github
/
acme4j
mirror of https://github.com/shred/acme4j
1
0
Fork 0
Code Issues Releases Wiki Activity

Rename Registration resource to Account

pull/55/head
Richard Körber 2017-05-03 13:14:18 +02:00
parent 7e58017347
commit e8790e8446
23 changed files with 248 additions and 194 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
acme4j-client/src/main/java/org/shredzone/acme4j/Registration.java → acme4j-client/src/main/java/org/shredzone/acme4j/Account.java
View File

@ -45,11 +45,11 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* Represents a registration at the ACME server.
* Represents an account at the ACME server.
*/
public class Registration extends AcmeResource {
private static final long serialVersionUID = -8177333806740391140L;
private static final Logger LOG = LoggerFactory.getLogger(Registration.class);
public class Account extends AcmeResource {
private static final long serialVersionUID = 7042863483428051319L;
private static final Logger LOG = LoggerFactory.getLogger(Account.class);
private static final String KEY_TOS_AGREED = "terms-of-service-agreed";
private static final String KEY_ORDERS = "orders";
@ -62,23 +62,23 @@ public class Registration extends AcmeResource {
private URL orders;
private boolean loaded = false;
protected Registration(Session session, URL location) {
protected Account(Session session, URL location) {
super(session);
setLocation(location);
session.setKeyIdentifier(location.toString());
}
/**
* Creates a new instance of {@link Registration} and binds it to the {@link Session}.
* Creates a new instance of {@link Account} and binds it to the {@link Session}.
*
* @param session
* {@link Session} to be used
* @param location
* Location URI of the registration
* @return {@link Registration} bound to the session and location
* Location URI of the account
* @return {@link Account} bound to the session and location
*/
public static Registration bind(Session session, URL location) {
return new Registration(session, location);
public static Account bind(Session session, URL location) {
return new Account(session, location);
}
/**
@ -101,7 +101,7 @@ public class Registration extends AcmeResource {
}
/**
* Returns the current status of the registration.
* Returns the current status of the account.
*/
public Status getStatus() {
load();
@ -109,8 +109,7 @@ public class Registration extends AcmeResource {
}
/**
* Returns an {@link Iterator} of all {@link Order} belonging to this
* {@link Registration}.
* Returns an {@link Iterator} of all {@link Order} belonging to this {@link Account}.
* <p>
* Using the iterator will initiate one or more requests to the ACME server.
*
@ -126,7 +125,7 @@ public class Registration extends AcmeResource {
}
/**
* Updates the registration to the current account status.
* Updates the account to the current account status.
*/
public void update() throws AcmeException {
LOG.debug("update");
@ -141,7 +140,7 @@ public class Registration extends AcmeResource {
}
/**
* Orders a certificate. The certificate will be associated with this registration.
* Orders a certificate. The certificate will be associated with this account.
*
* @param csr
* CSR containing the parameters for the certificate being requested
@ -222,7 +221,7 @@ public class Registration extends AcmeResource {
}
/**
* Changes the {@link KeyPair} associated with the registration.
* Changes the {@link KeyPair} associated with the account.
* <p>
* After a successful call, the new key pair is used in the bound {@link Session},
* and the old key pair can be disposed of.
@ -305,7 +304,7 @@ public class Registration extends AcmeResource {
}
/**
* Sets registration properties according to the given JSON data.
* Sets account properties according to the given JSON data.
*
* @param json
* JSON data
@ -335,22 +334,22 @@ public class Registration extends AcmeResource {
}
/**
* Modifies the registration data of the account.
* Modifies the account data of the account.
*
* @return {@link EditableRegistration} where the account can be modified
* @return {@link EditableAccount} where the account can be modified
*/
public EditableRegistration modify() {
return new EditableRegistration();
public EditableAccount modify() {
return new EditableAccount();
}
/**
* Editable {@link Registration}.
* Editable {@link Account}.
*/
public class EditableRegistration {
public class EditableAccount {
private final List<URI> editContacts = new ArrayList<>();
private EditableRegistration() {
editContacts.addAll(Registration.this.contacts);
private EditableAccount() {
editContacts.addAll(Account.this.contacts);
}
/**
@ -362,19 +361,19 @@ public class Registration extends AcmeResource {
}
/**
* Adds a new Contact to the registration.
* Adds a new Contact to the account.
*
* @param contact
* Contact URI
* @return itself
*/
public EditableRegistration addContact(URI contact) {
public EditableAccount addContact(URI contact) {
editContacts.add(contact);
return this;
}
/**
* Adds a new Contact to the registration.
* Adds a new Contact to the account.
* <p>
* This is a convenience call for {@link #addContact(URI)}.
*
@ -382,7 +381,7 @@ public class Registration extends AcmeResource {
* Contact URI as string
* @return itself
*/
public EditableRegistration addContact(String contact) {
public EditableAccount addContact(String contact) {
addContact(URI.create(contact));
return this;
}

26
acme4j-client/src/main/java/org/shredzone/acme4j/RegistrationBuilder.java → acme4j-client/src/main/java/org/shredzone/acme4j/AccountBuilder.java
View File

