本文整理汇总了Java中org.shredzone.acme4j.util.CSRBuilder类的典型用法代码示例。如果您正苦于以下问题:Java CSRBuilder类的具体用法?Java CSRBuilder怎么用?Java CSRBuilder使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
CSRBuilder类属于org.shredzone.acme4j.util包,在下文中一共展示了CSRBuilder类的8个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: doSetup
import org.shredzone.acme4j.util.CSRBuilder; //导入依赖的package包/类
private void doSetup() {
messages.add("starting up...", LOG);
Registration reg = loadOrCreateRegistration();
if (reg == null) {
return;
}
CSRBuilder csrb = createCSR(reg);
if (csrb == null) {
return;
}
messages.add("requesting certificate", LOG);
Certificate certificate;
try {
certificate = reg.requestCertificate(csrb.getEncoded());
} catch (Exception e) {
String message = "unable to request certificate";
messages.add(message);
LOG.error(message, e);
return;
}
downloadCertificate(certificate);
}
示例2: fetchCertificate
import org.shredzone.acme4j.util.CSRBuilder; //导入依赖的package包/类
/**
* Generates a certificate for the given domains. Also takes care for the registration
* process.
*
* @param domains
* Domains to get a common certificate for
*/
public void fetchCertificate(Collection<String> domains) throws IOException, AcmeException {
// Load the user key file. If there is no key file, create a new one.
KeyPair userKeyPair = loadOrCreateUserKeyPair();
// Create a session for Let's Encrypt.
// Use "acme://letsencrypt.org" for production server
Session session = new Session("acme://letsencrypt.org/staging", userKeyPair);
// Get the Account.
// If there is no account yet, create a new one.
Account acct = findOrRegisterAccount(session);
// Load or create a key pair for the domains. This should not be the userKeyPair!
KeyPair domainKeyPair = loadOrCreateDomainKeyPair();
// Order the certificate
Order order = acct.newOrder().domains(domains).create();
// Perform all required authorizations
for (Authorization auth : order.getAuthorizations()) {
authorize(auth);
}
// Generate a CSR for all of the domains, and sign it with the domain key pair.
CSRBuilder csrb = new CSRBuilder();
csrb.addDomains(domains);
csrb.sign(domainKeyPair);
// Write the CSR to a file, for later use.
try (Writer out = new FileWriter(DOMAIN_CSR_FILE)) {
csrb.write(out);
}
// Get the certificate
order.execute(csrb.getEncoded());
Certificate certificate = order.getCertificate();
LOG.info("Success! The certificate for domains " + domains + " has been generated!");
LOG.info("Certificate URL: " + certificate.getLocation());
// Write a combined file containing the certificate and chain.
try (FileWriter fw = new FileWriter(DOMAIN_CHAIN_FILE)) {
certificate.writeCertificate(fw);
}
// That's all! Configure your web server to use the DOMAIN_KEY_FILE and
// DOMAIN_CHAIN_FILE for the requested domans.
}
示例3: orderCertificate
import org.shredzone.acme4j.util.CSRBuilder; //导入依赖的package包/类
/**
* Runs the complete process of ordering a certificate.
