * @throws AcmeException if an error occurs while attempting to update the account */ public void updateAccount(AcmeAccount account, boolean staging, boolean termsOfServiceAgreed, String[] contactUrls) throws AcmeException { Assert.checkNotNullParam("account", account); JsonObjectBuilder payloadBuilder = Json.createObjectBuilder() .add(TERMS_OF_SERVICE_AGREED, termsOfServiceAgreed); if (contactUrls != null && ! (contactUrls.length == 0)) { JsonArrayBuilder contactBuilder = Json.createArrayBuilder(); for (String contactUrl : contactUrls) { contactBuilder.add(contactUrl); } payloadBuilder.add(CONTACT, contactBuilder.build()); } sendPostRequestWithRetries(account, staging, getAccountUrl(account, staging), false, getEncodedJson(payloadBuilder.build()), HttpURLConnection.HTTP_OK); account.setTermsOfServiceAgreed(termsOfServiceAgreed); if (contactUrls != null && ! (contactUrls.length == 0)) { account.setContactUrls(contactUrls); } }
getEncodedJson(payloadBuilder.build()), HttpURLConnection.HTTP_CREATED); String authorizationUrl = getLocation(connection); JsonObject jsonResponse = getJsonResponse(connection);
getEncodedJson(payloadBuilder.build()), HttpURLConnection.HTTP_CREATED, HttpURLConnection.HTTP_OK); account.setAccountUrl(getLocation(connection)); try {
private AcmeChallenge respondToChallenges(AcmeAccount account, boolean staging, JsonObject authorization) throws AcmeException { List<AcmeChallenge> challenges = null; if (authorization.getString(STATUS).equals(PENDING)) { JsonObject identifier = authorization.getJsonObject(IDENTIFIER); JsonArray challengeArray = authorization.getJsonArray(CHALLENGES); challenges = new ArrayList<>(challengeArray.size()); for (JsonObject challenge : challengeArray.getValuesAs(JsonObject.class)) { challenges.add(new AcmeChallenge(AcmeChallenge.Type.forName(challenge.getString(TYPE)), challenge.getString(URL), challenge.getString(TOKEN), identifier.getString(TYPE), identifier.getString(VALUE))); } } if (challenges != null && ! challenges.isEmpty()) { AcmeChallenge selectedChallenge = proveIdentifierControl(account, challenges); try { sendPostRequestWithRetries(account, staging, selectedChallenge.getUrl(), false, getEncodedJson(EMPTY_PAYLOAD), HttpURLConnection.HTTP_OK); return selectedChallenge; } catch (AcmeException e) { cleanupAfterChallenge(account, selectedChallenge); throw e; } } return null; }
HttpURLConnection connection = sendPostRequestWithRetries(account, staging, newOrderUrl, false, getEncodedJson(payloadBuilder.build()), HttpURLConnection.HTTP_CREATED); JsonObject jsonResponse = getJsonResponse(connection); final String finalizeOrderUrl = jsonResponse.getString(FINALIZE); connection = sendPostRequestWithRetries(account, staging, finalizeOrderUrl, false, getEncodedJson(payloadBuilder.build()), HttpURLConnection.HTTP_OK); final String orderUrl = getLocation(connection);
private static String getEncodedProtectedHeader(String algHeader, PublicKey publicKey, String resourceUrl) { JsonObject protectedHeader = Json.createObjectBuilder() .add(ALG, algHeader) .add(JWK, getJwk(publicKey, algHeader)) .add(URL, resourceUrl) .build(); return getEncodedJson(protectedHeader); }
private static String getEncodedProtectedHeader(String algHeader, PublicKey publicKey, String resourceUrl) { JsonObject protectedHeader = Json.createObjectBuilder() .add(ALG, algHeader) .add(JWK, getJwk(publicKey, algHeader)) .add(URL, resourceUrl) .build(); return getEncodedJson(protectedHeader); }
