Upgrade to Java 17

README.md

@@ -18,7 +18,7 @@ This Java client helps to connect to an ACME server, and performing all necessar
 * Supports [draft-ietf-acme-ari-07](https://www.ietf.org/archive/id/draft-ietf-acme-ari-07.html) for renewal information (experimental)
 * Supports [draft-aaron-acme-profiles-00](https://www.ietf.org/archive/id/draft-aaron-acme-profiles-00.html) for certificate profiles (experimental)
 * Easy to use Java API
-* Requires JRE 11 or higher
+* Requires JRE 17 or higher
 * Supports [Buypass](https://buypass.com/), [Google Trust Services](https://pki.goog/), [Let's Encrypt](https://letsencrypt.org/), [SSL.com](https://www.ssl.com/), [ZeroSSL](https://zerossl.com/), and all other CAs that comply with the ACME protocol (RFC 8555). Note that _acme4j_ is an independent project that is not supported or endorsed by any of the CAs.
 * Built with maven, packages available at [Maven Central](http://search.maven.org/#search|ga|1|g%3A%22org.shredzone.acme4j%22)
 * Extensive unit and integration tests

acme4j-client/src/main/java/org/shredzone/acme4j/Account.java

@@ -13,8 +13,7 @@
  */
 package org.shredzone.acme4j;
 
-import static java.util.stream.Collectors.toUnmodifiableList;
+import java.io.Serial;
-
 import java.net.URI;
 import java.security.KeyPair;
 import java.util.ArrayList;
@@ -42,6 +41,7 @@ import org.slf4j.LoggerFactory;
  * A representation of an account at the ACME server.
  */
 public class Account extends AcmeJsonResource {
+    @Serial
     private static final long serialVersionUID = 7042863483428051319L;
     private static final Logger LOG = LoggerFactory.getLogger(Account.class);
 
@@ -76,7 +76,7 @@ public class Account extends AcmeJsonResource {
                 .asArray()
                 .stream()
                 .map(Value::asURI)
-                .collect(toUnmodifiableList());
+                .toList();
     }
 
     /**

acme4j-client/src/main/java/org/shredzone/acme4j/Identifier.java

@@ -243,11 +243,9 @@ public class Identifier implements Serializable {
 
     @Override
     public boolean equals(Object obj) {
-        if (!(obj instanceof Identifier)) {
+        if (!(obj instanceof Identifier i)) {
             return false;
         }
-
-        var i = (Identifier) obj;
         return content.equals(i.content);
     }
 

acme4j-client/src/main/java/org/shredzone/acme4j/Order.java

@@ -15,9 +15,9 @@ package org.shredzone.acme4j;
 
 import static java.util.Collections.unmodifiableList;
 import static java.util.stream.Collectors.toList;
-import static java.util.stream.Collectors.toUnmodifiableList;
 
 import java.io.IOException;
+import java.io.Serial;
 import java.net.URL;
 import java.security.KeyPair;
 import java.time.Duration;
@@ -43,6 +43,7 @@ import org.slf4j.LoggerFactory;
  * A representation of a certificate order at the CA.
  */
 public class Order extends AcmeJsonResource implements PollableResource {
+    @Serial
     private static final long serialVersionUID = 5435808648658292177L;
     private static final Logger LOG = LoggerFactory.getLogger(Order.class);
 
@@ -90,7 +91,7 @@ public class Order extends AcmeJsonResource implements PollableResource {
                     .asArray()
                     .stream()
                     .map(Value::asIdentifier)
-                    .collect(toUnmodifiableList());
+                    .toList();
     }
 
     /**

acme4j-client/src/main/java/org/shredzone/acme4j/Problem.java

@@ -13,8 +13,7 @@
  */
 package org.shredzone.acme4j;
 
