From 786a2d279dff7e3c0e9d06dded8cdb96b032e916 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Richard=20K=C3=B6rber?= <github@shredzone.org>
Date: Sat, 18 Jan 2025 12:07:31 +0100
Subject: [PATCH] Add documentation about profiles

---
 README.md                   |  1 +
 src/doc/docs/index.md       |  1 +
 src/doc/docs/usage/order.md | 17 +++++++++++++++++
 3 files changed, 19 insertions(+)

diff --git a/README.md b/README.md
index 55c67009..c78bef2e 100644
--- a/README.md
+++ b/README.md
@@ -16,6 +16,7 @@ This Java client helps connecting to an ACME server, and performing all necessar
 * Supports [RFC 8823](https://tools.ietf.org/html/rfc8823) for S/MIME certificates (experimental)
 * Supports [RFC 9444](https://tools.ietf.org/html/rfc9444) for subdomain validation
 * Supports [draft-ietf-acme-ari-06](https://www.ietf.org/archive/id/draft-ietf-acme-ari-06.html) for renewal information (experimental)
+* Supports [draft-aaron-acme-profiles-00](https://www.ietf.org/archive/id/draft-aaron-acme-profiles-00.html) for certificate profiles (experimental)
 * Easy to use Java API
 * Requires JRE 11 or higher
 * Supports [Buypass](https://buypass.com/), [Google Trust Services](https://pki.goog/), [Let's Encrypt](https://letsencrypt.org/), [SSL.com](https://www.ssl.com/), [ZeroSSL](https://zerossl.com/), and all other CAs that comply with the ACME protocol (RFC 8555). Note that _acme4j_ is an independent project that is not supported or endorsed by any of the CAs.
diff --git a/src/doc/docs/index.md b/src/doc/docs/index.md
index 8e416cbb..59c3f31b 100644
--- a/src/doc/docs/index.md
+++ b/src/doc/docs/index.md
@@ -20,6 +20,7 @@ Latest version: ![maven central](https://shredzone.org/maven-central/org.shredzo
 * Supports [RFC 8823](https://tools.ietf.org/html/rfc8823) for S/MIME certificates (experimental)
 * Supports [RFC 9444](https://tools.ietf.org/html/rfc9444) for subdomain validation
 * Supports [draft-ietf-acme-ari-06](https://www.ietf.org/archive/id/draft-ietf-acme-ari-06.html) for renewal information (experimental)
+* Supports [draft-aaron-acme-profiles-00](https://www.ietf.org/archive/id/draft-aaron-acme-profiles-00.html) for certificate profiles (experimental)
 * Easy to use Java API
 * Requires JRE 11 or higher
 * Supports [Buypass](https://buypass.com/), [Google Trust Services](https://pki.goog/), [Let's Encrypt](https://letsencrypt.org/), [SSL.com](https://www.ssl.com/), [ZeroSSL](https://zerossl.com/), and all other CAs that comply with the ACME protocol (RFC 8555). Note that _acme4j_ is an independent project that is not supported or endorsed by any of the CAs.
diff --git a/src/doc/docs/usage/order.md b/src/doc/docs/usage/order.md
index f02c8688..e943d16e 100644
--- a/src/doc/docs/usage/order.md
+++ b/src/doc/docs/usage/order.md
@@ -240,3 +240,20 @@ The CA can then choose to issue challenges for any of `foo.bar.example.org`, `ba
 `Authorization.isSubdomainAuthAllowed()` will return `true` if that `Authorization` is used to issue subdomain certificates.
 
 To check if your CA supports RFC 9444, read `Metadata.isSubdomainAuthAllowed()`.
+
+## Profiles
+
+If your CA supports [draft-aaron-acme-profiles](https://www.ietf.org/archive/id/draft-aaron-acme-profiles-00.html), you can select a profile when ordering a certificate:
+
+```java
+Order order = account.newOrder()
+        .profile("tlsserver")
+        .create();
+```
+
+You can use `Metadata` to check if profiles are supported, and which ones:
+
+* `Metadata.isProfileAllowed()`: `true` if profiles are supported
+* `Metadata.isProfileAllowed(String)`: `true` if the given profile is supported
+* `Metadata.getProfiles()`: returns a `Set` of all profile names
+* `Metadata.getProfileDescription(String)`: returns a human-readable profile description