github
/
acme4j
mirror of https://github.com/shred/acme4j
1
0
Fork 0
Code Issues Releases Wiki Activity

Add Actalis support (fixes #173)

master
Richard Körber 2025-08-13 20:48:16 +02:00
parent 2a5df329bd
commit 2ca2f4b264
No known key found for this signature in database
GPG Key ID: AAB9FD19C78AA3E0
11 changed files with 217 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -20,7 +20,7 @@ This Java client helps to connect to an ACME server, and performing all necessar
* Supports [draft-ietf-acme-dns-account-label-00](https://datatracker.ietf.org/doc/draft-ietf-acme-dns-account-label/) for DNS labeled with ACME account ID challenges (experimental) * Supports [draft-ietf-acme-dns-account-label-00](https://datatracker.ietf.org/doc/draft-ietf-acme-dns-account-label/) for DNS labeled with ACME account ID challenges (experimental)
* Easy to use Java API * Easy to use Java API
* Requires JRE 17 or higher * Requires JRE 17 or higher
* Supports [Buypass](https://buypass.com/), [Google Trust Services](https://pki.goog/), [Let's Encrypt](https://letsencrypt.org/), [SSL.com](https://www.ssl.com/), [ZeroSSL](https://zerossl.com/), and all other CAs that comply with the ACME protocol (RFC 8555). Note that _acme4j_ is an independent project that is not supported or endorsed by any of the CAs. * Supports [Actalis](https://www.actalis.com/), [Buypass](https://buypass.com/), [Google Trust Services](https://pki.goog/), [Let's Encrypt](https://letsencrypt.org/), [SSL.com](https://www.ssl.com/), [ZeroSSL](https://zerossl.com/), and **all other CAs that comply with the ACME protocol (RFC 8555)**. Note that _acme4j_ is an independent project that is not supported or endorsed by any of the CAs.
* Built with maven, packages available at [Maven Central](http://search.maven.org/#search|ga|1|g%3A%22org.shredzone.acme4j%22) * Built with maven, packages available at [Maven Central](http://search.maven.org/#search|ga|1|g%3A%22org.shredzone.acme4j%22)
* Extensive unit and integration tests * Extensive unit and integration tests
* Adheres to [Semantic Versioning](https://semver.org/) * Adheres to [Semantic Versioning](https://semver.org/)

1
acme4j-client/src/main/java/module-info.java
View File

@ -36,6 +36,7 @@ module org.shredzone.acme4j {
provides org.shredzone.acme4j.provider.AcmeProvider provides org.shredzone.acme4j.provider.AcmeProvider
with org.shredzone.acme4j.provider.GenericAcmeProvider, with org.shredzone.acme4j.provider.GenericAcmeProvider,
org.shredzone.acme4j.provider.actalis.ActalisAcmeProvider,
org.shredzone.acme4j.provider.buypass.BuypassAcmeProvider, org.shredzone.acme4j.provider.buypass.BuypassAcmeProvider,
org.shredzone.acme4j.provider.google.GoogleAcmeProvider, org.shredzone.acme4j.provider.google.GoogleAcmeProvider,
org.shredzone.acme4j.provider.letsencrypt.LetsEncryptAcmeProvider, org.shredzone.acme4j.provider.letsencrypt.LetsEncryptAcmeProvider,

87
acme4j-client/src/main/java/org/shredzone/acme4j/provider/actalis/ActalisAcmeProvider.java Normal file
View File

@ -0,0 +1,87 @@
/*
* acme4j - Java ACME client
*
* Copyright (C) 2025 Richard "Shred" Körber
* http://acme4j.shredzone.org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*/
package org.shredzone.acme4j.provider.actalis;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URL;
import java.util.Map;
import org.shredzone.acme4j.Session;
import org.shredzone.acme4j.exception.AcmeException;
import org.shredzone.acme4j.exception.AcmeProtocolException;
import org.shredzone.acme4j.provider.AbstractAcmeProvider;
import org.shredzone.acme4j.provider.AcmeProvider;
import org.shredzone.acme4j.toolbox.JSON;
/**
* An {@link AcmeProvider} for <em>Actalis</em>.
* <p>
* The {@code serverUri} is {@code "acme://actalis.com"} for the production server.
* <p>
* If you want to use <em>Actalis</em>, always prefer to use this provider.
*
* @see <a href="https://www.actalis.com/">Actalis S.p.A.</a>
* @since 4.0.0
*/
public class ActalisAcmeProvider extends AbstractAcmeProvider {
private static final String PRODUCTION_DIRECTORY_URL = "https://acme-api.actalis.com/acme/directory";
@Override
public boolean accepts(URI serverUri) {
return "acme".equals(serverUri.getScheme())
&& "actalis.com".equals(serverUri.getHost());
}
@Override
public URL resolve(URI serverUri) {
var path = serverUri.getPath();
String directoryUrl;
if (path == null || path.isEmpty() || "/".equals(path)) {
directoryUrl = PRODUCTION_DIRECTORY_URL;
} else {
throw new IllegalArgumentException("Unknown URI " + serverUri);
}
try {
return URI.create(directoryUrl).toURL();
} catch (MalformedURLException ex) {
throw new AcmeProtocolException(directoryUrl, ex);
}
}
@Override
@SuppressWarnings("unchecked")
public JSON directory(Session session, URI serverUri) throws AcmeException {
// This is a workaround as actalis.com uses "home" instead of "website" to
// refer to its homepage in the metadata.
var superdirectory = super.directory(session, serverUri);
if (superdirectory == null) {
return null;
}
var directory = superdirectory.toMap();
var meta = directory.get("meta");
if (meta instanceof Map) {
var metaMap = ((Map<String, Object>) meta);
if (metaMap.containsKey("home") && !metaMap.containsKey("website")) {
metaMap.put("website", metaMap.remove("home"));
}
}
return JSON.fromMap(directory);
}
}

