We welcome contributions.
The Keyfactor EJBCA Java SDK is open source and community supported, meaning that there is no SLA applicable for these tools.
To report a problem or suggest a new feature, use the Issues tab. If you want to contribute actual bug fixes or proposed enhancements, use the Pull requests tab.
Building the API client library requires:
- Java 1.8+
- Maven (3.8.3+)/Gradle (7.2+)
To install the API client library to your local Maven repository, simply execute:
mvn clean installTo deploy it to a remote Maven repository instead, configure the settings of the repository and execute:
mvn clean deployRefer to the OSSRH Guide for more information.
Add this dependency to your project's POM:
<dependency>
<groupId>com.keyfactor.ejbca</groupId>
<artifactId>ejbca-java-client-sdk</artifactId>
<version>1.0</version>
<scope>compile</scope>
</dependency>Add this dependency to your project's build file:
repositories {
mavenCentral() // Needed if the 'ejbca-java-client-sdk' jar has been published to maven central.
mavenLocal() // Needed if the 'ejbca-java-client-sdk' jar has been published to the local maven repo.
}
dependencies {
implementation "com.keyfactor.ejbca:ejbca-java-client-sdk:1.0"
}At first generate the JAR by executing:
mvn clean packageThen manually install the following JARs:
target/ejbca-java-client-sdk-1.0.jartarget/lib/*.jar
Please follow the installation instruction and execute the following Java code:
// Import classes:
import com.keyfactor.ejbca.client.ApiClient;
import com.keyfactor.ejbca.client.ApiException;
import com.keyfactor.ejbca.client.Configuration;
import com.keyfactor.ejbca.client.model.*;
import com.keyfactor.ejbca.client.api.V1CaApi;
import java.nio.file.Path;
public class Example {
public static void main(String[] args) {
ApiClient defaultClient = Configuration.getDefaultApiClient();
// Set base path to EJBCA REST API
defaultClient.setBasePath("http:https://localhost/ejbca/ejbca-rest-api");
// Retrieve client certificate and key
Path cert = Paths.get("path/to/clientcertificate");
Path key = Paths.get("path/to/key");
defaultClient.setClientCert(cert, key);
V1CaApi apiInstance = new V1CaApi(defaultClient);
String issuerDn = "issuerDn_example"; // String | the CRL issuers DN (CAs subject DN)
Boolean deltacrl = false; // Boolean | true to also create the deltaCRL, false to only create the base CRL
try {
CreateCrlRestResponse result = apiInstance.createCrl(issuerDn, deltacrl);
System.out.println(result);
} catch (ApiException e) {
System.err.println("Exception when calling V1CaApi#createCrl");
System.err.println("Status code: " + e.getCode());
System.err.println("Reason: " + e.getResponseBody());
System.err.println("Response headers: " + e.getResponseHeaders());
e.printStackTrace();
}
}
}All URIs are relative to http:https://localhost/ejbca/ejbca-rest-api
| Class | Method | HTTP request | Description |
|---|---|---|---|
| V1CaApi | createCrl | POST /v1/ca/{issuer_dn}/createcrl | Create CRL(main, partition and delta) issued by this CA |
| V1CaApi | getCertificateAsPem | GET /v1/ca/{subject_dn}/certificate/download | Get PEM file with the active CA certificate chain |
| V1CaApi | getLatestCrl | GET /v1/ca/{issuer_dn}/getLatestCrl | Returns the latest CRL issued by this CA |
| V1CaApi | importCrl | POST /v1/ca/{issuer_dn}/importcrl | Import a certificate revocation list (CRL) for a CA |
| V1CaApi | listCas | GET /v1/ca | Returns the Response containing the list of CAs with general information per CA as Json |
| V1CaApi | status1 | GET /v1/ca/status | Get the status of this REST Resource |
| V1CaManagementApi | activate | PUT /v1/ca_management/{ca_name}/activate | Activate a CA |
| V1CaManagementApi | deactivate | PUT /v1/ca_management/{ca_name}/deactivate | Deactivate a CA |
| V1CaManagementApi | status | GET /v1/ca_management/status | Get the status of this REST Resource |
| V1CertificateApi | certificateRequest | POST /v1/certificate/certificaterequest | Enrollment with client generated keys for an existing End Entity |
| V1CertificateApi | enrollKeystore | POST /v1/certificate/enrollkeystore | Keystore enrollment |
| V1CertificateApi | enrollPkcs10Certificate | POST /v1/certificate/pkcs10enroll | Enrollment with client generated keys, using CSR subject |
| V1CertificateApi | finalizeEnrollment | POST /v1/certificate/{request_id}/finalize | Finalize enrollment |