@ -34,10 +34,10 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* A builder for a new account registration.
* A builder for registering a new account.
*/
public class RegistrationBuilder {
private static final Logger LOG = LoggerFactory.getLogger(RegistrationBuilder.class);
public class AccountBuilder {
private static final Logger LOG = LoggerFactory.getLogger(AccountBuilder.class);
private List<URI> contacts = new ArrayList<>();
private Boolean termsOfServiceAgreed;
@ -50,7 +50,7 @@ public class RegistrationBuilder {
* Contact URI
* @return itself
*/
public RegistrationBuilder addContact(URI contact) {
public AccountBuilder addContact(URI contact) {
contacts.add(contact);
return this;
}
@ -66,7 +66,7 @@ public class RegistrationBuilder {
* if there is a syntax error in the URI string
* @return itself
*/
public RegistrationBuilder addContact(String contact) {
public AccountBuilder addContact(String contact) {
addContact(URI.create(contact));
return this;
}
@ -76,7 +76,7 @@ public class RegistrationBuilder {
*
* @return itself
*/
public RegistrationBuilder agreeToTermsOfService() {
public AccountBuilder agreeToTermsOfService() {
this.termsOfServiceAgreed = true;
return this;
}
@ -89,7 +89,7 @@ public class RegistrationBuilder {
* Key Identifier
* @return itself
*/
public RegistrationBuilder useKeyIdentifier(String kid) {
public AccountBuilder useKeyIdentifier(String kid) {
if (kid != null && kid.isEmpty()) {
throw new IllegalArgumentException("kid must not be empty");
}
@ -102,13 +102,13 @@ public class RegistrationBuilder {
*
* @param session
* {@link Session} to be used for registration
* @return {@link Registration} referring to the new account
* @return {@link Account} referring to the new account
*/
public Registration create(Session session) throws AcmeException {
public Account create(Session session) throws AcmeException {
LOG.debug("create");
if (session.getKeyIdentifier() != null) {
throw new IllegalArgumentException("session already seems to have a Registration");
throw new IllegalArgumentException("session already seems to have an Account");
}
try (Connection conn = session.provider().connect()) {
@ -131,12 +131,12 @@ public class RegistrationBuilder {
URL location = conn.getLocation();
Registration reg = new Registration(session, location);
Account account = new Account(session, location);
if (keyIdentifier != null) {
session.setKeyIdentifier(keyIdentifier);
}
reg.unmarshal(conn.readJsonResponse());
return reg;
account.unmarshal(conn.readJsonResponse());
return account;
}
}

30
acme4j-client/src/test/java/org/shredzone/acme4j/RegistrationBuilderTest.java → acme4j-client/src/test/java/org/shredzone/acme4j/AccountBuilderTest.java
View File

@ -33,15 +33,15 @@ import org.shredzone.acme4j.util.JSONBuilder;
import org.shredzone.acme4j.util.TestUtils;
/**
* Unit tests for {@link RegistrationBuilder}.
* Unit tests for {@link AccountBuilder}.
*/
public class RegistrationBuilderTest {
public class AccountBuilderTest {
private URL resourceUrl = url("http://example.com/acme/resource");
private URL locationUrl = url("http://example.com/acme/registration");;
private URL locationUrl = url("http://example.com/acme/account");;
/**
* Test if a new registration can be created.
* Test if a new account can be created.
*/
@Test
public void testRegistration() throws Exception {
@ -60,7 +60,7 @@ public class RegistrationBuilderTest {
public void sendSignedRequest(URL url, JSONBuilder claims, Session session, boolean enforceJwk) {
assertThat(session, is(notNullValue()));
assertThat(url, is(resourceUrl));
assertThat(claims.toString(), sameJSONAs(getJSON("newRegistration").toString()));
assertThat(claims.toString(), sameJSONAs(getJSON("newAccount").toString()));
assertThat(enforceJwk, is(true));
isUpdate = false;
}
@ -83,25 +83,25 @@ public class RegistrationBuilderTest {
@Override
public JSON readJsonResponse() {
return getJSON("newRegistrationResponse");
return getJSON("newAccountResponse");
}
};
provider.putTestResource(Resource.NEW_ACCOUNT, resourceUrl);
RegistrationBuilder builder = new RegistrationBuilder();
AccountBuilder builder = new AccountBuilder();
builder.addContact("mailto:foo@example.com");
builder.agreeToTermsOfService();
Session session = provider.createSession();
Registration registration = builder.create(session);
Account account = builder.create(session);
assertThat(registration.getLocation(), is(locationUrl));
assertThat(registration.getTermsOfServiceAgreed(), is(true));
assertThat(account.getLocation(), is(locationUrl));
assertThat(account.getTermsOfServiceAgreed(), is(true));
assertThat(session.getKeyIdentifier(), is(locationUrl.toString()));
try {
RegistrationBuilder builder2 = new RegistrationBuilder();
AccountBuilder builder2 = new AccountBuilder();
builder2.agreeToTermsOfService();
builder2.create(session);
fail("registered twice on same session");
@ -113,7 +113,7 @@ public class RegistrationBuilderTest {
}
/**
* Test if a new registration with Key Identifier can be created.
* Test if a new account with Key Identifier can be created.
*/
@Test
public void testRegistrationWithKid() throws Exception {
@ -179,13 +179,13 @@ public class RegistrationBuilderTest {
provider.putTestResource(Resource.NEW_ACCOUNT, resourceUrl);
RegistrationBuilder builder = new RegistrationBuilder();
AccountBuilder builder = new AccountBuilder();
builder.useKeyIdentifier(keyIdentifier);
Session session = provider.createSession();
Registration registration = builder.create(session);
Account account = builder.create(session);
assertThat(registration.getLocation(), is(locationUrl));
assertThat(account.getLocation(), is(locationUrl));
assertThat(session.getKeyIdentifier(), is(keyIdentifier));
provider.close();