*
* @param domain
* Name of the domain to order a certificate for
* @param validator
* {@link Validator} that finds and prepares a {@link Challenge} for domain
* validation
*/
private void orderCertificate(String domain, Validator validator) throws Exception {
KeyPair keyPair = createKeyPair();
Session session = new Session(pebbleURI(), keyPair);
Account account = new AccountBuilder()
.agreeToTermsOfService()
.create(session);
KeyPair domainKeyPair = createKeyPair();
Instant notBefore = Instant.now().truncatedTo(ChronoUnit.MILLIS);
Instant notAfter = notBefore.plus(Duration.ofDays(20L));
Order order = account.newOrder()
.domain(domain)
.notBefore(notBefore)
.notAfter(notAfter)
.create();
assertThat(order.getNotBefore(), is(notBefore));
assertThat(order.getNotAfter(), is(notAfter));
assertThat(order.getStatus(), is(Status.PENDING));
for (Authorization auth : order.getAuthorizations()) {
assertThat(auth.getDomain(), is(domain));
assertThat(auth.getStatus(), is(Status.PENDING));
Challenge challenge = validator.prepare(auth);
challenge.trigger();
await()
.pollInterval(1, SECONDS)
.timeout(30, SECONDS)
.conditionEvaluationListener(cond -> updateAuth(auth))
.until(auth::getStatus, not(isOneOf(Status.PENDING, Status.PROCESSING)));
if (auth.getStatus() != Status.VALID) {
fail("Authorization failed");
}
}
CSRBuilder csr = new CSRBuilder();
csr.addDomain(domain);
csr.sign(domainKeyPair);
byte[] encodedCsr = csr.getEncoded();
order.execute(encodedCsr);
await()
.pollInterval(1, SECONDS)
.timeout(30, SECONDS)
.conditionEvaluationListener(cond -> updateOrder(order))
.until(order::getStatus, not(isOneOf(Status.PENDING, Status.PROCESSING)));
Certificate certificate = order.getCertificate();
X509Certificate cert = certificate.getCertificate();
assertThat(cert, not(nullValue()));
assertThat(cert.getNotAfter(), not(nullValue()));
assertThat(cert.getNotBefore(), not(nullValue()));
assertThat(cert.getSubjectX500Principal().getName(), containsString("CN=" + domain));
}
示例4: testDnsValidation
import org.shredzone.acme4j.util.CSRBuilder; //导入依赖的package包/类
/**
* Test if a wildcard certificate can be ordered via dns-01 challenge.
*/
@Test
public void testDnsValidation() throws Exception {
BammBammClient client = getBammBammClient();
KeyPair keyPair = createKeyPair();
Session session = new Session(pebbleURI(), keyPair);
Account account = new AccountBuilder()
.agreeToTermsOfService()
.create(session);
KeyPair domainKeyPair = createKeyPair();
Instant notBefore = Instant.now().truncatedTo(ChronoUnit.MILLIS);
Instant notAfter = notBefore.plus(Duration.ofDays(20L));
Order order = account.newOrder()
.domain(TEST_WILDCARD_DOMAIN)
.domain(TEST_DOMAIN)
.notBefore(notBefore)
.notAfter(notAfter)
.create();
assertThat(order.getNotBefore(), is(notBefore));
assertThat(order.getNotAfter(), is(notAfter));
assertThat(order.getStatus(), is(Status.PENDING));
for (Authorization auth : order.getAuthorizations()) {
assertThat(auth.getDomain(), is(TEST_DOMAIN));
assertThat(auth.getStatus(), is(Status.PENDING));
Dns01Challenge challenge = auth.findChallenge(Dns01Challenge.TYPE);
assertThat(challenge, is(notNullValue()));
String challengeDomainName = "_acme-challenge." + TEST_DOMAIN;
client.dnsAddTxtRecord(challengeDomainName, challenge.getDigest());
cleanup(() -> client.dnsRemoveTxtRecord(challengeDomainName));
challenge.trigger();
await()
.pollInterval(1, SECONDS)
.timeout(30, SECONDS)
.conditionEvaluationListener(cond -> updateAuth(auth))
.until(auth::getStatus, not(isOneOf(Status.PENDING, Status.PROCESSING)));
if (auth.getStatus() != Status.VALID) {
fail("Authorization failed");
}
}
CSRBuilder csr = new CSRBuilder();
csr.addDomain(TEST_DOMAIN);
csr.addDomain(TEST_WILDCARD_DOMAIN);
csr.sign(domainKeyPair);
byte[] encodedCsr = csr.getEncoded();
order.execute(encodedCsr);
await()
.pollInterval(1, SECONDS)
.timeout(30, SECONDS)
.conditionEvaluationListener(cond -> updateOrder(order))
.until(order::getStatus, not(isOneOf(Status.PENDING, Status.PROCESSING)));
Certificate certificate = order.getCertificate();
X509Certificate cert = certificate.getCertificate();
assertThat(cert, not(nullValue()));
assertThat(cert.getNotAfter(), not(nullValue()));
assertThat(cert.getNotBefore(), not(nullValue()));
assertThat(cert.getSubjectX500Principal().getName(), containsString("CN=" + TEST_DOMAIN));
List<String> san = cert.getSubjectAlternativeNames().stream()
.filter(it -> ((Number) it.get(0)).intValue() == GeneralName.dNSName)
.map(it -> (String) it.get(1))
.collect(toList());
assertThat(san, contains(TEST_DOMAIN, TEST_WILDCARD_DOMAIN));
}
示例5: testHttpValidation
import org.shredzone.acme4j.util.CSRBuilder; //导入依赖的package包/类
/**
* Test if a certificate can be ordered via http-01 challenge.
