github
/
acme4j
mirror of https://github.com/shred/acme4j
1
0
Fork 0
Code Issues Releases Wiki Activity
904 Commits
4 Branches
43 Tags
4 MiB
Commit Graph

525 Commits (master)

Author SHA1 Message Date
Richard Körber f9d479a8f7
Simplify handling of Retry-After header 2024-02-26 18:26:45 +01:00
Richard Körber 908e11b152
Workaround for ssl.com metadata bug 
ssl.com requires EAB for account creation, but the metadata's
"externalAccountRequired" property gives "false", indicating that no EAB
is used.

This fix patches the read directory's metadata if the ssl.com provider
is used.
 2024-02-26 18:26:45 +01:00
Richard Körber 081e53f137
SSL.com: Add support for ECC and RSA mode 2024-02-26 18:26:45 +01:00
Richard Körber 98ef2b8466
Give instance URL if user action is required 2024-02-26 18:26:45 +01:00
Richard Körber 7c17645212
Add missing ssl.com unit tests 2024-02-26 18:26:45 +01:00
Richard Körber 60342c435f
Add ZeroSSL provider 
As ZeroSSL makes use of the Retry-After header, the example
implementation has also been changed accordingly.
 2024-02-26 18:26:45 +01:00
George Fergadis 9c6eb5e610 Add SSL.com provider 2024-02-20 16:22:39 +01:00
Richard Körber 48c32f612d
Upgrade to draft-ietf-acme-ari-03 2024-02-19 07:44:40 +01:00
Richard Körber 6a4770c23a
Get unique identifier according to draft-ietf-acme-ari-03 2024-02-18 16:16:29 +01:00
Richard Körber edb7ec83b6
Generic ACME URIs forward query parameters (#152) 2024-02-06 18:20:44 +01:00
Richard Körber 216d30b600
Minor JavaDoc change 2023-11-24 11:56:12 +01:00
Richard Körber 67a90df47f
Do not set two CNs 2023-11-24 11:38:29 +01:00
Richard Körber 50a74251e0
setCommonName() sets CN only 2023-11-24 11:18:45 +01:00
Matthew McPherrin 278f9bd57b Test value changes 
These are genuine functionality changes, and may represent unexpected
impact.  Having two CNs doesn't seem right, but that case is tested so
I'm leaving that here for discussion's sake.

The other test case doesn't have a CN anymore, as expected
 2023-11-24 11:05:27 +01:00
Matthew McPherrin beb1d53dc0 Make setCommonName go through the addValue path 
This ensures the CN is present as a SAN
 2023-11-24 11:05:27 +01:00
Matthew McPherrin 78ccae6bc9 SubjectAlternativeName should be critical for empty subject 
Required by Java as well as the Baseline Requirements, RFC5280, etc.

