Use system property for enabling Pebble workarounds

2017-05-01 16:17:01 +02:00 · 2017-05-01 16:17:01 +02:00 · 710e876585
parent 1c75d28dae
commit 710e876585
5 changed files with 71 additions and 5 deletions
--- a/acme4j-client/src/main/java/org/shredzone/acme4j/connector/DefaultConnection.java
+++ b/acme4j-client/src/main/java/org/shredzone/acme4j/connector/DefaultConnection.java
@ -53,6 +53,7 @@ import org.shredzone.acme4j.exception.AcmeRateLimitExceededException;
 import org.shredzone.acme4j.exception.AcmeRetryAfterException;
 import org.shredzone.acme4j.exception.AcmeServerException;
 import org.shredzone.acme4j.exception.AcmeUnauthorizedException;
+import org.shredzone.acme4j.provider.pebble.Pebble;
 import org.shredzone.acme4j.util.AcmeUtils;
 import org.shredzone.acme4j.util.JSON;
 import org.shredzone.acme4j.util.JSONBuilder;
@ -185,8 +186,11 @@ public class DefaultConnection implements Connection {
            if (session.getKeyIdentifier() != null) {
                // TODO PEBBLE: cannot process "kid" yet, send "jwk" instead
                // https://github.com/letsencrypt/pebble/issues/23
-                // jws.getHeaders().setObjectHeaderValue("kid", session.getKeyIdentifier());
+                if (Pebble.workaround()) {
                    jws.getHeaders().setJwkHeaderValue("jwk", jwk);
+                } else {
+                    jws.getHeaders().setObjectHeaderValue("kid", session.getKeyIdentifier());
+                }
            } else {
                jws.getHeaders().setJwkHeaderValue("jwk", jwk);
            }
--- a/acme4j-client/src/main/java/org/shredzone/acme4j/provider/pebble/Pebble.java
+++ b/acme4j-client/src/main/java/org/shredzone/acme4j/provider/pebble/Pebble.java
@ -0,0 +1,47 @@
+/*
+ * acme4j - Java ACME client
+ *
+ * Copyright (C) 2017 Richard "Shred" Körber
+ *   http://acme4j.shredzone.org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ */
+package org.shredzone.acme4j.provider.pebble;
+
+import org.slf4j.LoggerFactory;
+
+/**
+ * Check if Pebble workarounds or strict ACME specifications are to be used.
+ * <p>
+ * To enable the Pebble workarounds, pass {@code -Dpebble=true} to the JVM.
+ * <p>
+ * Do not use this class. It will be removed.
+ */
+public final class Pebble {
+
+    private static final boolean PEBBLE = Boolean.getBoolean("pebble");
+
+    static {
+        if (PEBBLE) {
+            LoggerFactory.getLogger(Pebble.class).warn("Pebble workarounds enabled!");
+        }
+    }
+
+    private Pebble() {
+        // utility class without constructor
+    }
+
+    /**
+     * Returns {@code true} to enable Pebble workarounds, {@code false} for strict
+     * ACME specifications.
+     */
+    public static boolean workaround() {
+        return PEBBLE;
+    }
+
+}
--- a/acme4j-client/src/main/java/org/shredzone/acme4j/provider/pebble/PebbleAcmeProvider.java
+++ b/acme4j-client/src/main/java/org/shredzone/acme4j/provider/pebble/PebbleAcmeProvider.java
@ -77,7 +77,10 @@ public class PebbleAcmeProvider extends AbstractAcmeProvider {
    @Override
    public JSON directory(Session session, URI serverUri) throws AcmeException {
        JSON json = super.directory(session, serverUri);
-        return JSON.parse(json.toString().replace("\"new-reg\"", "\"new-account\""));
+        if (Pebble.workaround()) {
+            json = JSON.parse(json.toString().replace("\"new-reg\"", "\"new-account\""));
+        }
+        return json;
    }

 }
--- a/acme4j-client/src/test/java/org/shredzone/acme4j/connector/DefaultConnectionTest.java
+++ b/acme4j-client/src/test/java/org/shredzone/acme4j/connector/DefaultConnectionTest.java
@ -617,8 +617,7 @@ public class DefaultConnectionTest {
        expectedHeader.append("\"kid\":\"").append(keyIdentifier).append('"');
        expectedHeader.append('}');

-        // TODO PEBBLE: cannot process "kid" yet, send "jwk" instead
-        // assertThat(header, sameJSONAs(expectedHeader.toString()));
+        assertThat(header, sameJSONAs(expectedHeader.toString()));
        assertThat(claims, sameJSONAs("{\"foo\":123,\"bar\":\"a-string\"}"));
        assertThat(signature, not(isEmptyOrNullString()));

--- a/acme4j-it/pom.xml
+++ b/acme4j-it/pom.xml
@ -124,6 +124,19 @@
                    </images>
                </configuration>
            </plugin>
+
+            <!-- TODO PEBBLE: remove -->
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-failsafe-plugin</artifactId>
+                <version>2.20</version>
+                <configuration>
+                    <systemPropertyVariables>
+                        <pebble>true</pebble>
+                    </systemPropertyVariables>
+                </configuration>
+            </plugin>
+
        </plugins>
    </build>