github
/
acme4j
mirror of https://github.com/shred/acme4j
1
0
Fork 0
Code Issues Releases Wiki Activity

fixed code formatting issues and added copyright header

pull/17/head
argy 2016-06-02 23:24:44 +03:00
parent d5b4ff37dc
commit b13c90b7a4
5 changed files with 110 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
acme4j-client/src/main/java/org/shredzone/acme4j/CertificateURIs.java
View File

@ -1,41 +1,54 @@
package org.shredzone.acme4j; /*
* acme4j - Java ACME client
import java.net.URI; *
* Copyright (C) 2015 Richard "Shred" Körber
/** * http://acme4j.shredzone.org
* Represents the URIs returned by a certificate request *
* * Licensed under the Apache License, Version 2.0 (the "License");
* @author cargy * you may not use this file except in compliance with the License.
* *
*/ * This program is distributed in the hope that it will be useful,
public class CertificateURIs { * but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
private final URI certUri; */
private final URI chainCertUri; package org.shredzone.acme4j;
public CertificateURIs(URI certUri, URI chainCertUri) { import java.net.URI;
this.certUri = certUri;
this.chainCertUri = chainCertUri; /**
} * Represents the URIs returned by a certificate request
*
/** * @author cargy
* The URI from which the client may fetch the certificate *
* */
* @return public class CertificateURIs {
* {@link URI} the certificate can be downloaded from
*/ private final URI certUri;
public URI getCertUri() { private final URI chainCertUri;
return certUri;
} public CertificateURIs(URI certUri, URI chainCertUri) {
this.certUri = certUri;
/** this.chainCertUri = chainCertUri;
* The URI from which the client may fetch a chain of CA certificates }
*
* @return /**
* {@link URI} the certificate chain can be downloaded from * The URI from which the client may fetch the certificate
*/ *
public URI getChainCertUri() { * @return
return chainCertUri; * {@link URI} the certificate can be downloaded from
} */
public URI getCertUri() {
} return certUri;
}
/**
* The URI from which the client may fetch a chain of CA certificates
*
* @return
* {@link URI} the certificate chain can be downloaded from
*/
public URI getChainCertUri() {
return chainCertUri;
}
}

53
acme4j-client/src/main/java/org/shredzone/acme4j/impl/AbstractAcmeClient.java
View File

@ -28,7 +28,11 @@ import java.util.Map;
import org.jose4j.jwk.PublicJsonWebKey; import org.jose4j.jwk.PublicJsonWebKey;
import org.jose4j.jws.JsonWebSignature; import org.jose4j.jws.JsonWebSignature;
import org.jose4j.lang.JoseException; import org.jose4j.lang.JoseException;
import org.shredzone.acme4j.*; import org.shredzone.acme4j.AcmeClient;
import org.shredzone.acme4j.Authorization;
import org.shredzone.acme4j.CertificateURIs;
import org.shredzone.acme4j.Registration;
import org.shredzone.acme4j.Status;
import org.shredzone.acme4j.challenge.Challenge; import org.shredzone.acme4j.challenge.Challenge;
import org.shredzone.acme4j.connector.Connection; import org.shredzone.acme4j.connector.Connection;
import org.shredzone.acme4j.connector.Resource; import org.shredzone.acme4j.connector.Resource;
@ -431,41 +435,40 @@ public abstract class AbstractAcmeClient implements AcmeClient {
// Optionally returns the certificate. Currently it is just ignored. // Optionally returns the certificate. Currently it is just ignored.
// X509Certificate cert = conn.readCertificate(); // X509Certificate cert = conn.readCertificate();
return new CertificateURIs(conn.getLocation(), conn.getLink("up")); return new CertificateURIs(conn.getLocation(), conn.getLink("up"));
} catch (IOException ex) { } catch (IOException ex) {
throw new AcmeNetworkException(ex); throw new AcmeNetworkException(ex);
} }
} }
@Override @Override
public X509Certificate[] downloadCertificateChain(URI chainCertUri) throws AcmeException { public X509Certificate[] downloadCertificateChain(URI chainCertUri) throws AcmeException {
if (chainCertUri == null) { if (chainCertUri == null) {
throw new NullPointerException("certChainUri must not be null"); throw new NullPointerException("certChainUri must not be null");
} }
LOG.debug("getCertificateChain"); LOG.debug("getCertificateChain");
List<X509Certificate> certChain = new ArrayList<>(); List<X509Certificate> certChain = new ArrayList<>();
URI link = chainCertUri; URI link = chainCertUri;
while (link != null && certChain.size() < MAX_CHAIN_LENGTH) { while (link != null && certChain.size() < MAX_CHAIN_LENGTH) {
try (Connection conn = createConnection()) { try (Connection conn = createConnection()) {
int rc = conn.sendRequest(chainCertUri); int rc = conn.sendRequest(chainCertUri);
if (rc != HttpURLConnection.HTTP_OK) { if (rc != HttpURLConnection.HTTP_OK) {
conn.throwAcmeException(); conn.throwAcmeException();
} }
certChain.add(conn.readCertificate()); certChain.add(conn.readCertificate());
link = conn.getLink("up"); link = conn.getLink("up");
} catch (IOException ex) { } catch (IOException ex) {
throw new AcmeNetworkException(ex); throw new AcmeNetworkException(ex);
} }
} }
if (link != null)
if (link != null) throw new AcmeException("Recursion limit reached (" + MAX_CHAIN_LENGTH + "). Didn't get " + link);
throw new AcmeException("Recursion limit reached (" + MAX_CHAIN_LENGTH + "). Didn't get " + link);
return certChain.toArray(new X509Certificate[certChain.size()]); return certChain.toArray(new X509Certificate[certChain.size()]);
} }
@Override @Override