If the subject field of the certificate is an empty SEQUENCE, this
extension MUST be marked critical, as specified in RFC 5280, Section
4.2.1.6. Otherwise, this extension MUST NOT be marked critical.
 2023-11-24 11:05:27 +01:00
Matthew McPherrin 1cf53b6cf4 Make the Common Name optional in CSRs 
This change doesn't set it by default when adding domains, and adds a
method to explicitly set it if desired.
 2023-11-24 11:05:27 +01:00
Richard Körber f428f1be9c
[maven-release-plugin] prepare for next development iteration 2023-11-15 07:06:11 +01:00
Richard Körber 86c2647ff0
[maven-release-plugin] prepare release v3.1.1 2023-11-15 07:06:11 +01:00
Richard Körber a9bfc8b46e
[maven-release-plugin] prepare for next development iteration 2023-10-11 07:20:24 +02:00
Richard Körber 04fe10c55b
[maven-release-plugin] prepare release v3.1.0 2023-10-11 07:20:24 +02:00
Richard Körber e041decf48
Mark ARI related methods as draft 2023-10-11 07:17:59 +02:00
aarcloudera f61ef3ede7
Accepting hmac key of all sizes (#144) 2023-10-11 07:09:55 +02:00
Richard Körber 2485666b87
Add missing acme-ari-01 call 2023-09-27 18:45:20 +02:00
Richard Körber 3ad325782b
Add method to set arbitrary MAC algorithm (#141) 2023-09-22 11:20:31 +02:00
Richard Körber dd7c873750
[maven-release-plugin] prepare for next development iteration 2023-08-11 09:55:47 +02:00
Richard Körber eea08053a2
[maven-release-plugin] prepare release v3.0.0 2023-08-11 09:55:46 +02:00
Richard Körber af9f236f90
Control gzip compression via system property 2023-08-11 09:45:38 +02:00
Mathias Loesch 0a45dcb4eb PebbleAcmeProvider: allow setting custom port w/o custom host 
Simplifies usage with testcontainers where the Pebble port in
the Docker container usually gets mapped to a random host port.
 2023-08-11 08:48:51 +02:00
Richard Körber 79c2ab7688
Minor documentation updates 2023-07-21 15:01:51 +02:00
Richard Körber a648a513f6
Find certificates by issuer 2023-05-20 17:20:13 +02:00
Richard Körber 7f20545e14
Keep alternate certificate instances 2023-05-20 17:19:12 +02:00
Richard Körber d9894f42eb
Add support for draft-ietf-acme-ari-01 2023-05-20 16:53:18 +02:00
Richard Körber 727cd94028
Add method to read Retry-After header 2023-05-19 12:28:46 +02:00
Richard Körber 160f507767
Add method to get optional resource URL 2023-05-19 12:21:46 +02:00
Richard Körber e8b83d6423
Automatically generate CSR in Order class 
With this change, it is not stricly required anymore to create the CSR
oneself. The Order class contains all information to generate a basic
CSR itself.
 2023-05-19 10:20:35 +02:00
Richard Körber e22b47f140
Create tls-alpn-01 cert in challenge class 2023-05-19 10:20:07 +02:00
Richard Körber 16b02efe23
Merge acme4j-utils into acme4j-client 
The separation of acme4j-client and acme4j-utils was a design decision
that should avoid BouncyCastle to be a hard dependency of acme4j-client.
Anyhow acme4j is not really usable without BouncyCastle, so acme4j-utils
is used in almost all projects anyway.

This merge allows to extend the client API with some nice methods that
will make it easier to use.
 2023-05-19 09:58:08 +02:00
Richard Körber 5db82b1ad7
Keep Authorization and Certificate 
Before this patch, Order generated and bound new Authorization and
Certificate objects everytime the respective getters were invoked. Each
of these instances keeps a separate copy of the server state, which causes
unnecessary traffic.

