Package jetbrains.buildServer.serverSide.impl.ssl.acme

Interface AcmeService

All Superinterfaces:

TeamCityExtension

All Known Implementing Classes:

LetsEncryptAcmeService

public interface AcmeService
extends TeamCityExtension

Service for managing SSL certificates with ACME protocol server (RFC 8555) Supports only HTTP-01 challenges, since DNS challenges are dependent on DNS providers. See letsencrypt.org/docs/challenge-types/ for details.

Author:

Daniil Boger

Method Summary

Modifier and Type	Method	Description
Pair<Collection<Certificate>,KeyPair>	getSignedCertificate(KeyPair keyPair, URL orderUrl)	Receive signed certificate with authorized key pair
String	getTermsOfService()	Returns terms of service.
AcmeOrder	initializeHttp01Challenge(KeyPair keyPair)	Initializes HTTP-01 challenge.
KeyPair	registerAccount()	Register new ACME account
void	revokeCertificate(KeyPair keyPair, Certificate certificate)	Revokes certificate using ACME account that ordered it
void	triggerHttp01Challenge(KeyPair keyPair, URL orderUrl)	Triggers the HTTP-01 challenge for provided key pair's order.

Method Detail

registerAccount

KeyPair registerAccount()
                 throws AcmeServiceException

Register new ACME account

Returns:

authenticated KeyPair, which can be used for issuing certificates

Throws:

AcmeServiceException - on failed registration or invalid key pair

initializeHttp01Challenge

AcmeOrder initializeHttp01Challenge(@NotNull
                                    KeyPair keyPair)
                             throws AcmeServiceException

Initializes HTTP-01 challenge. Returns required file name and file contents.

Parameters:

keyPair - key pair which will be used for order

Returns:

AcmeOrder with required file name, required file contents and order URL

Throws:

AcmeServiceException - on invalid key pair or networking errors

triggerHttp01Challenge

void triggerHttp01Challenge(@NotNull
                            KeyPair keyPair,
                            @NotNull
                            URL orderUrl)
                     throws AcmeServiceException

Triggers the HTTP-01 challenge for provided key pair's order. On success, the key pair is considered authorized.

Parameters:

keyPair - key pair representing ACME account

orderUrl - URL of order

Throws:

AcmeServiceException - on failed confirmation, on invalid key pair, or when the order do not have initialized challenge

getSignedCertificate

Pair<Collection<Certificate>,KeyPair> getSignedCertificate(@NotNull
                                                                 KeyPair keyPair,
                                                                 @NotNull
                                                                 URL orderUrl)
                                                          throws AcmeServiceException

Receive signed certificate with authorized key pair

Parameters:

keyPair - authorized key pair

orderUrl - URL of order

Returns:

pair of signed certificate chain in collection and domain key pair. Please note that it's not equal to ACME account key pair. First certificate in this chain must be end-entity.

Throws:

AcmeServiceException - if key pair is not authorized in ACME server, or if certificate fetch has failed

revokeCertificate

void revokeCertificate(@NotNull
                       KeyPair keyPair,
                       @NotNull
                       Certificate certificate)
                throws AcmeServiceException

Revokes certificate using ACME account that ordered it

Parameters:

keyPair - key pair of account that ordered certificate

certificate - certificate to revoke

Throws:

AcmeServiceException - on unauthorized/incorrect key pair or if revocation has failed

getTermsOfService

@Nullable
String getTermsOfService()
                  throws AcmeServiceException

Returns terms of service.

Returns:

string with terms of service

Throws:

AcmeServiceException - on connection failures