Search in sources :

Example 1 with AccountBuilder

use of org.shredzone.acme4j.AccountBuilder in project cas by apereo.

the class DefaultAcmeCertificateManager method findOrRegisterAccount.

/**
 * Finds your {@link Account} at the ACME server. It will be found by your user's
 * public key. If your key is not known to the server yet, a new account will be
 * created.
 *
 * @param session {@link Session} to bind with
 * @return {@link Account}
 */
private static Account findOrRegisterAccount(final Session session, final KeyPair accountKey) throws AcmeException {
    val tos = session.getMetadata().getTermsOfService();
    LOGGER.debug("Accepted terms of service url: [{}]", tos);
    val account = new AccountBuilder().agreeToTermsOfService().useKeyPair(accountKey).create(session);
    LOGGER.info("Registered new user w/ URL: [{}]", account.getLocation());
    return account;
}
Also used : lombok.val(lombok.val) AccountBuilder(org.shredzone.acme4j.AccountBuilder)

Example 2 with AccountBuilder

use of org.shredzone.acme4j.AccountBuilder in project meecrowave by apache.

the class LetsEncryptReloadLifecycle method run.

@Override
public synchronized void run() {
    final KeyPair userKeyPair = loadOrCreateKeyPair(config.getUserKeySize(), config.getUserKeyLocation());
    final KeyPair domainKeyPair = loadOrCreateKeyPair(config.getDomainKeySize(), config.getDomainKey());
    final Session session = new Session(config.getEndpoint());
    try {
        final Account account = new AccountBuilder().agreeToTermsOfService().useKeyPair(userKeyPair).create(session);
        final Order order = account.newOrder().domains(config.getDomains().trim().split(",")).create();
        final boolean updated = order.getAuthorizations().stream().map(authorization -> {
            try {
                return authorize(authorization);
            } catch (final AcmeException e) {
                getLogger().error(e.getMessage(), e);
                return false;
            }
        }).reduce(false, (previous, val) -> previous || val);
        if (!updated) {
            return;
        }
        final CSRBuilder csrBuilder = new CSRBuilder();
        csrBuilder.addDomains(config.getDomains());
        csrBuilder.sign(domainKeyPair);
        try (final Writer writer = new BufferedWriter(new FileWriter(config.getDomainCertificate()))) {
            csrBuilder.write(writer);
        }
        order.execute(csrBuilder.getEncoded());
        try {
            int attempts = config.getRetryCount();
            while (order.getStatus() != Status.VALID && attempts-- > 0) {
                if (order.getStatus() == Status.INVALID) {
                    throw new AcmeException("Order failed... Giving up.");
                }
                Thread.sleep(config.getRetryTimeoutMs());
                order.update();
            }
        } catch (final InterruptedException ex) {
            getLogger().error(ex.getMessage());
            Thread.currentThread().interrupt();
            return;
        }
        final Certificate certificate = order.getCertificate();
        getLogger().info("Got new certificate " + certificate.getLocation() + " for domain(s) " + config.getDomains());
        try (final Writer writer = new BufferedWriter(new FileWriter(config.getDomainChain()))) {
            certificate.writeCertificate(writer);
        }
        protocol.reloadSslHostConfigs();
    } catch (final AcmeException | IOException ex) {
        getLogger().error(ex.getMessage(), ex);
    }
}
Also used : Order(org.shredzone.acme4j.Order) AccountBuilder(org.shredzone.acme4j.AccountBuilder) JcaPEMWriter(org.bouncycastle.openssl.jcajce.JcaPEMWriter) KeyPair(java.security.KeyPair) JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter) Http01Challenge(org.shredzone.acme4j.challenge.Http01Challenge) ScheduledFuture(java.util.concurrent.ScheduledFuture) AbstractHttp11Protocol(org.apache.coyote.http11.AbstractHttp11Protocol) Authorization(org.shredzone.acme4j.Authorization) Certificate(org.shredzone.acme4j.Certificate) AtomicReference(java.util.concurrent.atomic.AtomicReference) Order(org.shredzone.acme4j.Order) Status(org.shredzone.acme4j.Status) Challenge(org.shredzone.acme4j.challenge.Challenge) CSRBuilder(org.shredzone.acme4j.util.CSRBuilder) ScheduledExecutorService(java.util.concurrent.ScheduledExecutorService) BiConsumer(java.util.function.BiConsumer) ThreadFactory(java.util.concurrent.ThreadFactory) ExecutorService(java.util.concurrent.ExecutorService) KeyPairGenerator(java.security.KeyPairGenerator) LogFacade(org.apache.meecrowave.logging.tomcat.LogFacade) PEMParser(org.bouncycastle.openssl.PEMParser) Session(org.shredzone.acme4j.Session) BufferedWriter(java.io.BufferedWriter) Optional.ofNullable(java.util.Optional.ofNullable) FileWriter(java.io.FileWriter) IOException(java.io.IOException) Account(org.shredzone.acme4j.Account) File(java.io.File) Executors(java.util.concurrent.Executors) Objects(java.util.Objects) TimeUnit(java.util.concurrent.TimeUnit) Stream(java.util.stream.Stream) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) Writer(java.io.Writer) CliOption(org.apache.meecrowave.runner.cli.CliOption) PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair) AcmeException(org.shredzone.acme4j.exception.AcmeException) FileReader(java.io.FileReader) Cli(org.apache.meecrowave.runner.Cli) Account(org.shredzone.acme4j.Account) KeyPair(java.security.KeyPair) PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair) AcmeException(org.shredzone.acme4j.exception.AcmeException) FileWriter(java.io.FileWriter) IOException(java.io.IOException) BufferedWriter(java.io.BufferedWriter) AccountBuilder(org.shredzone.acme4j.AccountBuilder) CSRBuilder(org.shredzone.acme4j.util.CSRBuilder) JcaPEMWriter(org.bouncycastle.openssl.jcajce.JcaPEMWriter) BufferedWriter(java.io.BufferedWriter) FileWriter(java.io.FileWriter) Writer(java.io.Writer) Session(org.shredzone.acme4j.Session) Certificate(org.shredzone.acme4j.Certificate)