With this patch, the list of Authorizations and the Certificates are now
loaded lazily and kept in a cache, so the same instance is returned
everytime the getter is invoked.
 2023-05-07 10:48:34 +02:00
Richard Körber c08c85b95c
Return certificate on getAutoRenewalCertificate 
Similar to getCertificate(), getAutoRenewalCertificate() would only
return an empty optional if the order state is not valid. To keep the
API simple, getAutoRenewalCertificate() now always returns a non-null
certificate, and throws an exception otherwise.
 2023-05-07 09:25:22 +02:00
Richard Körber c26d6b1f8a
Optimize AssertJ exception checks 2023-05-07 09:25:04 +02:00
Richard Körber aa5e78c525
getLocation() throws if header is missing 
While reviewing the code, it turned out that the invoker of
getLocation() always expected to find a location header. To keep the API
simple, getLocation() now always returns the non-null Location header.
If the header is not present, an AcmeProtocolException is now thrown
instead.
 2023-05-06 17:36:16 +02:00
Richard Körber 23906ff39c
Add AcmeNotSupportedException 
- Some Optional return values could only be empty if a method was
  invoked although the server did not support that feature. In order to
  keep the API simple, a newly introduced AcmeNotSupportedException is
  now thrown in that case, so these methods will immediately return a
  non-null value. There is always a method to check if a feature is
  available or not, so the invoker can check in advance and does not
  need to actively handle that exception.
- Some other places that previously threw an exception because of
  missing features, are now also throwing AcmeNotSupportedException for
  consistency.
 2023-05-06 17:31:12 +02:00
Richard Körber 5bbf1b5966
getCertificate() is not Optional 
getCertificate() would only return Optional.empty() if it was invoked
before the order was finalized. In order to keep the API simple, that
state will now throw an IllegalStateException, and getCertificate()
directly returns a non-null Certificate now.
 2023-05-06 17:29:16 +02:00
Richard Körber 1907545e5d
Review all @Nullable return values 
- Most methods now return an Optional instead of a null value
- Reviewed all Collection return values. They may now be empty, but
  never null.
 2023-05-06 17:27:36 +02:00
Richard Körber 18e56c9d4f
Add Session.purgeDirectoryCache() 2023-04-29 15:15:41 +02:00
Richard Körber d0c2aafaf1
Optimize collection handling 2023-04-29 15:15:22 +02:00
Richard Körber 00830858ca
Add Login.newOrder() method 2023-04-29 15:14:51 +02:00
Richard Körber 01a2206c62
Accept mailto if present 2023-04-29 15:13:21 +02:00
Richard Körber 09a72d606b
Review and extend JavaDocs 2023-04-29 15:11:00 +02:00
Richard Körber 41bc574f75
Enhance Accept-Language header 
Before this patch, it was only the language tag of the selected Locale.
Now it also offers the language itself (without the country) and any
other available language as fallback. It is also possible to set the
locale to null, which will accept any language.
 2023-04-24 21:52:18 +02:00
Richard Körber b0287d4d94
Accept gzip compression 2023-04-24 21:23:58 +02:00
Richard Körber 783fdde013
Use the java.net.http client 
With this patch, the old HttpURLConnection client is replaced with
the new java.net.http client that was introduced in Java 11.
 2023-04-24 21:16:07 +02:00
Richard Körber d6296111f7
Use wiremock to test HTTP client 2023-04-23 22:43:18 +02:00
Richard Körber aeb68c0cb4
Remove deprecated methods 2023-04-23 13:13:27 +02:00
Richard Körber 0d55898379
Port codebase to Java 11 2023-04-23 13:13:27 +02:00
Richard Körber 41d9855bc0
Bump to v3.0.0, adhere to SemVer 2023-04-23 08:44:21 +02:00
Richard Körber 590b4e975b
[maven-release-plugin] prepare for next development iteration 2023-02-11 16:55:27 +01:00
Richard Körber 9e3a5061c8
[maven-release-plugin] prepare release v2.16 2023-02-11 16:55:27 +01:00
Richard Körber 861b3a1f81
[maven-release-plugin] prepare for next development iteration 2022-11-25 13:24:12 +01:00
Richard Körber 5a984bb49b
[maven-release-plugin] prepare release v2.15 2022-11-25 13:24:12 +01:00
Richard Körber 95fd249d28
Update dependencies 2022-11-03 17:01:16 +01:00
Richard Körber 109731090c
[maven-release-plugin] prepare for next development iteration 2022-06-29 20:07:57 +02:00
Richard Körber d088b30822
[maven-release-plugin] prepare release v2.14 2022-06-29 20:07:57 +02:00
Richard Körber 379f184a41
Add generator for DNS challenge resource name 2022-06-29 20:02:52 +02:00
Richard Körber a25b8c1b8d
Use Assertj instead of Hamcrest 2022-05-14 12:39:27 +02:00
Richard Körber f3c7e8a46c
Upgrade all tests to JUnit 5 2022-05-14 12:24:21 +02:00
Richard Körber edf2018433
[maven-release-plugin] prepare for next development iteration 2022-05-09 17:16:05 +02:00
Richard Körber 768fd68bcc
[maven-release-plugin] prepare release v2.13 2022-05-09 17:16:05 +02:00
Richard Körber 00ee9e4dd5
Use assertThrows instead of try/fail constructs 2022-05-07 11:25:59 +02:00
Richard Körber cf0bfc1390
Prefetch from certificate stream (fixes #127) 
Works around a bug in Conscrypt. The certificate stream is not read
there if InputStream.available() returns 0, which is the case in acme4j
since the stream is directly read from the CA via HTTP.