-import static java.util.stream.Collectors.toUnmodifiableList;
+import java.io.Serial;
-
 import java.io.Serializable;
 import java.net.URI;
 import java.net.URISyntaxException;
@@ -33,6 +32,7 @@ import org.shredzone.acme4j.toolbox.JSON.Value;
  * @see <a href="https://tools.ietf.org/html/rfc7807">RFC 7807</a>
  */
 public class Problem implements Serializable {
+    @Serial
     private static final long serialVersionUID = -8418248862966754214L;
 
     private final URL baseUrl;
@@ -122,7 +122,7 @@ public class Problem implements Serializable {
                         .asArray()
                         .stream()
                         .map(o -> o.asProblem(baseUrl))
-                        .collect(toUnmodifiableList());
+                        .toList();
     }
 
     /**

acme4j-client/src/main/java/org/shredzone/acme4j/Status.java

@@ -33,7 +33,7 @@ public enum Status {
 
     /**
      * The server is processing the resource. The client should invoke
-     * {@link AcmeJsonResource#update()} and re-check the status.
+     * {@link AcmeJsonResource#fetch()} and re-check the status.
      */
     PROCESSING,
 

acme4j-client/src/main/java/org/shredzone/acme4j/challenge/Challenge.java

@@ -13,6 +13,7 @@
  */
 package org.shredzone.acme4j.challenge;
 
+import java.io.Serial;
 import java.time.Duration;
 import java.time.Instant;
 import java.util.EnumSet;
@@ -41,6 +42,7 @@ import org.slf4j.LoggerFactory;
  * required data to the challenge response.
  */
 public class Challenge extends AcmeJsonResource implements PollableResource {
+    @Serial
     private static final long serialVersionUID = 2338794776848388099L;
     private static final Logger LOG = LoggerFactory.getLogger(Challenge.class);
 

acme4j-client/src/main/java/org/shredzone/acme4j/challenge/Dns01Challenge.java

@@ -16,6 +16,8 @@ package org.shredzone.acme4j.challenge;
 import static org.shredzone.acme4j.toolbox.AcmeUtils.base64UrlEncode;
 import static org.shredzone.acme4j.toolbox.AcmeUtils.sha256hash;
 
+import java.io.Serial;
+
 import org.shredzone.acme4j.Identifier;
 import org.shredzone.acme4j.Login;
 import org.shredzone.acme4j.toolbox.JSON;
@@ -25,6 +27,7 @@ import org.shredzone.acme4j.toolbox.JSON;
  * validation. See the acme4j documentation for a detailed explanation.
  */
 public class Dns01Challenge extends TokenChallenge {
+    @Serial
     private static final long serialVersionUID = 6964687027713533075L;
 
     /**

acme4j-client/src/main/java/org/shredzone/acme4j/challenge/Http01Challenge.java

@@ -13,6 +13,8 @@
  */
 package org.shredzone.acme4j.challenge;
 
+import java.io.Serial;
+
 import org.shredzone.acme4j.Login;
 import org.shredzone.acme4j.toolbox.JSON;
 
@@ -22,6 +24,7 @@ import org.shredzone.acme4j.toolbox.JSON;
  * detailed explanation.
  */
 public class Http01Challenge extends TokenChallenge {
+    @Serial
     private static final long serialVersionUID = 3322211185872544605L;
 
     /**

acme4j-client/src/main/java/org/shredzone/acme4j/challenge/TlsAlpn01Challenge.java

@@ -16,6 +16,7 @@ package org.shredzone.acme4j.challenge;
 import static org.shredzone.acme4j.toolbox.AcmeUtils.sha256hash;
 
 import java.io.IOException;
+import java.io.Serial;
 import java.security.KeyPair;
 import java.security.cert.X509Certificate;
 
@@ -32,6 +33,7 @@ import org.shredzone.acme4j.util.CertificateUtils;
  * @since 2.1
  */
 public class TlsAlpn01Challenge extends TokenChallenge {
+    @Serial
     private static final long serialVersionUID = -5590351078176091228L;
 
