Module org.shredzone.acme4j

Package org.shredzone.acme4j

Class Order

java.lang.Object

org.shredzone.acme4j.AcmeResource

org.shredzone.acme4j.AcmeJsonResource

org.shredzone.acme4j.Order

All Implemented Interfaces:

Serializable

public class Order
extends AcmeJsonResource

A representation of a certificate order at the CA.

See Also:

• Serialized Form

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	Order(Login login, URL location)

Method Summary

Modifier and Type	Method	Description
void	cancelAutoRenewal()	Cancels an auto-renewing order.
void	execute(byte[] csr)	Finalizes the order (see execute(KeyPair)).
void	execute(KeyPair domainKeyPair)	Finalizes the order.
void	execute(KeyPair domainKeyPair, Consumer<CSRBuilder> builderConsumer)	Finalizes the order (see execute(KeyPair)).
void	execute(org.bouncycastle.pkcs.PKCS10CertificationRequest csr)	Finalizes the order (see execute(KeyPair)).
List<Authorization>	getAuthorizations()	Gets the Authorization that are required to fulfil this order, in no specific order.
Certificate	getAutoRenewalCertificate()	Gets the STAR extension's Certificate if it is available.
Instant	getAutoRenewalEndDate()	Returns the latest date of validity of the last certificate issued.
Duration	getAutoRenewalLifetime()	Returns the maximum lifetime of each certificate.
Optional<Duration>	getAutoRenewalLifetimeAdjust()	Returns the pre-date period of each certificate.
Optional<Instant>	getAutoRenewalStartDate()	Returns the earliest date of validity of the first certificate issued.
Certificate	getCertificate()	Gets the Certificate.
Optional<Problem>	getError()	Returns a Problem document with the reason if the order has failed.
Optional<Instant>	getExpires()	Gets the expiry date of the authorization, if set by the server.
URL	getFinalizeLocation()	Gets the location URL of where to send the finalization call to.
List<Identifier>	getIdentifiers()	Gets a list of Identifier that are connected to this order.
Optional<Instant>	getNotAfter()	Gets the "not after" date that was used for the order.
Optional<Instant>	getNotBefore()	Gets the "not before" date that was used for the order.
Status	getStatus()	Returns the current status of the order.
protected void	invalidate()	Invalidates the state of this resource.
boolean	isAutoRenewalGetEnabled()	Returns true if STAR certificates from this order can also be fetched via GET requests.
boolean	isAutoRenewing()	Checks if this order is auto-renewing, according to the ACME STAR specifications.

Methods inherited from class org.shredzone.acme4j.AcmeJsonResource

fetch, getJSON, getRetryAfter, isValid, setJSON, setRetryAfter, update

Methods inherited from class org.shredzone.acme4j.AcmeResource

getLocation, getLogin, getSession, rebind

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

Order

protected Order(Login login,
 URL location)

Method Details

getStatus

public Status getStatus()

Returns the current status of the order.

Possible values are: Status.PENDING, Status.READY, Status.PROCESSING, Status.VALID, Status.INVALID. If the server supports STAR, another possible value is Status.CANCELED.

getError

public Optional<Problem> getError()

Returns a Problem document with the reason if the order has failed.

getExpires

public Optional<Instant> getExpires()

Gets the expiry date of the authorization, if set by the server.

getIdentifiers

public List<Identifier> getIdentifiers()

Gets a list of Identifier that are connected to this order.

Since:

2.3

getNotBefore

public Optional<Instant> getNotBefore()

Gets the "not before" date that was used for the order.

getNotAfter

public Optional<Instant> getNotAfter()

Gets the "not after" date that was used for the order.

getAuthorizations

public List<Authorization> getAuthorizations()

Gets the Authorization that are required to fulfil this order, in no specific order.

getFinalizeLocation

public URL getFinalizeLocation()

Gets the location URL of where to send the finalization call to.

For internal purposes. Use execute(byte[]) to finalize an order.

getCertificate

public Certificate getCertificate()

Gets the Certificate.

Throws:

IllegalStateException - if the order is not ready yet. You must finalize the order first, and wait for the status to become Status.VALID.

getAutoRenewalCertificate

public Certificate getAutoRenewalCertificate()

Gets the STAR extension's Certificate if it is available.

