use of org.shredzone.acme4j.util.CSRBuilder in project stdlib by petergeneric.
the class LetsEncryptService method generateOrRenewCertificate.
public LetsEncryptCertificateEntity generateOrRenewCertificate(final String domains) {
LetsEncryptCertificateEntity entity = getCertificate(domains);
// If we already have a keypair for these domains we shouldn't regenerate it, only regenerate the cert
final KeyPair domainKeyPair;
final boolean isNew;
try {
if (entity != null) {
final ByteArrayInputStream bis = new ByteArrayInputStream(entity.getKeypair());
final InputStreamReader isr = new InputStreamReader(bis, StandardCharsets.UTF_8);
domainKeyPair = KeyPairUtils.readKeyPair(isr);
isNew = false;
} else {
ByteArrayOutputStream bos = new ByteArrayOutputStream();
OutputStreamWriter osr = new OutputStreamWriter(bos, StandardCharsets.UTF_8);
domainKeyPair = KeyPairUtils.createKeyPair(DOMAIN_KEY_SIZE);
KeyPairUtils.writeKeyPair(domainKeyPair, osr);
entity = new LetsEncryptCertificateEntity();
entity.setId(domains);
entity.setKeypair(bos.toByteArray());
isNew = true;
}
} catch (IOException e) {
throw new RuntimeException("Error serialising/deserialising keypair for domains " + domains, e);
}
final Registration registration = getRegistration();
// Generate a CSR for the domains
CSRBuilder csrb = new CSRBuilder();
for (String domain : domains.split(",")) csrb.addDomain(domain);
try {
csrb.sign(domainKeyPair);
} catch (IOException e) {
throw new RuntimeException("Error signing CSR for " + domains + " with domains keypair!", e);
}
// Request a signed certificate
final Certificate certificate;
try {
certificate = registration.requestCertificate(csrb.getEncoded());
log.info("Success! The certificate for domains " + domains + " has been generated!");
log.info("Certificate URI: " + certificate.getLocation());
} catch (IOException e) {
throw new RuntimeException("Failed to encode CSR request for " + domains, e);
} catch (AcmeException e) {
throw new RuntimeException("Failed to request certificate from Let's Encrypt for " + domains, e);
}
// Download the certificate
final X509Certificate cert;
final X509Certificate[] chain;
try {
cert = certificate.download();
chain = certificate.downloadChain();
} catch (AcmeException e) {
throw new RuntimeException("Error downloading certificate information for " + domains + " " + certificate.getLocation(), e);
}
// Write certificate only
final byte[] certBytes;
try {
ByteArrayOutputStream bos = new ByteArrayOutputStream();
OutputStreamWriter osr = new OutputStreamWriter(bos, StandardCharsets.UTF_8);
CertificateUtils.writeX509Certificate(cert, osr);
certBytes = bos.toByteArray();
} catch (IOException e) {
throw new RuntimeException("Error serialising Cert for " + domains, e);
}
// Write chain only
byte[] chainBytes;
try {
ByteArrayOutputStream bos = new ByteArrayOutputStream();
OutputStreamWriter osr = new OutputStreamWriter(bos, StandardCharsets.UTF_8);
CertificateUtils.writeX509CertificateChain(chain, osr);
chainBytes = bos.toByteArray();
} catch (IOException e) {
throw new RuntimeException("Error serialising Cert for " + domains, e);
}
entity.setCert(certBytes);
entity.setChain(chainBytes);
entity.setExpires(new DateTime(cert.getNotAfter()));
// Make sure a management token is assigned
if (entity.getManagementToken() == null)
entity.setManagementToken(SimpleId.alphanumeric(32));
if (isNew) {
certificateDao.save(entity);
} else {
certificateDao.update(entity);
}
return entity;
}
Aggregations