98
acme4j-client/src/test/java/org/shredzone/acme4j/RegistrationTest.java → acme4j-client/src/test/java/org/shredzone/acme4j/AccountTest.java
View File

@ -35,7 +35,7 @@ import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwx.CompactSerializer;
import org.jose4j.lang.JoseException;
import org.junit.Test;
import org.shredzone.acme4j.Registration.EditableRegistration;
import org.shredzone.acme4j.Account.EditableAccount;
import org.shredzone.acme4j.challenge.Challenge;
import org.shredzone.acme4j.challenge.Dns01Challenge;
import org.shredzone.acme4j.challenge.Http01Challenge;
@ -49,19 +49,19 @@ import org.shredzone.acme4j.util.JSONBuilder;
import org.shredzone.acme4j.util.TestUtils;
/**
* Unit tests for {@link Registration}.
* Unit tests for {@link Account}.
*/
public class RegistrationTest {
public class AccountTest {
private URL resourceUrl = url("http://example.com/acme/resource");
private URL locationUrl = url("http://example.com/acme/registration");
private URL locationUrl = url("http://example.com/acme/account");
private URI agreementUri = URI.create("http://example.com/agreement.pdf");
/**
* Test that a registration can be updated.
* Test that a account can be updated.
*/
@Test
public void testUpdateRegistration() throws AcmeException, IOException, URISyntaxException {
public void testUpdateAccount() throws AcmeException, IOException, URISyntaxException {
TestableConnectionProvider provider = new TestableConnectionProvider() {
private JSON jsonResponse;
private Integer response;
@ -69,9 +69,9 @@ public class RegistrationTest {
@Override
public void sendSignedRequest(URL url, JSONBuilder claims, Session session) {
assertThat(url, is(locationUrl));
assertThat(claims.toString(), sameJSONAs(getJSON("updateRegistration").toString()));
assertThat(claims.toString(), sameJSONAs(getJSON("updateAccount").toString()));
assertThat(session, is(notNullValue()));
jsonResponse = getJSON("updateRegistrationResponse");
jsonResponse = getJSON("updateAccountResponse");
response = HttpURLConnection.HTTP_OK;
}
@ -119,17 +119,17 @@ public class RegistrationTest {
};
Session session = provider.createSession();
Registration registration = new Registration(session, locationUrl);
registration.update();
Account account = new Account(session, locationUrl);
account.update();
assertThat(session.getKeyIdentifier(), is(locationUrl.toString()));
assertThat(registration.getLocation(), is(locationUrl));
assertThat(registration.getTermsOfServiceAgreed(), is(true));
assertThat(registration.getContacts(), hasSize(1));
assertThat(registration.getContacts().get(0), is(URI.create("mailto:foo2@example.com")));
assertThat(registration.getStatus(), is(Status.VALID));
assertThat(account.getLocation(), is(locationUrl));
assertThat(account.getTermsOfServiceAgreed(), is(true));
assertThat(account.getContacts(), hasSize(1));
assertThat(account.getContacts().get(0), is(URI.create("mailto:foo2@example.com")));
assertThat(account.getStatus(), is(Status.VALID));
Iterator<Order> orderIt = registration.getOrders();
Iterator<Order> orderIt = account.getOrders();
assertThat(orderIt, not(nullValue()));
assertThat(orderIt.next().getLocation(), is(url("https://example.com/acme/order/1")));
assertThat(orderIt.hasNext(), is(false));
@ -159,7 +159,7 @@ public class RegistrationTest {
@Override
public JSON readJsonResponse() {
return getJSON("updateRegistrationResponse");
return getJSON("updateAccountResponse");
}
@Override
@ -181,17 +181,17 @@ public class RegistrationTest {
}
};
Registration registration = new Registration(provider.createSession(), locationUrl);
Account account = new Account(provider.createSession(), locationUrl);
// Lazy loading
assertThat(requestWasSent.get(), is(false));
assertThat(registration.getTermsOfServiceAgreed(), is(true));
assertThat(account.getTermsOfServiceAgreed(), is(true));
assertThat(requestWasSent.get(), is(true));
// Subsequent queries do not trigger another load
requestWasSent.set(false);
assertThat(registration.getTermsOfServiceAgreed(), is(true));
assertThat(registration.getStatus(), is(Status.VALID));
assertThat(account.getTermsOfServiceAgreed(), is(true));
assertThat(account.getStatus(), is(Status.VALID));
assertThat(requestWasSent.get(), is(false));
provider.close();
@ -235,8 +235,8 @@ public class RegistrationTest {
provider.putTestResource(Resource.NEW_ORDER, resourceUrl);
Registration registration = new Registration(session, locationUrl);
Order order = registration.orderCertificate(csr, notBefore, notAfter);
Account account = new Account(session, locationUrl);
Order order = account.orderCertificate(csr, notBefore, notAfter);
assertThat(order.getCsr(), is(csr));
assertThat(order.getNotBefore(), is(parseTimestamp("2016-01-01T00:10:00Z")));
@ -291,8 +291,8 @@ public class RegistrationTest {
String domainName = "example.org";
