Skip to content

Keyfactor/ejbca-java-client-sdk

BranchesTags

Repository files navigation

Community supported

We welcome contributions.

The Keyfactor EJBCA Java SDK is open source and community supported, meaning that there is no SLA applicable for these tools.

To report a problem or suggest a new feature, use the Issues tab. If you want to contribute actual bug fixes or proposed enhancements, use the Pull requests tab.

ejbca-java-client-sdk

Requirements

Building the API client library requires:

  1. Java 1.8+
  2. Maven (3.8.3+)/Gradle (7.2+)

Installation

To install the API client library to your local Maven repository, simply execute:

mvn clean install

To deploy it to a remote Maven repository instead, configure the settings of the repository and execute:

mvn clean deploy

Refer to the OSSRH Guide for more information.

Maven users

Add this dependency to your project's POM:

<dependency>
  <groupId>com.keyfactor.ejbca</groupId>
  <artifactId>ejbca-java-client-sdk</artifactId>
  <version>1.0</version>
  <scope>compile</scope>
</dependency>

Gradle users

Add this dependency to your project's build file:

  repositories {
    mavenCentral()     // Needed if the 'ejbca-java-client-sdk' jar has been published to maven central.
    mavenLocal()       // Needed if the 'ejbca-java-client-sdk' jar has been published to the local maven repo.
  }

  dependencies {
     implementation "com.keyfactor.ejbca:ejbca-java-client-sdk:1.0"
  }

Others

At first generate the JAR by executing:

mvn clean package

Then manually install the following JARs:

  • target/ejbca-java-client-sdk-1.0.jar
  • target/lib/*.jar

Getting Started

Please follow the installation instruction and execute the following Java code:

// Import classes:
import com.keyfactor.ejbca.client.ApiClient;
import com.keyfactor.ejbca.client.ApiException;
import com.keyfactor.ejbca.client.Configuration;
import com.keyfactor.ejbca.client.model.*;
import com.keyfactor.ejbca.client.api.V1CaApi;

import java.nio.file.Path;

public class Example {
  public static void main(String[] args) {
    ApiClient defaultClient = Configuration.getDefaultApiClient();
    // Set base path to EJBCA REST API
    defaultClient.setBasePath("http://localhost/ejbca/ejbca-rest-api");

    // Retrieve client certificate and key
    Path cert = Paths.get("path/to/clientcertificate");
    Path key = Paths.get("path/to/key");
    defaultClient.setClientCert(cert, key);

    V1CaApi apiInstance = new V1CaApi(defaultClient);
    String issuerDn = "issuerDn_example"; // String | the CRL issuers DN (CAs subject DN)
    Boolean deltacrl = false; // Boolean | true to also create the deltaCRL, false to only create the base CRL
    try {
      CreateCrlRestResponse result = apiInstance.createCrl(issuerDn, deltacrl);
      System.out.println(result);
    } catch (ApiException e) {
      System.err.println("Exception when calling V1CaApi#createCrl");
      System.err.println("Status code: " + e.getCode());
      System.err.println("Reason: " + e.getResponseBody());
      System.err.println("Response headers: " + e.getResponseHeaders());
      e.printStackTrace();
    }
  }
}