Throws:

IllegalStateException - if the order is not ready yet. You must finalize the order first, and wait for the status to become Status.VALID. It is also thrown if the order has been Status.CANCELED.

Since:

2.6

execute

public void execute(KeyPair domainKeyPair)
             throws AcmeException

Finalizes the order.

If the finalization was successful, the certificate is provided via getCertificate().

Even though the ACME protocol uses the term "finalize an order", this method is called execute(KeyPair) to avoid confusion with the problematic Object.finalize() method.

Parameters:

domainKeyPair - The KeyPair that is going to be certified. This is not your account's keypair!

Throws:

AcmeException

Since:

3.0.0

See Also:

• execute(KeyPair, Consumer)
• execute(PKCS10CertificationRequest)
• execute(byte[])

execute

public void execute(KeyPair domainKeyPair,
 Consumer<CSRBuilder> builderConsumer)
             throws AcmeException

Finalizes the order (see execute(KeyPair)).

This method also accepts a builderConsumer that can be used to add further details to the CSR (e.g. your organization). The identifiers (IPs, domain names, etc.) are automatically added to the CSR.

Parameters:

domainKeyPair - The KeyPair that is going to be used together with the certificate. This is not your account's keypair!

builderConsumer - Consumer that adds further details to the provided CSRBuilder.

Throws:

AcmeException

Since:

3.0.0

See Also:

• execute(KeyPair)
• execute(PKCS10CertificationRequest)
• execute(byte[])

execute

public void execute(org.bouncycastle.pkcs.PKCS10CertificationRequest csr)
             throws AcmeException

Finalizes the order (see execute(KeyPair)).

This method receives a PKCS10CertificationRequest instance of a CSR that was generated externally. Use this method to gain full control over the content of the CSR. The CSR is not checked by acme4j, but just transported to the CA. It is your responsibility that it matches to the order.

Parameters:

csr - PKCS10CertificationRequest to be used for this order.

Throws:

AcmeException

Since:

3.0.0

See Also:

• execute(KeyPair)
• execute(KeyPair, Consumer)
• execute(byte[])

execute

public void execute(byte[] csr)
             throws AcmeException

Finalizes the order (see execute(KeyPair)).

This method receives a byte array containing an encoded CSR that was generated externally. Use this method to gain full control over the content of the CSR. The CSR is not checked by acme4j, but just transported to the CA. It is your responsibility that it matches to the order.

Parameters:

csr - Binary representation of a CSR containing the parameters for the certificate being requested, in DER format

Throws:

AcmeException

isAutoRenewing

public boolean isAutoRenewing()

Checks if this order is auto-renewing, according to the ACME STAR specifications.

Since:

2.3

getAutoRenewalStartDate

public Optional<Instant> getAutoRenewalStartDate()

Returns the earliest date of validity of the first certificate issued.

Throws:

AcmeNotSupportedException - if auto-renewal is not supported

Since:

2.3

getAutoRenewalEndDate

public Instant getAutoRenewalEndDate()

Returns the latest date of validity of the last certificate issued.

Throws:

AcmeNotSupportedException - if auto-renewal is not supported

Since:

2.3

getAutoRenewalLifetime

public Duration getAutoRenewalLifetime()

Returns the maximum lifetime of each certificate.

Throws:

AcmeNotSupportedException - if auto-renewal is not supported

Since:

2.3

getAutoRenewalLifetimeAdjust

public Optional<Duration> getAutoRenewalLifetimeAdjust()

Returns the pre-date period of each certificate.

Throws:

AcmeNotSupportedException - if auto-renewal is not supported

Since:

2.7

isAutoRenewalGetEnabled

public boolean isAutoRenewalGetEnabled()

Returns true if STAR certificates from this order can also be fetched via GET requests.

Since:

2.6

cancelAutoRenewal

public void cancelAutoRenewal()
                       throws AcmeException

Cancels an auto-renewing order.

Throws:

AcmeException

Since:

2.3

invalidate

protected void invalidate()

Description copied from class: AcmeJsonResource

Invalidates the state of this resource. Enforces a AcmeJsonResource.fetch() when AcmeJsonResource.getJSON() is invoked.

Subclasses can override this method to purge internal caches that are based on the JSON structure. Remember to invoke super.invalidate()!

Overrides:

invalidate in class AcmeJsonResource