Registration registration = new Registration(session, locationUrl);
Authorization auth = registration.preAuthorizeDomain(domainName);
Account account = new Account(session, locationUrl);
Authorization auth = account.preAuthorizeDomain(domainName);
assertThat(auth.getDomain(), is(domainName));
assertThat(auth.getStatus(), is(Status.PENDING));
@ -332,10 +332,10 @@ public class RegistrationTest {
provider.putTestResource(Resource.NEW_AUTHZ, resourceUrl);
Registration registration = new Registration(session, locationUrl);
Account account = new Account(session, locationUrl);
try {
registration.preAuthorizeDomain("example.org");
account.preAuthorizeDomain("example.org");
fail("preauthorization was accepted");
} catch (AcmeServerException ex) {
assertThat(ex.getType(), is(problemType));
@ -355,24 +355,24 @@ public class RegistrationTest {
provider.putTestResource(Resource.NEW_NONCE, resourceUrl);
Session session = provider.createSession();
Registration registration = Registration.bind(session, locationUrl);
Account account = Account.bind(session, locationUrl);
try {
registration.preAuthorizeDomain(null);
account.preAuthorizeDomain(null);
fail("null domain was accepted");
} catch (NullPointerException ex) {
// expected
}
try {
registration.preAuthorizeDomain("");
account.preAuthorizeDomain("");
fail("empty domain string was accepted");
} catch (IllegalArgumentException ex) {
// expected
}
try {
registration.preAuthorizeDomain("example.com");
account.preAuthorizeDomain("example.com");
fail("preauthorization was accepted");
} catch (AcmeException ex) {
// expected
@ -448,8 +448,8 @@ public class RegistrationTest {
assertThat(session.getKeyPair(), is(sameInstance(oldKeyPair)));
Registration registration = new Registration(session, resourceUrl);
registration.changeKey(newKeyPair);
Account account = new Account(session, resourceUrl);
account.changeKey(newKeyPair);
assertThat(session.getKeyPair(), is(sameInstance(newKeyPair)));
}
@ -462,14 +462,14 @@ public class RegistrationTest {
TestableConnectionProvider provider = new TestableConnectionProvider();
Session session = provider.createSession();
Registration registration = new Registration(session, locationUrl);
registration.changeKey(session.getKeyPair());
Account account = new Account(session, locationUrl);
account.changeKey(session.getKeyPair());
provider.close();
}
/**
* Test that a registration can be deactivated.
* Test that an account can be deactivated.
*/
@Test
public void testDeactivate() throws Exception {
@ -490,20 +490,20 @@ public class RegistrationTest {
@Override
public JSON readJsonResponse() {
return getJSON("deactivateRegistrationResponse");
return getJSON("deactivateAccountResponse");
}
};
Registration registration = new Registration(provider.createSession(), locationUrl);
registration.deactivate();
Account account = new Account(provider.createSession(), locationUrl);
account.deactivate();
assertThat(registration.getStatus(), is(Status.DEACTIVATED));
assertThat(account.getStatus(), is(Status.DEACTIVATED));
provider.close();
}
/**
* Test that a registration can be modified.
* Test that an account can be modified.
*/
@Test
public void testModify() throws Exception {
@ -511,7 +511,7 @@ public class RegistrationTest {
@Override
public void sendSignedRequest(URL url, JSONBuilder claims, Session session) {
assertThat(url, is(locationUrl));
assertThat(claims.toString(), sameJSONAs(getJSON("modifyRegistration").toString()));
assertThat(claims.toString(), sameJSONAs(getJSON("modifyAccount").toString()));
assertThat(session, is(notNullValue()));
}
@ -523,7 +523,7 @@ public class RegistrationTest {
@Override
public JSON readJsonResponse() {
return getJSON("modifyRegistrationResponse");
return getJSON("modifyAccountResponse");
}
@Override
@ -532,19 +532,19 @@ public class RegistrationTest {
}
};
Registration registration = new Registration(provider.createSession(), locationUrl);
Account account = new Account(provider.createSession(), locationUrl);
EditableRegistration editable = registration.modify();
EditableAccount editable = account.modify();
assertThat(editable, notNullValue());
editable.addContact("mailto:foo2@example.com");
editable.getContacts().add(URI.create("mailto:foo3@example.com"));
editable.commit();
assertThat(registration.getLocation(), is(locationUrl));
assertThat(registration.getContacts().size(), is(2));
assertThat(registration.getContacts().get(0), is(URI.create("mailto:foo2@example.com")));
assertThat(registration.getContacts().get(1), is(URI.create("mailto:foo3@example.com")));
assertThat(account.getLocation(), is(locationUrl));
assertThat(account.getContacts().size(), is(2));
assertThat(account.getContacts().get(0), is(URI.create("mailto:foo2@example.com")));
assertThat(account.getContacts().get(1), is(URI.create("mailto:foo3@example.com")));
provider.close();
}