*/
@Test
public void testHttpValidation() throws Exception {
KeyPair keyPair = createKeyPair();
Session session = new Session(boulderURI(), keyPair);
Account account = new AccountBuilder()
.agreeToTermsOfService()
.create(session);
KeyPair domainKeyPair = createKeyPair();
Order order = account.newOrder().domain(TEST_DOMAIN).create();
for (Authorization auth : order.getAuthorizations()) {
TlsSni02Challenge challenge = auth.findChallenge(TlsSni02Challenge.TYPE);
assertThat(challenge, is(notNullValue()));
KeyPair challengeKeyPair = createKeyPair();
X509Certificate challengeCert = CertificateUtils.createTlsSni02Certificate(challengeKeyPair, challenge.getSubject(), challenge.getSanB());
client.tlsSniAddCertificate(challenge.getSubject(), challengeKeyPair.getPrivate(), challengeCert);
challenge.trigger();
await()
.pollInterval(1, SECONDS)
.timeout(30, SECONDS)
.conditionEvaluationListener(cond -> updateAuth(auth))
.until(auth::getStatus, not(isOneOf(Status.PENDING, Status.PROCESSING)));
if (auth.getStatus() != Status.VALID) {
fail("Authorization failed");
}
client.tlsSniRemoveCertificate(challenge.getSubject());
}
CSRBuilder csr = new CSRBuilder();
csr.addDomain(TEST_DOMAIN);
csr.sign(domainKeyPair);
byte[] encodedCsr = csr.getEncoded();
order.execute(encodedCsr);
await()
.pollInterval(1, SECONDS)
.timeout(30, SECONDS)
.conditionEvaluationListener(cond -> updateOrder(order))
.until(order::getStatus, not(isOneOf(Status.PENDING, Status.PROCESSING)));
Certificate certificate = order.getCertificate();
X509Certificate cert = certificate.getCertificate();
assertThat(cert, not(nullValue()));
assertThat(cert.getNotAfter(), not(nullValue()));
assertThat(cert.getNotBefore(), not(nullValue()));
assertThat(cert.getSubjectX500Principal().getName(), containsString("CN=" + TEST_DOMAIN));
}
示例6: testHttpValidation
import org.shredzone.acme4j.util.CSRBuilder; //导入依赖的package包/类
/**
* Test if a certificate can be ordered via http-01 challenge.