     /**

acme4j-client/src/main/java/org/shredzone/acme4j/challenge/TokenChallenge.java

@@ -15,6 +15,8 @@ package org.shredzone.acme4j.challenge;
 
 import static org.shredzone.acme4j.toolbox.AcmeUtils.base64UrlEncode;
 
+import java.io.Serial;
+
 import org.shredzone.acme4j.Login;
 import org.shredzone.acme4j.exception.AcmeProtocolException;
 import org.shredzone.acme4j.toolbox.AcmeUtils;
@@ -26,6 +28,7 @@ import org.shredzone.acme4j.toolbox.JoseUtils;
  * and {@code keyAuthorization}.
  */
 public class TokenChallenge extends Challenge {
+    @Serial
     private static final long serialVersionUID = 1634133407432681800L;
 
     protected static final String KEY_TOKEN = "token";

acme4j-client/src/main/java/org/shredzone/acme4j/connector/DefaultConnection.java

@@ -15,7 +15,6 @@ package org.shredzone.acme4j.connector;
 
 import static java.time.format.DateTimeFormatter.RFC_1123_DATE_TIME;
 import static java.util.function.Predicate.not;
-import static java.util.stream.Collectors.toUnmodifiableList;
 
 import java.io.IOException;
 import java.io.InputStream;
@@ -137,7 +136,7 @@ public class DefaultConnection implements Connection {
                 var retryAfterInstant = getRetryAfter();
                 if (retryAfterInstant.isPresent()) {
                     throw new AcmeRetryAfterException(message, retryAfterInstant.get());
-                };
+                }
                 throw new AcmeException(message);
             }
 
@@ -228,7 +227,7 @@ public class DefaultConnection implements Connection {
             var cf = CertificateFactory.getInstance("X.509");
             return cf.generateCertificates(in).stream()
                     .map(X509Certificate.class::cast)
-                    .collect(toUnmodifiableList());
+                    .toList();
         } catch (IOException ex) {
             throw new AcmeNetworkException(ex);
         } catch (CertificateException ex) {
@@ -311,7 +310,7 @@ public class DefaultConnection implements Connection {
     public Collection<URL> getLinks(String relation) {
         return collectLinks(relation).stream()
                 .map(this::resolveRelative)
-                .collect(toUnmodifiableList());
+                .toList();
     }
 
     @Override
@@ -620,7 +619,7 @@ public class DefaultConnection implements Connection {
                 .filter(Matcher::matches)
                 .map(m -> m.group(1))
                 .peek(location -> LOG.debug("Link: {} -> {}", relation, location))
-                .collect(toUnmodifiableList());
+                .toList();
     }
 
     /**

acme4j-client/src/main/java/org/shredzone/acme4j/exception/AcmeException.java

@@ -13,10 +13,13 @@
  */
 package org.shredzone.acme4j.exception;
 
+import java.io.Serial;
+
 /**
  * The root class of all checked acme4j exceptions.
  */
 public class AcmeException extends Exception {
+    @Serial
     private static final long serialVersionUID = -2935088954705632025L;
 
     /**

acme4j-client/src/main/java/org/shredzone/acme4j/exception/AcmeLazyLoadingException.java

@@ -15,6 +15,7 @@ package org.shredzone.acme4j.exception;
 
 import static java.util.Objects.requireNonNull;
 
+import java.io.Serial;
 import java.net.URL;
 
 import org.shredzone.acme4j.AcmeResource;
@@ -26,6 +27,7 @@ import org.shredzone.acme4j.AcmeResource;
  * thrown by getter methods, so the API is not polluted with checked exceptions.
  */
 public class AcmeLazyLoadingException extends RuntimeException {
+    @Serial
     private static final long serialVersionUID = 1000353433913721901L;
 
     private final Class<? extends AcmeResource> type;

acme4j-client/src/main/java/org/shredzone/acme4j/exception/AcmeNetworkException.java