2
acme4j-client/src/test/java/org/shredzone/acme4j/AuthorizationTest.java
View File

@ -45,7 +45,7 @@ public class AuthorizationTest {
private static final String SNAILMAIL_TYPE = "snail-01"; // a non-existent challenge
private static final String DUPLICATE_TYPE = "duplicate-01"; // a duplicate challenge
private URL locationUrl = url("http://example.com/acme/registration");
private URL locationUrl = url("http://example.com/acme/account");
/**
* Test that {@link Authorization#findChallenge(String)} finds challenges.

4
acme4j-client/src/test/java/org/shredzone/acme4j/challenge/ChallengeTest.java
View File

@ -311,7 +311,7 @@ public class ChallengeTest {
@Override
public JSON readJsonResponse() {
return getJSON("updateRegistrationResponse");
return getJSON("updateAccountResponse");
}
};
@ -327,7 +327,7 @@ public class ChallengeTest {
@Test(expected = IllegalArgumentException.class)
public void testBadUnmarshall() {
Challenge challenge = new Challenge(session);
challenge.unmarshall(getJSON("updateRegistrationResponse"));
challenge.unmarshall(getJSON("updateAccountResponse"));
}
}

6
acme4j-client/src/test/java/org/shredzone/acme4j/connector/DefaultConnectionTest.java
View File

@ -233,10 +233,10 @@ public class DefaultConnectionTest {
public void testGetLink() throws Exception {
Map<String, List<String>> headers = new HashMap<>();
headers.put("Content-Type", Arrays.asList("application/json"));
headers.put("Location", Arrays.asList("https://example.com/acme/reg/asdf"));
headers.put("Location", Arrays.asList("https://example.com/acme/acct/asdf"));
headers.put("Link", Arrays.asList(
"<https://example.com/acme/new-authz>;rel=\"next\"",
"</recover-reg>;rel=recover",
"</recover-acct>;rel=recover",
"<https://example.com/acme/terms>; rel=\"terms-of-service\""
));
@ -246,7 +246,7 @@ public class DefaultConnectionTest {
try (DefaultConnection conn = new DefaultConnection(mockHttpConnection)) {
conn.conn = mockUrlConnection;
assertThat(conn.getLink("next"), is(new URL("https://example.com/acme/new-authz")));
assertThat(conn.getLink("recover"), is(new URL("https://example.org/recover-reg")));
assertThat(conn.getLink("recover"), is(new URL("https://example.org/recover-acct")));
assertThat(conn.getLink("terms-of-service"), is(new URL("https://example.com/acme/terms")));
assertThat(conn.getLink("secret-stuff"), is(nullValue()));
}

0
acme4j-client/src/test/resources/json/deactivateRegistrationResponse.json → acme4j-client/src/test/resources/json/deactivateAccountResponse.json
View File

0
acme4j-client/src/test/resources/json/modifyRegistration.json → acme4j-client/src/test/resources/json/modifyAccount.json
View File

0
acme4j-client/src/test/resources/json/modifyRegistrationResponse.json → acme4j-client/src/test/resources/json/modifyAccountResponse.json
View File

0
acme4j-client/src/test/resources/json/newRegistration.json → acme4j-client/src/test/resources/json/newAccount.json
View File

0
acme4j-client/src/test/resources/json/newRegistrationResponse.json → acme4j-client/src/test/resources/json/newAccountResponse.json
View File

0
acme4j-client/src/test/resources/json/updateRegistration.json → acme4j-client/src/test/resources/json/updateAccount.json
View File

0
acme4j-client/src/test/resources/json/updateRegistrationResponse.json → acme4j-client/src/test/resources/json/updateAccountResponse.json
View File

36
acme4j-example/src/main/java/org/shredzone/acme4j/ClientTest.java
View File

@ -84,13 +84,13 @@ public class ClientTest {
// Use "acme://letsencrypt.org" for production server
Session session = new Session("acme://letsencrypt.org/staging", userKeyPair);
// Get the Registration to the account.
// Get the Account.
// If there is no account yet, create a new one.
Registration reg = findOrRegisterAccount(session);
Account acct = findOrRegisterAccount(session);
// Separately authorize every requested domain.
for (String domain : domains) {
authorize(reg, domain);
authorize(acct, domain);
}
// Load or create a key pair for the domains. This should not be the userKeyPair!
@ -107,7 +107,7 @@ public class ClientTest {
}
// Now request a signed certificate.
Order order = reg.orderCertificate(csrb.getEncoded(), null, null);
Order order = acct.orderCertificate(csrb.getEncoded(), null, null);
Certificate certificate = order.getCertificate();
LOG.info("Success! The certificate for domains " + domains + " has been generated!");
@ -169,30 +169,30 @@ public class ClientTest {
}
/**
* Finds your {@link Registration} at the ACME server. It will be found by your user's
* public key. If your key is not known to the server yet, a new registration will be
* Finds your {@link Account} at the ACME server. It will be found by your user's
* public key. If your key is not known to the server yet, a new account will be
* created.
* <p>
* This is a simple way of finding your {@link Registration}. A better way is to get
* the URI of your new registration with {@link Registration#getLocation()} and store
* This is a simple way of finding your {@link Account}. A better way is to get
* the URI of your new account with {@link Account#getLocation()} and store
* it somewhere. If you need to get access to your account later, reconnect to it via
* {@link Registration#bind(Session, URI)} by using the stored location.
* {@link Account#bind(Session, URI)} by using the stored location.
*
* @param session
* {@link Session} to bind with
* @return {@link Registration} connected to your account
* @return {@link Account} connected to your account
*/
private Registration findOrRegisterAccount(Session session) throws AcmeException {
private Account findOrRegisterAccount(Session session) throws AcmeException {
// Ask the user to accept the TOS, if server provides us with a link.
URI tos = session.getMetadata().getTermsOfService();
if (tos != null) {
acceptAgreement(tos);
}
Registration reg = new RegistrationBuilder().agreeToTermsOfService().create(session);
LOG.info("Registered a new user, URI: " + reg.getLocation());
Account acct = new AccountBuilder().agreeToTermsOfService().create(session);
LOG.info("Registered a new user, URI: " + acct.getLocation());
return reg;
return acct;
}
/**
@ -202,14 +202,14 @@ public class ClientTest {
* You need separate authorizations for subdomains (e.g. "www" subdomain). Wildcard
* certificates are not currently supported.
*
* @param reg
* {@link Registration} of your account
* @param acct
* {@link Account} of your account
* @param domain
* Name of the domain to authorize
*/
private void authorize(Registration reg, String domain) throws AcmeException {
private void authorize(Account acct, String domain) throws AcmeException {
// Authorize the domain.
Authorization auth = reg.preAuthorizeDomain(domain);
Authorization auth = acct.preAuthorizeDomain(domain);
LOG.info("Authorization for domain " + domain);
// Find the desired challenge and prepare it.

