Use certificate if already available on request time

pull/30/head
Richard Körber 2016-07-07 00:11:39 +02:00
parent 7eec503d55
commit 78cb7259d4
3 changed files with 77 additions and 6 deletions

View File

@ -90,6 +90,8 @@ public class Certificate extends AcmeResource {
conn.throwAcmeException();
}
// TODO: HTTP_ACCEPTED plus Retry-After header if not yet available
chainCertUri = conn.getLink("up");
cert = conn.readCertificate();

View File

@ -18,6 +18,7 @@ import java.net.HttpURLConnection;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
@ -176,12 +177,14 @@ public class Registration extends AcmeResource {
conn.throwAcmeException();
}
// HTTP_ACCEPTED requires Retry-After header to be set
X509Certificate cert = null;
if (rc == HttpURLConnection.HTTP_CREATED) {
cert = conn.readCertificate();
}
// Optionally returns the certificate. Currently it is just ignored.
// X509Certificate cert = conn.readCertificate();
URI chainCertUri = conn.getLink("up");
return new Certificate(getSession(), conn.getLocation());
return new Certificate(getSession(), conn.getLocation(), chainCertUri, cert);
} catch (IOException ex) {
throw new AcmeNetworkException(ex);
}

View File

@ -23,6 +23,7 @@ import java.net.HttpURLConnection;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.Map;
import org.jose4j.jws.JsonWebSignature;
@ -49,6 +50,7 @@ public class RegistrationTest {
private URI resourceUri = URI.create("http://example.com/acme/resource");
private URI locationUri = URI.create("http://example.com/acme/registration");
private URI agreementUri = URI.create("http://example.com/agreement.pdf");
private URI chainUri = URI.create("http://example.com/acme/chain");
/**
* Test getters. Make sure object cannot be modified.
@ -171,11 +173,19 @@ public class RegistrationTest {
}
/**
* Test that a certificate can be requested.
* Test that a certificate can be requested and is delivered synchronously.
*/
@Test
public void testRequestCertificate() throws AcmeException, IOException {
public void testRequestCertificateSync() throws AcmeException, IOException {
final X509Certificate originalCert = TestUtils.createCertificate();
TestableConnectionProvider provider = new TestableConnectionProvider() {
@Override
public int sendRequest(URI uri) {
fail("Attempted to download the certificate. Should be downloaded already!");
return HttpURLConnection.HTTP_OK;
}
@Override
public int sendSignedRequest(URI uri, ClaimBuilder claims, Session session) {
assertThat(uri, is(resourceUri));
@ -184,6 +194,61 @@ public class RegistrationTest {
return HttpURLConnection.HTTP_CREATED;
}
@Override
public X509Certificate readCertificate() {
return originalCert;
}
@Override
public URI getLocation() {
return locationUri;
}
@Override
public URI getLink(String relation) {
switch(relation) {
case "up": return chainUri;
default: return null;
}
}
};
provider.putTestResource(Resource.NEW_CERT, resourceUri);
byte[] csr = TestUtils.getResourceAsByteArray("/csr.der");
Registration registration = new Registration(provider.createSession(), locationUri);
Certificate cert = registration.requestCertificate(csr);
assertThat(cert.download(), is(originalCert));
assertThat(cert.getLocation(), is(locationUri));
assertThat(cert.getChainLocation(), is(chainUri));
provider.close();
}
/**
* Test that a certificate can be requested and is delivered asynchronously.
*/
@Test
public void testRequestCertificateAsync() throws AcmeException, IOException {
TestableConnectionProvider provider = new TestableConnectionProvider() {
@Override
public int sendSignedRequest(URI uri, ClaimBuilder claims, Session session) {
assertThat(uri, is(resourceUri));
assertThat(claims.toString(), sameJSONAs(getJson("requestCertificateRequest")));
assertThat(session, is(notNullValue()));
return HttpURLConnection.HTTP_ACCEPTED;
}
@Override
public URI getLink(String relation) {
switch(relation) {
case "up": return chainUri;
default: return null;
}
}
@Override
public URI getLocation() {
return locationUri;
@ -198,6 +263,7 @@ public class RegistrationTest {
Certificate cert = registration.requestCertificate(csr);
assertThat(cert.getLocation(), is(locationUri));
assertThat(cert.getChainLocation(), is(chainUri));
provider.close();
}