@@ -14,12 +14,14 @@
 package org.shredzone.acme4j.exception;
 
 import java.io.IOException;
+import java.io.Serial;
 
 /**
  * A general network error has occured while communicating with the server (e.g. network
  * timeout).
  */
 public class AcmeNetworkException extends AcmeException {
+    @Serial
     private static final long serialVersionUID = 2054398693543329179L;
 
     /**

acme4j-client/src/main/java/org/shredzone/acme4j/exception/AcmeNotSupportedException.java

@@ -13,12 +13,15 @@
  */
 package org.shredzone.acme4j.exception;
 
+import java.io.Serial;
+
 /**
  * A runtime exception that is thrown if the ACME server does not support a certain
  * feature. It might be either because that feature is optional, or because the server
  * is not fully RFC compliant.
  */
 public class AcmeNotSupportedException extends AcmeProtocolException {
+    @Serial
     private static final long serialVersionUID = 3434074002226584731L;
 
     /**

acme4j-client/src/main/java/org/shredzone/acme4j/exception/AcmeProtocolException.java

@@ -13,12 +13,15 @@
  */
 package org.shredzone.acme4j.exception;
 
+import java.io.Serial;
+
 /**
  * A runtime exception that is thrown when the response of the server is violating the
  * RFC, and could not be handled or parsed for that reason. It is an indicator that the CA
  * does not fully comply with the RFC, and is usually not expected to be thrown.
  */
 public class AcmeProtocolException extends RuntimeException {
+    @Serial
     private static final long serialVersionUID = 2031203835755725193L;
 
     /**

acme4j-client/src/main/java/org/shredzone/acme4j/exception/AcmeRateLimitedException.java

@@ -13,6 +13,7 @@
  */
 package org.shredzone.acme4j.exception;
 
+import java.io.Serial;
 import java.net.URL;
 import java.time.Instant;
 import java.util.Collection;
@@ -28,6 +29,7 @@ import org.shredzone.acme4j.Problem;
  * further explains the rate limit that was exceeded.
  */
 public class AcmeRateLimitedException extends AcmeServerException {
+    @Serial
     private static final long serialVersionUID = 4150484059796413069L;
 
     private final @Nullable Instant retryAfter;

acme4j-client/src/main/java/org/shredzone/acme4j/exception/AcmeServerException.java

@@ -13,6 +13,7 @@
  */
 package org.shredzone.acme4j.exception;
 
+import java.io.Serial;
 import java.net.URI;
 import java.util.Objects;
 
@@ -26,6 +27,7 @@ import org.shredzone.acme4j.Problem;
  * individually.
  */
 public class AcmeServerException extends AcmeException {
+    @Serial
     private static final long serialVersionUID = 5971622508467042792L;
 
     private final Problem problem;

acme4j-client/src/main/java/org/shredzone/acme4j/exception/AcmeUnauthorizedException.java

@@ -13,6 +13,8 @@
  */
 package org.shredzone.acme4j.exception;
 
+import java.io.Serial;
+
 import org.shredzone.acme4j.Problem;
 
 /**
@@ -20,6 +22,7 @@ import org.shredzone.acme4j.Problem;
  * will give further details (e.g. "client IP is blocked").
  */
 public class AcmeUnauthorizedException extends AcmeServerException {
+    @Serial
     private static final long serialVersionUID = 9064697508262919366L;
 
     /**

acme4j-client/src/main/java/org/shredzone/acme4j/exception/AcmeUserActionRequiredException.java

@@ -13,6 +13,7 @@
  */
 package org.shredzone.acme4j.exception;
 
