Examples with AcmeException org.shredzone.acme4j.exception.AcmeException used on opensource projects
Example 1 with AcmeException
use of org.shredzone.acme4j.exception.AcmeException in project stdlib by petergeneric.
the class LetsEncryptService method generateOrRenewCertificate.
public LetsEncryptCertificateEntity generateOrRenewCertificate(final String domains) {
LetsEncryptCertificateEntity entity = getCertificate(domains);
// If we already have a keypair for these domains we shouldn't regenerate it, only regenerate the cert
final KeyPair domainKeyPair;
final boolean isNew;
try {
if (entity != null) {
final ByteArrayInputStream bis = new ByteArrayInputStream(entity.getKeypair());
final InputStreamReader isr = new InputStreamReader(bis, StandardCharsets.UTF_8);
domainKeyPair = KeyPairUtils.readKeyPair(isr);
isNew = false;
} else {
ByteArrayOutputStream bos = new ByteArrayOutputStream();
OutputStreamWriter osr = new OutputStreamWriter(bos, StandardCharsets.UTF_8);
domainKeyPair = KeyPairUtils.createKeyPair(DOMAIN_KEY_SIZE);
KeyPairUtils.writeKeyPair(domainKeyPair, osr);
entity = new LetsEncryptCertificateEntity();
entity.setId(domains);
entity.setKeypair(bos.toByteArray());
isNew = true;
}
} catch (IOException e) {
throw new RuntimeException("Error serialising/deserialising keypair for domains " + domains, e);
}
final Registration registration = getRegistration();
// Generate a CSR for the domains
CSRBuilder csrb = new CSRBuilder();
for (String domain : domains.split(",")) csrb.addDomain(domain);
try {
csrb.sign(domainKeyPair);
} catch (IOException e) {
throw new RuntimeException("Error signing CSR for " + domains + " with domains keypair!", e);
}
// Request a signed certificate
final Certificate certificate;
try {
certificate = registration.requestCertificate(csrb.getEncoded());
log.info("Success! The certificate for domains " + domains + " has been generated!");
log.info("Certificate URI: " + certificate.getLocation());
} catch (IOException e) {
throw new RuntimeException("Failed to encode CSR request for " + domains, e);
} catch (AcmeException e) {
throw new RuntimeException("Failed to request certificate from Let's Encrypt for " + domains, e);
}
// Download the certificate
final X509Certificate cert;
final X509Certificate[] chain;
try {
cert = certificate.download();
chain = certificate.downloadChain();
} catch (AcmeException e) {
throw new RuntimeException("Error downloading certificate information for " + domains + " " + certificate.getLocation(), e);
}
// Write certificate only
final byte[] certBytes;
try {
ByteArrayOutputStream bos = new ByteArrayOutputStream();
OutputStreamWriter osr = new OutputStreamWriter(bos, StandardCharsets.UTF_8);
CertificateUtils.writeX509Certificate(cert, osr);
certBytes = bos.toByteArray();
} catch (IOException e) {
throw new RuntimeException("Error serialising Cert for " + domains, e);
}
// Write chain only
byte[] chainBytes;
try {
ByteArrayOutputStream bos = new ByteArrayOutputStream();
OutputStreamWriter osr = new OutputStreamWriter(bos, StandardCharsets.UTF_8);
CertificateUtils.writeX509CertificateChain(chain, osr);
chainBytes = bos.toByteArray();
} catch (IOException e) {
throw new RuntimeException("Error serialising Cert for " + domains, e);
}
entity.setCert(certBytes);
entity.setChain(chainBytes);
entity.setExpires(new DateTime(cert.getNotAfter()));
// Make sure a management token is assigned
if (entity.getManagementToken() == null)
entity.setManagementToken(SimpleId.alphanumeric(32));
if (isNew) {
certificateDao.save(entity);
} else {
certificateDao.update(entity);
}
return entity;
}
Also used :
KeyPair(java.security.KeyPair)
InputStreamReader(java.io.InputStreamReader)
AcmeException(org.shredzone.acme4j.exception.AcmeException)
LetsEncryptCertificateEntity(com.peterphi.servicemanager.service.db.entity.LetsEncryptCertificateEntity)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
IOException(java.io.IOException)
X509Certificate(java.security.cert.X509Certificate)
DateTime(org.joda.time.DateTime)
ByteArrayInputStream(java.io.ByteArrayInputStream)
Registration(org.shredzone.acme4j.Registration)
OutputStreamWriter(java.io.OutputStreamWriter)
CSRBuilder(org.shredzone.acme4j.util.CSRBuilder)
X509Certificate(java.security.cert.X509Certificate)
Certificate(org.shredzone.acme4j.Certificate)
Example 2 with AcmeException
use of org.shredzone.acme4j.exception.AcmeException in project stdlib by petergeneric.
the class LetsEncryptService method proveOwnership.
@Retry
public void proveOwnership(final String domain) {
Registration registration = getRegistration();
final Authorization authorization;
try {
authorization = registration.authorizeDomain(domain);
} catch (AcmeException e) {
throw new RuntimeException("Error creating authorisation for " + domain, e);
}
Dns01Challenge challenge = authorization.findChallenge(Dns01Challenge.TYPE);
if (challenge == null)
throw new RuntimeException("DNS Challenge is not available! Cannot prove we own " + domain);
final String domainName = "_acme-challenge." + domain;
log.debug("Create TXT record " + domainName + " with value: " + challenge.getDigest());
// Create the TXT record
dns.createDNSRecord(domainName, RecordType.TXT, challenge.getDigest());
// Wait for a short time for the change to DNS records to propagate through Microsoft's system
// N.B. there's no docs suggesting this is needed or that this is the right value, but Let's Encrypt challenges
// seem to fail more regularly against the live API without this wait
new Timeout(5, TimeUnit.SECONDS).sleep();
// Allow the CA to start checking the TXT record
try {
log.trace("Challenge status " + challenge.getStatus());
challenge.trigger();
log.trace("Challenge status " + challenge.getStatus());
} catch (AcmeException e) {
throw new RuntimeException("Error triggering authorisation for " + domain, e);
}
// Poll waiting for the challenge to complete
int attempts = 10;
for (int attempt = 0; attempt < 10; attempt++) {
log.trace("Challenge status " + challenge.getStatus());
if (challenge.getStatus() == Status.INVALID)
break;
else if (challenge.getStatus() == Status.VALID)
break;
Timeout.TEN_SECONDS.sleep();
try {
challenge.update();
} catch (AcmeException e) {
log.warn("Error updating challenge", e);
}
}
log.trace("Challenge status " + challenge.getStatus());
dns.deleteDNSRecord(domainName, RecordType.TXT);
if (challenge.getStatus() != Status.VALID) {
throw new RuntimeException("Challenge " + challenge + " failed for " + domainName + "! Failed with state " + challenge.getStatus());
} else {
log.debug("Challenge " + challenge + " passed!");
}
}
Also used :
Authorization(org.shredzone.acme4j.Authorization)
Registration(org.shredzone.acme4j.Registration)
AcmeException(org.shredzone.acme4j.exception.AcmeException)
Timeout(com.peterphi.std.threading.Timeout)
Dns01Challenge(org.shredzone.acme4j.challenge.Dns01Challenge)
Retry(com.peterphi.std.guice.common.retry.annotation.Retry)
Aggregations
Registration (org.shredzone.acme4j.Registration)2
AcmeException (org.shredzone.acme4j.exception.AcmeException)2
LetsEncryptCertificateEntity (com.peterphi.servicemanager.service.db.entity.LetsEncryptCertificateEntity)1
Retry (com.peterphi.std.guice.common.retry.annotation.Retry)1
Timeout (com.peterphi.std.threading.Timeout)1
ByteArrayInputStream (java.io.ByteArrayInputStream)1
ByteArrayOutputStream (java.io.ByteArrayOutputStream)1
IOException (java.io.IOException)1
InputStreamReader (java.io.InputStreamReader)1
OutputStreamWriter (java.io.OutputStreamWriter)1
KeyPair (java.security.KeyPair)1
X509Certificate (java.security.cert.X509Certificate)1
DateTime (org.joda.time.DateTime)1
Authorization (org.shredzone.acme4j.Authorization)1
Certificate (org.shredzone.acme4j.Certificate)1
Dns01Challenge (org.shredzone.acme4j.challenge.Dns01Challenge)1
CSRBuilder (org.shredzone.acme4j.util.CSRBuilder)1
