Example 1 with Order
use of org.shredzone.acme4j.Order in project webpieces by deanhiller.
the class AcmeClientProxy method finalizeOrder.
private XFuture<CertAndSigningRequest> finalizeOrder(ProxyOrder proxyOrder, String domain, String organization, KeyPair accountKeyPair) {
try (StringWriter writer = new StringWriter()) {
Order order = proxyOrder.getOrder();
CSRBuilder csrb = new CSRBuilder();
csrb.addDomain(domain);
csrb.setOrganization(organization);
csrb.sign(accountKeyPair);
byte[] csr = csrb.getEncoded();
// NEED to store the csr as base64 into the DB!!!
order.execute(csr);
while (order.getStatus() != Status.VALID) {
Thread.sleep(3000L);
order.update();
}
csrb.write(writer);
Certificate cert = order.getCertificate();
return XFuture.completedFuture(new CertAndSigningRequest(writer.toString(), cert.getCertificateChain()));
} catch (AcmeException | IOException | InterruptedException e) {
throw SneakyThrow.sneak(e);
}
}
Also used :
Order(org.shredzone.acme4j.Order)
CertAndSigningRequest(org.webpieces.plugin.secure.sslcert.CertAndSigningRequest)
StringWriter(java.io.StringWriter)
AcmeException(org.shredzone.acme4j.exception.AcmeException)
IOException(java.io.IOException)
CSRBuilder(org.shredzone.acme4j.util.CSRBuilder)
Certificate(org.shredzone.acme4j.Certificate)
Example 2 with Order
use of org.shredzone.acme4j.Order in project meecrowave by apache.
the class LetsEncryptReloadLifecycle method run.
@Override
public synchronized void run() {
final KeyPair userKeyPair = loadOrCreateKeyPair(config.getUserKeySize(), config.getUserKeyLocation());
final KeyPair domainKeyPair = loadOrCreateKeyPair(config.getDomainKeySize(), config.getDomainKey());
final Session session = new Session(config.getEndpoint());
try {
final Account account = new AccountBuilder().agreeToTermsOfService().useKeyPair(userKeyPair).create(session);
final Order order = account.newOrder().domains(config.getDomains().trim().split(",")).create();
final boolean updated = order.getAuthorizations().stream().map(authorization -> {
try {
return authorize(authorization);
} catch (final AcmeException e) {
getLogger().error(e.getMessage(), e);
return false;
}
}).reduce(false, (previous, val) -> previous || val);
if (!updated) {
return;
}
final CSRBuilder csrBuilder = new CSRBuilder();
csrBuilder.addDomains(config.getDomains());
csrBuilder.sign(domainKeyPair);
try (final Writer writer = new BufferedWriter(new FileWriter(config.getDomainCertificate()))) {
csrBuilder.write(writer);
}
order.execute(csrBuilder.getEncoded());
try {
int attempts = config.getRetryCount();
while (order.getStatus() != Status.VALID && attempts-- > 0) {
if (order.getStatus() == Status.INVALID) {
throw new AcmeException("Order failed... Giving up.");
}
Thread.sleep(config.getRetryTimeoutMs());
order.update();
}
} catch (final InterruptedException ex) {
getLogger().error(ex.getMessage());
Thread.currentThread().interrupt();
return;
}
final Certificate certificate = order.getCertificate();
getLogger().info("Got new certificate " + certificate.getLocation() + " for domain(s) " + config.getDomains());
try (final Writer writer = new BufferedWriter(new FileWriter(config.getDomainChain()))) {
certificate.writeCertificate(writer);
}
protocol.reloadSslHostConfigs();
} catch (final AcmeException | IOException ex) {
getLogger().error(ex.getMessage(), ex);
}
}
Also used :
Order(org.shredzone.acme4j.Order)
AccountBuilder(org.shredzone.acme4j.AccountBuilder)
JcaPEMWriter(org.bouncycastle.openssl.jcajce.JcaPEMWriter)
KeyPair(java.security.KeyPair)
JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter)
Http01Challenge(org.shredzone.acme4j.challenge.Http01Challenge)
ScheduledFuture(java.util.concurrent.ScheduledFuture)
AbstractHttp11Protocol(org.apache.coyote.http11.AbstractHttp11Protocol)
Authorization(org.shredzone.acme4j.Authorization)
Certificate(org.shredzone.acme4j.Certificate)
AtomicReference(java.util.concurrent.atomic.AtomicReference)
Order(org.shredzone.acme4j.Order)
Status(org.shredzone.acme4j.Status)
Challenge(org.shredzone.acme4j.challenge.Challenge)