29
acme4j-client/src/main/java/org/shredzone/acme4j/provider/actalis/package-info.java Normal file
View File

@ -0,0 +1,29 @@
/*
* acme4j - Java ACME client
*
* Copyright (C) 2025 Richard "Shred" Körber
* http://acme4j.shredzone.org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*/
/**
* This package contains an {@link org.shredzone.acme4j.provider.AcmeProvider} for the
* Actalis server.
*
* @see <a href="https://www.actalis.com/">Actalis S.p.A.</a>
*/
@ReturnValuesAreNonnullByDefault
@DefaultAnnotationForParameters(NonNull.class)
@DefaultAnnotationForFields(NonNull.class)
package org.shredzone.acme4j.provider.actalis;
import edu.umd.cs.findbugs.annotations.DefaultAnnotationForFields;
import edu.umd.cs.findbugs.annotations.DefaultAnnotationForParameters;
import edu.umd.cs.findbugs.annotations.NonNull;
import edu.umd.cs.findbugs.annotations.ReturnValuesAreNonnullByDefault;

7
acme4j-client/src/main/resources/META-INF/services/org.shredzone.acme4j.provider.AcmeProvider
View File

@ -1,8 +1,11 @@
# Buypass: https://buypass.com/ # Actalis: https://www.actalis.com/
org.shredzone.acme4j.provider.actalis.ActalisAcmeProvider
# Buypass: https://buypass.com/
org.shredzone.acme4j.provider.buypass.BuypassAcmeProvider org.shredzone.acme4j.provider.buypass.BuypassAcmeProvider
# Google Trust Services: https://pki.goog/ # Google Trust Services: https://pki.goog/
org.shredzone.acme4j.provider.google.GoogleAcmeProvider org.shredzone.acme4j.provider.google.GoogleAcmeProvider
# Let's Encrypt: https://letsencrypt.org # Let's Encrypt: https://letsencrypt.org

59
acme4j-client/src/test/java/org/shredzone/acme4j/provider/actalis/ActalisAcmeProviderTest.java Normal file
View File

@ -0,0 +1,59 @@
/*
* acme4j - Java ACME client
*
* Copyright (C) 2025 Richard "Shred" Körber
* http://acme4j.shredzone.org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*/
package org.shredzone.acme4j.provider.actalis;
import static org.assertj.core.api.Assertions.assertThat;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.shredzone.acme4j.toolbox.TestUtils.url;
import java.net.URI;
import java.net.URISyntaxException;
import org.assertj.core.api.AutoCloseableSoftAssertions;
import org.junit.jupiter.api.Test;
public class ActalisAcmeProviderTest {
private static final String PRODUCTION_DIRECTORY_URL = "https://acme-api.actalis.com/acme/directory";
/**
* Tests if the provider accepts the correct URIs.
*/
@Test
public void testAccepts() throws URISyntaxException {
var provider = new ActalisAcmeProvider();
try (var softly = new AutoCloseableSoftAssertions()) {
softly.assertThat(provider.accepts(new URI("acme://actalis.com"))).isTrue();
softly.assertThat(provider.accepts(new URI("acme://actalis.com/"))).isTrue();
softly.assertThat(provider.accepts(new URI("acme://example.com"))).isFalse();
softly.assertThat(provider.accepts(new URI("http://example.com/acme"))).isFalse();
softly.assertThat(provider.accepts(new URI("https://example.com/acme"))).isFalse();
}
}
/**
* Test if acme URIs are properly resolved.
*/
@Test
public void testResolve() throws URISyntaxException {
var provider = new ActalisAcmeProvider();
assertThat(provider.resolve(new URI("acme://actalis.com"))).isEqualTo(url(PRODUCTION_DIRECTORY_URL));
assertThat(provider.resolve(new URI("acme://actalis.com/"))).isEqualTo(url(PRODUCTION_DIRECTORY_URL));
assertThrows(IllegalArgumentException.class, () -> provider.resolve(new URI("acme://letsencrypt.org/v99")));
}
}

