Package org.bouncycastle.est

Class ESTService

  • public class ESTService
extends java.lang.Object
    ESTService provides unified access to an EST server which is defined as implementing RFC7030.

    • Method Detail

      • storeToArray

        public static X509CertificateHolder[] storeToArray​(org.bouncycastle.util.Store<X509CertificateHolder> store)
        Utility method to extract all the X509Certificates from a store and return them in an array.
        Parameters:
        store - The store.
        Returns:
        An arrar of certificates/

      • storeToArray

        public static X509CertificateHolder[] storeToArray​(org.bouncycastle.util.Store<X509CertificateHolder> store,
                                                   org.bouncycastle.util.Selector<X509CertificateHolder> selector)
        Utility method to extract all the X509Certificates from a store using a filter and to return them as an array.
        Parameters:
        store - The store.
        selector - The selector.
        Returns:
        An array of X509Certificates.

      • getCACerts

        public CACertsResponse getCACerts()
                           throws ESTException
        Query the EST server for ca certificates.

        RFC7030 leans heavily on the verification phases of TLS for both client and server verification.

        It does however define a bootstrapping mode where if the client does not have the necessary ca certificates to validate the server it can defer to an external source, such as a human, to formally accept the ca certs.

        If callers are using bootstrapping they must examine the CACertsResponse and validate it externally.

        Returns:
        A store of X509Certificates.
        Throws:
        ESTException

      • simpleEnroll

        public EnrollmentResponse simpleEnroll​(EnrollmentResponse priorResponse)
                                throws java.lang.Exception
        Reissue an existing request where the server had previously returned a 202.
        Parameters:
        priorResponse - The prior response.
        Returns:
        A new ESTEnrollmentResponse
        Throws:
        java.lang.Exception

      • simpleEnroll

        public EnrollmentResponse simpleEnroll​(boolean reenroll,
                                       PKCS10CertificationRequest certificationRequest,
                                       ESTAuth auth)
                                throws java.io.IOException
        Perform a simple enrollment operation.

        This method accepts an ESPHttpAuth instance to provide basic or digest authentication.

        If authentication is to be performed as part of TLS then this instances client keystore and their keystore password need to be specified.

        Parameters:
        certificationRequest - The certification request.
        auth - The http auth provider, basic auth or digest auth, can be null.
        Returns:
        The enrolled certificate.
        Throws:
        java.io.IOException

      • simpleEnrollPoP

        public EnrollmentResponse simpleEnrollPoP​(boolean reEnroll,
                                          PKCS10CertificationRequestBuilder builder,
                                          ContentSigner contentSigner,
                                          ESTAuth auth)
                                   throws java.io.IOException
        Implements Enroll with PoP. Request will have the tls-unique attribute added to it before it is signed and completed.
        Parameters:
        reEnroll - True = re enroll.
        builder - The request builder.
        contentSigner - The content signer.
        auth - Auth modes.
        Returns:
        Enrollment response.
        Throws:
        java.io.IOException

      • handleEnrollResponse

        protected EnrollmentResponse handleEnrollResponse​(ESTResponse resp)
                                           throws java.io.IOException
        Handles the enroll response, deals with status codes and setting of delays.
        Parameters:
        resp - The response.
        Returns:
        An EnrollmentResponse.
        Throws:
        java.io.IOException