github
/
acme4j
mirror of https://github.com/shred/acme4j
1
0
Fork 0
Code Issues Releases Wiki Activity

Certificate URL is available even on unparseable certs

pull/32/head
Richard Körber 2017-04-14 11:25:19 +02:00
parent 1f6d8aea0b
commit f3dc04f2ea
3 changed files with 80 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
acme4j-client/src/main/java/org/shredzone/acme4j/Registration.java
View File

@ -245,7 +245,11 @@ public class Registration extends AcmeResource {
X509Certificate cert = null;
if (rc == HttpURLConnection.HTTP_CREATED) {
cert = conn.readCertificate();
try {
cert = conn.readCertificate();
} catch (AcmeProtocolException ex) {
LOG.warn("Could not parse attached certificate", ex);
}
}
URI chainCertUri = conn.getLink("up");

57
acme4j-client/src/test/java/org/shredzone/acme4j/RegistrationTest.java
View File

@ -39,6 +39,7 @@ import org.shredzone.acme4j.challenge.Dns01Challenge;
import org.shredzone.acme4j.challenge.Http01Challenge;
import org.shredzone.acme4j.connector.Resource;
import org.shredzone.acme4j.exception.AcmeException;
import org.shredzone.acme4j.exception.AcmeProtocolException;
import org.shredzone.acme4j.provider.AcmeProvider;
import org.shredzone.acme4j.provider.TestableConnectionProvider;
import org.shredzone.acme4j.util.JSON;
@ -397,6 +398,62 @@ public class RegistrationTest {
provider.close();
}
/**
* Test that an unparseable certificate can be requested, and at least its location
* is made available.
*/
@Test
public void testRequestCertificateBrokenSync() throws AcmeException, IOException {
TestableConnectionProvider provider = new TestableConnectionProvider() {
@Override
public void sendSignedRequest(URI uri, JSONBuilder claims, Session session) {
assertThat(uri, is(resourceUri));
assertThat(claims.toString(), sameJSONAs(getJson("requestCertificateRequestWithDate")));
assertThat(session, is(notNullValue()));
}
@Override
public int accept(int... httpStatus) throws AcmeException {
assertThat(httpStatus, isIntArrayContainingInAnyOrder(
HttpURLConnection.HTTP_CREATED, HttpURLConnection.HTTP_ACCEPTED));
return HttpURLConnection.HTTP_CREATED;
}
@Override
public X509Certificate readCertificate() {
throw new AcmeProtocolException("Failed to read certificate");
}
@Override
public URI getLink(String relation) {
switch(relation) {
case "up": return chainUri;
default: return null;
}
}
@Override
public URI getLocation() {
return locationUri;
}
};
provider.putTestResource(Resource.NEW_CERT, resourceUri);
byte[] csr = TestUtils.getResourceAsByteArray("/csr.der");
ZoneId utc = ZoneId.of("UTC");
Instant notBefore = LocalDate.of(2016, 1, 1).atStartOfDay(utc).toInstant();
Instant notAfter = LocalDate.of(2016, 1, 8).atStartOfDay(utc).toInstant();
Registration registration = new Registration(provider.createSession(), locationUri);
Certificate cert = registration.requestCertificate(csr, notBefore, notAfter);
assertThat(cert.getLocation(), is(locationUri));
assertThat(cert.getChainLocation(), is(chainUri));
provider.close();
}
/**
* Test that the account key can be changed.
*/

18
acme4j-client/src/test/java/org/shredzone/acme4j/connector/DefaultConnectionTest.java
View File

@ -630,4 +630,22 @@ public class DefaultConnectionTest {
verifyNoMoreInteractions(mockUrlConnection);
}
/**
* Test that a bad certificate throws an exception.
*/
@Test(expected = AcmeProtocolException.class)
public void testReadBadCertificate() throws Exception {
X509Certificate original = TestUtils.createCertificate();
byte[] badCert = original.getEncoded();
Arrays.sort(badCert); // break it
when(mockUrlConnection.getHeaderField("Content-Type")).thenReturn("application/pkix-cert");
when(mockUrlConnection.getInputStream()).thenReturn(new ByteArrayInputStream(badCert));
try (DefaultConnection conn = new DefaultConnection(mockHttpConnection)) {
conn.conn = mockUrlConnection;
conn.readCertificate();
}
}
}