+import java.io.Serial;
 import java.net.MalformedURLException;
 import java.net.URI;
 import java.net.URL;
@@ -28,6 +29,7 @@ import org.shredzone.acme4j.Problem;
  * requires an agreement to the new terms before proceeding.
  */
 public class AcmeUserActionRequiredException extends AcmeServerException {
+    @Serial
     private static final long serialVersionUID = 7719055447283858352L;
 
     private final @Nullable URI tosUri;

acme4j-client/src/main/java/org/shredzone/acme4j/toolbox/JSON.java

@@ -21,6 +21,7 @@ import java.io.BufferedReader;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
+import java.io.Serial;
 import java.io.Serializable;
 import java.net.MalformedURLException;
 import java.net.URI;
@@ -54,6 +55,7 @@ import org.shredzone.acme4j.exception.AcmeProtocolException;
  * A model containing a JSON result. The content is immutable.
  */
 public final class JSON implements Serializable {
+    @Serial
     private static final long serialVersionUID = 418332625174149030L;
 
     private static final JSON EMPTY_JSON = new JSON(new HashMap<>());

acme4j-client/src/main/java/org/shredzone/acme4j/toolbox/JoseUtils.java

@@ -203,23 +203,13 @@ public final class JoseUtils {
      *         there is no corresponding algorithm identifier for the key
      */
     public static String keyAlgorithm(JsonWebKey jwk) {
-        if (jwk instanceof EllipticCurveJsonWebKey) {
+        if (jwk instanceof EllipticCurveJsonWebKey ecjwk) {
-            var ecjwk = (EllipticCurveJsonWebKey) jwk;
+            return switch (ecjwk.getCurveName()) {
-
+                case "P-256" -> AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256;
-            switch (ecjwk.getCurveName()) {
+                case "P-384" -> AlgorithmIdentifiers.ECDSA_USING_P384_CURVE_AND_SHA384;
-                case "P-256":
+                case "P-521" -> AlgorithmIdentifiers.ECDSA_USING_P521_CURVE_AND_SHA512;
-                    return AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256;
+                default -> throw new IllegalArgumentException("Unknown EC name " + ecjwk.getCurveName());
-
+            };
-                case "P-384":
-                    return AlgorithmIdentifiers.ECDSA_USING_P384_CURVE_AND_SHA384;
-
-                case "P-521":
-                    return AlgorithmIdentifiers.ECDSA_USING_P521_CURVE_AND_SHA512;
-
-                default:
-                    throw new IllegalArgumentException("Unknown EC name "
-                            + ecjwk.getCurveName());
-            }
 
         } else if (jwk instanceof RsaJsonWebKey) {
             return AlgorithmIdentifiers.RSA_USING_SHA256;

acme4j-client/src/main/java/org/shredzone/acme4j/util/CertificateUtils.java

@@ -126,18 +126,11 @@ public final class CertificateUtils {
 
         var gns = new GeneralName[1];
 
-        switch (id.getType()) {
+        gns[0] = switch (id.getType()) {
-            case Identifier.TYPE_DNS:
+            case Identifier.TYPE_DNS -> new GeneralName(GeneralName.dNSName, id.getDomain());
-                gns[0] = new GeneralName(GeneralName.dNSName, id.getDomain());
+            case Identifier.TYPE_IP -> new GeneralName(GeneralName.iPAddress, id.getIP().getHostAddress());
-                break;
+            default -> throw new IllegalArgumentException("Unsupported Identifier type " + id.getType());
-
+        };
-            case Identifier.TYPE_IP:
-                gns[0] = new GeneralName(GeneralName.iPAddress, id.getIP().getHostAddress());
-                break;
-
-            default:
-                throw new IllegalArgumentException("Unsupported Identifier type " + id.getType());
-        }
         certBuilder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(gns));
         certBuilder.addExtension(ACME_VALIDATION, true, new DEROctetString(acmeValidation));
 
