diff --git a/acme4j-client/src/main/java/org/shredzone/acme4j/challenge/TlsSni01Challenge.java b/acme4j-client/src/main/java/org/shredzone/acme4j/challenge/TlsSni01Challenge.java index cbb88814..c4397c09 100644 --- a/acme4j-client/src/main/java/org/shredzone/acme4j/challenge/TlsSni01Challenge.java +++ b/acme4j-client/src/main/java/org/shredzone/acme4j/challenge/TlsSni01Challenge.java @@ -19,12 +19,7 @@ import org.shredzone.acme4j.Session; /** * Implements the {@value TYPE} challenge. - * - * @deprecated Use {@link TlsSni02Challenge} if supported by the CA. This challenge will - * be removed when Let's Encrypt removes support for - * {@link TlsSni01Challenge}. */ -@Deprecated public class TlsSni01Challenge extends TokenChallenge { private static final long serialVersionUID = 7370329525205430573L; diff --git a/acme4j-client/src/main/java/org/shredzone/acme4j/provider/AbstractAcmeProvider.java b/acme4j-client/src/main/java/org/shredzone/acme4j/provider/AbstractAcmeProvider.java index cbc9e7a3..d649cd28 100644 --- a/acme4j-client/src/main/java/org/shredzone/acme4j/provider/AbstractAcmeProvider.java +++ b/acme4j-client/src/main/java/org/shredzone/acme4j/provider/AbstractAcmeProvider.java @@ -26,6 +26,7 @@ import org.shredzone.acme4j.challenge.Challenge; import org.shredzone.acme4j.challenge.Dns01Challenge; import org.shredzone.acme4j.challenge.Http01Challenge; import org.shredzone.acme4j.challenge.OutOfBand01Challenge; +import org.shredzone.acme4j.challenge.TlsSni01Challenge; import org.shredzone.acme4j.challenge.TlsSni02Challenge; import org.shredzone.acme4j.connector.Connection; import org.shredzone.acme4j.connector.DefaultConnection; @@ -62,12 +63,11 @@ public abstract class AbstractAcmeProvider implements AcmeProvider { } } - @SuppressWarnings("deprecation") // must still provide deprecated challenges private static Map> challengeMap() { Map> map = new HashMap<>(); map.put(Dns01Challenge.TYPE, Dns01Challenge::new); - map.put(org.shredzone.acme4j.challenge.TlsSni01Challenge.TYPE, org.shredzone.acme4j.challenge.TlsSni01Challenge::new); + map.put(TlsSni01Challenge.TYPE, TlsSni01Challenge::new); map.put(TlsSni02Challenge.TYPE, TlsSni02Challenge::new); map.put(Http01Challenge.TYPE, Http01Challenge::new); map.put(OutOfBand01Challenge.TYPE, OutOfBand01Challenge::new); diff --git a/acme4j-client/src/test/java/org/shredzone/acme4j/challenge/TlsSni01ChallengeTest.java b/acme4j-client/src/test/java/org/shredzone/acme4j/challenge/TlsSni01ChallengeTest.java index f317bb84..dbc40a83 100644 --- a/acme4j-client/src/test/java/org/shredzone/acme4j/challenge/TlsSni01ChallengeTest.java +++ b/acme4j-client/src/test/java/org/shredzone/acme4j/challenge/TlsSni01ChallengeTest.java @@ -30,7 +30,6 @@ import org.shredzone.acme4j.toolbox.TestUtils; /** * Unit tests for {@link TlsSni01Challenge}. */ -@SuppressWarnings("deprecation") // must test a deprecated challenge public class TlsSni01ChallengeTest { private static final String KEY_AUTHORIZATION = "VNLBdSiZ3LppU2CRG8bilqlwq4DuApJMg3ZJowU6JhQ.HnWjTDnyqlCrm6tZ-6wX-TrEXgRdeNu9G71gqxSO6o0"; diff --git a/acme4j-client/src/test/java/org/shredzone/acme4j/provider/AbstractAcmeProviderTest.java b/acme4j-client/src/test/java/org/shredzone/acme4j/provider/AbstractAcmeProviderTest.java index 444f8111..0a22ab45 100644 --- a/acme4j-client/src/test/java/org/shredzone/acme4j/provider/AbstractAcmeProviderTest.java +++ b/acme4j-client/src/test/java/org/shredzone/acme4j/provider/AbstractAcmeProviderTest.java @@ -121,7 +121,6 @@ public class AbstractAcmeProviderTest { * Test that challenges are generated properly. */ @Test - @SuppressWarnings("deprecation") // must test deprecated challenges public void testCreateChallenge() { Session session = mock(Session.class); diff --git a/acme4j-example/src/main/java/org/shredzone/acme4j/ClientTest.java b/acme4j-example/src/main/java/org/shredzone/acme4j/ClientTest.java index 3aa56192..6bd896f0 100644 --- a/acme4j-example/src/main/java/org/shredzone/acme4j/ClientTest.java +++ b/acme4j-example/src/main/java/org/shredzone/acme4j/ClientTest.java @@ -344,7 +344,6 @@ public class ClientTest { * Domain name to be authorized * @return {@link Challenge} to verify */ - @SuppressWarnings("deprecation") // until tls-sni-02 is supported public Challenge tlsSniChallenge(Authorization auth, String domain) throws AcmeException { // Find a single tls-sni-01 challenge org.shredzone.acme4j.challenge.TlsSni01Challenge challenge = auth.findChallenge(org.shredzone.acme4j.challenge.TlsSni01Challenge.TYPE); diff --git a/acme4j-utils/src/main/java/org/shredzone/acme4j/util/CertificateUtils.java b/acme4j-utils/src/main/java/org/shredzone/acme4j/util/CertificateUtils.java index c0169a3a..276e5e25 100644 --- a/acme4j-utils/src/main/java/org/shredzone/acme4j/util/CertificateUtils.java +++ b/acme4j-utils/src/main/java/org/shredzone/acme4j/util/CertificateUtils.java @@ -177,10 +177,7 @@ public final class CertificateUtils { * @param subject * Subject to create a certificate for * @return Created certificate - * @deprecated Will be removed when - * {@link org.shredzone.acme4j.challenge.TlsSni01Challenge} is removed */ - @Deprecated public static X509Certificate createTlsSniCertificate(KeyPair keypair, String subject) throws IOException { return createCertificate(keypair, subject); } diff --git a/src/site/markdown/challenge/tls-sni-01.md b/src/site/markdown/challenge/tls-sni-01.md index 0b8b2c33..510666cb 100644 --- a/src/site/markdown/challenge/tls-sni-01.md +++ b/src/site/markdown/challenge/tls-sni-01.md @@ -1,6 +1,6 @@ # tls-sni-01 Challenge -> **DEPRECATED:** According to the ACME specifications, this challenge will be replaced by [tls-sni-02](./tls-sni-02.html). However, _Let's Encrypt_ does not currently support `tls-sni-02`. For the time being, _acme4j_ supports both challenges. To be on the safe side, request both challenges and process the one that is returned. +> **NOTE:** In ACMEv2, this challenge is going to be replaced by [tls-sni-02](./tls-sni-02.html). However, the _Let's Encrypt_ ACMEv1 server is still offering this challenge as the only TLS-SNI based challenge. To be on the safe side, request both challenges and process the one that is returned. With the `tls-sni-01` challenge, you prove to the CA that you are able to control the web server of the domain to be authorized, by letting it respond to a SNI request with a specific self-signed cert. diff --git a/src/site/markdown/challenge/tls-sni-02.md b/src/site/markdown/challenge/tls-sni-02.md index f7979954..457537b5 100644 --- a/src/site/markdown/challenge/tls-sni-02.md +++ b/src/site/markdown/challenge/tls-sni-02.md @@ -1,6 +1,6 @@ # tls-sni-02 Challenge -> **NOTE:** According to the ACME specifications, this challenge will replace [tls-sni-01](./tls-sni-01.html). However, _Let's Encrypt_ does not currently support `tls-sni-02`. For the time being, _acme4j_ supports both challenges. To be on the safe side, request both challenges and process the one that is returned. +> **NOTE:** According to the ACME specifications, this challenge will replace [tls-sni-01](./tls-sni-01.html). However, _Let's Encrypt_ does not currently support `tls-sni-02`. To be on the safe side, request both challenges and process the one that is returned. With the `tls-sni-02` challenge, you prove to the CA that you are able to control the web server of the domain to be authorized, by letting it respond to a SNI request with a specific self-signed cert.