public class ESTService
extends java.lang.Object
Modifier and Type | Field and Description |
---|---|
protected static java.lang.String |
CACERTS |
protected static java.lang.String |
CSRATTRS |
protected static java.lang.String |
FULLCMC |
protected static java.util.Set<java.lang.String> |
illegalParts |
protected static java.lang.String |
SERVERGEN |
protected static java.lang.String |
SIMPLE_ENROLL |
protected static java.lang.String |
SIMPLE_REENROLL |
Modifier and Type | Method and Description |
---|---|
protected EnrollmentResponse |
enroll(boolean reenroll,
PKCS10CertificationRequest certificationRequest,
ESTAuth auth,
boolean certGen)
Perform a simple enrollment operation.
|
EnrollmentResponse |
enrollPop(boolean reEnroll,
PKCS10CertificationRequestBuilder builder,
ContentSigner contentSigner,
ESTAuth auth,
boolean certGen)
Implements Enroll with PoP.
|
CACertsResponse |
getCACerts()
Query the EST server for ca certificates.
|
CSRRequestResponse |
getCSRAttributes()
Fetch he CSR Attributes from the server.
|
protected EnrollmentResponse |
handleEnrollResponse(ESTResponse resp)
Handles an enrollment response, deals with status codes and setting of delays.
|
EnrollmentResponse |
simpleEnroll(boolean reenroll,
PKCS10CertificationRequest certificationRequest,
ESTAuth auth)
Perform a simple enrollment operation.
|
EnrollmentResponse |
simpleEnroll(EnrollmentResponse priorResponse)
Reissue an existing request where the server had previously returned a 202.
|
EnrollmentResponse |
simpleEnrollPoP(boolean reEnroll,
PKCS10CertificationRequestBuilder builder,
ContentSigner contentSigner,
ESTAuth auth)
Implements Enroll with PoP.
|
EnrollmentResponse |
simpleEnrollPopWithServersideCreation(PKCS10CertificationRequestBuilder builder,
ContentSigner contentSigner,
ESTAuth auth)
Simple enrollment with PoP and server side creation of keys.
|
EnrollmentResponse |
simpleEnrollWithServersideCreation(PKCS10CertificationRequest certificationRequest,
ESTAuth auth)
Perform a simple enrollment operation.
|
static X509CertificateHolder[] |
storeToArray(org.bouncycastle.util.Store<X509CertificateHolder> store)
Utility method to extract all the X509Certificates from a store and return them in an array.
|
static X509CertificateHolder[] |
storeToArray(org.bouncycastle.util.Store<X509CertificateHolder> store,
org.bouncycastle.util.Selector<X509CertificateHolder> selector)
Utility method to extract all the X509Certificates from a store using a filter and to return them
as an array.
|
protected static final java.lang.String CACERTS
protected static final java.lang.String SIMPLE_ENROLL
protected static final java.lang.String SIMPLE_REENROLL
protected static final java.lang.String FULLCMC
protected static final java.lang.String SERVERGEN
protected static final java.lang.String CSRATTRS
protected static final java.util.Set<java.lang.String> illegalParts
public static X509CertificateHolder[] storeToArray(org.bouncycastle.util.Store<X509CertificateHolder> store)
store
- The store.public static X509CertificateHolder[] storeToArray(org.bouncycastle.util.Store<X509CertificateHolder> store, org.bouncycastle.util.Selector<X509CertificateHolder> selector)
store
- The store.selector
- The selector.public CACertsResponse getCACerts() throws ESTException
RFC7030 leans heavily on the verification phases of TLS for both client and server verification.
It does however define a bootstrapping mode where if the client does not have the necessary ca certificates to validate the server it can defer to an external source, such as a human, to formally accept the ca certs.
If callers are using bootstrapping they must examine the CACertsResponse and validate it externally.
ESTException
public EnrollmentResponse simpleEnroll(EnrollmentResponse priorResponse) throws java.lang.Exception
priorResponse
- The prior response.java.lang.Exception
protected EnrollmentResponse enroll(boolean reenroll, PKCS10CertificationRequest certificationRequest, ESTAuth auth, boolean certGen) throws java.io.IOException
This method accepts an ESPHttpAuth instance to provide basic or digest authentication.
If authentication is to be performed as part of TLS then this instances client keystore and their keystore password need to be specified.
certificationRequest
- The certification request.auth
- The http auth provider, basic auth or digest auth, can be null.certGen
- if true, request server key generationjava.io.IOException
public EnrollmentResponse simpleEnroll(boolean reenroll, PKCS10CertificationRequest certificationRequest, ESTAuth auth) throws java.io.IOException
This method accepts an ESPHttpAuth instance to provide basic or digest authentication.
If authentication is to be performed as part of TLS then this instances client keystore and their keystore password need to be specified.
reenroll
- true for enrollment.certificationRequest
- The certification request.auth
- The http auth provider, basic auth or digest auth, can be null.java.io.IOException
public EnrollmentResponse simpleEnrollWithServersideCreation(PKCS10CertificationRequest certificationRequest, ESTAuth auth) throws java.io.IOException
This method accepts an ESPHttpAuth instance to provide basic or digest authentication.
If authentication is to be performed as part of TLS then this instances client keystore and their keystore password need to be specified.
certificationRequest
- The certification request.auth
- The http auth provider, basic auth or digest auth, can be null.java.io.IOException
public EnrollmentResponse enrollPop(boolean reEnroll, PKCS10CertificationRequestBuilder builder, ContentSigner contentSigner, ESTAuth auth, boolean certGen) throws java.io.IOException
reEnroll
- True = re enroll.builder
- The request builder.contentSigner
- The content signer.auth
- Auth modes.certGen
- if true will request server key generation.java.io.IOException
public EnrollmentResponse simpleEnrollPoP(boolean reEnroll, PKCS10CertificationRequestBuilder builder, ContentSigner contentSigner, ESTAuth auth) throws java.io.IOException
reEnroll
- True = re enroll.builder
- The request builder.contentSigner
- The content signer.auth
- Auth modes.java.io.IOException
public EnrollmentResponse simpleEnrollPopWithServersideCreation(PKCS10CertificationRequestBuilder builder, ContentSigner contentSigner, ESTAuth auth) throws java.io.IOException
builder
- The request builder.contentSigner
- The content signerauth
- Auth modesjava.io.IOException
protected EnrollmentResponse handleEnrollResponse(ESTResponse resp) throws java.io.IOException
resp
- The response.java.io.IOException
public CSRRequestResponse getCSRAttributes() throws ESTException
ESTException