From 9c6eb5e610f8e0bee17022ef816a1f4386d2eca5 Mon Sep 17 00:00:00 2001
From: George Fergadis <fergadis@ssl.com>
Date: Tue, 9 Jan 2024 17:45:35 +0200
Subject: [PATCH] Add SSL.com provider

---
 acme4j-client/src/main/java/module-info.java  |  1 +
 .../provider/sslcom/SslComAcmeProvider.java   | 64 +++++++++++++++++++
 .../acme4j/provider/sslcom/package-info.java  | 29 +++++++++
 ...org.shredzone.acme4j.provider.AcmeProvider |  3 +
 src/doc/docs/ca/index.md                      |  1 +
 src/doc/docs/ca/sslcom.md                     |  8 +++
 src/doc/docs/development/provider.md          |  6 +-
 src/doc/docs/faq.md                           |  3 +-
 src/doc/docs/usage/connecting.md              |  8 +++
 src/doc/mkdocs.yml                            |  1 +
 10 files changed, 122 insertions(+), 2 deletions(-)
 create mode 100644 acme4j-client/src/main/java/org/shredzone/acme4j/provider/sslcom/SslComAcmeProvider.java
 create mode 100644 acme4j-client/src/main/java/org/shredzone/acme4j/provider/sslcom/package-info.java
 create mode 100644 src/doc/docs/ca/sslcom.md

diff --git a/acme4j-client/src/main/java/module-info.java b/acme4j-client/src/main/java/module-info.java
index 0a041f4b..278fa7e6 100644
--- a/acme4j-client/src/main/java/module-info.java
+++ b/acme4j-client/src/main/java/module-info.java
@@ -37,5 +37,6 @@ module org.shredzone.acme4j {
     provides org.shredzone.acme4j.provider.AcmeProvider
             with org.shredzone.acme4j.provider.GenericAcmeProvider,
                  org.shredzone.acme4j.provider.letsencrypt.LetsEncryptAcmeProvider,
+                 org.shredzone.acme4j.provider.sslcom.SslComAcmeProvider,
                  org.shredzone.acme4j.provider.pebble.PebbleAcmeProvider;
 }
diff --git a/acme4j-client/src/main/java/org/shredzone/acme4j/provider/sslcom/SslComAcmeProvider.java b/acme4j-client/src/main/java/org/shredzone/acme4j/provider/sslcom/SslComAcmeProvider.java
new file mode 100644
index 00000000..e553815a
--- /dev/null
+++ b/acme4j-client/src/main/java/org/shredzone/acme4j/provider/sslcom/SslComAcmeProvider.java
@@ -0,0 +1,64 @@
+/*
+ * acme4j - Java ACME client
+ *
+ * Copyright (C) 2015 Richard "Shred" Körber
+ *   http://acme4j.shredzone.org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ */
+package org.shredzone.acme4j.provider.sslcom;
+
+import java.net.MalformedURLException;
+import java.net.URI;
+import java.net.URL;
+
+import org.shredzone.acme4j.exception.AcmeProtocolException;
+import org.shredzone.acme4j.provider.AbstractAcmeProvider;
+import org.shredzone.acme4j.provider.AcmeProvider;
+
+/**
+ * An {@link AcmeProvider} for <em>SSL.com</em>.
+ * <p>
+ * The {@code serverUri} is {@code "acme://ssl.com"} for the production server,
+ * and {@code "acme://acme-try.ssl.com"} for a testing server.
+ * <p>
+ * If you want to use <em>SSL.com</em>, always prefer to use this provider.
+ *
+ * @see <a href="https://ssl.com/">SSL.com</a>
+ */
+public class SslComAcmeProvider extends AbstractAcmeProvider {
+
+    private static final String V02_DIRECTORY_URL = "https://acme.ssl.com/sslcom-dv-ecc";
+    private static final String STAGING_DIRECTORY_URL = "https://acme-try.ssl.com/sslcom-dv-ecc";
+
+    @Override
+    public boolean accepts(URI serverUri) {
+        return "acme".equals(serverUri.getScheme())
+                && "ssl.com".equals(serverUri.getHost());
+    }
+
+    @Override
+    public URL resolve(URI serverUri) {
+        var path = serverUri.getPath();
+        String directoryUrl;
+        if (path == null || "".equals(path) || "/".equals(path) || "/v02".equals(path)) {
+            directoryUrl = V02_DIRECTORY_URL;
+        } else if ("/staging".equals(path)) {
+            directoryUrl = STAGING_DIRECTORY_URL;
+        } else {
+            throw new IllegalArgumentException("Unknown URI " + serverUri);
+        }
+
+        try {
+            return new URL(directoryUrl);
+        } catch (MalformedURLException ex) {
+            throw new AcmeProtocolException(directoryUrl, ex);
+        }
+    }
+
+}
diff --git a/acme4j-client/src/main/java/org/shredzone/acme4j/provider/sslcom/package-info.java b/acme4j-client/src/main/java/org/shredzone/acme4j/provider/sslcom/package-info.java
new file mode 100644
index 00000000..ca949196
--- /dev/null
+++ b/acme4j-client/src/main/java/org/shredzone/acme4j/provider/sslcom/package-info.java
@@ -0,0 +1,29 @@
+/*
+ * acme4j - Java ACME client
+ *
+ * Copyright (C) 2020 Richard "Shred" Körber
+ *   http://acme4j.shredzone.org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+/**
+ * This package contains the SSL.com
+ * {@link org.shredzone.acme4j.provider.AcmeProvider}.
+ *
+ * @see <a href="https://ssl.com/">SSL.com</a>
+ */
+@ReturnValuesAreNonnullByDefault
+@DefaultAnnotationForParameters(NonNull.class)
+@DefaultAnnotationForFields(NonNull.class)
+package org.shredzone.acme4j.provider.sslcom;
+
+import edu.umd.cs.findbugs.annotations.DefaultAnnotationForFields;
+import edu.umd.cs.findbugs.annotations.DefaultAnnotationForParameters;
+import edu.umd.cs.findbugs.annotations.NonNull;
+import edu.umd.cs.findbugs.annotations.ReturnValuesAreNonnullByDefault;
diff --git a/acme4j-client/src/main/resources/META-INF/services/org.shredzone.acme4j.provider.AcmeProvider b/acme4j-client/src/main/resources/META-INF/services/org.shredzone.acme4j.provider.AcmeProvider
index b4662ed0..c81603bd 100644
--- a/acme4j-client/src/main/resources/META-INF/services/org.shredzone.acme4j.provider.AcmeProvider
+++ b/acme4j-client/src/main/resources/META-INF/services/org.shredzone.acme4j.provider.AcmeProvider
@@ -4,3 +4,6 @@ org.shredzone.acme4j.provider.letsencrypt.LetsEncryptAcmeProvider
 