80
acme4j-it/src/test/java/org/shredzone/acme4j/it/RegistrationIT.java → acme4j-it/src/test/java/org/shredzone/acme4j/it/AccountIT.java
View File

@ -22,17 +22,17 @@ import java.security.KeyPair;
import org.junit.Ignore;
import org.junit.Test;
import org.shredzone.acme4j.Registration;
import org.shredzone.acme4j.RegistrationBuilder;
import org.shredzone.acme4j.Account;
import org.shredzone.acme4j.AccountBuilder;
import org.shredzone.acme4j.Session;
import org.shredzone.acme4j.Status;
import org.shredzone.acme4j.exception.AcmeException;
import org.shredzone.acme4j.exception.AcmeUnauthorizedException;
/**
* Registration related integration tests.
* Account related integration tests.
*/
public class RegistrationIT extends PebbleITBase {
public class AccountIT extends PebbleITBase {
@Test
public void testCreate() throws AcmeException {
@ -40,29 +40,29 @@ public class RegistrationIT extends PebbleITBase {
Session session = new Session(pebbleURI(), keyPair);
// Register a new user
RegistrationBuilder rb = new RegistrationBuilder();
rb.addContact("mailto:acme@example.com");
rb.agreeToTermsOfService();
AccountBuilder ab = new AccountBuilder();
ab.addContact("mailto:acme@example.com");
ab.agreeToTermsOfService();
Registration reg = rb.create(session);
URL location = reg.getLocation();
Account acct = ab.create(session);
URL location = acct.getLocation();
assertIsPebbleUrl(location);
assertThat(session.getKeyIdentifier(), is(location.toString()));
// Check registered data
assertThat(reg.getContacts(), contains(URI.create("mailto:acme@example.com")));
assertThat(acct.getContacts(), contains(URI.create("mailto:acme@example.com")));
// TODO PEBBLE: Sends UNKNOWN instead of VALID
// assertThat(reg.getStatus(), is(Status.VALID));
assertThat(reg.getTermsOfServiceAgreed(), is(true));
// assertThat(acct.getStatus(), is(Status.VALID));
assertThat(acct.getTermsOfServiceAgreed(), is(true));
// Bind another Registration object
// Bind another Account object
// TODO PEBBLE: Not supported yet
// Session session2 = new Session(pebbleURI(), keyPair);
// Registration reg2 = Registration.bind(session2, location);
// assertThat(reg2.getLocation(), is(location));
// assertThat(reg2.getContacts(), contains(URI.create("mailto:acme@example.com")));
// assertThat(reg2.getStatus(), is(Status.VALID));
// assertThat(reg2.getTermsOfServiceAgreed(), is(true));
// Account acct2 = Account.bind(session2, location);
// assertThat(acct2.getLocation(), is(location));
// assertThat(acct2.getContacts(), contains(URI.create("mailto:acme@example.com")));
// assertThat(acct2.getStatus(), is(Status.VALID));
// assertThat(acct2.getTermsOfServiceAgreed(), is(true));
}
@Test
@ -71,23 +71,23 @@ public class RegistrationIT extends PebbleITBase {
KeyPair keyPair = createKeyPair();
Session session = new Session(pebbleURI(), keyPair);
RegistrationBuilder rb = new RegistrationBuilder();
rb.addContact("mailto:acme@example.com");
rb.agreeToTermsOfService();
AccountBuilder ab = new AccountBuilder();
ab.addContact("mailto:acme@example.com");
ab.agreeToTermsOfService();
Registration reg = rb.create(session);
URL location = reg.getLocation();
Account acct = ab.create(session);
URL location = acct.getLocation();
assertIsPebbleUrl(location);
reg.modify().addContact("mailto:acme2@example.com").commit();
acct.modify().addContact("mailto:acme2@example.com").commit();
assertThat(reg.getContacts(), contains(
assertThat(acct.getContacts(), contains(
URI.create("mailto:acme@example.com"),
URI.create("mailto:acme2@example.com")));
// Still the same after updating
reg.update();
assertThat(reg.getContacts(), contains(
acct.update();
assertThat(acct.getContacts(), contains(
URI.create("mailto:acme@example.com"),
URI.create("mailto:acme2@example.com")));
}
@ -98,23 +98,23 @@ public class RegistrationIT extends PebbleITBase {
KeyPair keyPair = createKeyPair();
Session session = new Session(pebbleURI(), keyPair);
Registration reg = new RegistrationBuilder().agreeToTermsOfService().create(session);
URL location = reg.getLocation();
Account acct = new AccountBuilder().agreeToTermsOfService().create(session);
URL location = acct.getLocation();
KeyPair newKeyPair = createKeyPair();
reg.changeKey(newKeyPair);
acct.changeKey(newKeyPair);
try {
Session sessionOldKey = new Session(pebbleURI(), keyPair);
Registration oldRegistration = Registration.bind(sessionOldKey, location);
oldRegistration.update();
Account oldAccount = Account.bind(sessionOldKey, location);
oldAccount.update();
} catch (AcmeUnauthorizedException ex) {
// Expected
}
Session sessionNewKey = new Session(pebbleURI(), newKeyPair);
Registration newRegistration = Registration.bind(sessionNewKey, location);
assertThat(newRegistration.getStatus(), is(Status.VALID));
Account newAccount = Account.bind(sessionNewKey, location);
assertThat(newAccount.getStatus(), is(Status.VALID));
}
@Test
@ -123,15 +123,15 @@ public class RegistrationIT extends PebbleITBase {
KeyPair keyPair = createKeyPair();
Session session = new Session(pebbleURI(), keyPair);
Registration reg = new RegistrationBuilder().agreeToTermsOfService().create(session);
URL location = reg.getLocation();
Account acct = new AccountBuilder().agreeToTermsOfService().create(session);
URL location = acct.getLocation();
reg.deactivate();
acct.deactivate();
Session session2 = new Session(pebbleURI(), keyPair);
Registration reg2 = Registration.bind(session2, location);
assertThat(reg2.getLocation(), is(location));
assertThat(reg2.getStatus(), is(Status.DEACTIVATED));
Account acct2 = Account.bind(session2, location);
assertThat(acct2.getLocation(), is(location));
assertThat(acct2.getStatus(), is(Status.DEACTIVATED));
}
}

