From 710e876585c85aad985939b754c4f4738d388890 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Richard=20K=C3=B6rber?= Date: Mon, 1 May 2017 16:17:01 +0200 Subject: [PATCH] Use system property for enabling Pebble workarounds --- .../acme4j/connector/DefaultConnection.java | 8 +++- .../acme4j/provider/pebble/Pebble.java | 47 +++++++++++++++++++ .../provider/pebble/PebbleAcmeProvider.java | 5 +- .../connector/DefaultConnectionTest.java | 3 +- acme4j-it/pom.xml | 13 +++++ 5 files changed, 71 insertions(+), 5 deletions(-) create mode 100644 acme4j-client/src/main/java/org/shredzone/acme4j/provider/pebble/Pebble.java diff --git a/acme4j-client/src/main/java/org/shredzone/acme4j/connector/DefaultConnection.java b/acme4j-client/src/main/java/org/shredzone/acme4j/connector/DefaultConnection.java index e1fd344c..cd32b88c 100644 --- a/acme4j-client/src/main/java/org/shredzone/acme4j/connector/DefaultConnection.java +++ b/acme4j-client/src/main/java/org/shredzone/acme4j/connector/DefaultConnection.java @@ -53,6 +53,7 @@ import org.shredzone.acme4j.exception.AcmeRateLimitExceededException; import org.shredzone.acme4j.exception.AcmeRetryAfterException; import org.shredzone.acme4j.exception.AcmeServerException; import org.shredzone.acme4j.exception.AcmeUnauthorizedException; +import org.shredzone.acme4j.provider.pebble.Pebble; import org.shredzone.acme4j.util.AcmeUtils; import org.shredzone.acme4j.util.JSON; import org.shredzone.acme4j.util.JSONBuilder; @@ -185,8 +186,11 @@ public class DefaultConnection implements Connection { if (session.getKeyIdentifier() != null) { // TODO PEBBLE: cannot process "kid" yet, send "jwk" instead // https://github.com/letsencrypt/pebble/issues/23 - // jws.getHeaders().setObjectHeaderValue("kid", session.getKeyIdentifier()); - jws.getHeaders().setJwkHeaderValue("jwk", jwk); + if (Pebble.workaround()) { + jws.getHeaders().setJwkHeaderValue("jwk", jwk); + } else { + jws.getHeaders().setObjectHeaderValue("kid", session.getKeyIdentifier()); + } } else { jws.getHeaders().setJwkHeaderValue("jwk", jwk); } diff --git a/acme4j-client/src/main/java/org/shredzone/acme4j/provider/pebble/Pebble.java b/acme4j-client/src/main/java/org/shredzone/acme4j/provider/pebble/Pebble.java new file mode 100644 index 00000000..2eebd29e --- /dev/null +++ b/acme4j-client/src/main/java/org/shredzone/acme4j/provider/pebble/Pebble.java @@ -0,0 +1,47 @@ +/* + * acme4j - Java ACME client + * + * Copyright (C) 2017 Richard "Shred" Körber + * http://acme4j.shredzone.org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + */ +package org.shredzone.acme4j.provider.pebble; + +import org.slf4j.LoggerFactory; + +/** + * Check if Pebble workarounds or strict ACME specifications are to be used. + *

+ * To enable the Pebble workarounds, pass {@code -Dpebble=true} to the JVM. + *

+ * Do not use this class. It will be removed. + */ +public final class Pebble { + + private static final boolean PEBBLE = Boolean.getBoolean("pebble"); + + static { + if (PEBBLE) { + LoggerFactory.getLogger(Pebble.class).warn("Pebble workarounds enabled!"); + } + } + + private Pebble() { + // utility class without constructor + } + + /** + * Returns {@code true} to enable Pebble workarounds, {@code false} for strict + * ACME specifications. + */ + public static boolean workaround() { + return PEBBLE; + } + +} diff --git a/acme4j-client/src/main/java/org/shredzone/acme4j/provider/pebble/PebbleAcmeProvider.java b/acme4j-client/src/main/java/org/shredzone/acme4j/provider/pebble/PebbleAcmeProvider.java index e8404cb4..8c9e6f50 100644 --- a/acme4j-client/src/main/java/org/shredzone/acme4j/provider/pebble/PebbleAcmeProvider.java +++ b/acme4j-client/src/main/java/org/shredzone/acme4j/provider/pebble/PebbleAcmeProvider.java @@ -77,7 +77,10 @@ public class PebbleAcmeProvider extends AbstractAcmeProvider { @Override public JSON directory(Session session, URI serverUri) throws AcmeException { JSON json = super.directory(session, serverUri); - return JSON.parse(json.toString().replace("\"new-reg\"", "\"new-account\"")); + if (Pebble.workaround()) { + json = JSON.parse(json.toString().replace("\"new-reg\"", "\"new-account\"")); + } + return json; } } diff --git a/acme4j-client/src/test/java/org/shredzone/acme4j/connector/DefaultConnectionTest.java b/acme4j-client/src/test/java/org/shredzone/acme4j/connector/DefaultConnectionTest.java index bdbd44e3..01fbdbea 100644 --- a/acme4j-client/src/test/java/org/shredzone/acme4j/connector/DefaultConnectionTest.java +++ b/acme4j-client/src/test/java/org/shredzone/acme4j/connector/DefaultConnectionTest.java @@ -617,8 +617,7 @@ public class DefaultConnectionTest { expectedHeader.append("\"kid\":\"").append(keyIdentifier).append('"'); expectedHeader.append('}'); - // TODO PEBBLE: cannot process "kid" yet, send "jwk" instead - // assertThat(header, sameJSONAs(expectedHeader.toString())); + assertThat(header, sameJSONAs(expectedHeader.toString())); assertThat(claims, sameJSONAs("{\"foo\":123,\"bar\":\"a-string\"}")); assertThat(signature, not(isEmptyOrNullString())); diff --git a/acme4j-it/pom.xml b/acme4j-it/pom.xml index a5c89c3f..b0ffff9d 100644 --- a/acme4j-it/pom.xml +++ b/acme4j-it/pom.xml @@ -124,6 +124,19 @@ + + + + org.apache.maven.plugins + maven-failsafe-plugin + 2.20 + + + true + + + +