Example 3 with AccountBuilder

use of org.shredzone.acme4j.AccountBuilder in project webpieces by deanhiller.

the class AcmeClientProxy method openAccount.

// TODO: Put the remote request INTO a different pool to not hold up the webserver main
// threadpool so only synchronous requests will hold up synchronous requests
public XFuture<URL> openAccount(String email, KeyPair accountKeyPair) {
    try {
        log.info("open account");
        Session session = new Session("acme://letsencrypt.org/staging");
        Account account = new AccountBuilder().addContact("mailto:" + email).agreeToTermsOfService().useKeyPair(accountKeyPair).create(session);
        URL location = account.getLocation();
        log.info("account location=" + location);
        return XFuture.completedFuture(location);
    } catch (AcmeException e) {
        throw SneakyThrow.sneak(e);
    }
}
Also used : Account(org.shredzone.acme4j.Account) AcmeException(org.shredzone.acme4j.exception.AcmeException) AccountBuilder(org.shredzone.acme4j.AccountBuilder) URL(java.net.URL) Session(org.shredzone.acme4j.Session)

Aggregations

AccountBuilder (org.shredzone.acme4j.AccountBuilder)3 Account (org.shredzone.acme4j.Account)2 Session (org.shredzone.acme4j.Session)2 AcmeException (org.shredzone.acme4j.exception.AcmeException)2 BufferedWriter (java.io.BufferedWriter)1 File (java.io.File)1 FileReader (java.io.FileReader)1 FileWriter (java.io.FileWriter)1 IOException (java.io.IOException)1 Writer (java.io.Writer)1 URL (java.net.URL)1 KeyPair (java.security.KeyPair)1 KeyPairGenerator (java.security.KeyPairGenerator)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 Objects (java.util.Objects)1 Optional.ofNullable (java.util.Optional.ofNullable)1 ExecutorService (java.util.concurrent.ExecutorService)1 Executors (java.util.concurrent.Executors)1 ScheduledExecutorService (java.util.concurrent.ScheduledExecutorService)1 ScheduledFuture (java.util.concurrent.ScheduledFuture)1