From 318aeaab9d9d21a5113a641f618265ab625c509d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Richard=20K=C3=B6rber?= Date: Mon, 21 Oct 2024 07:11:09 +0200 Subject: [PATCH] Single method to get the certificate --- .../main/java/org/shredzone/acme4j/Order.java | 16 +++++++++++++++- .../java/org/shredzone/acme4j/OrderTest.java | 6 ++++-- src/doc/docs/migration.md | 4 ++++ src/doc/docs/usage/renewal.md | 3 --- 4 files changed, 23 insertions(+), 6 deletions(-) diff --git a/acme4j-client/src/main/java/org/shredzone/acme4j/Order.java b/acme4j-client/src/main/java/org/shredzone/acme4j/Order.java index 13ca8ccf..d2b20399 100644 --- a/acme4j-client/src/main/java/org/shredzone/acme4j/Order.java +++ b/acme4j-client/src/main/java/org/shredzone/acme4j/Order.java @@ -143,7 +143,9 @@ public class Order extends AcmeJsonResource implements PollableResource { @SuppressFBWarnings("EI_EXPOSE_REP") // behavior is intended public Certificate getCertificate() { if (certificate == null) { - certificate = getJSON().get("certificate") + certificate = getJSON().get("star-certificate") + .optional() + .or(() -> getJSON().get("certificate").optional()) .map(Value::asURL) .map(getLogin()::bindCertificate) .orElseThrow(() -> new IllegalStateException("Order is not completed")); @@ -159,7 +161,9 @@ public class Order extends AcmeJsonResource implements PollableResource { * if the order is not ready yet. You must finalize the order first, and wait * for the status to become {@link Status#VALID}. It is also thrown if the * order has been {@link Status#CANCELED}. + * @deprecated Use {@link #getCertificate()} for STAR certificates as well. */ + @Deprecated @SuppressFBWarnings("EI_EXPOSE_REP") // behavior is intended public Certificate getAutoRenewalCertificate() { if (autoRenewalCertificate == null) { @@ -172,6 +176,16 @@ public class Order extends AcmeJsonResource implements PollableResource { return autoRenewalCertificate; } + /** + * Returns whether this is a STAR certificate ({@code true}) or a standard certificate + * ({@code false}). + * + * @since 3.5.0 + */ + public boolean isAutoRenewalCertificate() { + return getJSON().contains("star-certificate"); + } + /** * Finalizes the order. *

diff --git a/acme4j-client/src/test/java/org/shredzone/acme4j/OrderTest.java b/acme4j-client/src/test/java/org/shredzone/acme4j/OrderTest.java index ca4962cc..5ed46550 100644 --- a/acme4j-client/src/test/java/org/shredzone/acme4j/OrderTest.java +++ b/acme4j-client/src/test/java/org/shredzone/acme4j/OrderTest.java @@ -201,6 +201,7 @@ public class OrderTest { .isEqualTo("2016-01-01T00:00:00Z"); softly.assertThat(order.getNotAfter().orElseThrow()) .isEqualTo("2016-01-08T00:00:00Z"); + softly.assertThat(order.isAutoRenewalCertificate()).isFalse(); softly.assertThat(order.getCertificate().getLocation()) .isEqualTo(url("https://example.com/acme/cert/1234")); softly.assertThatIllegalStateException() @@ -284,8 +285,9 @@ public class OrderTest { var order = login.bindOrder(locationUrl); try (var softly = new AutoCloseableSoftAssertions()) { - softly.assertThatIllegalStateException() - .isThrownBy(order::getCertificate); + softly.assertThat(order.isAutoRenewalCertificate()).isTrue(); + softly.assertThat(order.getCertificate().getLocation()) + .isEqualTo(url("https://example.com/acme/cert/1234")); softly.assertThat(order.getAutoRenewalCertificate().getLocation()) .isEqualTo(url("https://example.com/acme/cert/1234")); softly.assertThat(order.isAutoRenewing()).isTrue(); diff --git a/src/doc/docs/migration.md b/src/doc/docs/migration.md index 25a30aa9..8a96ef99 100644 --- a/src/doc/docs/migration.md +++ b/src/doc/docs/migration.md @@ -2,6 +2,10 @@ This document will help you migrate your code to the latest _acme4j_ version. +## Migration to Version 3.5.0 + +- If you use STAR auto renewal certificates, you can now use `Order.getCertificate()` instead of `Order.getAutoRenewalCertificate()` to retrieve the STAR certificate. `Order.getAutoRenewalCertificate()` is marked as deprecated, but still functional. The new method `Order.isAutoRenewalCertificate()` can be used to check if the order resulted in a standard or auto-renewing certificate. + ## Migration to Version 3.4.0 - To be futureproof, you should wait for your `Order` resource's state to become `READY` before invoking `Order.execute()`. Most CAs change to the `READY` state immediately, but this behavior is not specified in RFC8555. Future CA implementations may stay in `PENDING` state for a short while, and would return an error if `execute()` is invoked too early. Also see the [example](example.md#the-main-workflow) for how wait for the `READY` state. diff --git a/src/doc/docs/usage/renewal.md b/src/doc/docs/usage/renewal.md index 6024880e..87c2931f 100644 --- a/src/doc/docs/usage/renewal.md +++ b/src/doc/docs/usage/renewal.md @@ -47,9 +47,6 @@ You can also use `autoRenewalStart()`, `autoRenewalEnd()`, `autoRenewalLifetime( The `Metadata` object also holds the accepted renewal limits (see `Metadata.getAutoRenewalMinLifetime()` and `Metadata.getAutoRenewalMaxDuration()`). -!!! important - After your order is finalized, you must use `Order.getAutoRenewalCertificate()` to retrieve a STAR certificate! Do not use `Order.getCertificate()` here. - The STAR certificates are automatically renewed by the CA. You will always find the latest certificate at the certificate location URL. To download the latest certificate issue, you can bind the certificate URL to your `Login` and then use the `Certificate` object.