| V1CertificateApi | getCertificatesAboutToExpire | GET /v1/certificate/expire | Get a list of certificates that are about to expire |
| V1CertificateApi | revocationStatus | GET /v1/certificate/{issuer_dn}/{certificate_serial_number}/revocationstatus | Checks revocation status of the specified certificate |
| V1CertificateApi | revokeCertificate | PUT /v1/certificate/{issuer_dn}/{certificate_serial_number}/revoke | Revokes the specified certificate |
| V1CertificateApi | searchCertificates | POST /v1/certificate/search | Searches for certificates confirming given criteria. |
| V1CertificateApi | status2 | GET /v1/certificate/status | Get the status of this REST Resource |
| V1CryptotokenApi | activate1 | PUT /v1/cryptotoken/{cryptotoken_name}/activate | Activate a Crypto Token |
| V1CryptotokenApi | deactivate1 | PUT /v1/cryptotoken/{cryptotoken_name}/deactivate | Deactivate a Crypto Token |
| V1CryptotokenApi | generateKeys | POST /v1/cryptotoken/{cryptotoken_name}/generatekeys | Generate keys |
| V1CryptotokenApi | removeKeys | POST /v1/cryptotoken/{cryptotoken_name}/{key_pair_alias}/removekeys | Remove keys |
| V1CryptotokenApi | status5 | GET /v1/cryptotoken/status | Get the status of this REST Resource |
| V1EndentityApi | add | POST /v1/endentity | Add new end entity, if it does not exist |
| V1EndentityApi | delete | DELETE /v1/endentity/{endentity_name} | Deletes end entity |
| V1EndentityApi | revoke | PUT /v1/endentity/{endentity_name}/revoke | Revokes all end entity certificates |
| V1EndentityApi | search | POST /v1/endentity/search | Searches for end entity confirming given criteria. |
| V1EndentityApi | setstatus | POST /v1/endentity/{endentity_name}/setstatus | Edits end entity setting new status |
| V1EndentityApi | status6 | GET /v1/endentity/status | Get the status of this REST Resource |
| V1SshApi | pubkey | GET /v1/ssh/{ca_name}/pubkey | Retrieves a CA's public key in SSH format. |
| V1SshApi | status8 | GET /v1/ssh/status | Get the status of this REST Resource |
| V2CertificateApi | getCertificateProfileInfo | GET /v2/certificate/profile/{profile_name} | Get Certificate Profile Info. |
| V2CertificateApi | searchCertificates1 | POST /v2/certificate/search | Searches for certificates confirming given criteria and pagination. |
| V2CertificateApi | status3 | GET /v2/certificate/status | Get the status of this REST Resource |
| V2EndentityApi | getAuthorizedEndEntityProfiles | GET /v2/endentity/profiles/authorized | List of authorized end entity profiles for the current admin. |
| V2EndentityApi | profile | GET /v2/endentity/profile/{endentity_profile_name} | Get End Entity Profile content |
| V2EndentityApi | sortedSearch | POST /v2/endentity/search | Searches and sorts for end entity conforming given criteria. |
| V2EndentityApi | status7 | GET /v2/endentity/status | Get the status of this REST Resource |
- AddEndEntityRestRequest
- AuthorizedEEPsRestResponse
- CaInfoRestResponse
- CaInfosRestResponse
- CertificateProfileInfoRestResponseV2
- CertificateRequestRestRequest
- CertificateRestResponse
- CertificateRestResponseV2
- CertificatesRestResponse
- CreateCrlRestResponse
- CrlRestResponse
- CryptoTokenActivationRestRequest
- CryptoTokenKeyGenerationRestRequest
- EndEntityProfileResponse
- EndEntityProfileRestResponse
- EndEntityRestResponse
- EndEntityRevocationRestRequest
- EnrollCertificateRestRequest
- ExpiringCertificatesRestResponse
- ExtendedInformationRestRequestComponent
- ExtendedInformationRestResponseComponent
- FinalizeRestRequest
- KeyStoreRestRequest
- Pagination
- PaginationRestResponseComponent
- PaginationSummary
- RestResourceStatusRestResponse
- RevokeStatusRestResponse
- SearchCertificateCriteriaRestRequest
- SearchCertificateSortRestRequest
- SearchCertificatesRestRequest
- SearchCertificatesRestRequestV2
- SearchCertificatesRestResponse
- SearchCertificatesRestResponseV2
- SearchEndEntitiesRestRequest
- SearchEndEntitiesRestRequestV2
- SearchEndEntitiesRestResponse
- SearchEndEntitiesSortRestRequest
- SearchEndEntityCriteriaRestRequest
- SetEndEntityStatusRestRequest
- SshPublicKeyRestResponse
All endpoints do not require authorization. Authentication schemes defined for the API:
EJBCA REST Interface
- API version: 1.0
API reference documentation.
It's recommended to create an instance of ApiClient per thread in a multithreaded environment to avoid any potential issues.