Session contains account location instead of abstract key identifier

pull/61/head
Richard Körber 2018-02-12 15:59:30 +01:00
parent 431a5cf313
commit b690e0ab45
No known key found for this signature in database
GPG Key ID: AAB9FD19C78AA3E0
10 changed files with 34 additions and 49 deletions

View File

@ -57,7 +57,7 @@ public class Account extends AcmeJsonResource {
protected Account(Session session, URL location) {
super(session);
setLocation(location);
session.setKeyIdentifier(location.toString());
session.setAccountLocation(location);
}
/**

View File

@ -155,7 +155,7 @@ public class AccountBuilder {
public Account create(Session session) throws AcmeException {
LOG.debug("create");
if (session.getKeyIdentifier() != null) {
if (session.getAccountLocation() != null) {
throw new IllegalArgumentException("session already seems to have an Account");
}

View File

@ -47,7 +47,7 @@ public class Session {
private final AcmeProvider provider;
private KeyPair keyPair;
private String keyIdentifier;
private URL accountLocation;
private byte[] nonce;
private JSON directoryJson;
private Locale locale = Locale.getDefault();
@ -115,17 +115,17 @@ public class Session {
}
/**
* Gets the key identifier of the ACME account.
* Gets the location {@link URL} of the account logged into this session.
*/
public String getKeyIdentifier() {
return keyIdentifier;
public URL getAccountLocation() {
return accountLocation;
}
/**
* Sets the key identifier of the ACME account.
* Sets the location {@link URL} of the account logged into this session.
*/
public void setKeyIdentifier(String keyIdentifier) {
this.keyIdentifier = keyIdentifier;
public void setAccountLocation(URL accountLocation) {
this.accountLocation = accountLocation;
}
/**

View File

@ -155,10 +155,6 @@ public class DefaultConnection implements Connection {
@Override
public int sendSignedRequest(URL url, JSONBuilder claims, Session session, int... httpStatus) throws AcmeException {
if (session.getKeyIdentifier() == null) {
throw new IllegalStateException("session has no KeyIdentifier set");
}
return sendSignedRequest(url, claims, session, false, httpStatus);
}
@ -326,10 +322,10 @@ public class DefaultConnection implements Connection {
jws.setPayload(claims.toString());
jws.getHeaders().setObjectHeaderValue("nonce", Base64Url.encode(session.getNonce()));
jws.getHeaders().setObjectHeaderValue("url", url);
if (enforceJwk || session.getKeyIdentifier() == null) {
if (enforceJwk || session.getAccountLocation() == null) {
jws.getHeaders().setJwkHeaderValue("jwk", jwk);
} else {
jws.getHeaders().setObjectHeaderValue("kid", session.getKeyIdentifier());
jws.getHeaders().setObjectHeaderValue("kid", session.getAccountLocation());
}
jws.setAlgorithmHeaderValue(keyAlgorithm(jwk));

View File

@ -93,7 +93,7 @@ public class AccountBuilderTest {
assertThat(account.getLocation(), is(locationUrl));
assertThat(account.getTermsOfServiceAgreed(), is(true));
assertThat(session.getKeyIdentifier(), is(locationUrl.toString()));
assertThat(session.getAccountLocation(), is(locationUrl));
try {
AccountBuilder builder2 = new AccountBuilder();
@ -219,7 +219,7 @@ public class AccountBuilderTest {
Account account = builder.create(session);
assertThat(account.getLocation(), is(locationUrl));
assertThat(session.getKeyIdentifier(), is(locationUrl.toString()));
assertThat(session.getAccountLocation(), is(locationUrl));
provider.close();
}

View File

@ -101,7 +101,7 @@ public class AccountTest {
Account account = new Account(session, locationUrl);
account.update();
assertThat(session.getKeyIdentifier(), is(locationUrl.toString()));
assertThat(session.getAccountLocation(), is(locationUrl));
assertThat(account.getLocation(), is(locationUrl));
assertThat(account.getTermsOfServiceAgreed(), is(true));
assertThat(account.getContacts(), hasSize(1));

View File

@ -136,7 +136,7 @@ public class CertificateTest {
assertThat(url, is(resourceUrl));
assertThat(claims.toString(), sameJSONAs(getJSON("revokeCertificateRequest").toString()));
assertThat(session, is(notNullValue()));
assertThat(session.getKeyIdentifier(), is(nullValue()));
assertThat(session.getAccountLocation(), is(nullValue()));
assertThat(enforceJwk, is(true));
certRequested = false;
assertThat(httpStatus, isIntArrayContainingInAnyOrder());

