Module org.shredzone.acme4j
Package org.shredzone.acme4j

Class Certificate

  • All Implemented Interfaces:
    Serializable
    public class Certificate
extends AcmeResource
    Represents an issued certificate and its certificate chain.

    A certificate is immutable once it is issued. For renewal, a new certificate must be ordered.

    See Also:
    Serialized Form

    • Method Detail

      • download

        public void download()
              throws AcmeException
        Downloads the certificate chain.

        The certificate is downloaded lazily by the other methods. Usually there is no need to invoke this method, unless the download is to be enforced. If the certificate has been downloaded already, nothing will happen.

        Throws:
        AcmeException - if the certificate could not be downloaded

      • getCertificateChain

        public List<X509CertificategetCertificateChain()
        Returns the created certificate and issuer chain.
        Returns:
        The created end-entity X509Certificate and issuer chain. The first certificate is always the end-entity certificate, followed by the intermediate certificates required to build a path to a trusted root.

      • getAlternates

        public List<URLgetAlternates()
        Returns URLs to alternate certificate chains.
        Returns:
        Alternate certificate chains, or empty if there are none.

      • getAlternateCertificates

        public List<CertificategetAlternateCertificates()
        Returns alternate certificate chains, if available.
        Returns:
        Alternate certificate chains, or empty if there are none.
        Since:
        2.11

      • isIssuedBy

        public boolean isIssuedBy​(String issuer)
        Checks if this certificate was issued by the given issuer name.
        Parameters:
        issuer - Issuer name to check against, case-sensitive
        Returns:
        true if this issuer name was found in the certificate chain as issuer, false otherwise.
        Since:
        3.0.0

      • findCertificate

        public Optional<CertificatefindCertificate​(String issuer)
        Finds a Certificate that was issued by the given issuer name.
        Parameters:
        issuer - Issuer name to check against, case-sensitive
        Returns:
        Certificate that was issued by that issuer, or empty if there was none. The returned Certificate may be this instance, or one of the getAlternateCertificates() instances. If multiple certificates are issued by that issuer, the first one that was found is returned.
        Since:
        3.0.0

      • writeCertificate

        public void writeCertificate​(Writer out)
                      throws IOException
        Writes the certificate to the given writer. It is written in PEM format, with the end-entity cert coming first, followed by the intermediate certificates.
        Parameters:
        out - Writer to write to. The writer is not closed after use.
        Throws:
        IOException

      • getCertID

        @Deprecated
public String getCertID()
        Deprecated.
        Is not needed in the ACME context anymore and will thus be removed in a later version.
        Returns this certificate's CertID according to RFC 6960.

        This method requires the BouncyCastleProvider security provider.

        Since:
        3.0.0
        See Also:
        RFC 6960

      • getRenewalInfoLocation

        public Optional<URLgetRenewalInfoLocation()
        Returns the location of the certificate's RenewalInfo. Empty if the CA does not provide this information.
        Since:
        3.0.0
        Draft:
        This method is currently based on an RFC draft. It may be changed or removed without notice to reflect future changes to the draft. SemVer rules do not apply here.

      • hasRenewalInfo

        public boolean hasRenewalInfo()
        Returns true if the CA provides renewal information.
        Since:
        3.0.0
        Draft:
        This method is currently based on an RFC draft. It may be changed or removed without notice to reflect future changes to the draft. SemVer rules do not apply here.

      • getRenewalInfo

        public RenewalInfo getRenewalInfo()
        Reads the RenewalInfo for this certificate.
        Returns:
        The RenewalInfo of this certificate.
        Throws:
        AcmeNotSupportedException - if the CA does not support renewal information.
        Since:
        3.0.0
        Draft:
        This method is currently based on an RFC draft. It may be changed or removed without notice to reflect future changes to the draft. SemVer rules do not apply here.