github
/
acme4j
mirror of https://github.com/shred/acme4j
1
0
Fork 0
Code Issues Releases Wiki Activity

Use certificate if already available on request time

pull/30/head
Richard Körber 2016-07-07 00:11:39 +02:00
parent 7eec503d55
commit 78cb7259d4
3 changed files with 77 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
acme4j-client/src/main/java/org/shredzone/acme4j/Certificate.java
View File

@ -90,6 +90,8 @@ public class Certificate extends AcmeResource {
conn.throwAcmeException(); conn.throwAcmeException();
} }
// TODO: HTTP_ACCEPTED plus Retry-After header if not yet available
chainCertUri = conn.getLink("up"); chainCertUri = conn.getLink("up");
cert = conn.readCertificate(); cert = conn.readCertificate();

11
acme4j-client/src/main/java/org/shredzone/acme4j/Registration.java
View File

@ -18,6 +18,7 @@ import java.net.HttpURLConnection;
import java.net.URI; import java.net.URI;
import java.net.URISyntaxException; import java.net.URISyntaxException;
import java.security.KeyPair; import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collection; import java.util.Collection;
@ -176,12 +177,14 @@ public class Registration extends AcmeResource {
conn.throwAcmeException(); conn.throwAcmeException();
} }
// HTTP_ACCEPTED requires Retry-After header to be set X509Certificate cert = null;
if (rc == HttpURLConnection.HTTP_CREATED) {
cert = conn.readCertificate();
}
// Optionally returns the certificate. Currently it is just ignored. URI chainCertUri = conn.getLink("up");
// X509Certificate cert = conn.readCertificate();
return new Certificate(getSession(), conn.getLocation()); return new Certificate(getSession(), conn.getLocation(), chainCertUri, cert);
} catch (IOException ex) { } catch (IOException ex) {
throw new AcmeNetworkException(ex); throw new AcmeNetworkException(ex);
} }

70
acme4j-client/src/test/java/org/shredzone/acme4j/RegistrationTest.java
View File

@ -23,6 +23,7 @@ import java.net.HttpURLConnection;
import java.net.URI; import java.net.URI;
import java.net.URISyntaxException; import java.net.URISyntaxException;
import java.security.KeyPair; import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.Map; import java.util.Map;
import org.jose4j.jws.JsonWebSignature; import org.jose4j.jws.JsonWebSignature;
@ -49,6 +50,7 @@ public class RegistrationTest {
private URI resourceUri = URI.create("http://example.com/acme/resource"); private URI resourceUri = URI.create("http://example.com/acme/resource");
private URI locationUri = URI.create("http://example.com/acme/registration"); private URI locationUri = URI.create("http://example.com/acme/registration");
private URI agreementUri = URI.create("http://example.com/agreement.pdf"); private URI agreementUri = URI.create("http://example.com/agreement.pdf");
private URI chainUri = URI.create("http://example.com/acme/chain");
/** /**
* Test getters. Make sure object cannot be modified. * Test getters. Make sure object cannot be modified.
@ -171,11 +173,19 @@ public class RegistrationTest {
} }
/** /**
* Test that a certificate can be requested. * Test that a certificate can be requested and is delivered synchronously.
*/ */
@Test @Test
public void testRequestCertificate() throws AcmeException, IOException { public void testRequestCertificateSync() throws AcmeException, IOException {
final X509Certificate originalCert = TestUtils.createCertificate();
TestableConnectionProvider provider = new TestableConnectionProvider() { TestableConnectionProvider provider = new TestableConnectionProvider() {
@Override
public int sendRequest(URI uri) {
fail("Attempted to download the certificate. Should be downloaded already!");
return HttpURLConnection.HTTP_OK;
}
@Override @Override
public int sendSignedRequest(URI uri, ClaimBuilder claims, Session session) { public int sendSignedRequest(URI uri, ClaimBuilder claims, Session session) {
assertThat(uri, is(resourceUri)); assertThat(uri, is(resourceUri));
@ -184,6 +194,61 @@ public class RegistrationTest {
return HttpURLConnection.HTTP_CREATED; return HttpURLConnection.HTTP_CREATED;
} }
@Override
public X509Certificate readCertificate() {
return originalCert;
}
@Override
public URI getLocation() {
return locationUri;
}
@Override
public URI getLink(String relation) {
switch(relation) {
case "up": return chainUri;
default: return null;
}
}
};
provider.putTestResource(Resource.NEW_CERT, resourceUri);
byte[] csr = TestUtils.getResourceAsByteArray("/csr.der");
Registration registration = new Registration(provider.createSession(), locationUri);
Certificate cert = registration.requestCertificate(csr);
assertThat(cert.download(), is(originalCert));
assertThat(cert.getLocation(), is(locationUri));
assertThat(cert.getChainLocation(), is(chainUri));
provider.close();
}
/**
* Test that a certificate can be requested and is delivered asynchronously.
*/
@Test
public void testRequestCertificateAsync() throws AcmeException, IOException {
TestableConnectionProvider provider = new TestableConnectionProvider() {
@Override
public int sendSignedRequest(URI uri, ClaimBuilder claims, Session session) {
assertThat(uri, is(resourceUri));
assertThat(claims.toString(), sameJSONAs(getJson("requestCertificateRequest")));
assertThat(session, is(notNullValue()));
return HttpURLConnection.HTTP_ACCEPTED;
}
@Override
public URI getLink(String relation) {
switch(relation) {
case "up": return chainUri;
default: return null;
}
}
@Override @Override
public URI getLocation() { public URI getLocation() {
return locationUri; return locationUri;
@ -198,6 +263,7 @@ public class RegistrationTest {
Certificate cert = registration.requestCertificate(csr); Certificate cert = registration.requestCertificate(csr);
assertThat(cert.getLocation(), is(locationUri)); assertThat(cert.getLocation(), is(locationUri));
assertThat(cert.getChainLocation(), is(chainUri));
provider.close(); provider.close();
} }