Account instance is all you need to proceed with the certification process.
However, you certainly want to come back later, for example if you want to renew a certificate. This is when you need to log into your existing CA account.
Logging into an Account¶
You get a
Login object by providing your account information to the session:
KeyPair accountKeyPair = ... // account's key pair URL accountLocationUrl = ... // account's URL Login login = session.login(accountLocationUrl, accountKeyPair);
Now you can simply get your
Account instance from the
Account account = login.getAccount();
It is possible to have multiple
Logins to different accounts per session. This is useful if your software handles the certificates of more than one account.
Login on Creation¶
If it is more convenient to you, you can also get a ready to use
Login object from the
AccountBuilder when creating a new account:
Login login = new AccountBuilder() .addContact("mailto:email@example.com") .agreeToTermsOfService() .useKeyPair(keyPair) .createLogin(session); URL accountLocationUrl = login.getAccountLocation(); Account account = login.getAccount();
If you know the URL of an ACME resource, you can bind it to a
Login instance and get a resource object. The resource must be related to the account that is logged in.
For example, this is the way to get an
Authorization object from an authorization URL:
URL authorizationURL = ... // authorization URL Authorization auth = login.bindAuthorization(authorizationURL);
You can bind
Challenge resources that way. To get the resource URL, use the
getLocation() method of the resource object.
All resource objects are serializable, so the current state of the object can be frozen by Java's serialization mechanism.
Login the object is bound with is not serialized! The reason is that besides volatile data, the
Login object contains a copy of your private key. Not serializing it prevents that you unintentionally reveal your private key in a place with lowered access restrictions.
This means that a deserialized object is not bound to a
Login yet. It is required to rebind it to a
Login, by invoking the
rebind() method of the resource object.
Serialization is only meant for short term storage at runtime, not for long term persistence. For long term persistence, store the location URL of the resource, then bind it at later time like mentioned above.
Do not share serialized data between different versions of acme4j.