View File

@ -73,13 +73,13 @@ public class SessionTest {
assertThat(session, not(nullValue()));
assertThat(session.getServerUri(), is(serverUri));
assertThat(session.getKeyPair(), is(keyPair));
assertThat(session.getKeyIdentifier(), is(nullValue()));
assertThat(session.getAccountLocation(), is(nullValue()));
Session session2 = new Session("https://example.com/acme", keyPair);
assertThat(session2, not(nullValue()));
assertThat(session2.getServerUri(), is(serverUri));
assertThat(session2.getKeyPair(), is(keyPair));
assertThat(session2.getKeyIdentifier(), is(nullValue()));
assertThat(session2.getAccountLocation(), is(nullValue()));
try {
new Session("#*aBaDuRi*#", keyPair);
@ -97,7 +97,7 @@ public class SessionTest {
KeyPair kp1 = TestUtils.createKeyPair();
KeyPair kp2 = TestUtils.createDomainKeyPair();
URI serverUri = URI.create(TestUtils.ACME_SERVER_URI);
String keyIdentifier = TestUtils.ACME_SERVER_URI + "/acct/1";
URL accountUrl = TestUtils.url(TestUtils.ACME_SERVER_URI + "/acct/1");
Session session = new Session(serverUri, kp1);
@ -110,9 +110,9 @@ public class SessionTest {
session.setKeyPair(kp2);
assertThat(session.getKeyPair(), is(kp2));
assertThat(session.getKeyIdentifier(), is(nullValue()));
session.setKeyIdentifier(keyIdentifier);
assertThat(session.getKeyIdentifier(), is(keyIdentifier));
assertThat(session.getAccountLocation(), is(nullValue()));
session.setAccountLocation(accountUrl);
assertThat(session.getAccountLocation(), is(accountUrl));
assertThat(session.getServerUri(), is(serverUri));
}