13
acme4j-it/src/test/java/org/shredzone/acme4j/it/ProviderIT.java
View File

@ -37,6 +37,19 @@ import org.shredzone.acme4j.exception.AcmeException;
*/ */
public class ProviderIT { public class ProviderIT {
/**
* Test Actalis
*/
@Test
public void testActalis() throws AcmeException, MalformedURLException {
var session = new Session("acme://actalis.com");
assertThat(session.getMetadata().getWebsite()).hasValue(URI.create("https://www.actalis.com").toURL());
assertThatNoException().isThrownBy(() -> session.resourceUrl(Resource.NEW_ACCOUNT));
assertThat(session.getMetadata().isExternalAccountRequired()).isTrue();
assertThat(session.getMetadata().isAutoRenewalEnabled()).isFalse();
assertThat(session.resourceUrlOptional(Resource.RENEWAL_INFO)).isNotEmpty();
}
/** /**
* Test Buypass * Test Buypass
*/ */

19
src/doc/docs/ca/actalis.md Normal file
View File

@ -0,0 +1,19 @@
# Actalis
Website: [Actalis](https://www.actalis.com)
Available since acme4j 4.0.0
## Connection URIs
* `acme://actalis.com` - Production server
Actalis does not provide a staging server (as of August 2025).
## Note
* Actalis requires account creation with [key identifier](../usage/account.md#external-account-binding).
## Disclaimer
_acme4j_ is not officially supported or endorsed by Actalis. If you have _acme4j_ related issues, please do not ask them for support, but [open an issue here](https://codeberg.org/shred/acme4j/issues).

1
src/doc/docs/ca/index.md
View File

@ -9,6 +9,7 @@ _acme4j_ should support any CA that is providing an ACME server.
The _acme4j_ package contains these providers (in alphabetical order): The _acme4j_ package contains these providers (in alphabetical order):
* [Actalis](actalis.md)
* [Buypass](buypass.md) * [Buypass](buypass.md)
* [Google](google.md) * [Google](google.md)
* [Let's Encrypt](letsencrypt.md) * [Let's Encrypt](letsencrypt.md)

2
src/doc/docs/index.md
View File

@ -24,7 +24,7 @@ Latest version: ![maven central](https://shredzone.org/maven-central/org.shredzo
* Supports [draft-ietf-acme-dns-account-label-00](https://datatracker.ietf.org/doc/draft-ietf-acme-dns-account-label/) for DNS labeled with ACME account ID challenges (experimental) * Supports [draft-ietf-acme-dns-account-label-00](https://datatracker.ietf.org/doc/draft-ietf-acme-dns-account-label/) for DNS labeled with ACME account ID challenges (experimental)
* Easy to use Java API * Easy to use Java API
* Requires JRE 17 or higher * Requires JRE 17 or higher
* Supports [Buypass](https://buypass.com/), [Google Trust Services](https://pki.goog/), [Let's Encrypt](https://letsencrypt.org/), [SSL.com](https://www.ssl.com/), [ZeroSSL](https://zerossl.com/), and all other CAs that comply with the ACME protocol (RFC 8555). Note that _acme4j_ is an independent project that is not supported or endorsed by any of the CAs. * Supports [Actalis](https://www.actalis.com/), [Buypass](https://buypass.com/), [Google Trust Services](https://pki.goog/), [Let's Encrypt](https://letsencrypt.org/), [SSL.com](https://www.ssl.com/), [ZeroSSL](https://zerossl.com/), and **all other CAs that comply with the ACME protocol (RFC 8555)**. Note that _acme4j_ is an independent project that is not supported or endorsed by any of the CAs.
* Built with maven, packages available at [Maven Central](http://search.maven.org/#search|ga|1|g%3A%22org.shredzone.acme4j%22) * Built with maven, packages available at [Maven Central](http://search.maven.org/#search|ga|1|g%3A%22org.shredzone.acme4j%22)
* Extensive unit and integration tests * Extensive unit and integration tests
* Adheres to [Semantic Versioning](https://semver.org/) * Adheres to [Semantic Versioning](https://semver.org/)

1
src/doc/mkdocs.yml
View File

@ -44,6 +44,7 @@ nav:
- 'challenge/tls-alpn-01.md' - 'challenge/tls-alpn-01.md'
- CA: - CA:
- 'ca/index.md' - 'ca/index.md'
- 'ca/actalis.md'
- 'ca/buypass.md' - 'ca/buypass.md'
- 'ca/google.md' - 'ca/google.md'
- 'ca/letsencrypt.md' - 'ca/letsencrypt.md'