Package org.wildfly.security.x500.cert.acme

Class AcmeClientSpi

    • Field Detail

      • DEFAULT_EC_KEY_SIZE

        public static final int DEFAULT_EC_KEY_SIZE
        The default key size that will be used if the key algorithm name is EC.
        See Also:
        Constant Field Values

      • DEFAULT_KEY_SIZE

        public static final int DEFAULT_KEY_SIZE
        The default key size that will be used if the key algorithm name is not EC.
        See Also:
        Constant Field Values

      • DEFAULT_KEY_ALGORITHM_NAME

        public static final String DEFAULT_KEY_ALGORITHM_NAME
        The default key algorithm name.
        See Also:
        Constant Field Values

      • DEFAULT_RETRY_AFTER_MILLI

        private static final long DEFAULT_RETRY_AFTER_MILLI
        See Also:
        Constant Field Values

      • CONTENT_TYPE_DELIMS

        private static final int[] CONTENT_TYPE_DELIMS

      • USER_AGENT_STRING

        private static final String USER_AGENT_STRING

      • EMPTY_PAYLOAD

        private static final jakarta.json.JsonObject EMPTY_PAYLOAD

    • Constructor Detail

      • AcmeClientSpi

        public AcmeClientSpi()

    • Method Detail

      • getResourceUrls

        public Map<AcmeResource,​URL> getResourceUrls​(AcmeAccount account,
                                                   boolean staging)
                                            throws AcmeException
        Get the resource URLs needed to perform operations from the ACME server.
        Parameters:
        account - the ACME account information to use (must not be null)
        staging - whether or not the staging server URL should be used
        Returns:
        a map of ACME resources to URLs
        Throws:
        AcmeException - if an error occurs while attempting to get the resource URLs from the ACME server

      • getMetadata

        public AcmeMetadata getMetadata​(AcmeAccount account,
                                boolean staging)
                         throws AcmeException
        Get the metadata associated with the ACME server.
        Parameters:
        account - the ACME account information to use (must not be null)
        staging - whether or not the staging server URL should be used
        Returns:
        the metadata associated with the ACME server (may be null)
        Throws:
        AcmeException - if an error occurs while attempting to get the metadata associated with the ACME server

      • createAccount

        public boolean createAccount​(AcmeAccount account,
                             boolean staging)
                      throws AcmeException
        Create an account with an ACME server using the given account information.
        Parameters:
        account - the ACME account information to use (must not be null)
        staging - whether or not the staging server URL should be used
        Returns:
        true if the account was created, false if the account already existed
        Throws:
        AcmeException - if an error occurs while attempting to create or lookup an account with the ACME server

      • createAccount

        public boolean createAccount​(AcmeAccount account,
                             boolean staging,
                             boolean onlyReturnExisting)
                      throws AcmeException
        Create an account with an ACME server using the given account information.
        Parameters:
        account - the ACME account information to use (must not be null)
        staging - whether or not the staging server URL should be used
        onlyReturnExisting - true if the ACME server should not create a new account if one does not already exist (this allows an existing account's URL to be looked up and populated using the account key)
        Returns:
        true if the account was created, false if the account already existed
        Throws:
        AcmeException - if an error occurs while attempting to create or lookup an account with the ACME server or if onlyReturnExisting is set to true and the account does not exist

      • updateAccount

        public void updateAccount​(AcmeAccount account,
                          boolean staging,
                          boolean termsOfServiceAgreed)
                   throws AcmeException
        Update whether or not the terms of service have been agreed to for an account with an ACME server.
        Parameters:
        account - the ACME account information to use (must not be null)
        staging - whether or not the staging server URL should be used
        termsOfServiceAgreed - the new value for whether or not the terms of service have been agreed to
        Throws:
        AcmeException - if an error occurs while attempting to update the account

      • updateAccount

        public void updateAccount​(AcmeAccount account,
                          boolean staging,
                          String[] contactUrls)
                   throws AcmeException
        Update the contact URLs for an account with an ACME server.
        Parameters:
        account - the ACME account information to use (must not be null)
        staging - whether or not the staging server URL should be used
        contactUrls - the new account contact URLs
        Throws:
        AcmeException - if an error occurs while attempting to update the account

