/** * Get a new nonce for the given account from the ACME server. * * @param account the ACME account information to use (must not be {@code null}) * @param staging whether or not the staging server URL should be used * @return nonce the new nonce for the given account * @throws AcmeException if an error occurs while attempting to get the new nonce from the ACME server */ public byte[] getNewNonce(final AcmeAccount account, final boolean staging) throws AcmeException { Assert.checkNotNullParam("account", account); try { final URL newNonceUrl = getResourceUrl(account, AcmeResource.NEW_NONCE, staging); HttpURLConnection connection = (HttpURLConnection) newNonceUrl.openConnection(); connection.setRequestMethod(HEAD); connection.setRequestProperty(ACCEPT_LANGUAGE, Locale.getDefault().toLanguageTag()); connection.setRequestProperty(USER_AGENT, USER_AGENT_STRING); connection.connect(); int responseCode = connection.getResponseCode(); if (responseCode != HttpURLConnection.HTTP_NO_CONTENT && responseCode != HttpURLConnection.HTTP_OK) { handleAcmeErrorResponse(connection, responseCode); } byte[] nonce = getReplayNonce(connection); if (nonce == null) { throw acme.noNonceProvidedByAcmeServer(); } return nonce; } catch (Exception e) { throw acme.unableToObtainNewNonceFromAcmeServer(); } }
/** * Revoke the given certificate. * * @param account the ACME account information to use (must not be {@code null}) * @param staging whether or not the staging server URL should be used * @param certificate the certificate to be revoked (must not be {@code null}) * @param reason the optional reason why the certificate is being revoked (may be {@code null}) * @throws AcmeException if an error occurs while attempting to revoke the given certificate */ public void revokeCertificate(AcmeAccount account, boolean staging, X509Certificate certificate, CRLReason reason) throws AcmeException { Assert.checkNotNullParam("account", account); Assert.checkNotNullParam("certificate", certificate); final String revokeCertUrl = getResourceUrl(account, AcmeResource.REVOKE_CERT, staging).toString(); byte[] encodedCertificate; try { encodedCertificate = certificate.getEncoded(); } catch (CertificateEncodingException e) { throw acme.unableToGetEncodedFormOfCertificateToBeRevoked(e); } JsonObjectBuilder payloadBuilder = Json.createObjectBuilder() .add(CERTIFICATE, base64UrlEncode(encodedCertificate)); if (reason != null) { payloadBuilder.add(REASON, reason.ordinal()); } sendPostRequestWithRetries(account, staging, revokeCertUrl, false, getEncodedJson(payloadBuilder.build()), HttpURLConnection.HTTP_OK); }
Assert.checkNotNullParam("account", account); Assert.checkNotNullParam("domainName", domainName); final String newAuthzUrl = getResourceUrl(account, AcmeResource.NEW_AUTHZ, staging).toString(); JsonObject identifier = Json.createObjectBuilder() .add(TYPE, DNS)
final String newAccountUrl = getResourceUrl(account, AcmeResource.NEW_ACCOUNT, staging).toString();
/** * Change the key that is associated with the given ACME account. * * @param account the ACME account information to use (must not be {@code null}) * @param staging whether or not the staging server URL should be used * @param certificate the new certificate to associate with the given ACME account (must not be {@code null}) * @param privateKey the new private key to associate with the given ACME account (must not be {@code null}) * @throws AcmeException if an error occurs while attempting to change the key that is associated with the given ACME account */ public void changeAccountKey(AcmeAccount account, boolean staging, X509Certificate certificate, PrivateKey privateKey) throws AcmeException { Assert.checkNotNullParam("account", account); Assert.checkNotNullParam("certificate", certificate); Assert.checkNotNullParam("privateKey", privateKey); final String keyChangeUrl = getResourceUrl(account, AcmeResource.KEY_CHANGE, staging).toString(); final String signatureAlgorithm = getDefaultCompatibleSignatureAlgorithmName(privateKey); final