The workaround uses a BufferedInputStream and prefetches a few bytes
from the HTTP stream if available() is invoked.
 2022-05-07 11:15:16 +02:00
Richard Körber cc8cc841c1
[maven-release-plugin] prepare for next development iteration 2021-07-03 11:19:53 +02:00
Richard Körber 8cb2468060
[maven-release-plugin] prepare release v2.12 2021-07-03 11:19:53 +02:00
Richard Körber 2f2e59fd36
Permit to globally register additional challenge types 2021-07-03 10:04:27 +02:00
Richard Körber a3ed2257b6
Add new method to bind to a specified challenge type 2021-07-03 09:53:09 +02:00
Richard Körber 78dfe248b2
[maven-release-plugin] prepare for next development iteration 2020-11-12 22:40:25 +01:00
Richard Körber bfafb5655a
[maven-release-plugin] prepare release v2.11 2020-11-12 22:40:25 +01:00
Richard Körber 3cf73e9f5c
Add method to get a list of alternate certificates 2020-11-12 22:39:24 +01:00
Richard Körber ae37fe9004
Minor optimizations 2020-10-24 19:42:20 +02:00
Richard Körber 2cff3a5c90
Review all unit tests 
- Replace deprecated org.junit.Assert.assertThat by org.hamcrest.MatcherAssert.assertThat
- Other minor checkstyle fixes
 2020-10-24 18:05:06 +02:00
Richard Körber c5eba760f6
[maven-release-plugin] prepare for next development iteration 2020-08-02 17:13:29 +02:00
Richard Körber 0bc1a004dc
[maven-release-plugin] prepare release v2.10 2020-08-02 17:13:28 +02:00
Richard Körber 8c17ae730c
Checkstyle fixes 2020-08-02 17:06:08 +02:00
Richard Körber 610b9366bd
Add module-info definitions, fix related issues 2020-06-02 14:08:20 +02:00
Richard Körber b32f03b23a
Replace JSR305 null-safe annotations by SpotBugs annotations 
Reason is that JSR305 annotations cannot be used in a modular environment due to split package issues.
 2020-06-02 14:08:20 +02:00
Richard Körber 6dec97d8a4
Evaluate HTTP caching headers for directory resource 
Until now, acme4j has cached the directory for 1 hour. This could lead to errors if the directory was changed, or the server was down for maintenance. Now acme4j caches the directory resource according to the HTTP Expires or Modified-Since headers.
 2020-05-24 11:05:07 +02:00
Richard Körber 1eb3965ac0
Verbose exception when getOrders is not supported by the server 2020-04-30 19:35:37 +02:00
Richard Körber 355a00b293
[maven-release-plugin] prepare for next development iteration 2020-03-22 22:24:55 +01:00
Richard Körber 75a9b8a2ea
[maven-release-plugin] prepare release v2.9 2020-03-22 22:24:55 +01:00
Richard Körber 908da9697d
tls-alpn-01 and IP identifier extension got RFC numbers 2020-03-06 00:32:45 +01:00
Richard Körber 9d62cb6a55
Support acme-star-09 draft, change API and documentation 2020-01-23 23:26:48 +01:00
Richard Körber 5647d0c319
[maven-release-plugin] prepare for next development iteration 2019-12-07 16:21:26 +01:00
Richard Körber 85a4091ab7
[maven-release-plugin] prepare release v2.8 2019-12-07 16:21:25 +01:00
Richard Körber 925a116a38
Migrate docs to mkdocs 2019-12-07 14:27:33 +01:00
Richard Körber 8aa7e4ad8e
Throw AcmeLazyLoadingException on bindChallenge 2019-10-30 22:32:04 +01:00
Richard Körber e7c2bf25f5
Add a way to change network timeouts 2019-10-30 22:31:21 +01:00
Richard Körber 2215bfe83d
Expect JSON results to be always present 
This saves an unnecessary and annoying null dereference check.
 2019-10-27 14:47:23 +01:00
Anders Mikkelsen 0b1e512a57 implemented bindChallenge 2019-10-27 13:47:49 +01:00
Richard Körber 0343a81a9f
Add a mock framework 2019-06-20 14:41:50 +02:00
Richard Körber 210b2aa453
Return external account binding key identifier 2019-04-28 17:34:30 +02:00