Package org.wildfly.security.x500.cert.acme

Class AcmeClientSpi

java.lang.Object
org.wildfly.security.x500.cert.acme.AcmeClientSpi
public abstract class AcmeClientSpi extends Object
SPI for an Automatic Certificate Management Environment (ACME) client provider to implement.
Since:
1.5.0
Author:
Farah Juma

  • Field Details

    • DEFAULT_EC_KEY_SIZE

      public static final int DEFAULT_EC_KEY_SIZE
      The default key size that will be used if the key algorithm name is EC.
      See Also:

    • DEFAULT_KEY_SIZE

      public static final int DEFAULT_KEY_SIZE
      The default key size that will be used if the key algorithm name is not EC.
      See Also:

    • DEFAULT_KEY_ALGORITHM_NAME

      public static final String DEFAULT_KEY_ALGORITHM_NAME
      The default key algorithm name.
      See Also:

  • Constructor Details

    • AcmeClientSpi

      public AcmeClientSpi()

  • Method Details

    • getResourceUrls

      public Map<AcmeResource,URL> getResourceUrls(AcmeAccount account, boolean staging) throws AcmeException
      Get the resource URLs needed to perform operations from the ACME server.
      Parameters:
      account - the ACME account information to use (must not be null)
      staging - whether or not the staging server URL should be used
      Returns:
      a map of ACME resources to URLs
      Throws:
      AcmeException - if an error occurs while attempting to get the resource URLs from the ACME server

    • getMetadata

      public AcmeMetadata getMetadata(AcmeAccount account, boolean staging) throws AcmeException
      Get the metadata associated with the ACME server.
      Parameters:
      account - the ACME account information to use (must not be null)
      staging - whether or not the staging server URL should be used
      Returns:
      the metadata associated with the ACME server (may be null)
      Throws:
      AcmeException - if an error occurs while attempting to get the metadata associated with the ACME server

    • createAccount

      public boolean createAccount(AcmeAccount account, boolean staging) throws AcmeException
      Create an account with an ACME server using the given account information.
      Parameters:
      account - the ACME account information to use (must not be null)
      staging - whether or not the staging server URL should be used
      Returns:
      true if the account was created, false if the account already existed
      Throws:
      AcmeException - if an error occurs while attempting to create or lookup an account with the ACME server

    • createAccount

      public boolean createAccount(AcmeAccount account, boolean staging, boolean onlyReturnExisting) throws AcmeException
      Create an account with an ACME server using the given account information.
      Parameters:
      account - the ACME account information to use (must not be null)
      staging - whether or not the staging server URL should be used
      onlyReturnExisting - true if the ACME server should not create a new account if one does not already exist (this allows an existing account's URL to be looked up and populated using the account key)
      Returns:
      true if the account was created, false if the account already existed
      Throws:
      AcmeException - if an error occurs while attempting to create or lookup an account with the ACME server or if onlyReturnExisting is set to true and the account does not exist

    • updateAccount

      public void updateAccount(AcmeAccount account, boolean staging, boolean termsOfServiceAgreed) throws AcmeException
      Update whether or not the terms of service have been agreed to for an account with an ACME server.
      Parameters:
      account - the ACME account information to use (must not be null)
      staging - whether or not the staging server URL should be used
      termsOfServiceAgreed - the new value for whether or not the terms of service have been agreed to
      Throws:
      AcmeException - if an error occurs while attempting to update the account

    • updateAccount

      public void updateAccount(AcmeAccount account, boolean staging, String[] contactUrls) throws AcmeException
      Update the contact URLs for an account with an ACME server.
      Parameters:
      account - the ACME account information to use (must not be null)
      staging - whether or not the staging server URL should be used
      contactUrls - the new account contact URLs
      Throws:
      AcmeException - if an error occurs while attempting to update the account

    • updateAccount

      public void updateAccount(AcmeAccount account, boolean staging, boolean termsOfServiceAgreed, String[] contactUrls) throws AcmeException
      Update an account with an ACME server using the given account information.
      Parameters:
      account - the ACME account information to use (must not be null)
      staging - whether or not the staging server URL should be used
      termsOfServiceAgreed - the new value for whether or not the terms of service have been agreed to
      contactUrls - the new account contact URLs
      Throws:
      AcmeException - if an error occurs while attempting to update the account

    • changeAccountKey

      public void changeAccountKey(AcmeAccount account, boolean staging) throws AcmeException
      Change the key that is associated with the given ACME account.
      Parameters:
      account - the ACME account information to use (must not be null)
      staging - whether or not the staging server URL should be used
      Throws:
      AcmeException - if an error occurs while attempting to change the key that is associated with the given ACME account

    • changeAccountKey

      public void changeAccountKey(AcmeAccount account, boolean staging, X509Certificate certificate, PrivateKey privateKey) throws AcmeException
      Change the key that is associated with the given ACME account.
      Parameters:
      account - the ACME account information to use (must not be null)
      staging - whether or not the staging server URL should be used
      certificate - the new certificate to associate with the given ACME account (must not be null)
      privateKey - the new private key to associate with the given ACME account (must not be null)
      Throws:
      AcmeException - if an error occurs while attempting to change the key that is associated with the given ACME account