8
acme4j-it/src/test/java/org/shredzone/acme4j/it/OrderIT.java
View File

@ -30,8 +30,8 @@ import org.junit.Test;
import org.shredzone.acme4j.Authorization;
import org.shredzone.acme4j.Certificate;
import org.shredzone.acme4j.Order;
import org.shredzone.acme4j.Registration;
import org.shredzone.acme4j.RegistrationBuilder;
import org.shredzone.acme4j.Account;
import org.shredzone.acme4j.AccountBuilder;
import org.shredzone.acme4j.Session;
import org.shredzone.acme4j.Status;
import org.shredzone.acme4j.challenge.Challenge;
@ -145,7 +145,7 @@ public class OrderIT extends PebbleITBase {
KeyPair keyPair = createKeyPair();
Session session = new Session(pebbleURI(), keyPair);
Registration registration = new RegistrationBuilder()
Account account = new AccountBuilder()
.agreeToTermsOfService()
.create(session);
@ -159,7 +159,7 @@ public class OrderIT extends PebbleITBase {
Instant notBefore = Instant.now();
Instant notAfter = notBefore.plus(Duration.ofDays(20L));
Order order = registration.orderCertificate(encodedCsr, notBefore, notAfter);
Order order = account.orderCertificate(encodedCsr, notBefore, notAfter);
assertThat(order.getCsr(), is(encodedCsr));
assertThat(order.getNotBefore(), is(notBefore));
assertThat(order.getNotAfter(), is(notAfter));

55
src/site/markdown/usage/account.md Normal file
View File

@ -0,0 +1,55 @@
# Register an Account
If it is the first time you connect to the ACME server, you need to register your account key.
To do so, create an `AccountBuilder`, optionally add some contact information, agree to the terms of service, then invoke `create()`. If the account was successfully created, you will get an `Account` object in return. Invoking its `getLocation()` method will return the location URL of your account. You should store it somewhere, because you will need it later. Unlike your key pair, the location is a public information that does not need security precautions.
```java
AccountBuilder builder = new AccountBuilder();
builder.addContact("mailto:acme@example.com");
builder.agreeToTermsOfService();
Account account = builder.create(session);
URL accountLocationUrl = account.getLocation();
```
## Update your Account
At some point, you may want to update your account. For example your contact address might have changed. To do so, invoke `Account.modify()`, perform the changes, and invoke `commit()` to make them permanent.
The following example adds another email address.
```java
account.modify()
.addContact("mailto:acme2@example.com")
.commit();
```
## Account Key Roll-Over
It is also possible to change the key pair that is associated with your account, for example if you suspect that your key has been compromised.
The following example changes the key pair:
```java
KeyPair newKeyPair = ... // new KeyPair to be used
account.changeKey(newKeyPair);
```
After a successful change, all subsequent calls related to this account must use the new key pair. The key is automatically updated on the `Session` that was bound to this `Account`.
The old key pair can be disposed of after that. However, I recommend to keep a backup of the old key pair until the key change was proven to be successful, by making a subsequent call with the new key pair. Otherwise you might lock yourself out from your account if the key change should have failed silently, for whatever reason.
## Deactivate an Account
You can deactivate your account if you don't need it any more:
```java
account.deactivate();
```
Depending on the CA, the related authorizations may be automatically deactivated as well. The certificates may still be valid until expiration or explicit revocation. If you want to make sure the certificates are invalidated as well, revoke them prior to deactivation of your account.
Be very careful: There is no way to reactivate the account once it is deactivated!

4
src/site/markdown/usage/authorization.md
View File

@ -3,9 +3,9 @@
Once you have your account set up, you need to associate your domains with it. This is done by creating an `Authorization` object:
```java
Registration registration = ... // your Registration object
Account account = ... // your Account object
Authorization auth = registration.authorizeDomain("example.org");
Authorization auth = account.authorizeDomain("example.org");
```
The `Authorization` instance contains further details about how you can prove ownership of your domain. An ACME server offers combinations of different authorization methods, called `Challenge`s.

