github
/
acme4j
mirror of https://github.com/shred/acme4j
1
0
Fork 0
Code Issues Releases Wiki Activity

Single method to get the certificate

pull/168/head
Richard Körber 2024-10-21 07:11:09 +02:00
parent 6a24d85364
commit 318aeaab9d
No known key found for this signature in database
GPG Key ID: AAB9FD19C78AA3E0
4 changed files with 23 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
acme4j-client/src/main/java/org/shredzone/acme4j/Order.java
View File

@ -143,7 +143,9 @@ public class Order extends AcmeJsonResource implements PollableResource {
@SuppressFBWarnings("EI_EXPOSE_REP") // behavior is intended @SuppressFBWarnings("EI_EXPOSE_REP") // behavior is intended
public Certificate getCertificate() { public Certificate getCertificate() {
if (certificate == null) { if (certificate == null) {
certificate = getJSON().get("certificate") certificate = getJSON().get("star-certificate")
.optional()
.or(() -> getJSON().get("certificate").optional())
.map(Value::asURL) .map(Value::asURL)
.map(getLogin()::bindCertificate) .map(getLogin()::bindCertificate)
.orElseThrow(() -> new IllegalStateException("Order is not completed")); .orElseThrow(() -> new IllegalStateException("Order is not completed"));
@ -159,7 +161,9 @@ public class Order extends AcmeJsonResource implements PollableResource {
* if the order is not ready yet. You must finalize the order first, and wait * if the order is not ready yet. You must finalize the order first, and wait
* for the status to become {@link Status#VALID}. It is also thrown if the * for the status to become {@link Status#VALID}. It is also thrown if the
* order has been {@link Status#CANCELED}. * order has been {@link Status#CANCELED}.
* @deprecated Use {@link #getCertificate()} for STAR certificates as well.
*/ */
@Deprecated
@SuppressFBWarnings("EI_EXPOSE_REP") // behavior is intended @SuppressFBWarnings("EI_EXPOSE_REP") // behavior is intended
public Certificate getAutoRenewalCertificate() { public Certificate getAutoRenewalCertificate() {
if (autoRenewalCertificate == null) { if (autoRenewalCertificate == null) {
@ -172,6 +176,16 @@ public class Order extends AcmeJsonResource implements PollableResource {
return autoRenewalCertificate; return autoRenewalCertificate;
} }
/**
* Returns whether this is a STAR certificate ({@code true}) or a standard certificate
* ({@code false}).
*
* @since 3.5.0
*/
public boolean isAutoRenewalCertificate() {
return getJSON().contains("star-certificate");
}
/** /**
* Finalizes the order. * Finalizes the order.
* <p> * <p>

6
acme4j-client/src/test/java/org/shredzone/acme4j/OrderTest.java
View File

@ -201,6 +201,7 @@ public class OrderTest {
.isEqualTo("2016-01-01T00:00:00Z"); .isEqualTo("2016-01-01T00:00:00Z");
softly.assertThat(order.getNotAfter().orElseThrow()) softly.assertThat(order.getNotAfter().orElseThrow())
.isEqualTo("2016-01-08T00:00:00Z"); .isEqualTo("2016-01-08T00:00:00Z");
softly.assertThat(order.isAutoRenewalCertificate()).isFalse();
softly.assertThat(order.getCertificate().getLocation()) softly.assertThat(order.getCertificate().getLocation())
.isEqualTo(url("https://example.com/acme/cert/1234")); .isEqualTo(url("https://example.com/acme/cert/1234"));
softly.assertThatIllegalStateException() softly.assertThatIllegalStateException()
@ -284,8 +285,9 @@ public class OrderTest {
var order = login.bindOrder(locationUrl); var order = login.bindOrder(locationUrl);
try (var softly = new AutoCloseableSoftAssertions()) { try (var softly = new AutoCloseableSoftAssertions()) {
softly.assertThatIllegalStateException() softly.assertThat(order.isAutoRenewalCertificate()).isTrue();
.isThrownBy(order::getCertificate); softly.assertThat(order.getCertificate().getLocation())
.isEqualTo(url("https://example.com/acme/cert/1234"));
softly.assertThat(order.getAutoRenewalCertificate().getLocation()) softly.assertThat(order.getAutoRenewalCertificate().getLocation())
.isEqualTo(url("https://example.com/acme/cert/1234")); .isEqualTo(url("https://example.com/acme/cert/1234"));
softly.assertThat(order.isAutoRenewing()).isTrue(); softly.assertThat(order.isAutoRenewing()).isTrue();

4
src/doc/docs/migration.md
View File

@ -2,6 +2,10 @@
This document will help you migrate your code to the latest _acme4j_ version. This document will help you migrate your code to the latest _acme4j_ version.
## Migration to Version 3.5.0
- If you use STAR auto renewal certificates, you can now use `Order.getCertificate()` instead of `Order.getAutoRenewalCertificate()` to retrieve the STAR certificate. `Order.getAutoRenewalCertificate()` is marked as deprecated, but still functional. The new method `Order.isAutoRenewalCertificate()` can be used to check if the order resulted in a standard or auto-renewing certificate.
## Migration to Version 3.4.0 ## Migration to Version 3.4.0
- To be futureproof, you should wait for your `Order` resource's state to become `READY` before invoking `Order.execute()`. Most CAs change to the `READY` state immediately, but this behavior is not specified in RFC8555. Future CA implementations may stay in `PENDING` state for a short while, and would return an error if `execute()` is invoked too early. Also see the [example](example.md#the-main-workflow) for how wait for the `READY` state. - To be futureproof, you should wait for your `Order` resource's state to become `READY` before invoking `Order.execute()`. Most CAs change to the `READY` state immediately, but this behavior is not specified in RFC8555. Future CA implementations may stay in `PENDING` state for a short while, and would return an error if `execute()` is invoked too early. Also see the [example](example.md#the-main-workflow) for how wait for the `READY` state.

3
src/doc/docs/usage/renewal.md
View File

@ -47,9 +47,6 @@ You can also use `autoRenewalStart()`, `autoRenewalEnd()`, `autoRenewalLifetime(
The `Metadata` object also holds the accepted renewal limits (see `Metadata.getAutoRenewalMinLifetime()` and `Metadata.getAutoRenewalMaxDuration()`). The `Metadata` object also holds the accepted renewal limits (see `Metadata.getAutoRenewalMinLifetime()` and `Metadata.getAutoRenewalMaxDuration()`).
!!! important
After your order is finalized, you must use `Order.getAutoRenewalCertificate()` to retrieve a STAR certificate! Do not use `Order.getCertificate()` here.
The STAR certificates are automatically renewed by the CA. You will always find the latest certificate at the certificate location URL. The STAR certificates are automatically renewed by the CA. You will always find the latest certificate at the certificate location URL.
To download the latest certificate issue, you can bind the certificate URL to your `Login` and then use the `Certificate` object. To download the latest certificate issue, you can bind the certificate URL to your `Login` and then use the `Certificate` object.