5
acme4j-client/src/test/java/org/shredzone/acme4j/impl/AbstractAcmeClientTest.java
View File

@ -459,8 +459,7 @@ public class AbstractAcmeClientTest {
@Test @Test
public void testRequestCertificate() throws AcmeException, IOException { public void testRequestCertificate() throws AcmeException, IOException {
Connection connection = new DummyConnection() { Connection connection = new DummyConnection() {
@Override
@Override
public int sendSignedRequest(URI uri, ClaimBuilder claims, Session session, Registration registration) { public int sendSignedRequest(URI uri, ClaimBuilder claims, Session session, Registration registration) {
assertThat(uri, is(resourceUri)); assertThat(uri, is(resourceUri));
assertThat(claims.toString(), sameJSONAs(getJson("requestCertificateRequest"))); assertThat(claims.toString(), sameJSONAs(getJson("requestCertificateRequest")));
@ -473,7 +472,7 @@ public class AbstractAcmeClientTest {
public URI getLocation() { public URI getLocation() {
return locationUri; return locationUri;
} }
@Override @Override
public URI getLink(String relation) { public URI getLink(String relation) {
return certChainUri; return certChainUri;

15
acme4j-example/src/main/java/org/shredzone/acme4j/ClientTest.java
View File

@ -18,7 +18,6 @@ import java.io.FileReader;
import java.io.FileWriter; import java.io.FileWriter;
import java.io.IOException; import java.io.IOException;
import java.io.Writer; import java.io.Writer;
import java.net.URI;
import java.security.KeyPair; import java.security.KeyPair;
import java.security.Security; import java.security.Security;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
@ -51,6 +50,7 @@ public class ClientTest {
private static final File USER_KEY_FILE = new File("user.key"); private static final File USER_KEY_FILE = new File("user.key");
private static final File DOMAIN_KEY_FILE = new File("domain.key"); private static final File DOMAIN_KEY_FILE = new File("domain.key");
private static final File DOMAIN_CERT_FILE = new File("domain.crt"); private static final File DOMAIN_CERT_FILE = new File("domain.crt");
private static final File CERT_CHAIN_FILE = new File("chain.crt");
private static final File DOMAIN_CSR_FILE = new File("domain.csr"); private static final File DOMAIN_CSR_FILE = new File("domain.csr");
private static final int KEY_SIZE = 2048; private static final int KEY_SIZE = 2048;
@ -176,16 +176,23 @@ public class ClientTest {
} }
// Request a signed certificate // Request a signed certificate
URI certificateUri = client.requestCertificate(reg, csrb.getEncoded()); CertificateURIs certificateUris = client.requestCertificate(reg, csrb.getEncoded());
LOG.info("Success! The certificate for domains " + domains + " has been generated!"); LOG.info("Success! The certificate for domains " + domains + " has been generated!");
LOG.info("Certificate URI: " + certificateUri); LOG.info("Certificate URI: " + certificateUris.getCertUri());
LOG.info("Certificate Chain URI: " + certificateUris.getChainCertUri());
// Download the certificate // Download the certificate
X509Certificate cert = client.downloadCertificate(certificateUri); X509Certificate cert = client.downloadCertificate(certificateUris.getCertUri());
try (FileWriter fw = new FileWriter(DOMAIN_CERT_FILE)) { try (FileWriter fw = new FileWriter(DOMAIN_CERT_FILE)) {
CertificateUtils.writeX509Certificate(cert, fw); CertificateUtils.writeX509Certificate(cert, fw);
} }
// Download the certificate chain
X509Certificate[] chain = client.downloadCertificateChain(certificateUris.getChainCertUri());
try (FileWriter fw = new FileWriter(CERT_CHAIN_FILE)) {
CertificateUtils.writeX509CertificateChain(chain, fw);
}
// Revoke the certificate (uncomment if needed...) // Revoke the certificate (uncomment if needed...)
// client.revokeCertificate(reg, cert); // client.revokeCertificate(reg, cert);
} }

15
acme4j-utils/src/main/java/org/shredzone/acme4j/util/CertificateUtils.java
View File

@ -94,6 +94,21 @@ public final class CertificateUtils {
} }
} }
/**
* Writes an X.509 certificate chain PEM file.
*
* @param chain
* {@link X509Certificate[]} to write
* @param w
* {@link Writer} to write the PEM file to
*/
public static void writeX509CertificateChain(X509Certificate[] chain, Writer w) throws IOException {
try (JcaPEMWriter jw = new JcaPEMWriter(w)) {
for (X509Certificate cert : chain)
jw.writeObject(cert);
}
}
/** /**
* Reads a CSR PEM file. * Reads a CSR PEM file.
* *