6
src/site/markdown/usage/certificate.md
View File

@ -31,7 +31,7 @@ try (FileWriter fw = new FileWriter("example.csr")) {
Now all you need to do is to pass in a binary representation of the CSR and request the certificate:
```java
Certificate cert = registration.requestCertificate(csr);
Certificate cert = account.requestCertificate(csr);
```
`cert.getLocation()` returns an URL where the signed certificate can be downloaded from. Optionally (if delivered by the ACME server) `cert.getChainLocation()` returns the URL of the first part of the CA chain.
@ -114,13 +114,13 @@ For renewal, just request a new certificate using the original CSR:
PKCS10CertificationRequest csr = CertificateUtils.readCSR(
new FileInputStream("example.csr"));
Certificate cert = registration.requestCertificate(csr);
Certificate cert = account.requestCertificate(csr);
X509Certificate cert = cert.download();
```
Instead of loading the original CSR, you can also generate a new one. So renewing a certificate is basically the same as requesting a new certificate.
If `registration.requestCertificate(csr)` throws an `AcmeUnauthorizedException`, the authorizations of some or all involved domains have expired. In this case, you need to go through the [authorization](./authorization.html) process again, before requesting the renewed certificate.
If `account.requestCertificate(csr)` throws an `AcmeUnauthorizedException`, the authorizations of some or all involved domains have expired. In this case, you need to go through the [authorization](./authorization.html) process again, before requesting the renewed certificate.
## Revocation

20
src/site/markdown/usage/register.md
View File

@ -2,26 +2,26 @@
If it is the first time you connect to the ACME server, you need to register your account key.
To do so, create a `RegistrationBuilder`, optionally add some contact information, agree to the terms of service, then invoke `create()`. If the account was successfully created, you will get a `Registration` object in return. Invoking its `getLocation()` method will return the location URL of your account. You should store it somewhere, because you will need it later. Unlike your key pair, the location is a public information that does not need security precautions.
To do so, create an `AccountBuilder`, optionally add some contact information, agree to the terms of service, then invoke `create()`. If the account was successfully created, you will get an `Account` object in return. Invoking its `getLocation()` method will return the location URL of your account. You should store it somewhere, because you will need it later. Unlike your key pair, the location is a public information that does not need security precautions.
```java
RegistrationBuilder builder = new RegistrationBuilder();
AccountBuilder builder = new AccountBuilder();
builder.addContact("mailto:acme@example.com");
builder.agreeToTermsOfService();
Registration registration = builder.create(session);
Account account = builder.create(session);
URL accountLocationUrl = registration.getLocation();
URL accountLocationUrl = account.getLocation();
```
## Update your Registration
## Update your Account
At some point, you may want to update your registration. For example your contact address might have changed. To do so, invoke `Registration.modify()`, perform the changes, and invoke `commit()` to make them permanent.
At some point, you may want to update your account. For example your contact address might have changed. To do so, invoke `Account.modify()`, perform the changes, and invoke `commit()` to make them permanent.
The following example adds another email address.
```java
registration.modify()
account.modify()
.addContact("mailto:acme2@example.com")
.commit();
```
@ -35,10 +35,10 @@ The following example changes the key pair:
```java
KeyPair newKeyPair = ... // new KeyPair to be used
registration.changeKey(newKeyPair);
account.changeKey(newKeyPair);
```
After a successful change, all subsequent calls related to this account must use the new key pair. The key is automatically updated on the `Session` that was bound to this `Registration`.
After a successful change, all subsequent calls related to this account must use the new key pair. The key is automatically updated on the `Session` that was bound to this `Account`.
The old key pair can be disposed of after that. However, I recommend to keep a backup of the old key pair until the key change was proven to be successful, by making a subsequent call with the new key pair. Otherwise you might lock yourself out from your account if the key change should have failed silently, for whatever reason.
@ -47,7 +47,7 @@ The old key pair can be disposed of after that. However, I recommend to keep a b
You can deactivate your account if you don't need it any more:
```java
registration.deactivate();
account.deactivate();
```
Depending on the CA, the related authorizations may be automatically deactivated as well. The certificates may still be valid until expiration or explicit revocation. If you want to make sure the certificates are invalidated as well, revoke them prior to deactivation of your account.

8
src/site/markdown/usage/session.md
View File

@ -28,15 +28,15 @@ Session session = new Session("acme://letsencrypt.org/staging", keyPair);
Instead of a generic provider, this call uses a special _Let's Encrypt_ provider that also accepts the _Let's Encrypt_ certificate.
Now that you have a `Session` object, you can use it to bind ACME resource objects. For example, this is the way to get a `Registration` object to an existing registration:
Now that you have a `Session` object, you can use it to bind ACME resource objects. For example, this is the way to get an `Account` object to an existing account:
```java
URL accountLocationUrl = ... // your account's URL, as returned by Registration.getLocation()
URL accountLocationUrl = ... // your account's URL, as returned by Account.getLocation()
Registration registration = Registration.bind(session, accountLocationUrl);
Account account = Account.bind(session, accountLocationUrl);
```
You can create any of the resource objects `Registration`, `Authorization`, `Challenge` and `Certificate` like that, as long as you know the corresponding resource URL. To get the resource URL, use the `getLocation()` method.
You can create any of the resource objects `Account`, `Authorization`, `Challenge` and `Certificate` like that, as long as you know the corresponding resource URL. To get the resource URL, use the `getLocation()` method.
## Serialization

2
src/site/site.xml
View File

@ -32,7 +32,7 @@
<item name="Migration Guide" href="migration.html"/>
<item name="How to Use" href="usage/index.html">
<item name="Session" href="usage/session.html"/>
<item name="Registration" href="usage/register.html"/>
<item name="Account" href="usage/account.html"/>
<item name="Authorization" href="usage/authorization.html"/>
<item name="Certificate" href="usage/certificate.html"/>
</item>