*/
@Test
public void testHttpValidation() throws Exception {
KeyPair keyPair = createKeyPair();
Session session = new Session(boulderURI(), keyPair);
Account account = new AccountBuilder()
.agreeToTermsOfService()
.create(session);
KeyPair domainKeyPair = createKeyPair();
Order order = account.newOrder().domain(TEST_DOMAIN).create();
for (Authorization auth : order.getAuthorizations()) {
Http01Challenge challenge = auth.findChallenge(Http01Challenge.TYPE);
assertThat(challenge, is(notNullValue()));
client.httpAddToken(challenge.getToken(), challenge.getAuthorization());
challenge.trigger();
await()
.pollInterval(1, SECONDS)
.timeout(30, SECONDS)
.conditionEvaluationListener(cond -> updateAuth(auth))
.until(auth::getStatus, not(isOneOf(Status.PENDING, Status.PROCESSING)));
if (auth.getStatus() != Status.VALID) {
fail("Authorization failed");
}
client.httpRemoveToken(challenge.getToken());
}
CSRBuilder csr = new CSRBuilder();
csr.addDomain(TEST_DOMAIN);
csr.sign(domainKeyPair);
byte[] encodedCsr = csr.getEncoded();
order.execute(encodedCsr);
await()
.pollInterval(1, SECONDS)
.timeout(30, SECONDS)
.conditionEvaluationListener(cond -> updateOrder(order))
.until(order::getStatus, not(isOneOf(Status.PENDING, Status.PROCESSING)));
Certificate certificate = order.getCertificate();
X509Certificate cert = certificate.getCertificate();
assertThat(cert, not(nullValue()));
assertThat(cert.getNotAfter(), not(nullValue()));
assertThat(cert.getNotBefore(), not(nullValue()));
assertThat(cert.getSubjectX500Principal().getName(), containsString("CN=" + TEST_DOMAIN));
}
示例7: fetchCertificate
import org.shredzone.acme4j.util.CSRBuilder; //导入依赖的package包/类
/**
* Generates a certificate for the given domains. Also takes care for the registration
* process.
*
* @param domain
* Domains to get a common certificate for
*/
private boolean fetchCertificate(String contact, String domain) throws IOException, AcmeException {
// Load the user key file. If there is no key file, create a new one.
// Keep this key pair in a safe place! In a production environment, you will not be
// able to access your account again if you should lose the key pair.
KeyPair userKeyPair = loadOrCreateKeyPair(USER_KEY_FILE);
Session session = new Session(letsEncryptUrl, userKeyPair);
// Get the Registration to the account.
// If there is no account yet, create a new one.
Registration reg = findOrRegisterAccount(session, contact);
// Separately authorize every requested domain.
authorize(reg, domain);
// Load or create a key pair for the domains. This should not be the userKeyPair!
KeyPair domainKeyPair = loadOrCreateKeyPair(DOMAIN_KEY_FILE);
// Generate a CSR for all of the domains, and sign it with the domain key pair.
CSRBuilder csrb = new CSRBuilder();
csrb.addDomain(domain);
csrb.setOrganization("Blynk Inc.");
csrb.sign(domainKeyPair);
// Write the CSR to a file, for later use.
//try (Writer out = new FileWriter(DOMAIN_CSR_FILE)) {
// csrb.write(out);
//}
// Now request a signed certificate.
Certificate certificate = reg.requestCertificate(csrb.getEncoded());
// Download the leaf certificate and certificate chain.
X509Certificate cert = certificate.download();
X509Certificate[] chain = certificate.downloadChain();
// Write a combined file containing the certificate and chain.
try (FileWriter fw = new FileWriter(DOMAIN_CHAIN_FILE)) {
CertificateUtils.writeX509CertificateChain(fw, cert, chain);
}
return true;
}
示例8: runInternal
import org.shredzone.acme4j.util.CSRBuilder; //导入依赖的package包/类
/**
* Perform the renewal.
*
* @return The renewed certificate
*/
private CertificateModel runInternal() throws Exception {
AcmeClient client = client();
Registration registration = registration();
client.newRegistration(registration);
registration.setAgreement(registration.getAgreement());
client.modifyRegistration(registration);
for (String domain : endpoint.getDomains()) {
doAuthorization(client, registration, domain);
}
CSRBuilder builder = new CSRBuilder();
builder.addDomains(endpoint.getDomains());
builder.sign(registration.getKeyPair());
byte[] csr = builder.getEncoded();
URI certUri = client.requestCertificate(registration, csr);
X509Certificate cert = client.downloadCertificate(certUri);
CertificateModel model = new CertificateModel();
model.setKey(AbstractProvider.encodePrivateKey(registration.getKeyPair().getPrivate()));
model.setCreated(new Date());
model.setExpires(cert.getNotAfter());
model.setCertificate(AbstractProvider.encodeCertificate(cert));
return model;
}