github
/
acme4j
mirror of https://github.com/shred/acme4j
1
0
Fork 0
Code Issues Releases Wiki Activity

Update key rollover to current acme draft

pull/18/head
Richard Körber 2016-06-22 00:47:03 +02:00
parent c48febda62
commit b72d0ee66f
2 changed files with 28 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
acme4j-client/src/main/java/org/shredzone/acme4j/impl/AbstractAcmeClient.java
View File

@ -190,33 +190,35 @@ public abstract class AbstractAcmeClient implements AcmeClient {
throw new IllegalArgumentException("newKeyPair must actually be a new key pair"); throw new IllegalArgumentException("newKeyPair must actually be a new key pair");
} }
String newKey; LOG.debug("changeRegistrationKey");
try {
ClaimBuilder oldKeyClaim = new ClaimBuilder();
oldKeyClaim.putResource("reg");
oldKeyClaim.putKey("oldKey", registration.getKeyPair().getPublic());
final PublicJsonWebKey newKeyJwk = PublicJsonWebKey.Factory.newPublicJwk(newKeyPair.getPublic()); String rollover;
try {
ClaimBuilder newKeyClaim = new ClaimBuilder();
newKeyClaim.putResource("reg");
newKeyClaim.putBase64("newKey", SignatureUtils.jwkThumbprint(newKeyPair.getPublic()));
final PublicJsonWebKey oldKeyJwk = PublicJsonWebKey.Factory.newPublicJwk(registration.getKeyPair().getPublic());
JsonWebSignature jws = new JsonWebSignature(); JsonWebSignature jws = new JsonWebSignature();
jws.setPayload(oldKeyClaim.toString()); jws.setPayload(newKeyClaim.toString());
jws.getHeaders().setJwkHeaderValue("jwk", newKeyJwk); jws.getHeaders().setJwkHeaderValue("jwk", oldKeyJwk);
jws.setAlgorithmHeaderValue(SignatureUtils.keyAlgorithm(newKeyJwk)); jws.setAlgorithmHeaderValue(SignatureUtils.keyAlgorithm(oldKeyJwk));
jws.setKey(newKeyPair.getPrivate()); jws.setKey(registration.getKeyPair().getPrivate());
jws.sign(); jws.sign();
newKey = jws.getCompactSerialization(); rollover = jws.getCompactSerialization();
} catch (JoseException ex) { } catch (JoseException ex) {
throw new AcmeProtocolException("Bad newKeyPair", ex); throw new AcmeProtocolException("Cannot sign newKey", ex);
} }
LOG.debug("changeRegistrationKey");
try (Connection conn = createConnection()) { try (Connection conn = createConnection()) {
ClaimBuilder claims = new ClaimBuilder(); ClaimBuilder claims = new ClaimBuilder();
claims.putResource("reg"); claims.putResource("reg");
claims.put("newKey", newKey); claims.put("rollover", rollover);
int rc = conn.sendSignedRequest(registration.getLocation(), claims, session, registration); Registration newReg = new Registration(newKeyPair, registration.getLocation());
int rc = conn.sendSignedRequest(registration.getLocation(), claims, session, newReg);
if (rc != HttpURLConnection.HTTP_OK) { if (rc != HttpURLConnection.HTTP_OK) {
conn.throwAcmeException(); conn.throwAcmeException();
} }

24
acme4j-client/src/test/java/org/shredzone/acme4j/impl/AbstractAcmeClientTest.java
View File

@ -168,31 +168,29 @@ public class AbstractAcmeClientTest {
Connection connection = new DummyConnection() { Connection connection = new DummyConnection() {
@Override @Override
public int sendSignedRequest(URI uri, ClaimBuilder claims, Session session, Registration registration) { public int sendSignedRequest(URI uri, ClaimBuilder claims, Session session, Registration registration) {
assertThat(uri, is(locationUri));
assertThat(session, is(notNullValue()));
assertThat(registration.getKeyPair(), is(sameInstance(newKeyPair))); // registration has new KeyPair!
Map<String, Object> claimMap = claims.toMap(); Map<String, Object> claimMap = claims.toMap();
assertThat(claimMap.get("resource"), is((Object) "reg")); assertThat(claimMap.get("resource"), is((Object) "reg"));
assertThat(claimMap.get("newKey"), not(nullValue())); assertThat(claimMap.get("rollover"), not(nullValue()));
try { try {
StringBuilder expectedPayload = new StringBuilder(); StringBuilder expectedPayload = new StringBuilder();
expectedPayload.append('{'); expectedPayload.append('{');
expectedPayload.append("\"resource\":\"reg\","); expectedPayload.append("\"resource\":\"reg\",");
expectedPayload.append("\"oldKey\":{"); expectedPayload.append("\"newKey\":\"").append(TestUtils.D_THUMBPRINT).append("\"");
expectedPayload.append("\"kty\":\"").append(TestUtils.KTY).append("\","); expectedPayload.append("}");
expectedPayload.append("\"e\":\"").append(TestUtils.E).append("\",");
expectedPayload.append("\"n\":\"").append(TestUtils.N).append("\"");
expectedPayload.append("}}");
String newKey = (String) claimMap.get("newKey"); String rollover = (String) claimMap.get("rollover");
JsonWebSignature jws = (JsonWebSignature) JsonWebSignature.fromCompactSerialization(newKey); JsonWebSignature jws = (JsonWebSignature) JsonWebSignature.fromCompactSerialization(rollover);
jws.setKey(newKeyPair.getPublic()); jws.setKey(accountKeyPair.getPublic()); // signed with the old KeyPair!
assertThat(jws.getPayload(), sameJSONAs(expectedPayload.toString())); assertThat(jws.getPayload(), sameJSONAs(expectedPayload.toString()));
} catch (JoseException ex) { } catch (JoseException ex) {
throw new AcmeProtocolException("Bad newKey", ex); throw new AcmeProtocolException("Bad rollover", ex);
} }
assertThat(uri, is(locationUri));
assertThat(session, is(notNullValue()));
assertThat(registration.getKeyPair(), is(sameInstance(accountKeyPair)));
return HttpURLConnection.HTTP_OK; return HttpURLConnection.HTTP_OK;
} }