private Http01Challenge httpChallenge(Authorization auth) throws AcmeException { // Find a single http-01 challenge Http01Challenge challenge = auth.findChallenge(Http01Challenge.TYPE); if (challenge == null) { throw new AcmeException("Found no " + Http01Challenge.TYPE + " challenge, don't know what to do..."); } // Output the challenge, wait for acknowledge... log.debug("http://{}/.well-known/acme-challenge/{}", auth.getIdentifier().getDomain(), challenge.getToken()); log.debug("Content: {}", challenge.getAuthorization()); return challenge; }
/** * Adds a domain name to the order. * * @param domain * Name of a domain to be ordered. May be a wildcard domain if supported by * the CA. IDN names are accepted and will be ACE encoded automatically. * @return itself */ public OrderBuilder domain(String domain) { return identifier(Identifier.dns(domain)); }
/** * Creates a new IP identifier for the given {@link InetAddress}. * * @param ip * {@link InetAddress} * @return New {@link Identifier} */ public static Identifier ip(InetAddress ip) { return new Identifier(TYPE_IP, ip.getHostAddress()); }
try (Connection conn = getSession().connect()) { JSONBuilder claims = new JSONBuilder(); claims.put("identifier", identifier.toMap());
/** * Adds a domain name to the order. * * @param domain * Name of a domain to be ordered. May be a wildcard domain if supported by * the CA. IDN names are accepted and will be ACE encoded automatically. * @return itself */ public OrderBuilder domain(String domain) { return identifier(Identifier.dns(domain)); }
/** * Creates a new IP identifier for the given {@link InetAddress}. * * @param ip * {@link InetAddress} * @return New {@link Identifier} */ public static Identifier ip(InetAddress ip) { return new Identifier(TYPE_IP, ip.getHostAddress()); }
try (Connection conn = getSession().connect()) { JSONBuilder claims = new JSONBuilder(); claims.put("identifier", identifier.toMap());
/** * Creates a self-signed {@link X509Certificate} that can be used for the * {@link TlsAlpn01Challenge}. The certificate is valid for 7 days. * * @param keypair * A domain {@link KeyPair} to be used for the challenge * @param subject * The subject (domain name) that is to be validated * @param acmeValidation * The value that is returned by * {@link TlsAlpn01Challenge#getAcmeValidation()} * @return Created certificate * @since 2.1 * @deprecated Use {@link #createTlsAlpn01Certificate(KeyPair, Identifier, byte[])} * and {@link Identifier#dns(String)}. If an {@link Authorization} * instance is at hand, you can also use * {@link Authorization#getIdentifier()}. */ @Deprecated public static X509Certificate createTlsAlpn01Certificate(KeyPair keypair, String subject, byte[] acmeValidation) throws IOException { Objects.requireNonNull(subject, "subject"); return createTlsAlpn01Certificate(keypair, Identifier.dns(subject), acmeValidation); }
/** * Creates a new DNS identifier for the given domain name. * * @param domain * Domain name. Unicode domains are automatically ASCII encoded. * @return New {@link Identifier} */ public static Identifier dns(String domain) { return new Identifier(TYPE_DNS, toAce(domain)); }
/** * Creates a self-signed {@link X509Certificate} that can be used for the * {@link TlsAlpn01Challenge}. The certificate is valid for 7 days. * * @param keypair * A domain {@link KeyPair} to be used for the challenge * @param subject * The subject (domain name) that is to be validated * @param acmeValidation * The value that is returned by * {@link TlsAlpn01Challenge#getAcmeValidation()} * @return Created certificate * @since 2.1 * @deprecated Use {@link #createTlsAlpn01Certificate(KeyPair, Identifier, byte[])} * and {@link Identifier#dns(String)}. If an {@link Authorization} * instance is at hand, you can also use * {@link Authorization#getIdentifier()}. */ @Deprecated public static X509Certificate createTlsAlpn01Certificate(KeyPair keypair, String subject, byte[] acmeValidation) throws IOException { Objects.requireNonNull(subject, "subject"); return createTlsAlpn01Certificate(keypair, Identifier.dns(subject), acmeValidation); }
/** * Creates a new DNS identifier for the given domain name. * * @param domain * Domain name. Unicode domains are automatically ASCII encoded. * @return New {@link Identifier} */ public static Identifier dns(String domain) { return new Identifier(TYPE_DNS, toAce(domain)); }
auth.getIdentifier().getDomain(), challenge.getToken()); LOG.info("File name: {}", challenge.getToken()); LOG.info("Content: {}", challenge.getAuthorization()); message.append("Please create a file in your web server's base directory.\n\n"); message.append("http://") .append(auth.getIdentifier().getDomain()) .append("/.well-known/acme-challenge/") .append(challenge.getToken())
/** * Pre-authorizes a domain. The CA will check if it accepts the domain for * certification, and returns the necessary challenges. * <p> * Some servers may not allow pre-authorization. * <p> * It is not possible to pre-authorize wildcard domains. * * @param domain * Domain name to be pre-authorized. IDN names are accepted and will be ACE * encoded automatically. * @return {@link Authorization} object for this domain * @throws AcmeException * if the server does not allow pre-authorization * @throws AcmeServerException * if the server allows pre-authorization, but will refuse to issue a * certificate for this domain */ public Authorization preAuthorizeDomain(String domain) throws AcmeException { Objects.requireNonNull(domain, "domain"); if (domain.isEmpty()) { throw new IllegalArgumentException("domain must not be empty"); } return preAuthorize(Identifier.dns(domain)); }
/** * Returns the value as {@link Identifier}. * * @since 2.3 */ public Identifier asIdentifier() { required(); return new Identifier(asObject()); }
/** * Pre-authorizes a domain. The CA will check if it accepts the domain for * certification, and returns the necessary challenges. * <p> * Some servers may not allow pre-authorization. * <p> * It is not possible to pre-authorize wildcard domains. * * @param domain * Domain name to be pre-authorized. IDN names are accepted and will be ACE * encoded automatically. * @return {@link Authorization} object for this domain * @throws AcmeException * if the server does not allow pre-authorization * @throws AcmeServerException * if the server allows pre-authorization, but will refuse to issue a * certificate for this domain */ public Authorization preAuthorizeDomain(String domain) throws AcmeException { Objects.requireNonNull(domain, "domain"); if (domain.isEmpty()) { throw new IllegalArgumentException("domain must not be empty"); } return preAuthorize(Identifier.dns(domain)); }