      • updateAccount

        public void updateAccount​(AcmeAccount account,
                          boolean staging,
                          boolean termsOfServiceAgreed,
                          String[] contactUrls)
                   throws AcmeException
        Update an account with an ACME server using the given account information.
        Parameters:
        account - the ACME account information to use (must not be null)
        staging - whether or not the staging server URL should be used
        termsOfServiceAgreed - the new value for whether or not the terms of service have been agreed to
        contactUrls - the new account contact URLs
        Throws:
        AcmeException - if an error occurs while attempting to update the account

      • changeAccountKey

        public void changeAccountKey​(AcmeAccount account,
                             boolean staging)
                      throws AcmeException
        Change the key that is associated with the given ACME account.
        Parameters:
        account - the ACME account information to use (must not be null)
        staging - whether or not the staging server URL should be used
        Throws:
        AcmeException - if an error occurs while attempting to change the key that is associated with the given ACME account

      • changeAccountKey

        public void changeAccountKey​(AcmeAccount account,
                             boolean staging,
                             X509Certificate certificate,
                             PrivateKey privateKey)
                      throws AcmeException
        Change the key that is associated with the given ACME account.
        Parameters:
        account - the ACME account information to use (must not be null)
        staging - whether or not the staging server URL should be used
        certificate - the new certificate to associate with the given ACME account (must not be null)
        privateKey - the new private key to associate with the given ACME account (must not be null)
        Throws:
        AcmeException - if an error occurs while attempting to change the key that is associated with the given ACME account

      • deactivateAccount

        public void deactivateAccount​(AcmeAccount account,
                              boolean staging)
                       throws AcmeException
        Deactivate the given ACME account. It is not possible to reactivate an ACME account after it has been deactivated.
        Parameters:
        account - the ACME account information to use (must not be null)
        staging - whether or not the staging server URL should be used
        Throws:
        AcmeException - if an error occurs while attempting to deactivate the given ACME account

      • obtainCertificateChain

        public X509CertificateChainAndSigningKey obtainCertificateChain​(AcmeAccount account,
                                                                boolean staging,
                                                                String... domainNames)
                                                         throws AcmeException
        Obtain a certificate chain using the given ACME account.
        Parameters:
        account - the ACME account information to use (must not be null)
        staging - whether or not the staging server URL should be used
        domainNames - the domain names to request the certificate for (must not be null)
        Returns:
        the X509 certificate chain and private key
        Throws:
        AcmeException - if an occur occurs while attempting to obtain the certificate

      • obtainCertificateChain

        public X509CertificateChainAndSigningKey obtainCertificateChain​(AcmeAccount account,
                                                                boolean staging,
                                                                String keyAlgorithmName,
                                                                int keySize,
                                                                String... domainNames)
                                                         throws AcmeException
        Obtain a certificate chain using the given ACME account.
        Parameters:
        account - the ACME account information to use (must not be null)
        staging - whether or not the staging server URL should be used
        keyAlgorithmName - the optional key algorithm name to use when generating the key pair (may be null)
        keySize - the optional key size to use when generating the key pair (-1 to indicate that the default key size should be used)
        domainNames - the domain names to request the certificate for (must not be null)
        Returns:
        the X509 certificate chain and private key
        Throws:
        AcmeException - if an occur occurs while attempting to obtain the certificate

      • createAuthorization

        public String createAuthorization​(AcmeAccount account,
                                  boolean staging,
                                  String domainName)
                           throws AcmeException
        Create an authorization for the given identifier.

        This method allows an ACME client to obtain authorization for an identifier proactively before attempting to obtain a certificate.