@@ -268,8 +261,8 @@ public final class CertificateUtils {
             var attr = csr.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
             if (attr.length > 0) {
                 var extensions = attr[0].getAttrValues().toArray();
-                if (extensions.length > 0 && extensions[0] instanceof Extensions) {
+                if (extensions.length > 0 && extensions[0] instanceof Extensions extension0) {
-                    var san = GeneralNames.fromExtensions((Extensions) extensions[0], Extension.subjectAlternativeName);
+                    var san = GeneralNames.fromExtensions(extension0, Extension.subjectAlternativeName);
                     var critical = csr.getSubject().getRDNs().length == 0;
                     certBuilder.addExtension(Extension.subjectAlternativeName, critical, san);
                 }

acme4j-client/src/test/java/org/shredzone/acme4j/AccountTest.java

@@ -146,10 +146,10 @@ public class AccountTest {
 
             @Override
             public Collection<URL> getLinks(String relation) {
-                switch(relation) {
+                return switch (relation) {
-                    case "termsOfService": return singletonList(agreementUrl);
+                    case "termsOfService" -> singletonList(agreementUrl);
-                    default: return emptyList();
+                    default -> emptyList();
-                }
+                };
             }
         };
 

acme4j-example/src/main/java/org/shredzone/acme4j/example/ClientTest.java

@@ -81,10 +81,10 @@ public class ClientTest {
     private static final String EAB_HMAC = null;
 
     // A supplier for a new account KeyPair. The default creates a new EC key pair.
-    private static Supplier<KeyPair> ACCOUNT_KEY_SUPPLIER = () -> KeyPairUtils.createKeyPair();
+    private static final Supplier<KeyPair> ACCOUNT_KEY_SUPPLIER = KeyPairUtils::createKeyPair;
 
     // A supplier for a new domain KeyPair. The default creates a RSA key pair.
-    private static Supplier<KeyPair> DOMAIN_KEY_SUPPLIER = () -> KeyPairUtils.createKeyPair(4096);
+    private static final Supplier<KeyPair> DOMAIN_KEY_SUPPLIER = () -> KeyPairUtils.createKeyPair(4096);
 
     // File name of the User Key Pair
     private static final File USER_KEY_FILE = new File("user.key");
@@ -267,16 +267,10 @@ public class ClientTest {
         }
 
         // Find the desired challenge and prepare it.
-        Challenge challenge = null;
+        Challenge challenge = switch (CHALLENGE_TYPE) {
-        switch (CHALLENGE_TYPE) {
+            case HTTP -> httpChallenge(auth);
-            case HTTP:
+            case DNS -> dnsChallenge(auth);
-                challenge = httpChallenge(auth);
+        };
-                break;
-
-            case DNS:
-                challenge = dnsChallenge(auth);
-                break;
-        }
 
         if (challenge == null) {
             throw new AcmeException("No challenge found");

acme4j-smime/src/main/java/org/shredzone/acme4j/smime/EmailIdentifier.java

@@ -13,6 +13,8 @@
  */
 package org.shredzone.acme4j.smime;
 
+import java.io.Serial;
+
 import jakarta.mail.internet.AddressException;
 import jakarta.mail.internet.InternetAddress;
 import org.shredzone.acme4j.Identifier;
@@ -24,6 +26,7 @@ import org.shredzone.acme4j.exception.AcmeProtocolException;
  * @since 2.12
  */
 public class EmailIdentifier extends Identifier {
+    @Serial
     private static final long serialVersionUID = -1473014167038845395L;
 
     /**

acme4j-smime/src/main/java/org/shredzone/acme4j/smime/challenge/EmailReply00Challenge.java

@@ -16,6 +16,8 @@ package org.shredzone.acme4j.smime.challenge;
 import static org.shredzone.acme4j.toolbox.AcmeUtils.base64UrlEncode;
 import static org.shredzone.acme4j.toolbox.AcmeUtils.sha256hash;
 
+import java.io.Serial;
+
 import jakarta.mail.internet.AddressException;
 import jakarta.mail.internet.InternetAddress;
 import org.shredzone.acme4j.Login;
@@ -30,6 +32,7 @@ import org.shredzone.acme4j.toolbox.JSON;
  * @since 2.12
  */
 public class EmailReply00Challenge extends TokenChallenge {
+    @Serial
     private static final long serialVersionUID = 2502329538019544794L;
 
