Search in sources :

Example 1 with Account

use of org.shredzone.acme4j.Account in project meecrowave by apache.

the class LetsEncryptReloadLifecycle method run.

@Override
public synchronized void run() {
    final KeyPair userKeyPair = loadOrCreateKeyPair(config.getUserKeySize(), config.getUserKeyLocation());
    final KeyPair domainKeyPair = loadOrCreateKeyPair(config.getDomainKeySize(), config.getDomainKey());
    final Session session = new Session(config.getEndpoint());
    try {
        final Account account = new AccountBuilder().agreeToTermsOfService().useKeyPair(userKeyPair).create(session);
        final Order order = account.newOrder().domains(config.getDomains().trim().split(",")).create();
        final boolean updated = order.getAuthorizations().stream().map(authorization -> {
            try {
                return authorize(authorization);
            } catch (final AcmeException e) {
                getLogger().error(e.getMessage(), e);
                return false;
            }
        }).reduce(false, (previous, val) -> previous || val);
        if (!updated) {
            return;
        }
        final CSRBuilder csrBuilder = new CSRBuilder();
        csrBuilder.addDomains(config.getDomains());
        csrBuilder.sign(domainKeyPair);
        try (final Writer writer = new BufferedWriter(new FileWriter(config.getDomainCertificate()))) {
            csrBuilder.write(writer);
        }
        order.execute(csrBuilder.getEncoded());
        try {
            int attempts = config.getRetryCount();
            while (order.getStatus() != Status.VALID && attempts-- > 0) {
                if (order.getStatus() == Status.INVALID) {
                    throw new AcmeException("Order failed... Giving up.");
                }
                Thread.sleep(config.getRetryTimeoutMs());
                order.update();
            }
        } catch (final InterruptedException ex) {
            getLogger().error(ex.getMessage());
            Thread.currentThread().interrupt();
            return;
        }
        final Certificate certificate = order.getCertificate();
        getLogger().info("Got new certificate " + certificate.getLocation() + " for domain(s) " + config.getDomains());
        try (final Writer writer = new BufferedWriter(new FileWriter(config.getDomainChain()))) {
            certificate.writeCertificate(writer);
        }
        protocol.reloadSslHostConfigs();
    } catch (final AcmeException | IOException ex) {
        getLogger().error(ex.getMessage(), ex);
    }
}
Also used : Order(org.shredzone.acme4j.Order) AccountBuilder(org.shredzone.acme4j.AccountBuilder) JcaPEMWriter(org.bouncycastle.openssl.jcajce.JcaPEMWriter) KeyPair(java.security.KeyPair) JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter) Http01Challenge(org.shredzone.acme4j.challenge.Http01Challenge) ScheduledFuture(java.util.concurrent.ScheduledFuture) AbstractHttp11Protocol(org.apache.coyote.http11.AbstractHttp11Protocol) Authorization(org.shredzone.acme4j.Authorization) Certificate(org.shredzone.acme4j.Certificate) AtomicReference(java.util.concurrent.atomic.AtomicReference) Order(org.shredzone.acme4j.Order) Status(org.shredzone.acme4j.Status) Challenge(org.shredzone.acme4j.challenge.Challenge) CSRBuilder(org.shredzone.acme4j.util.CSRBuilder) ScheduledExecutorService(java.util.concurrent.ScheduledExecutorService) BiConsumer(java.util.function.BiConsumer) ThreadFactory(java.util.concurrent.ThreadFactory) ExecutorService(java.util.concurrent.ExecutorService) KeyPairGenerator(java.security.KeyPairGenerator) LogFacade(org.apache.meecrowave.logging.tomcat.LogFacade) PEMParser(org.bouncycastle.openssl.PEMParser) Session(org.shredzone.acme4j.Session) BufferedWriter(java.io.BufferedWriter) Optional.ofNullable(java.util.Optional.ofNullable) FileWriter(java.io.FileWriter) IOException(java.io.IOException) Account(org.shredzone.acme4j.Account) File(java.io.File) Executors(java.util.concurrent.Executors) Objects(java.util.Objects) TimeUnit(java.util.concurrent.TimeUnit) Stream(java.util.stream.Stream) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) Writer(java.io.Writer) CliOption(org.apache.meecrowave.runner.cli.CliOption) PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair) AcmeException(org.shredzone.acme4j.exception.AcmeException) FileReader(java.io.FileReader) Cli(org.apache.meecrowave.runner.Cli) Account(org.shredzone.acme4j.Account) KeyPair(java.security.KeyPair) PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair) AcmeException(org.shredzone.acme4j.exception.AcmeException) FileWriter(java.io.FileWriter) IOException(java.io.IOException) BufferedWriter(java.io.BufferedWriter) AccountBuilder(org.shredzone.acme4j.AccountBuilder) CSRBuilder(org.shredzone.acme4j.util.CSRBuilder) JcaPEMWriter(org.bouncycastle.openssl.jcajce.JcaPEMWriter) BufferedWriter(java.io.BufferedWriter) FileWriter(java.io.FileWriter) Writer(java.io.Writer) Session(org.shredzone.acme4j.Session) Certificate(org.shredzone.acme4j.Certificate)