    • deactivateAccount

      public void deactivateAccount(AcmeAccount account, boolean staging) throws AcmeException
      Deactivate the given ACME account. It is not possible to reactivate an ACME account after it has been deactivated.
      Parameters:
      account - the ACME account information to use (must not be null)
      staging - whether or not the staging server URL should be used
      Throws:
      AcmeException - if an error occurs while attempting to deactivate the given ACME account

    • obtainCertificateChain

      public X509CertificateChainAndSigningKey obtainCertificateChain(AcmeAccount account, boolean staging, String... domainNames) throws AcmeException
      Obtain a certificate chain using the given ACME account.
      Parameters:
      account - the ACME account information to use (must not be null)
      staging - whether or not the staging server URL should be used
      domainNames - the domain names to request the certificate for (must not be null)
      Returns:
      the X509 certificate chain and private key
      Throws:
      AcmeException - if an occur occurs while attempting to obtain the certificate

    • obtainCertificateChain

      public X509CertificateChainAndSigningKey obtainCertificateChain(AcmeAccount account, boolean staging, String keyAlgorithmName, int keySize, String... domainNames) throws AcmeException
      Obtain a certificate chain using the given ACME account.
      Parameters:
      account - the ACME account information to use (must not be null)
      staging - whether or not the staging server URL should be used
      keyAlgorithmName - the optional key algorithm name to use when generating the key pair (may be null)
      keySize - the optional key size to use when generating the key pair (-1 to indicate that the default key size should be used)
      domainNames - the domain names to request the certificate for (must not be null)
      Returns:
      the X509 certificate chain and private key
      Throws:
      AcmeException - if an occur occurs while attempting to obtain the certificate

    • createAuthorization

      public String createAuthorization(AcmeAccount account, boolean staging, String domainName) throws AcmeException
      Create an authorization for the given identifier.

      This method allows an ACME client to obtain authorization for an identifier proactively before attempting to obtain a certificate.

      Parameters:
      account - the ACME account information to use (must not be null)
      staging - whether or not the staging server URL should be used
      domainName - the domain name to create an authorization for (must not be null)
      Returns:
      the authorization URL corresponding to the given identifier
      Throws:
      AcmeException - if an error occurs while attempting to create an authorization for the given identifier

    • deactivateAuthorization

      public void deactivateAuthorization(AcmeAccount account, boolean staging, String authorizationUrl) throws AcmeException
      Deactivate an authorization.
      Parameters:
      account - the ACME account information to use (must not be null)
      staging - whether or not the staging server URL should be used
      authorizationUrl - the authorization url (must not be null)
      Throws:
      AcmeException - if an error occurs while attempting to deactivate an authorization for the given identifier

    • proveIdentifierControl

      public abstract AcmeChallenge proveIdentifierControl(AcmeAccount account, List<AcmeChallenge> challenges) throws AcmeException
      Prove control of the identifier associated with the given list of challenges.

      This method should select one challenge from the given list of challenges from the ACME server to prove control of the identifier associated with the challenges as specified by the ACME v2 protocol.

      Parameters:
      account - the ACME account information to use (must not be null)
      challenges - the list of challenges from the ACME server (must not be null)
      Returns:
      the challenge that was selected and used to prove control of the identifier
      Throws:
      AcmeException - if an error occurs while attempting to provide control of the identifier associated with the challenges or if none of the challenge types are supported by this client

    • cleanupAfterChallenge

      public abstract void cleanupAfterChallenge(AcmeAccount account, AcmeChallenge challenge) throws AcmeException
      Undo the actions that were taken to prove control of the identifier associated with the given challenge.
      Parameters:
      account - the ACME account information to use (must not be null)
      challenge - the challenge (must not be null)
      Throws:
      AcmeException - if an error occurs while attempting to undo the actions that were taken to prove control of the identifier associated with the given challenge

    • revokeCertificate

      public void revokeCertificate(AcmeAccount account, boolean staging, X509Certificate certificate) throws AcmeException
      Revoke the given certificate.
      Parameters:
      account - the ACME account information to use (must not be null)
      staging - whether or not the staging server URL should be used
      certificate - the certificate to be revoked (must not be null)
      Throws:
      AcmeException - if an error occurs while attempting to revoke the given certificate

    • revokeCertificate

      public void revokeCertificate(AcmeAccount account, boolean staging, X509Certificate certificate, CRLReason reason) throws AcmeException
      Revoke the given certificate.
      Parameters:
      account - the ACME account information to use (must not be null)
      staging - whether or not the staging server URL should be used
      certificate - the certificate to be revoked (must not be null)
      reason - the optional reason why the certificate is being revoked (may be null)
      Throws:
      AcmeException - if an error occurs while attempting to revoke the given certificate

    • getNewNonce

      public byte[] getNewNonce(AcmeAccount account, boolean staging) throws AcmeException
      Get a new nonce for the given account from the ACME server.
      Parameters:
      account - the ACME account information to use (must not be null)
      staging - whether or not the staging server URL should be used
      Returns:
      nonce the new nonce for the given account
      Throws:
      AcmeException - if an error occurs while attempting to get the new nonce from the ACME server