     /**

acme4j-smime/src/main/java/org/shredzone/acme4j/smime/exception/AcmeInvalidMessageException.java

@@ -15,6 +15,7 @@ package org.shredzone.acme4j.smime.exception;
 
 import static java.util.Collections.unmodifiableList;
 
+import java.io.Serial;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
@@ -40,6 +41,7 @@ import org.shredzone.acme4j.exception.AcmeException;
  * @since 2.15
  */
 public class AcmeInvalidMessageException extends AcmeException {
+    @Serial
     private static final long serialVersionUID = 5607857024718309330L;
 
     private final List<ErrorBundle> errors;

acme4j-smime/src/main/java/org/shredzone/acme4j/smime/wrapper/SignedMail.java

@@ -149,24 +149,19 @@ public class SignedMail implements Mail {
 
         var relaxed = false;
         for (var element : (ASN1Set) attr.getAttributeValues()[0]) {
-            if (element instanceof ASN1Enumerated) {
+            if (element instanceof ASN1Enumerated asn1element) {
-                var algorithm = ((ASN1Enumerated) element).intValueExact();
+                var algorithm = asn1element.intValueExact();
-                switch (algorithm) {
+                relaxed = switch (algorithm) {
-                    case 0:
+                    case 0 -> false;
-                        relaxed = false;
+                    case 1 -> true;
-                        break;
+                    default -> throw new AcmeInvalidMessageException("Unknown algorithm: " + algorithm);
-                    case 1:
+                };
-                        relaxed = true;
-                        break;
-                    default:
-                        throw new AcmeInvalidMessageException("Unknown algorithm: " + algorithm);
-                }
             }
         }
 
         for (var element : (ASN1Set) attr.getAttributeValues()[0]) {
-            if (element instanceof ASN1Sequence) {
+            if (element instanceof ASN1Sequence asn1sequence) {
-                for (var sequenceElement : (ASN1Sequence) element) {
+                for (var sequenceElement : asn1sequence) {
                     var headerField = (ASN1Sequence) sequenceElement;
                     var fieldName = ((ASN1String) headerField.getObjectAt(0)).getString();
                     var fieldValue = ((ASN1String) headerField.getObjectAt(1)).getString();

acme4j-smime/src/main/java/org/shredzone/acme4j/smime/wrapper/SignedMailBuilder.java

@@ -163,12 +163,11 @@ public class SignedMailBuilder {
         requireNonNull(message, "message");
         try {
             // Check all parameters
-            if (!(message instanceof MimeMessage)) {
+            if (!(message instanceof MimeMessage mimeMessage)) {
                 throw new IllegalArgumentException("Message must be a MimeMessage");
             }
-            MimeMessage mimeMessage = (MimeMessage) message;
 
-            if (!(mimeMessage.getContent() instanceof MimeMultipart)) {
+            if (!(mimeMessage.getContent() instanceof MimeMultipart contentMultipart)) {
                 throw new AcmeProtocolException("S/MIME signed message must contain MimeMultipart");
             }
 
@@ -177,7 +176,7 @@ public class SignedMailBuilder {
             }
 
             // Get the signed message
-            SMIMESigned signed = new SMIMESigned((MimeMultipart) mimeMessage.getContent());
+            SMIMESigned signed = new SMIMESigned(contentMultipart);
 