Example 2 with Account

use of org.shredzone.acme4j.Account in project webpieces by deanhiller.

the class AcmeClientProxy method openAccount.

// TODO: Put the remote request INTO a different pool to not hold up the webserver main
// threadpool so only synchronous requests will hold up synchronous requests
public XFuture<URL> openAccount(String email, KeyPair accountKeyPair) {
    try {
        log.info("open account");
        Session session = new Session("acme://letsencrypt.org/staging");
        Account account = new AccountBuilder().addContact("mailto:" + email).agreeToTermsOfService().useKeyPair(accountKeyPair).create(session);
        URL location = account.getLocation();
        log.info("account location=" + location);
        return XFuture.completedFuture(location);
    } catch (AcmeException e) {
        throw SneakyThrow.sneak(e);
    }
}
Also used : Account(org.shredzone.acme4j.Account) AcmeException(org.shredzone.acme4j.exception.AcmeException) AccountBuilder(org.shredzone.acme4j.AccountBuilder) URL(java.net.URL) Session(org.shredzone.acme4j.Session)

Example 3 with Account

use of org.shredzone.acme4j.Account in project webpieces by deanhiller.

the class AcmeClientProxy method placeOrder.

// TODO: Put the remote request INTO a different pool to not hold up the webserver main
// threadpool so only synchronous requests will hold up synchronous requests
/**
 * @return The list of challenges with tokens to create webpages for that remote end will call to verify we own the domain
 */
public XFuture<ProxyOrder> placeOrder(URL accountUrl, KeyPair accountKeyPair) {
    try {
        log.info("reestablish account from location=" + accountUrl + " and keypair");
        Session session = new Session("acme://letsencrypt.org/staging");
        Login login = session.login(accountUrl, accountKeyPair);
        Account account = login.getAccount();
        log.info("create an order");
        String domainTemp = "something.com";
        Order order = account.newOrder().domain(domainTemp).create();
        checkAuthStatii(order);
        List<ProxyAuthorization> auths = new ArrayList<>();
        for (Authorization auth : order.getAuthorizations()) auths.add(new ProxyAuthorization(auth));
        return XFuture.completedFuture(new ProxyOrder(order, auths));
    } catch (AcmeException e) {
        throw SneakyThrow.sneak(e);
    }
}
Also used : Order(org.shredzone.acme4j.Order) Authorization(org.shredzone.acme4j.Authorization) Account(org.shredzone.acme4j.Account) AcmeException(org.shredzone.acme4j.exception.AcmeException) ArrayList(java.util.ArrayList) Login(org.shredzone.acme4j.Login) Session(org.shredzone.acme4j.Session)

Aggregations

Account (org.shredzone.acme4j.Account)3 Session (org.shredzone.acme4j.Session)3 AcmeException (org.shredzone.acme4j.exception.AcmeException)3 AccountBuilder (org.shredzone.acme4j.AccountBuilder)2 Authorization (org.shredzone.acme4j.Authorization)2 Order (org.shredzone.acme4j.Order)2 BufferedWriter (java.io.BufferedWriter)1 File (java.io.File)1 FileReader (java.io.FileReader)1 FileWriter (java.io.FileWriter)1 IOException (java.io.IOException)1 Writer (java.io.Writer)1 URL (java.net.URL)1 KeyPair (java.security.KeyPair)1 KeyPairGenerator (java.security.KeyPairGenerator)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 ArrayList (java.util.ArrayList)1 Objects (java.util.Objects)1 Optional.ofNullable (java.util.Optional.ofNullable)1 ExecutorService (java.util.concurrent.ExecutorService)1