java.lang.Object
org.shredzone.acme4j.AcmeResource
org.shredzone.acme4j.Certificate
- All Implemented Interfaces:
Serializable
Represents an issued certificate and its certificate chain.
A certificate is immutable once it is issued. For renewal, a new certificate must be ordered.
- See Also:
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoiddownload()Downloads the certificate chain.findCertificate(String issuer) Finds aCertificatethat was issued by the given issuer name.Returns alternate certificate chains, if available.Returns URLs to alternate certificate chains.Returns the created certificate.Returns the created certificate and issuer chain.Reads the RenewalInfo for this certificate.Returns the location of the certificate's RenewalInfo.booleanReturnstrueif the CA provides renewal information.booleanisIssuedBy(String issuer) Checks if this certificate was issued by the given issuer name.voidrevoke()Revokes this certificate.static voidrevoke(Login login, X509Certificate cert, RevocationReason reason) Revoke a certificate.voidrevoke(RevocationReason reason) Revokes this certificate.static voidrevoke(Session session, KeyPair domainKeyPair, X509Certificate cert, RevocationReason reason) Revoke a certificate.voidwriteCertificate(Writer out) Writes the certificate to the given writer.Methods inherited from class org.shredzone.acme4j.AcmeResource
finalize, getLocation, getLogin, getSession, rebind
-
Constructor Details
-
Certificate
-
-
Method Details
-
download
Downloads the certificate chain.The certificate is downloaded lazily by the other methods. Usually there is no need to invoke this method, unless the download is to be enforced. If the certificate has been downloaded already, nothing will happen.
- Throws:
AcmeException- if the certificate could not be downloaded
-
getCertificate
Returns the created certificate.- Returns:
- The created end-entity
X509Certificatewithout issuer chain.
-
getCertificateChain
Returns the created certificate and issuer chain.- Returns:
- The created end-entity
X509Certificateand issuer chain. The first certificate is always the end-entity certificate, followed by the intermediate certificates required to build a path to a trusted root.
-
getAlternates
Returns URLs to alternate certificate chains.- Returns:
- Alternate certificate chains, or empty if there are none.
-
getAlternateCertificates
Returns alternate certificate chains, if available.- Returns:
- Alternate certificate chains, or empty if there are none.
- Since:
- 2.11
-
isIssuedBy
Checks if this certificate was issued by the given issuer name.- Parameters:
issuer- Issuer name to check against, case-sensitive- Returns:
trueif this issuer name was found in the certificate chain as issuer,falseotherwise.- Since:
- 3.0.0
-
findCertificate
Finds aCertificatethat was issued by the given issuer name.- Parameters:
issuer- Issuer name to check against, case-sensitive- Returns:
- Certificate that was issued by that issuer, or
emptyif there was none. The returnedCertificatemay be this instance, or one of thegetAlternateCertificates()instances. If multiple certificates are issued by that issuer, the first one that was found is returned. - Since:
- 3.0.0
-
writeCertificate
Writes the certificate to the given writer. It is written in PEM format, with the end-entity cert coming first, followed by the intermediate certificates.- Parameters:
out-Writerto write to. The writer is not closed after use.- Throws:
IOException
-
getRenewalInfoLocation
Returns the location of the certificate's RenewalInfo. Empty if the CA does not provide this information.- Since:
- 3.0.0
-
hasRenewalInfo
Returnstrueif the CA provides renewal information.- Since:
- 3.0.0
-
getRenewalInfo
Reads the RenewalInfo for this certificate.- Returns:
- The
RenewalInfoof this certificate. - Throws:
AcmeNotSupportedException- if the CA does not support renewal information.- Since:
- 3.0.0
-
revoke
Revokes this certificate.- Throws:
AcmeException
-
revoke
Revokes this certificate.- Parameters:
reason-RevocationReasonstating the reason of the revocation that is used when generating OCSP responses and CRLs.nullto give no reason.- Throws:
AcmeException- See Also:
-
revoke
public static void revoke(Login login, X509Certificate cert, @Nullable RevocationReason reason) throws AcmeException Revoke a certificate.Use this method if the certificate's location is unknown, so you cannot regenerate a
Certificateinstance. This method requires aLoginto your account and the issued certificate.- Parameters:
login-Loginto the accountcert- TheX509Certificateto be revokedreason-RevocationReasonstating the reason of the revocation that is used when generating OCSP responses and CRLs.nullto give no reason.- Throws:
AcmeException- Since:
- 2.6
- See Also:
-
revoke
public static void revoke(Session session, KeyPair domainKeyPair, X509Certificate cert, @Nullable RevocationReason reason) throws AcmeException Revoke a certificate.Use this method if the key pair of your account was lost (so you are unable to login into your account), but you still have the key pair of the affected domain and the issued certificate.
- Parameters:
session-Sessionconnected to the ACME serverdomainKeyPair- Key pair the CSR was signed withcert- TheX509Certificateto be revokedreason-RevocationReasonstating the reason of the revocation that is used when generating OCSP responses and CRLs.nullto give no reason.- Throws:
AcmeException- See Also:
-