             // Validate the signature
             SignerInformation si = validateSignature(mimeMessage, pkixParameters);

acme4j-smime/src/main/java/org/shredzone/acme4j/smime/wrapper/SimpleMail.java

@@ -55,10 +55,10 @@ public class SimpleMail implements Mail {
             if (from.length != 1) {
                 throw new AcmeInvalidMessageException("Message must have exactly one sender, but has " + from.length);
             }
-            if (!(from[0] instanceof InternetAddress)) {
+            if (!(from[0] instanceof InternetAddress from0)) {
                 throw new AcmeInvalidMessageException("Invalid sender message type: " + from[0].getClass().getName());
             }
-            return (InternetAddress) from[0];
+            return from0;
         } catch (MessagingException ex) {
             throw new AcmeInvalidMessageException("Could not read 'From' header", ex);
         }
@@ -74,10 +74,10 @@ public class SimpleMail implements Mail {
             if (to.length != 1) {
                 throw new AcmeInvalidMessageException("Message must have exactly one recipient, but has " + to.length);
             }
-            if (!(to[0] instanceof InternetAddress)) {
+            if (!(to[0] instanceof InternetAddress to0)) {
                 throw new AcmeInvalidMessageException("Invalid recipient message type: " + to[0].getClass().getName());
             }
-            return (InternetAddress) to[0];
+            return to0;
         } catch (MessagingException ex) {
             throw new AcmeInvalidMessageException("Could not read 'To' header", ex);
         }

acme4j-smime/src/test/java/org/shredzone/acme4j/smime/EmailIdentifierTest.java

@@ -37,8 +37,8 @@ public class EmailIdentifierTest {
     @ParameterizedTest
     @MethodSource("provideTestEmails")
     public void testEmail(Object input, String expected) {
-        var id = input instanceof InternetAddress
+        var id = input instanceof InternetAddress internetAddress
-                ? EmailIdentifier.email((InternetAddress) input)
+                ? EmailIdentifier.email(internetAddress)
                 : EmailIdentifier.email(input.toString());
 
         assertThat(id.getType()).isEqualTo(EmailIdentifier.TYPE_EMAIL);

pom.xml

@@ -75,7 +75,7 @@
                 <artifactId>maven-compiler-plugin</artifactId>
                 <version>3.8.1</version>
                 <configuration>
-                    <release>11</release>
+                    <release>17</release>
                 </configuration>
             </plugin>
             <plugin>

src/doc/docs/index.md

@@ -22,7 +22,7 @@ Latest version: ![maven central](https://shredzone.org/maven-central/org.shredzo
 * Supports [draft-ietf-acme-ari-07](https://www.ietf.org/archive/id/draft-ietf-acme-ari-07.html) for renewal information (experimental)
 * Supports [draft-aaron-acme-profiles-00](https://www.ietf.org/archive/id/draft-aaron-acme-profiles-00.html) for certificate profiles (experimental)
 * Easy to use Java API
-* Requires JRE 11 or higher
+* Requires JRE 17 or higher
 * Supports [Buypass](https://buypass.com/), [Google Trust Services](https://pki.goog/), [Let's Encrypt](https://letsencrypt.org/), [SSL.com](https://www.ssl.com/), [ZeroSSL](https://zerossl.com/), and all other CAs that comply with the ACME protocol (RFC 8555). Note that _acme4j_ is an independent project that is not supported or endorsed by any of the CAs.
 * Built with maven, packages available at [Maven Central](http://search.maven.org/#search|ga|1|g%3A%22org.shredzone.acme4j%22)
 * Extensive unit and integration tests

src/doc/docs/migration.md

@@ -2,6 +2,10 @@
 
 This document will help you migrate your code to the latest _acme4j_ version.
 
+## Migration to Version 3.6.0
+
+- _acme4j_ requires JRE 17 or higher now.
+
 ## Migration to Version 3.5.0
 
 - If you use STAR auto-renewal certificates, you can now use `Order.getCertificate()` instead of `Order.getAutoRenewalCertificate()` to retrieve the STAR certificate. `Order.getAutoRenewalCertificate()` is marked as deprecated, but still functional. The new method `Order.isAutoRenewalCertificate()` can be used to check if the order resulted in a standard or auto-renewing certificate.