 # Pebble (ACME Test Server): https://github.com/letsencrypt/pebble
 org.shredzone.acme4j.provider.pebble.PebbleAcmeProvider
+
+# SSL.com: https://ssl.com
+org.shredzone.acme4j.provider.sslcom.SslComAcmeProvider
diff --git a/src/doc/docs/ca/index.md b/src/doc/docs/ca/index.md
index 991f96ec..4ba497e8 100644
--- a/src/doc/docs/ca/index.md
+++ b/src/doc/docs/ca/index.md
@@ -8,6 +8,7 @@ The _acme4j_ package contains these providers:
 
 * [Let's Encrypt](letsencrypt.md)
 * [Pebble](pebble.md)
+* [SSL.com](sslcom.md)
 
 More CAs may be supported in future releases of _acme4j_.
 
diff --git a/src/doc/docs/ca/sslcom.md b/src/doc/docs/ca/sslcom.md
new file mode 100644
index 00000000..b7739d92
--- /dev/null
+++ b/src/doc/docs/ca/sslcom.md
@@ -0,0 +1,8 @@
+# SSL.com
+
+Web site: [SSL.com](https://ssl.com)
+
+## Connection URIs
+
+* `acme://ssl.com` - Production server
+* `acme://ssl.com/staging` - Testing server
diff --git a/src/doc/docs/development/provider.md b/src/doc/docs/development/provider.md
index 9489eef7..a2b6a9d9 100644
--- a/src/doc/docs/development/provider.md
+++ b/src/doc/docs/development/provider.md
@@ -6,11 +6,15 @@ Basically, it is possible to connect to any kind of ACME server just by connecti
 Session session = new Session("https://acme-v02.api.letsencrypt.org/directory");
 ```
 
-ACME providers are "plug-ins" to _acme4j_ that are specialized on a single CA. For example, the _Let's Encrypt_ provider offers URIs that are much easier to remember. The example above would look like this:
+ACME providers are "plug-ins" to _acme4j_ that are specialized on a single CA. For example, the _Let's Encrypt_ and _SSL.com_ providers offers URIs that are much easier to remember. The example above would look like this:
 
 ```java
 Session session = new Session("acme://letsencrypt.org");
 ```
+or this:
+```java
+Session session = new Session("acme://ssl.com");
+```
 
 ## Writing your own Provider
 
diff --git a/src/doc/docs/faq.md b/src/doc/docs/faq.md
index 259636f2..e676288b 100644
--- a/src/doc/docs/faq.md
+++ b/src/doc/docs/faq.md
@@ -70,4 +70,5 @@ You can still revoke certificates without account key pair though, see [here](us
 ## Where can I find more help?
 
 * [Let's Encrypt Documentation](https://letsencrypt.org/docs/)
-* [Let's Encrypt Community](https://community.letsencrypt.org/) - If the question is _acme4j_ related, please mention it in your post.
\ No newline at end of file
+* [Let's Encrypt Community](https://community.letsencrypt.org/) - If the question is _acme4j_ related, please mention it in your post.
+* [SSL.com Knowledgebase](https://www.ssl.com/info/)
diff --git a/src/doc/docs/usage/connecting.md b/src/doc/docs/usage/connecting.md
index ccbe47c6..6a42cdd0 100644
--- a/src/doc/docs/usage/connecting.md
+++ b/src/doc/docs/usage/connecting.md
@@ -22,6 +22,10 @@ Such an URI is hard to remember and might even change in the future. For this re
 ```java
 Session session = new Session("acme://letsencrypt.org/staging");
 ```
+or
+```java
+Session session = new Session("acme://ssl.com/staging");
+```
 
 Instead of a generic provider, this call uses a specialized _Let's Encrypt_ provider.
 
@@ -32,6 +36,10 @@ To use the _Let's Encrypt_ production server, you only need to change the ACME U
 ```java
 Session session = new Session("acme://letsencrypt.org");
 ```
+or to use the _SSL.com_ production server:
+```java
+Session session = new Session("acme://ssl.com");
+```
 
 ## Metadata
 
diff --git a/src/doc/mkdocs.yml b/src/doc/mkdocs.yml
index e61bc88a..ebc32e04 100644
--- a/src/doc/mkdocs.yml
+++ b/src/doc/mkdocs.yml
@@ -44,6 +44,7 @@ nav:
     - 'ca/index.md'
     - 'ca/letsencrypt.md'
     - 'ca/pebble.md'
+    - 'ca/sslcom.md'
   - Development:
     - 'development/index.md'
     - 'development/provider.md'