View File

@ -64,7 +64,7 @@ import org.shredzone.acme4j.toolbox.TestUtils;
public class DefaultConnectionTest {
private URL requestUrl = TestUtils.url("http://example.com/acme/");
private String keyIdentifier = TestUtils.ACME_SERVER_URI + "/acct/1";
private URL accountUrl = TestUtils.url(TestUtils.ACME_SERVER_URI + "/acct/1");
private HttpURLConnection mockUrlConnection;
private HttpConnector mockHttpConnection;
private Session session;
@ -402,7 +402,7 @@ public class DefaultConnectionTest {
when(mockUrlConnection.getResponseCode()).thenReturn(HttpURLConnection.HTTP_OK);
when(mockUrlConnection.getOutputStream()).thenReturn(new ByteArrayOutputStream());
session.setKeyIdentifier(keyIdentifier);
session.setAccountLocation(accountUrl);
session.setNonce(TestUtils.DUMMY_NONCE);
try (DefaultConnection conn = new DefaultConnection(mockHttpConnection)) {
@ -426,7 +426,7 @@ public class DefaultConnectionTest {
when(mockUrlConnection.getErrorStream()).thenReturn(new ByteArrayInputStream(jsonData.getBytes("utf-8")));
when(mockUrlConnection.getURL()).thenReturn(url("https://example.com/acme/1"));
session.setKeyIdentifier(keyIdentifier);
session.setAccountLocation(accountUrl);
session.setNonce(TestUtils.DUMMY_NONCE);
try (DefaultConnection conn = new DefaultConnection(mockHttpConnection)) {
@ -462,7 +462,7 @@ public class DefaultConnectionTest {
when(mockUrlConnection.getErrorStream()).thenReturn(new ByteArrayInputStream(jsonData.getBytes("utf-8")));
when(mockUrlConnection.getURL()).thenReturn(url("https://example.com/acme/1"));
session.setKeyIdentifier(keyIdentifier);
session.setAccountLocation(accountUrl);
session.setNonce(TestUtils.DUMMY_NONCE);
try (DefaultConnection conn = new DefaultConnection(mockHttpConnection)) {
@ -504,7 +504,7 @@ public class DefaultConnectionTest {
when(mockUrlConnection.getErrorStream()).thenReturn(new ByteArrayInputStream(jsonData.getBytes("utf-8")));
when(mockUrlConnection.getURL()).thenReturn(url("https://example.com/acme/1"));
session.setKeyIdentifier(keyIdentifier);
session.setAccountLocation(accountUrl);
session.setNonce(TestUtils.DUMMY_NONCE);
try (DefaultConnection conn = new DefaultConnection(mockHttpConnection)) {
@ -544,7 +544,7 @@ public class DefaultConnectionTest {
when(mockUrlConnection.getOutputStream())
.thenReturn(new ByteArrayOutputStream());
session.setKeyIdentifier(keyIdentifier);
session.setAccountLocation(accountUrl);
session.setNonce(TestUtils.DUMMY_NONCE);
try (DefaultConnection conn = new DefaultConnection(mockHttpConnection) {
@ -584,7 +584,7 @@ public class DefaultConnectionTest {
when(mockUrlConnection.getOutputStream())
.thenReturn(new ByteArrayOutputStream());
session.setKeyIdentifier(keyIdentifier);
session.setAccountLocation(accountUrl);
session.setNonce(TestUtils.DUMMY_NONCE);
try (DefaultConnection conn = new DefaultConnection(mockHttpConnection) {
@ -620,7 +620,7 @@ public class DefaultConnectionTest {
when(mockUrlConnection.getOutputStream())
.thenReturn(new ByteArrayOutputStream());
session.setKeyIdentifier(keyIdentifier);
session.setAccountLocation(accountUrl);
session.setNonce(TestUtils.DUMMY_NONCE);
try (DefaultConnection conn = new DefaultConnection(mockHttpConnection)) {
@ -691,7 +691,7 @@ public class DefaultConnectionTest {
}) {
JSONBuilder cb = new JSONBuilder();
cb.put("foo", 123).put("bar", "a-string");
session.setKeyIdentifier(keyIdentifier);
session.setAccountLocation(accountUrl);
conn.sendSignedRequest(requestUrl, cb, session);
}
@ -718,7 +718,7 @@ public class DefaultConnectionTest {
expectedHeader.append("\"nonce\":\"").append(Base64Url.encode(nonce1)).append("\",");
expectedHeader.append("\"url\":\"").append(requestUrl).append("\",");
expectedHeader.append("\"alg\":\"RS256\",");
expectedHeader.append("\"kid\":\"").append(keyIdentifier).append('"');
expectedHeader.append("\"kid\":\"").append(accountUrl).append('"');
expectedHeader.append('}');
assertThat(Base64Url.decodeToUtf8String(encodedHeader), sameJSONAs(expectedHeader.toString()));
@ -808,17 +808,6 @@ public class DefaultConnectionTest {
assertThat(jws.verifySignature(), is(true));
}
/**
* Test signed POST requests without a required KeyIdentifier.
*/
@Test(expected = IllegalStateException.class)
public void testSendSignedRequestNoKidFailed() throws Exception {
try (DefaultConnection conn = new DefaultConnection(mockHttpConnection)) {
JSONBuilder cb = new JSONBuilder();
conn.sendSignedRequest(requestUrl, cb, session);
}
}
/**
* Test signed POST requests if there is no nonce.
*/

View File

@ -48,7 +48,7 @@ public class AccountIT extends PebbleITBase {
Account acct = ab.create(session);
URL location = acct.getLocation();
assertIsPebbleUrl(location);
assertThat(session.getKeyIdentifier(), is(location.toString()));
assertThat(session.getAccountLocation(), is(location));
// Check registered data
assertThat(acct.getContacts(), contains(URI.create("mailto:acme@example.com")));
@ -73,7 +73,7 @@ public class AccountIT extends PebbleITBase {
.create(session1);
URL location1 = acct1.getLocation();
assertIsPebbleUrl(location1);
assertThat(session1.getKeyIdentifier(), is(location1.toString()));
assertThat(session1.getAccountLocation(), is(location1));
Session session2 = new Session(pebbleURI(), keyPair);
Account acct2 = new AccountBuilder()
@ -81,7 +81,7 @@ public class AccountIT extends PebbleITBase {
.create(session2);
URL location2 = acct2.getLocation();
assertIsPebbleUrl(location2);
assertThat(session2.getKeyIdentifier(), is(location2.toString()));
assertThat(session2.getAccountLocation(), is(location2));
assertThat(location1, is(location2));
}