github
/
acme4j
mirror of https://github.com/shred/acme4j
1
0
Fork 0
Code Issues Releases Wiki Activity

Remove http-01 preferred address

pull/30/head
Richard Körber 2016-11-21 00:48:37 +01:00
parent 66956e5587
commit be477c6c0a
3 changed files with 0 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
acme4j-client/src/main/java/org/shredzone/acme4j/challenge/Http01Challenge.java
View File

@ -13,8 +13,6 @@
*/
package org.shredzone.acme4j.challenge;
import java.net.InetAddress;
import org.shredzone.acme4j.Session;
import org.shredzone.acme4j.util.ClaimBuilder;
@ -24,15 +22,11 @@ import org.shredzone.acme4j.util.ClaimBuilder;
public class Http01Challenge extends TokenChallenge {
private static final long serialVersionUID = 3322211185872544605L;
protected static final String KEY_ADDRESS = "address";
/**
* Challenge type name: {@value}
*/
public static final String TYPE = "http-01";
private InetAddress address;
/**
* Creates a new generic {@link Http01Challenge} object.
*
@ -63,30 +57,9 @@ public class Http01Challenge extends TokenChallenge {
return super.getAuthorization();
}
/**
* An address that the CA server should connect to in order to request the response.
* This address must be included in the set of IP addresses to which the domain name
* resolves.
* <p>
* It is at the discretion of the CA server to use this address for the request.
* However, if the address is not included in the set of IP addresses, the challenge
* will fail.
*
* @param address
* Address to request the response from
* @deprecated feature has been removed in draft-03, do not use.
*/
@Deprecated
public void setAddress(InetAddress address) {
this.address = address;
}
@Override
protected void respond(ClaimBuilder cb) {
super.respond(cb);
if (address != null) {
cb.put(KEY_ADDRESS, address.getHostAddress());
}
}
@Override

20
acme4j-client/src/test/java/org/shredzone/acme4j/challenge/HttpChallengeTest.java
View File

@ -18,7 +18,6 @@ import static org.junit.Assert.assertThat;
import static uk.co.datumedge.hamcrest.json.SameJSONAs.sameJSONAs;
import java.io.IOException;
import java.net.InetAddress;
import org.junit.BeforeClass;
import org.junit.Test;
@ -63,23 +62,4 @@ public class HttpChallengeTest {
+ KEY_AUTHORIZATION + "\"}").allowingExtraUnexpectedFields());
}
/**
* Test that {@link Http01Challenge} uses the given address.
*/
@Test
@Deprecated
public void testAddress() throws IOException {
Http01Challenge challenge = new Http01Challenge(session);
challenge.unmarshall(TestUtils.getJsonAsMap("httpChallenge"));
challenge.setAddress(InetAddress.getByName("198.051.100.012"));
ClaimBuilder cb = new ClaimBuilder();
challenge.respond(cb);
assertThat(cb.toString(), sameJSONAs("{\"keyAuthorization\"=\""
+ KEY_AUTHORIZATION + "\", \"address\"=\"198.51.100.12\"}")
.allowingExtraUnexpectedFields());
}
}

11
src/site/markdown/challenge/http-01.md
View File

@ -22,14 +22,3 @@ http://${domain}/.well-known/acme-challenge/${token}
The challenge is completed when the CA was able to download that file and found `content` in it.
Note that the request is sent to port 80 only. There is no way to choose a different port, for security reasons. This is a limitation of the ACME protocol, not of _acme4j_.
## Preferred Address
If your domain name resolves to multiple IP adresses, you can set an explicit address that the CA server should prefer to send the request to. This address must be included in the set of your domain's IP addresses.
```java
Http01Challenge challenge = auth.findChallenge(Http01Challenge.TYPE);
challenge.setAddress(InetAddress.getByName("198.51.100.12"));
```
The server _should_ connect to this address, but is not required to do so.