github
/
acme4j
mirror of https://github.com/shred/acme4j
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #1 from SSLcom/ssl/com/support-external-account-binding 

supports SSLCom acme server
pull/148/head
Leo Grove 2024-01-15 21:32:14 -06:00 committed by GitHub
parent 5096650c47 c152e7466a
commit 0b039c98be
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 31 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
acme4j-client/src/main/java/org/shredzone/acme4j/provider/sslcom/SslComAcmeProvider.java
View File

@ -33,8 +33,8 @@ import org.shredzone.acme4j.provider.AcmeProvider;
*/ */
public class SslComAcmeProvider extends AbstractAcmeProvider { public class SslComAcmeProvider extends AbstractAcmeProvider {
private static final String V02_DIRECTORY_URL = "https://acme.ssl.com/sslcom-dv-ecc"; private static final String V02_DIRECTORY_URL = "https://acme.ssl.com/sslcom-dv-rsa";
private static final String STAGING_DIRECTORY_URL = "https://acme-try.ssl.com/sslcom-dv-ecc"; private static final String STAGING_DIRECTORY_URL = "https://acme-try.ssl.com/sslcom-dv-rsa";
@Override @Override
public boolean accepts(URI serverUri) { public boolean accepts(URI serverUri) {

37
acme4j-example/src/main/java/org/shredzone/acme4j/example/ClientTest.java
View File

@ -78,18 +78,25 @@ public class ClientTest {
* *
* @param domains * @param domains
* Domains to get a common certificate for * Domains to get a common certificate for
* @param eabKid
* Value of --eab-kid
* @param eabHmacKey
* Value of --eab-hmac-key
* @param emailAddress
* Email address of account that owns the key information
*/ */
public void fetchCertificate(Collection<String> domains) throws IOException, AcmeException { public void fetchCertificate(Collection<String> domains, String eabKid, String eabHmacKey, String emailAddress) throws IOException, AcmeException {
// Load the user key file. If there is no key file, create a new one. // Load the user key file. If there is no key file, create a new one.
KeyPair userKeyPair = loadOrCreateUserKeyPair(); KeyPair userKeyPair = loadOrCreateUserKeyPair();
// Create a session for Let's Encrypt. // Create a session for Let's Encrypt.
// Use "acme://letsencrypt.org" for production server // Use "acme://letsencrypt.org" for production server
Session session = new Session("acme://letsencrypt.org/staging"); Session session = new Session("acme://ssl.com/staging");
//Session session = new Session("acme://letsencrypt.org/staging");
// Get the Account. // Get the Account.
// If there is no account yet, create a new one. // If there is no account yet, create a new one.
Account acct = findOrRegisterAccount(session, userKeyPair); Account acct = findOrRegisterAccount(session, userKeyPair, eabKid, eabHmacKey, emailAddress);
// Load or create a key pair for the domains. This should not be the userKeyPair! // Load or create a key pair for the domains. This should not be the userKeyPair!
KeyPair domainKeyPair = loadOrCreateDomainKeyPair(); KeyPair domainKeyPair = loadOrCreateDomainKeyPair();
@ -202,16 +209,27 @@ public class ClientTest {
* *
* @param session * @param session
* {@link Session} to bind with * {@link Session} to bind with
* @param eabKid
* Value of --eab-kid
* @param eabHmacKey
* Value of --eab-hmac-key
* @param emailAddress
* Email address of account that owns the key information
* @return {@link Account} * @return {@link Account}
*/ */
private Account findOrRegisterAccount(Session session, KeyPair accountKey) throws AcmeException { private Account findOrRegisterAccount(Session session, KeyPair accountKey, String eabKid, String eabHmacKey, String emailAddress) throws AcmeException {
// Ask the user to accept the TOS, if server provides us with a link. // Ask the user to accept the TOS, if server provides us with a link.
Optional<URI> tos = session.getMetadata().getTermsOfService(); Optional<URI> tos = session.getMetadata().getTermsOfService();
if (tos.isPresent()) { if (tos.isPresent()) {
acceptAgreement(tos.get()); acceptAgreement(tos.get());
} }
Account account = new AccountBuilder() AccountBuilder accountBuilder = new AccountBuilder();
if (eabKid != null && eabHmacKey != null && emailAddress != null) {
accountBuilder = accountBuilder.withKeyIdentifier(eabKid, eabHmacKey)
.addEmail(emailAddress);
}
Account account = accountBuilder
.agreeToTermsOfService() .agreeToTermsOfService()
.useKeyPair(accountKey) .useKeyPair(accountKey)
.create(session); .create(session);
@ -426,7 +444,7 @@ public class ClientTest {
*/ */
public static void main(String... args) { public static void main(String... args) {
if (args.length == 0) { if (args.length == 0) {
System.err.println("Usage: ClientTest <domain>..."); System.err.println("Usage: ClientTest <domain,domain,...> <eab-kid>(optional) <eab-hmac-key>(optional) <account-email>(optional)");
System.exit(1); System.exit(1);
} }
@ -434,10 +452,13 @@ public class ClientTest {
Security.addProvider(new BouncyCastleProvider()); Security.addProvider(new BouncyCastleProvider());
Collection<String> domains = Arrays.asList(args); Collection<String> domains = Arrays.asList(args[0].split(","));
String eabKid = args.length > 1 ? args[1] : null;
String eabHmacKey = args.length > 2 ? args[2] : null;
String emailAddress = args.length > 3 ? args[3] : null;
try { try {
ClientTest ct = new ClientTest(); ClientTest ct = new ClientTest();
ct.fetchCertificate(domains); ct.fetchCertificate(domains, eabKid, eabHmacKey, emailAddress);
} catch (Exception ex) { } catch (Exception ex) {
LOG.error("Failed to get a certificate for domains " + domains, ex); LOG.error("Failed to get a certificate for domains " + domains, ex);
} }

BIN
ssl-truststore Normal file
View File

Binary file not shown.