Single method to get the certificate

2024-10-21 07:11:09 +02:00 · 2024-10-21 07:11:09 +02:00 · 318aeaab9d
parent 6a24d85364
commit 318aeaab9d
4 changed files with 23 additions and 6 deletions
--- a/acme4j-client/src/main/java/org/shredzone/acme4j/Order.java
+++ b/acme4j-client/src/main/java/org/shredzone/acme4j/Order.java
@ -143,7 +143,9 @@ public class Order extends AcmeJsonResource implements PollableResource {
    @SuppressFBWarnings("EI_EXPOSE_REP")    // behavior is intended
    public Certificate getCertificate() {
        if (certificate == null) {
-            certificate = getJSON().get("certificate")
+            certificate = getJSON().get("star-certificate")
+                    .optional()
+                    .or(() -> getJSON().get("certificate").optional())
                    .map(Value::asURL)
                    .map(getLogin()::bindCertificate)
                    .orElseThrow(() -> new IllegalStateException("Order is not completed"));
@ -159,7 +161,9 @@ public class Order extends AcmeJsonResource implements PollableResource {
     *         if the order is not ready yet. You must finalize the order first, and wait
     *         for the status to become {@link Status#VALID}. It is also thrown if the
     *         order has been {@link Status#CANCELED}.
+     * @deprecated Use {@link #getCertificate()} for STAR certificates as well.
     */
+    @Deprecated
    @SuppressFBWarnings("EI_EXPOSE_REP")    // behavior is intended
    public Certificate getAutoRenewalCertificate() {
        if (autoRenewalCertificate == null) {
@ -172,6 +176,16 @@ public class Order extends AcmeJsonResource implements PollableResource {
        return autoRenewalCertificate;
    }

+    /**
+     * Returns whether this is a STAR certificate ({@code true}) or a standard certificate
+     * ({@code false}).
+     *
+     * @since 3.5.0
+     */
+    public boolean isAutoRenewalCertificate() {
+        return getJSON().contains("star-certificate");
+    }
+
    /**
     * Finalizes the order.
     * <p>
--- a/acme4j-client/src/test/java/org/shredzone/acme4j/OrderTest.java
+++ b/acme4j-client/src/test/java/org/shredzone/acme4j/OrderTest.java
@ -201,6 +201,7 @@ public class OrderTest {
                    .isEqualTo("2016-01-01T00:00:00Z");
            softly.assertThat(order.getNotAfter().orElseThrow())
                    .isEqualTo("2016-01-08T00:00:00Z");
+            softly.assertThat(order.isAutoRenewalCertificate()).isFalse();
            softly.assertThat(order.getCertificate().getLocation())
                    .isEqualTo(url("https://example.com/acme/cert/1234"));
            softly.assertThatIllegalStateException()
@ -284,8 +285,9 @@ public class OrderTest {
        var order = login.bindOrder(locationUrl);

        try (var softly = new AutoCloseableSoftAssertions()) {
-            softly.assertThatIllegalStateException()
-                    .isThrownBy(order::getCertificate);
+            softly.assertThat(order.isAutoRenewalCertificate()).isTrue();
+            softly.assertThat(order.getCertificate().getLocation())
+                    .isEqualTo(url("https://example.com/acme/cert/1234"));
            softly.assertThat(order.getAutoRenewalCertificate().getLocation())
                    .isEqualTo(url("https://example.com/acme/cert/1234"));
            softly.assertThat(order.isAutoRenewing()).isTrue();
--- a/src/doc/docs/migration.md
+++ b/src/doc/docs/migration.md
@ -2,6 +2,10 @@

 This document will help you migrate your code to the latest _acme4j_ version.

+## Migration to Version 3.5.0
+
+- If you use STAR auto renewal certificates, you can now use `Order.getCertificate()` instead of `Order.getAutoRenewalCertificate()` to retrieve the STAR certificate. `Order.getAutoRenewalCertificate()` is marked as deprecated, but still functional. The new method `Order.isAutoRenewalCertificate()` can be used to check if the order resulted in a standard or auto-renewing certificate.
+
 ## Migration to Version 3.4.0

 - To be futureproof, you should wait for your `Order` resource's state to become `READY` before invoking `Order.execute()`. Most CAs change to the `READY` state immediately, but this behavior is not specified in RFC8555. Future CA implementations may stay in `PENDING` state for a short while, and would return an error if `execute()` is invoked too early. Also see the [example](example.md#the-main-workflow) for how wait for the `READY` state.
--- a/src/doc/docs/usage/renewal.md
+++ b/src/doc/docs/usage/renewal.md
@ -47,9 +47,6 @@ You can also use `autoRenewalStart()`, `autoRenewalEnd()`, `autoRenewalLifetime(

 The `Metadata` object also holds the accepted renewal limits (see `Metadata.getAutoRenewalMinLifetime()` and `Metadata.getAutoRenewalMaxDuration()`).

-!!! important
-    After your order is finalized, you must use `Order.getAutoRenewalCertificate()` to retrieve a STAR certificate! Do not use `Order.getCertificate()` here.
-
 The STAR certificates are automatically renewed by the CA. You will always find the latest certificate at the certificate location URL.

 To download the latest certificate issue, you can bind the certificate URL to your `Login` and then use the `Certificate` object.