String algHeader = getAlgHeaderFromSignatureAlgorithm(signatureAlgorithm); final String innerEncodedProtectedHeader = getEncodedProtectedHeader(algHeader, certificate.getPublicKey(), keyChangeUrl); JsonObjectBuilder innerPayloadBuilder = Json.createObjectBuilder() .add(ACCOUNT, getAccountUrl(account, staging)) .add(OLD_KEY, getJwk(account.getPublicKey(), account.getAlgHeader())); final String innerEncodedPayload = getEncodedJson(innerPayloadBuilder.build()); final String innerEncodedSignature = getEncodedSignature(privateKey, signatureAlgorithm, innerEncodedProtectedHeader, innerEncodedPayload); final String outerEncodedPayload = getEncodedJson(getJws(innerEncodedProtectedHeader, innerEncodedPayload, innerEncodedSignature)); sendPostRequestWithRetries(account, staging, keyChangeUrl, false, outerEncodedPayload, HttpURLConnection.HTTP_OK); account.changeCertificateAndPrivateKey(certificate, privateKey); // update account info }
final String newOrderUrl = getResourceUrl(account, AcmeResource.NEW_ORDER, staging).toString(); JsonArrayBuilder identifiersBuilder = Json.createArrayBuilder(); for (String domainName : domainNamesSet) {
/** * Get a new nonce for the given account from the ACME server. * * @param account the ACME account information to use (must not be {@code null}) * @param staging whether or not the staging server URL should be used * @return nonce the new nonce for the given account * @throws AcmeException if an error occurs while attempting to get the new nonce from the ACME server */ public byte[] getNewNonce(final AcmeAccount account, final boolean staging) throws AcmeException { Assert.checkNotNullParam("account", account); try { final URL newNonceUrl = getResourceUrl(account, AcmeResource.NEW_NONCE, staging); HttpURLConnection connection = (HttpURLConnection) newNonceUrl.openConnection(); connection.setRequestMethod(HEAD); connection.setRequestProperty(ACCEPT_LANGUAGE, Locale.getDefault().toLanguageTag()); connection.setRequestProperty(USER_AGENT, USER_AGENT_STRING); connection.connect(); int responseCode = connection.getResponseCode(); if (responseCode != HttpURLConnection.HTTP_NO_CONTENT && responseCode != HttpURLConnection.HTTP_OK) { handleAcmeErrorResponse(connection, responseCode); } byte[] nonce = getReplayNonce(connection); if (nonce == null) { throw acme.noNonceProvidedByAcmeServer(); } return nonce; } catch (Exception e) { throw acme.unableToObtainNewNonceFromAcmeServer(); } }
/** * Get a new nonce for the given account from the ACME server. * * @param account the ACME account information to use (must not be {@code null}) * @param staging whether or not the staging server URL should be used * @return nonce the new nonce for the given account * @throws AcmeException if an error occurs while attempting to get the new nonce from the ACME server */ public byte[] getNewNonce(final AcmeAccount account, final boolean staging) throws AcmeException { Assert.checkNotNullParam("account", account); try { final URL newNonceUrl = getResourceUrl(account, AcmeResource.NEW_NONCE, staging); HttpURLConnection connection = (HttpURLConnection) newNonceUrl.openConnection(); connection.setRequestMethod(HEAD); connection.setRequestProperty(ACCEPT_LANGUAGE, Locale.getDefault().toLanguageTag()); connection.setRequestProperty(USER_AGENT, USER_AGENT_STRING); connection.connect(); int responseCode = connection.getResponseCode(); if (responseCode != HttpURLConnection.HTTP_NO_CONTENT && responseCode != HttpURLConnection.HTTP_OK) { handleAcmeErrorResponse(connection, responseCode); } byte[] nonce = getReplayNonce(connection); if (nonce == null) { throw acme.noNonceProvidedByAcmeServer(); } return nonce; } catch (Exception e) { throw acme.unableToObtainNewNonceFromAcmeServer(); } }
