public class ESTService
extends java.lang.Object
Modifier and Type | Field and Description |
---|---|
protected static java.lang.String |
CACERTS |
protected static java.lang.String |
CSRATTRS |
protected static java.lang.String |
FULLCMC |
protected static java.util.Set<java.lang.String> |
illegalParts |
protected static java.lang.String |
SERVERGEN |
protected static java.lang.String |
SIMPLE_ENROLL |
protected static java.lang.String |
SIMPLE_REENROLL |
Modifier and Type | Method and Description |
---|---|
CACertsResponse |
getCACerts()
Query the EST server for ca certificates.
|
CSRRequestResponse |
getCSRAttributes()
Fetch he CSR Attributes from the server.
|
protected EnrollmentResponse |
handleEnrollResponse(ESTResponse resp)
Handles the enroll response, deals with status codes and setting of delays.
|
EnrollmentResponse |
simpleEnroll(boolean reenroll,
PKCS10CertificationRequest certificationRequest,
ESTAuth auth)
Perform a simple enrollment operation.
|
EnrollmentResponse |
simpleEnroll(EnrollmentResponse priorResponse)
Reissue an existing request where the server had previously returned a 202.
|
EnrollmentResponse |
simpleEnrollPoP(boolean reEnroll,
PKCS10CertificationRequestBuilder builder,
ContentSigner contentSigner,
ESTAuth auth)
Implements Enroll with PoP.
|
static X509CertificateHolder[] |
storeToArray(org.bouncycastle.util.Store<X509CertificateHolder> store)
Utility method to extract all the X509Certificates from a store and return them in an array.
|
static X509CertificateHolder[] |
storeToArray(org.bouncycastle.util.Store<X509CertificateHolder> store,
org.bouncycastle.util.Selector<X509CertificateHolder> selector)
Utility method to extract all the X509Certificates from a store using a filter and to return them
as an array.
|
protected static final java.lang.String CACERTS
protected static final java.lang.String SIMPLE_ENROLL
protected static final java.lang.String SIMPLE_REENROLL
protected static final java.lang.String FULLCMC
protected static final java.lang.String SERVERGEN
protected static final java.lang.String CSRATTRS
protected static final java.util.Set<java.lang.String> illegalParts
public static X509CertificateHolder[] storeToArray(org.bouncycastle.util.Store<X509CertificateHolder> store)
store
- The store.public static X509CertificateHolder[] storeToArray(org.bouncycastle.util.Store<X509CertificateHolder> store, org.bouncycastle.util.Selector<X509CertificateHolder> selector)
store
- The store.selector
- The selector.public CACertsResponse getCACerts() throws ESTException
RFC7030 leans heavily on the verification phases of TLS for both client and server verification.
It does however define a bootstrapping mode where if the client does not have the necessary ca certificates to validate the server it can defer to an external source, such as a human, to formally accept the ca certs.
If callers are using bootstrapping they must examine the CACertsResponse and validate it externally.
ESTException
public EnrollmentResponse simpleEnroll(EnrollmentResponse priorResponse) throws java.lang.Exception
priorResponse
- The prior response.java.lang.Exception
public EnrollmentResponse simpleEnroll(boolean reenroll, PKCS10CertificationRequest certificationRequest, ESTAuth auth) throws java.io.IOException
This method accepts an ESPHttpAuth instance to provide basic or digest authentication.
If authentication is to be performed as part of TLS then this instances client keystore and their keystore password need to be specified.
certificationRequest
- The certification request.auth
- The http auth provider, basic auth or digest auth, can be null.java.io.IOException
public EnrollmentResponse simpleEnrollPoP(boolean reEnroll, PKCS10CertificationRequestBuilder builder, ContentSigner contentSigner, ESTAuth auth) throws java.io.IOException
reEnroll
- True = re enroll.builder
- The request builder.contentSigner
- The content signer.auth
- Auth modes.java.io.IOException
protected EnrollmentResponse handleEnrollResponse(ESTResponse resp) throws java.io.IOException
resp
- The response.java.io.IOException
public CSRRequestResponse getCSRAttributes() throws ESTException
ESTException