Package com.iizix.server.acme

Class LetsEncrypt

  • public class LetsEncrypt
extends java.lang.Object
    The iiziServer Let's Encrypt implementation for SSL certificates.
    Author:
    Christopher Mindus

    • Nested Class Summary

      Nested Classes 
      Modifier and TypeClassDescription
      static class LetsEncrypt.Code
      The reply code.
      static class LetsEncrypt.Reply
      Class used to hold information of a certificate request.
      static class LetsEncrypt.Type
      The type of ACME challenge.

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and TypeMethodDescription
      static java.io.FilecreateCertificate_HTTPChallenge​(java.lang.String root, java.lang.String domain, java.lang.StringBuilder tos, java.lang.String alias, java.lang.String password, java.security.cert.X509Certificate[] cert)
      Performs a HTTP challenge request on the running iiziServer or iiziGo instance.
      org.shredzone.acme4j.challenge.ChallengednsChallenge​(org.shredzone.acme4j.Authorization auth)
      Prepares a DNS challenge.
      LetsEncrypt.ReplyfetchCertificate​(java.lang.String domain, java.net.URI acceptedTOS)
      Generates a certificate for the given domain.
      org.shredzone.acme4j.challenge.ChallengehttpChallenge​(org.shredzone.acme4j.Authorization auth)
      Prepares a HTTP challenge.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Method Detail

      • fetchCertificate

        public LetsEncrypt.Reply fetchCertificate​(java.lang.String domain,
                                          java.net.URI acceptedTOS)
                                   throws java.io.IOException,
                                          org.shredzone.acme4j.exception.AcmeException
        Generates a certificate for the given domain. Also takes care for the registration process.
        Parameters:
        domain - Domain to get a common certificate for.
        acceptedTOS - The accepted Terms Of Service URI, or null if none is known.
        Returns:
        The Reply.
        Throws:
        java.io.IOException - For I/O errors.
        org.shredzone.acme4j.exception.AcmeException - For ACME errors.

      • httpChallenge

        public org.shredzone.acme4j.challenge.Challenge httpChallenge​(org.shredzone.acme4j.Authorization auth)
                                                       throws org.shredzone.acme4j.exception.AcmeException,
                                                              java.io.IOException
        Prepares a HTTP challenge.

        The verification of this challenge expects a file with a certain content to be reachable at a given path under the domain to be tested.

        Parameters:
        auth - Authorization to find the challenge in.
        Returns:
        Challenge to verify.
        Throws:
        org.shredzone.acme4j.exception.AcmeException - For ACME errors.
        java.io.IOException - For file writer errors.

      • dnsChallenge

        public org.shredzone.acme4j.challenge.Challenge dnsChallenge​(org.shredzone.acme4j.Authorization auth)
                                                      throws org.shredzone.acme4j.exception.AcmeException
        Prepares a DNS challenge.

        The verification of this challenge expects a TXT record with a certain content.

        This example outputs instructions that need to be executed manually. In a production environment, you would rather configure your DNS automatically.

        Parameters:
        auth - Authorization to find the challenge in.
        Returns:
        Challenge to verify.
        Throws:
        org.shredzone.acme4j.exception.AcmeException - For ACME errors.

      • createCertificate_HTTPChallenge

        public static java.io.File createCertificate_HTTPChallenge​(java.lang.String root,
                                                           java.lang.String domain,
                                                           java.lang.StringBuilder tos,
                                                           java.lang.String alias,
                                                           java.lang.String password,
                                                           java.security.cert.X509Certificate[] cert)
                                                    throws java.io.IOException,
                                                           java.lang.Exception
        Performs a HTTP challenge request on the running iiziServer or iiziGo instance.
        Parameters:
        root - The web server root directory.
        domain - The domain name.
        tos - Terms of service URI that has been accepted must be filled in (or empty for first try).
        alias - Alias for key store/certificate private key, null for default.
        password - Password to use, null for default.
        cert - Array of 1 to return certificate created, null for none.
        Returns:
        The PKCS#12 identity file created with the certificate chain alias "iizi" and password "changeit", or null if Terms-Of-Service must be accepted.
        Throws:
        java.io.IOException - For I/O errors.
        java.lang.Exception - For ACME problems, actually org.shredzone.acme4j.exception.AcmeException but in order to avoid module dependency to the acme4j package, an Exception is specified here.