/** * Get a new nonce for the given account from the ACME server. * * @param account the ACME account information to use (must not be {@code null}) * @param staging whether or not the staging server URL should be used * @return nonce the new nonce for the given account * @throws AcmeException if an error occurs while attempting to get the new nonce from the ACME server */ public byte[] getNewNonce(final AcmeAccount account, final boolean staging) throws AcmeException { Assert.checkNotNullParam("account", account); try { final URL newNonceUrl = getResourceUrl(account, AcmeResource.NEW_NONCE, staging); HttpURLConnection connection = (HttpURLConnection) newNonceUrl.openConnection(); connection.setRequestMethod(HEAD); connection.setRequestProperty(ACCEPT_LANGUAGE, Locale.getDefault().toLanguageTag()); connection.setRequestProperty(USER_AGENT, USER_AGENT_STRING); connection.connect(); int responseCode = connection.getResponseCode(); if (responseCode != HttpURLConnection.HTTP_NO_CONTENT && responseCode != HttpURLConnection.HTTP_OK) { handleAcmeErrorResponse(connection, responseCode); } byte[] nonce = getReplayNonce(connection); if (nonce == null) { throw acme.noNonceProvidedByAcmeServer(); } return nonce; } catch (Exception e) { throw acme.unableToObtainNewNonceFromAcmeServer(); } }
/** * Revoke the given certificate. * * @param account the ACME account information to use (must not be {@code null}) * @param staging whether or not the staging server URL should be used * @param certificate the certificate to be revoked (must not be {@code null}) * @param reason the optional reason why the certificate is being revoked (may be {@code null}) * @throws AcmeException if an error occurs while attempting to revoke the given certificate */ public void revokeCertificate(AcmeAccount account, boolean staging, X509Certificate certificate, CRLReason reason) throws AcmeException { Assert.checkNotNullParam("account", account); Assert.checkNotNullParam("certificate", certificate); final String revokeCertUrl = getResourceUrl(account, AcmeResource.REVOKE_CERT, staging).toString(); byte[] encodedCertificate; try { encodedCertificate = certificate.getEncoded(); } catch (CertificateEncodingException e) { throw acme.unableToGetEncodedFormOfCertificateToBeRevoked(e); } JsonObjectBuilder payloadBuilder = Json.createObjectBuilder() .add(CERTIFICATE, base64UrlEncode(encodedCertificate)); if (reason != null) { payloadBuilder.add(REASON, reason.ordinal()); } sendPostRequestWithRetries(account, staging, revokeCertUrl, false, getEncodedJson(payloadBuilder.build()), HttpURLConnection.HTTP_OK); }
/** * Revoke the given certificate. * * @param account the ACME account information to use (must not be {@code null}) * @param staging whether or not the staging server URL should be used * @param certificate the certificate to be revoked (must not be {@code null}) * @param reason the optional reason why the certificate is being revoked (may be {@code null}) * @throws AcmeException if an error occurs while attempting to revoke the given certificate */ public void revokeCertificate(AcmeAccount account, boolean staging, X509Certificate certificate, CRLReason reason) throws AcmeException { Assert.checkNotNullParam("account", account); Assert.checkNotNullParam("certificate", certificate); final String revokeCertUrl = getResourceUrl(account, AcmeResource.REVOKE_CERT, staging).toString(); byte[] encodedCertificate; try { encodedCertificate = certificate.getEncoded(); } catch (CertificateEncodingException e) { throw acme.unableToGetEncodedFormOfCertificateToBeRevoked(e); } JsonObjectBuilder payloadBuilder = Json.createObjectBuilder() .add(CERTIFICATE, base64UrlEncode(encodedCertificate)); if (reason != null) { payloadBuilder.add(REASON, reason.ordinal()); } sendPostRequestWithRetries(account, staging, revokeCertUrl, false, getEncodedJson(payloadBuilder.build()), HttpURLConnection.HTTP_OK); }