private static String getEncodedProtectedHeader(String algHeader, PublicKey publicKey, String resourceUrl) { JsonObject protectedHeader = Json.createObjectBuilder() .add(ALG, algHeader) .add(JWK, getJwk(publicKey, algHeader)) .add(URL, resourceUrl) .build(); return getEncodedJson(protectedHeader); }
private String getEncodedProtectedHeader(boolean useJwk, String resourceUrl, AcmeAccount account, boolean staging) throws AcmeException { JsonObjectBuilder protectedHeaderBuilder = Json.createObjectBuilder().add(ALG, account.getAlgHeader()); if (useJwk) { protectedHeaderBuilder.add(JWK, getJwk(account.getPublicKey(), account.getAlgHeader())); } else { protectedHeaderBuilder.add(KID, getAccountUrl(account, staging)); } protectedHeaderBuilder .add(NONCE, base64UrlEncode(getNonce(account, staging))) .add(URL, resourceUrl); return getEncodedJson(protectedHeaderBuilder.build()); }
private String getEncodedProtectedHeader(boolean useJwk, String resourceUrl, AcmeAccount account, boolean staging) throws AcmeException { JsonObjectBuilder protectedHeaderBuilder = Json.createObjectBuilder().add(ALG, account.getAlgHeader()); if (useJwk) { protectedHeaderBuilder.add(JWK, getJwk(account.getPublicKey(), account.getAlgHeader())); } else { protectedHeaderBuilder.add(KID, getAccountUrl(account, staging)); } protectedHeaderBuilder .add(NONCE, base64UrlEncode(getNonce(account, staging))) .add(URL, resourceUrl); return getEncodedJson(protectedHeaderBuilder.build()); }
private String getEncodedProtectedHeader(boolean useJwk, String resourceUrl, AcmeAccount account, boolean staging) throws AcmeException { JsonObjectBuilder protectedHeaderBuilder = Json.createObjectBuilder().add(ALG, account.getAlgHeader()); if (useJwk) { protectedHeaderBuilder.add(JWK, getJwk(account.getPublicKey(), account.getAlgHeader())); } else { protectedHeaderBuilder.add(KID, getAccountUrl(account, staging)); } protectedHeaderBuilder .add(NONCE, base64UrlEncode(getNonce(account, staging))) .add(URL, resourceUrl); return getEncodedJson(protectedHeaderBuilder.build()); }
/** * Deactivate the given ACME account. It is not possible to reactivate an ACME account after it has * been deactivated. * * @param account the ACME account information to use (must not be {@code null}) * @param staging whether or not the staging server URL should be used * @throws AcmeException if an error occurs while attempting to deactivate the given ACME account */ public void deactivateAccount(AcmeAccount account, boolean staging) throws AcmeException { Assert.checkNotNullParam("account", account); JsonObject payload = Json.createObjectBuilder() .add(STATUS, DEACTIVATED) .build(); sendPostRequestWithRetries(account, staging, getAccountUrl(account, staging), false, getEncodedJson(payload), HttpURLConnection.HTTP_OK); }
String queryAccountStatus(AcmeAccount account, boolean staging) throws AcmeException { Assert.checkNotNullParam("account", account); HttpURLConnection connection = sendPostRequestWithRetries(account, staging, getAccountUrl(account, staging), false, getEncodedJson(EMPTY_PAYLOAD), HttpURLConnection.HTTP_OK); JsonObject jsonResponse = getJsonResponse(connection); return jsonResponse.getString(STATUS); }
String queryAccountStatus(AcmeAccount account, boolean staging) throws AcmeException { Assert.checkNotNullParam("account", account); HttpURLConnection connection = sendPostRequestWithRetries(account, staging, getAccountUrl(account, staging), false, getEncodedJson(EMPTY_PAYLOAD), HttpURLConnection.HTTP_OK); JsonObject jsonResponse = getJsonResponse(connection); return jsonResponse.getString(STATUS); }