CSRBuilder(org.shredzone.acme4j.util.CSRBuilder)
ScheduledExecutorService(java.util.concurrent.ScheduledExecutorService)
BiConsumer(java.util.function.BiConsumer)
ThreadFactory(java.util.concurrent.ThreadFactory)
ExecutorService(java.util.concurrent.ExecutorService)
KeyPairGenerator(java.security.KeyPairGenerator)
LogFacade(org.apache.meecrowave.logging.tomcat.LogFacade)
PEMParser(org.bouncycastle.openssl.PEMParser)
Session(org.shredzone.acme4j.Session)
BufferedWriter(java.io.BufferedWriter)
Optional.ofNullable(java.util.Optional.ofNullable)
FileWriter(java.io.FileWriter)
IOException(java.io.IOException)
Account(org.shredzone.acme4j.Account)
File(java.io.File)
Executors(java.util.concurrent.Executors)
Objects(java.util.Objects)
TimeUnit(java.util.concurrent.TimeUnit)
Stream(java.util.stream.Stream)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
Writer(java.io.Writer)
CliOption(org.apache.meecrowave.runner.cli.CliOption)
PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair)
AcmeException(org.shredzone.acme4j.exception.AcmeException)
FileReader(java.io.FileReader)
Cli(org.apache.meecrowave.runner.Cli)
Account(org.shredzone.acme4j.Account)
KeyPair(java.security.KeyPair)
PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair)
AcmeException(org.shredzone.acme4j.exception.AcmeException)
FileWriter(java.io.FileWriter)
IOException(java.io.IOException)
BufferedWriter(java.io.BufferedWriter)
AccountBuilder(org.shredzone.acme4j.AccountBuilder)
CSRBuilder(org.shredzone.acme4j.util.CSRBuilder)
JcaPEMWriter(org.bouncycastle.openssl.jcajce.JcaPEMWriter)
BufferedWriter(java.io.BufferedWriter)
FileWriter(java.io.FileWriter)
Writer(java.io.Writer)
Session(org.shredzone.acme4j.Session)
Certificate(org.shredzone.acme4j.Certificate)
Example 3 with Order
use of org.shredzone.acme4j.Order in project webpieces by deanhiller.
the class AcmeClientProxy method placeOrder.
// TODO: Put the remote request INTO a different pool to not hold up the webserver main
// threadpool so only synchronous requests will hold up synchronous requests
/**
* @return The list of challenges with tokens to create webpages for that remote end will call to verify we own the domain
*/
public XFuture<ProxyOrder> placeOrder(URL accountUrl, KeyPair accountKeyPair) {
try {
log.info("reestablish account from location=" + accountUrl + " and keypair");
Session session = new Session("acme://letsencrypt.org/staging");
Login login = session.login(accountUrl, accountKeyPair);
Account account = login.getAccount();
log.info("create an order");
String domainTemp = "something.com";
Order order = account.newOrder().domain(domainTemp).create();
checkAuthStatii(order);
List<ProxyAuthorization> auths = new ArrayList<>();
for (Authorization auth : order.getAuthorizations()) auths.add(new ProxyAuthorization(auth));
return XFuture.completedFuture(new ProxyOrder(order, auths));
} catch (AcmeException e) {
throw SneakyThrow.sneak(e);
}
}
Also used :
Order(org.shredzone.acme4j.Order)
Authorization(org.shredzone.acme4j.Authorization)
Account(org.shredzone.acme4j.Account)
AcmeException(org.shredzone.acme4j.exception.AcmeException)
ArrayList(java.util.ArrayList)
Login(org.shredzone.acme4j.Login)
Session(org.shredzone.acme4j.Session)
Aggregations
Order (org.shredzone.acme4j.Order)3
AcmeException (org.shredzone.acme4j.exception.AcmeException)3
IOException (java.io.IOException)2
Account (org.shredzone.acme4j.Account)2
Authorization (org.shredzone.acme4j.Authorization)2
Certificate (org.shredzone.acme4j.Certificate)2
Session (org.shredzone.acme4j.Session)2
CSRBuilder (org.shredzone.acme4j.util.CSRBuilder)2
BufferedWriter (java.io.BufferedWriter)1
File (java.io.File)1
FileReader (java.io.FileReader)1
FileWriter (java.io.FileWriter)1
StringWriter (java.io.StringWriter)1
Writer (java.io.Writer)1
KeyPair (java.security.KeyPair)1
KeyPairGenerator (java.security.KeyPairGenerator)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
ArrayList (java.util.ArrayList)1
Objects (java.util.Objects)1
Optional.ofNullable (java.util.Optional.ofNullable)1