/** * Revoke the given certificate. * * @param account the ACME account information to use (must not be {@code null}) * @param staging whether or not the staging server URL should be used * @param certificate the certificate to be revoked (must not be {@code null}) * @param reason the optional reason why the certificate is being revoked (may be {@code null}) * @throws AcmeException if an error occurs while attempting to revoke the given certificate */ public void revokeCertificate(AcmeAccount account, boolean staging, X509Certificate certificate, CRLReason reason) throws AcmeException { Assert.checkNotNullParam("account", account); Assert.checkNotNullParam("certificate", certificate); final String revokeCertUrl = getResourceUrl(account, AcmeResource.REVOKE_CERT, staging).toString(); byte[] encodedCertificate; try { encodedCertificate = certificate.getEncoded(); } catch (CertificateEncodingException e) { throw acme.unableToGetEncodedFormOfCertificateToBeRevoked(e); } JsonObjectBuilder payloadBuilder = Json.createObjectBuilder() .add(CERTIFICATE, base64UrlEncode(encodedCertificate)); if (reason != null) { payloadBuilder.add(REASON, reason.ordinal()); } sendPostRequestWithRetries(account, staging, revokeCertUrl, false, getEncodedJson(payloadBuilder.build()), HttpURLConnection.HTTP_OK); }
Assert.checkNotNullParam("account", account); Assert.checkNotNullParam("domainName", domainName); final String newAuthzUrl = getResourceUrl(account, AcmeResource.NEW_AUTHZ, staging).toString(); JsonObject identifier = Json.createObjectBuilder() .add(TYPE, DNS)
Assert.checkNotNullParam("account", account); Assert.checkNotNullParam("domainName", domainName); final String newAuthzUrl = getResourceUrl(account, AcmeResource.NEW_AUTHZ, staging).toString(); JsonObject identifier = Json.createObjectBuilder() .add(TYPE, DNS)
Assert.checkNotNullParam("account", account); Assert.checkNotNullParam("domainName", domainName); final String newAuthzUrl = getResourceUrl(account, AcmeResource.NEW_AUTHZ, staging).toString(); JsonObject identifier = Json.createObjectBuilder() .add(TYPE, DNS)
final String newAccountUrl = getResourceUrl(account, AcmeResource.NEW_ACCOUNT, staging).toString();
final String newAccountUrl = getResourceUrl(account, AcmeResource.NEW_ACCOUNT, staging).toString();
/** * Change the key that is associated with the given ACME account. * * @param account the ACME account information to use (must not be {@code null}) * @param staging whether or not the staging server URL should be used * @param certificate the new certificate to associate with the given ACME account (must not be {@code null}) * @param privateKey the new private key to associate with the given ACME account (must not be {@code null}) * @throws AcmeException if an error occurs while attempting to change the key that is associated with the given ACME account */ public void changeAccountKey(AcmeAccount account, boolean staging, X509Certificate certificate, PrivateKey privateKey) throws AcmeException { Assert.checkNotNullParam("account", account); Assert.checkNotNullParam("certificate", certificate); Assert.checkNotNullParam("privateKey", privateKey); final String keyChangeUrl = getResourceUrl(account, AcmeResource.KEY_CHANGE, staging).toString(); final String signatureAlgorithm = getDefaultCompatibleSignatureAlgorithmName(privateKey); final String algHeader = getAlgHeaderFromSignatureAlgorithm(signatureAlgorithm); final String innerEncodedProtectedHeader = getEncodedProtectedHeader(algHeader, certificate.getPublicKey(), keyChangeUrl); JsonObjectBuilder innerPayloadBuilder = Json.createObjectBuilder() .add(ACCOUNT, getAccountUrl(account, staging)) .add(OLD_KEY, getJwk(account.getPublicKey(), account.getAlgHeader())); final String innerEncodedPayload = getEncodedJson(innerPayloadBuilder.build()); final String innerEncodedSignature = getEncodedSignature(privateKey, signatureAlgorithm, innerEncodedProtectedHeader, innerEncodedPayload); final String outerEncodedPayload = getEncodedJson(getJws(innerEncodedProtectedHeader, innerEncodedPayload, innerEncodedSignature)); sendPostRequestWithRetries(account, staging, keyChangeUrl, false, outerEncodedPayload, HttpURLConnection.HTTP_OK); account.changeCertificateAndPrivateKey(certificate, privateKey); // update account info }