        Parameters:
        account - the ACME account information to use (must not be null)
        staging - whether or not the staging server URL should be used
        domainName - the domain name to create an authorization for (must not be null)
        Returns:
        the authorization URL corresponding to the given identifier
        Throws:
        AcmeException - if an error occurs while attempting to create an authorization for the given identifier

      • deactivateAuthorization

        public void deactivateAuthorization​(AcmeAccount account,
                                    boolean staging,
                                    String authorizationUrl)
                             throws AcmeException
        Deactivate an authorization.
        Parameters:
        account - the ACME account information to use (must not be null)
        staging - whether or not the staging server URL should be used
        authorizationUrl - the authorization url (must not be null)
        Throws:
        AcmeException - if an error occurs while attempting to deactivate an authorization for the given identifier

      • proveIdentifierControl

        public abstract AcmeChallenge proveIdentifierControl​(AcmeAccount account,
                                                     List<AcmeChallenge> challenges)
                                              throws AcmeException
        Prove control of the identifier associated with the given list of challenges.

        This method should select one challenge from the given list of challenges from the ACME server to prove control of the identifier associated with the challenges as specified by the ACME v2 protocol.

        Parameters:
        account - the ACME account information to use (must not be null)
        challenges - the list of challenges from the ACME server (must not be null)
        Returns:
        the challenge that was selected and used to prove control of the identifier
        Throws:
        AcmeException - if an error occurs while attempting to provide control of the identifier associated with the challenges or if none of the challenge types are supported by this client

      • cleanupAfterChallenge

        public abstract void cleanupAfterChallenge​(AcmeAccount account,
                                           AcmeChallenge challenge)
                                    throws AcmeException
        Undo the actions that were taken to prove control of the identifier associated with the given challenge.
        Parameters:
        account - the ACME account information to use (must not be null)
        challenge - the challenge (must not be null)
        Throws:
        AcmeException - if an error occurs while attempting to undo the actions that were taken to prove control of the identifier associated with the given challenge

      • revokeCertificate

        public void revokeCertificate​(AcmeAccount account,
                              boolean staging,
                              X509Certificate certificate)
                       throws AcmeException
        Revoke the given certificate.
        Parameters:
        account - the ACME account information to use (must not be null)
        staging - whether or not the staging server URL should be used
        certificate - the certificate to be revoked (must not be null)
        Throws:
        AcmeException - if an error occurs while attempting to revoke the given certificate

      • revokeCertificate

        public void revokeCertificate​(AcmeAccount account,
                              boolean staging,
                              X509Certificate certificate,
                              CRLReason reason)
                       throws AcmeException
        Revoke the given certificate.
        Parameters:
        account - the ACME account information to use (must not be null)
        staging - whether or not the staging server URL should be used
        certificate - the certificate to be revoked (must not be null)
        reason - the optional reason why the certificate is being revoked (may be null)
        Throws:
        AcmeException - if an error occurs while attempting to revoke the given certificate

      • getNewNonce

        public byte[] getNewNonce​(AcmeAccount account,
                          boolean staging)
                   throws AcmeException
        Get a new nonce for the given account from the ACME server.
        Parameters:
        account - the ACME account information to use (must not be null)
        staging - whether or not the staging server URL should be used
        Returns:
        nonce the new nonce for the given account
        Throws:
        AcmeException - if an error occurs while attempting to get the new nonce from the ACME server

      • getProblemMessages

        private static String getProblemMessages​(jakarta.json.JsonObject errorResponse)

      • getProblemMessage

        private static String getProblemMessage​(jakarta.json.JsonObject jsonResponse)

      • getOptionalJsonString

        private static String getOptionalJsonString​(jakarta.json.JsonObject jsonObject,
                                            String name)

      • getEncodedJson

        private static String getEncodedJson​(jakarta.json.JsonObject jsonObject)

      • getJws

        private static jakarta.json.JsonObject getJws​(String encodedProtectedHeader,
                                              String encodedPayload,
                                              String encodedSignature)

      • getEncodedProtectedHeader

        private static String getEncodedProtectedHeader​(String algHeader,
                                                PublicKey publicKey,
                                                String resourceUrl)

      • skipDelims

        private static void skipDelims​(org.wildfly.common.iteration.CodePointIterator di,
                               org.wildfly.common.iteration.CodePointIterator cpi,
                               int... delims)
                        throws AcmeException
        Throws:
        AcmeException

      • isDelim

        private static boolean isDelim​(int c,
                               int... delims)