- java.lang.Object
-
- org.shredzone.acme4j.AcmeResource
-
- org.shredzone.acme4j.Certificate
-
- All Implemented Interfaces:
Serializable
public class Certificate extends AcmeResource
Represents an issued certificate and its certificate chain.A certificate is immutable once it is issued. For renewal, a new certificate must be ordered.
- See Also:
- Serialized Form
-
-
Constructor Summary
Constructors Modifier Constructor Description protected
Certificate(Login login, URL certUrl)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description void
download()
Downloads the certificate chain.Optional<Certificate>
findCertificate(String issuer)
Finds aCertificate
that was issued by the given issuer name.List<Certificate>
getAlternateCertificates()
Returns alternate certificate chains, if available.List<URL>
getAlternates()
Returns URLs to alternate certificate chains.String
getCertID()
Deprecated.Is not needed in the ACME context anymore and will thus be removed in a later version.X509Certificate
getCertificate()
Returns the created certificate.List<X509Certificate>
getCertificateChain()
Returns the created certificate and issuer chain.RenewalInfo
getRenewalInfo()
Reads the RenewalInfo for this certificate.Optional<URL>
getRenewalInfoLocation()
Returns the location of the certificate's RenewalInfo.boolean
hasRenewalInfo()
Returnstrue
if the CA provides renewal information.boolean
isIssuedBy(String issuer)
Checks if this certificate was issued by the given issuer name.void
revoke()
Revokes this certificate.static void
revoke(Login login, X509Certificate cert, RevocationReason reason)
Revoke a certificate.void
revoke(RevocationReason reason)
Revokes this certificate.static void
revoke(Session session, KeyPair domainKeyPair, X509Certificate cert, RevocationReason reason)
Revoke a certificate.void
writeCertificate(Writer out)
Writes the certificate to the given writer.-
Methods inherited from class org.shredzone.acme4j.AcmeResource
finalize, getLocation, getLogin, getSession, rebind
-
-
-
-
Constructor Detail
-
Certificate
protected Certificate(Login login, URL certUrl)
-
-
Method Detail
-
download
public void download() throws AcmeException
Downloads the certificate chain.The certificate is downloaded lazily by the other methods. Usually there is no need to invoke this method, unless the download is to be enforced. If the certificate has been downloaded already, nothing will happen.
- Throws:
AcmeException
- if the certificate could not be downloaded
-
getCertificate
public X509Certificate getCertificate()
Returns the created certificate.- Returns:
- The created end-entity
X509Certificate
without issuer chain.
-
getCertificateChain
public List<X509Certificate> getCertificateChain()
Returns the created certificate and issuer chain.- Returns:
- The created end-entity
X509Certificate
and issuer chain. The first certificate is always the end-entity certificate, followed by the intermediate certificates required to build a path to a trusted root.
-
getAlternates
public List<URL> getAlternates()
Returns URLs to alternate certificate chains.- Returns:
- Alternate certificate chains, or empty if there are none.
-
getAlternateCertificates
public List<Certificate> getAlternateCertificates()
Returns alternate certificate chains, if available.- Returns:
- Alternate certificate chains, or empty if there are none.
- Since:
- 2.11
-
isIssuedBy
public boolean isIssuedBy(String issuer)
Checks if this certificate was issued by the given issuer name.- Parameters:
issuer
- Issuer name to check against, case-sensitive- Returns:
true
if this issuer name was found in the certificate chain as issuer,false
otherwise.- Since:
- 3.0.0
-
findCertificate
public Optional<Certificate> findCertificate(String issuer)
Finds aCertificate
that was issued by the given issuer name.- Parameters:
issuer
- Issuer name to check against, case-sensitive- Returns:
- Certificate that was issued by that issuer, or
empty
if there was none. The returnedCertificate
may be this instance, or one of thegetAlternateCertificates()
instances. If multiple certificates are issued by that issuer, the first one that was found is returned. - Since:
- 3.0.0
-
writeCertificate
public void writeCertificate(Writer out) throws IOException
Writes the certificate to the given writer. It is written in PEM format, with the end-entity cert coming first, followed by the intermediate certificates.- Parameters:
out
-Writer
to write to. The writer is not closed after use.- Throws:
IOException
-
getCertID
@Deprecated public String getCertID()
Deprecated.Is not needed in the ACME context anymore and will thus be removed in a later version.Returns this certificate's CertID according to RFC 6960.This method requires the
BouncyCastleProvider
security provider.- Since:
- 3.0.0
- See Also:
- RFC 6960
-
getRenewalInfoLocation
public Optional<URL> getRenewalInfoLocation()
Returns the location of the certificate's RenewalInfo. Empty if the CA does not provide this information.- Since:
- 3.0.0
- Draft:
- This method is currently based on an RFC draft. It may be changed or removed without notice to reflect future changes to the draft. SemVer rules do not apply here.
-
hasRenewalInfo
public boolean hasRenewalInfo()
Returnstrue
if the CA provides renewal information.- Since:
- 3.0.0
- Draft:
- This method is currently based on an RFC draft. It may be changed or removed without notice to reflect future changes to the draft. SemVer rules do not apply here.
-
getRenewalInfo
public RenewalInfo getRenewalInfo()
Reads the RenewalInfo for this certificate.- Returns:
- The
RenewalInfo
of this certificate. - Throws:
AcmeNotSupportedException
- if the CA does not support renewal information.- Since:
- 3.0.0
- Draft:
- This method is currently based on an RFC draft. It may be changed or removed without notice to reflect future changes to the draft. SemVer rules do not apply here.
-
revoke
public void revoke() throws AcmeException
Revokes this certificate.- Throws:
AcmeException
-
revoke
public void revoke(@Nullable RevocationReason reason) throws AcmeException
Revokes this certificate.- Parameters:
reason
-RevocationReason
stating the reason of the revocation that is used when generating OCSP responses and CRLs.null
to give no reason.- Throws:
AcmeException
- See Also:
revoke(Login, X509Certificate, RevocationReason)
,revoke(Session, KeyPair, X509Certificate, RevocationReason)
-
revoke
public static void revoke(Login login, X509Certificate cert, @Nullable RevocationReason reason) throws AcmeException
Revoke a certificate.Use this method if the certificate's location is unknown, so you cannot regenerate a
Certificate
instance. This method requires aLogin
to your account and the issued certificate.- Parameters:
login
-Login
to the accountcert
- TheX509Certificate
to be revokedreason
-RevocationReason
stating the reason of the revocation that is used when generating OCSP responses and CRLs.null
to give no reason.- Throws:
AcmeException
- Since:
- 2.6
- See Also:
revoke(Session, KeyPair, X509Certificate, RevocationReason)
-
revoke
public static void revoke(Session session, KeyPair domainKeyPair, X509Certificate cert, @Nullable RevocationReason reason) throws AcmeException
Revoke a certificate.Use this method if the key pair of your account was lost (so you are unable to login into your account), but you still have the key pair of the affected domain and the issued certificate.
- Parameters:
session
-Session
connected to the ACME serverdomainKeyPair
- Key pair the CSR was signed withcert
- TheX509Certificate
to be revokedreason
-RevocationReason
stating the reason of the revocation that is used when generating OCSP responses and CRLs.null
to give no reason.- Throws:
AcmeException
- See Also:
revoke(Login, X509Certificate, RevocationReason)
-
-