/** * Change the key that is associated with the given ACME account. * * @param account the ACME account information to use (must not be {@code null}) * @param staging whether or not the staging server URL should be used * @param certificate the new certificate to associate with the given ACME account (must not be {@code null}) * @param privateKey the new private key to associate with the given ACME account (must not be {@code null}) * @throws AcmeException if an error occurs while attempting to change the key that is associated with the given ACME account */ public void changeAccountKey(AcmeAccount account, boolean staging, X509Certificate certificate, PrivateKey privateKey) throws AcmeException { Assert.checkNotNullParam("account", account); Assert.checkNotNullParam("certificate", certificate); Assert.checkNotNullParam("privateKey", privateKey); final String keyChangeUrl = getResourceUrl(account, AcmeResource.KEY_CHANGE, staging).toString(); final String signatureAlgorithm = getDefaultCompatibleSignatureAlgorithmName(privateKey); final String algHeader = getAlgHeaderFromSignatureAlgorithm(signatureAlgorithm); final String innerEncodedProtectedHeader = getEncodedProtectedHeader(algHeader, certificate.getPublicKey(), keyChangeUrl); JsonObjectBuilder innerPayloadBuilder = Json.createObjectBuilder() .add(ACCOUNT, getAccountUrl(account, staging)) .add(OLD_KEY, getJwk(account.getPublicKey(), account.getAlgHeader())); final String innerEncodedPayload = getEncodedJson(innerPayloadBuilder.build()); final String innerEncodedSignature = getEncodedSignature(privateKey, signatureAlgorithm, innerEncodedProtectedHeader, innerEncodedPayload); final String outerEncodedPayload = getEncodedJson(getJws(innerEncodedProtectedHeader, innerEncodedPayload, innerEncodedSignature)); sendPostRequestWithRetries(account, staging, keyChangeUrl, false, outerEncodedPayload, HttpURLConnection.HTTP_OK); account.changeCertificateAndPrivateKey(certificate, privateKey); // update account info }
/** * Change the key that is associated with the given ACME account. * * @param account the ACME account information to use (must not be {@code null}) * @param staging whether or not the staging server URL should be used * @param certificate the new certificate to associate with the given ACME account (must not be {@code null}) * @param privateKey the new private key to associate with the given ACME account (must not be {@code null}) * @throws AcmeException if an error occurs while attempting to change the key that is associated with the given ACME account */ public void changeAccountKey(AcmeAccount account, boolean staging, X509Certificate certificate, PrivateKey privateKey) throws AcmeException { Assert.checkNotNullParam("account", account); Assert.checkNotNullParam("certificate", certificate); Assert.checkNotNullParam("privateKey", privateKey); final String keyChangeUrl = getResourceUrl(account, AcmeResource.KEY_CHANGE, staging).toString(); final String signatureAlgorithm = getDefaultCompatibleSignatureAlgorithmName(privateKey); final String algHeader = getAlgHeaderFromSignatureAlgorithm(signatureAlgorithm); final String innerEncodedProtectedHeader = getEncodedProtectedHeader(algHeader, certificate.getPublicKey(), keyChangeUrl); JsonObjectBuilder innerPayloadBuilder = Json.createObjectBuilder() .add(ACCOUNT, getAccountUrl(account, staging)) .add(OLD_KEY, getJwk(account.getPublicKey(), account.getAlgHeader())); final String innerEncodedPayload = getEncodedJson(innerPayloadBuilder.build()); final String innerEncodedSignature = getEncodedSignature(privateKey, signatureAlgorithm, innerEncodedProtectedHeader, innerEncodedPayload); final String outerEncodedPayload = getEncodedJson(getJws(innerEncodedProtectedHeader, innerEncodedPayload, innerEncodedSignature)); sendPostRequestWithRetries(account, staging, keyChangeUrl, false, outerEncodedPayload, HttpURLConnection.HTTP_OK); account.changeCertificateAndPrivateKey(certificate, privateKey); // update account info }