Documentation for API Endpoints

All URIs are relative to http://localhost/ejbca/ejbca-rest-api

Class Method HTTP request Description
V1CaApi createCrl POST /v1/ca/{issuer_dn}/createcrl Create CRL(main, partition and delta) issued by this CA
V1CaApi getCertificateAsPem GET /v1/ca/{subject_dn}/certificate/download Get PEM file with the active CA certificate chain
V1CaApi getLatestCrl GET /v1/ca/{issuer_dn}/getLatestCrl Returns the latest CRL issued by this CA
V1CaApi importCrl POST /v1/ca/{issuer_dn}/importcrl Import a certificate revocation list (CRL) for a CA
V1CaApi listCas GET /v1/ca Returns the Response containing the list of CAs with general information per CA as Json
V1CaApi status1 GET /v1/ca/status Get the status of this REST Resource
V1CaManagementApi activate PUT /v1/ca_management/{ca_name}/activate Activate a CA
V1CaManagementApi deactivate PUT /v1/ca_management/{ca_name}/deactivate Deactivate a CA
V1CaManagementApi status GET /v1/ca_management/status Get the status of this REST Resource
V1CertificateApi certificateRequest POST /v1/certificate/certificaterequest Enrollment with client generated keys for an existing End Entity
V1CertificateApi enrollKeystore POST /v1/certificate/enrollkeystore Keystore enrollment
V1CertificateApi enrollPkcs10Certificate POST /v1/certificate/pkcs10enroll Enrollment with client generated keys, using CSR subject
V1CertificateApi finalizeEnrollment POST /v1/certificate/{request_id}/finalize Finalize enrollment
V1CertificateApi getCertificatesAboutToExpire GET /v1/certificate/expire Get a list of certificates that are about to expire
V1CertificateApi revocationStatus GET /v1/certificate/{issuer_dn}/{certificate_serial_number}/revocationstatus Checks revocation status of the specified certificate
V1CertificateApi revokeCertificate PUT /v1/certificate/{issuer_dn}/{certificate_serial_number}/revoke Revokes the specified certificate
V1CertificateApi searchCertificates POST /v1/certificate/search Searches for certificates confirming given criteria.
V1CertificateApi status2 GET /v1/certificate/status Get the status of this REST Resource
V1CryptotokenApi activate1 PUT /v1/cryptotoken/{cryptotoken_name}/activate Activate a Crypto Token
V1CryptotokenApi deactivate1 PUT /v1/cryptotoken/{cryptotoken_name}/deactivate Deactivate a Crypto Token
V1CryptotokenApi generateKeys POST /v1/cryptotoken/{cryptotoken_name}/generatekeys Generate keys
V1CryptotokenApi removeKeys POST /v1/cryptotoken/{cryptotoken_name}/{key_pair_alias}/removekeys Remove keys
V1CryptotokenApi status5 GET /v1/cryptotoken/status Get the status of this REST Resource
V1EndentityApi add POST /v1/endentity Add new end entity, if it does not exist
V1EndentityApi delete DELETE /v1/endentity/{endentity_name} Deletes end entity
V1EndentityApi revoke PUT /v1/endentity/{endentity_name}/revoke Revokes all end entity certificates
V1EndentityApi search POST /v1/endentity/search Searches for end entity confirming given criteria.
V1EndentityApi setstatus POST /v1/endentity/{endentity_name}/setstatus Edits end entity setting new status
V1EndentityApi status6 GET /v1/endentity/status Get the status of this REST Resource
V1SshApi pubkey GET /v1/ssh/{ca_name}/pubkey Retrieves a CA's public key in SSH format.
V1SshApi status8 GET /v1/ssh/status Get the status of this REST Resource
V2CertificateApi getCertificateProfileInfo GET /v2/certificate/profile/{profile_name} Get Certificate Profile Info.
V2CertificateApi searchCertificates1 POST /v2/certificate/search Searches for certificates confirming given criteria and pagination.
V2CertificateApi status3 GET /v2/certificate/status Get the status of this REST Resource
V2EndentityApi getAuthorizedEndEntityProfiles GET /v2/endentity/profiles/authorized List of authorized end entity profiles for the current admin.
V2EndentityApi profile GET /v2/endentity/profile/{endentity_profile_name} Get End Entity Profile content
V2EndentityApi sortedSearch POST /v2/endentity/search Searches and sorts for end entity conforming given criteria.
V2EndentityApi status7 GET /v2/endentity/status Get the status of this REST Resource

Documentation for Models

Documentation for Authorization

All endpoints do not require authorization. Authentication schemes defined for the API:

EJBCA REST Interface

  • API version: 1.0

API reference documentation.

Recommendation

It's recommended to create an instance of ApiClient per thread in a multithreaded environment to avoid any potential issues.

About

Client SDK in Java for the EJBCA Web API

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

2 stars

Watchers

26 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages