github
/
acme4j
mirror of https://github.com/shred/acme4j
1
0
Fork 0
Code Issues Releases Wiki Activity
888 Commits
4 Branches
43 Tags
3.9 MiB
Commit Graph

888 Commits (1dc3c7ad64d453a8ed2002aff9cb982db8f36de1)

Author SHA1 Message Date
Richard Körber a718d82db2
Next version is 3.3.0 2024-05-15 16:01:52 +02:00
Richard Körber 5b14d15854
Discontinue version 2 2024-05-15 15:58:28 +02:00
Richard Körber 6d5da63b8e
Handle HTTP errors when fetching a nonce 
The nonce is fetched via HEAD request. Before this fix, if there was a
HTTP error, acme4j expected a Problem JSON body, which was not send
because of the HEAD request, and lead to an AcmeProtocolException.

Now either an AcmeException or AcmeRetryAfterException is thrown.
 2024-05-15 15:39:56 +02:00
Richard Körber aeff12088f
Update spotbugs and related new warnings (fixes #157) 2024-05-10 16:07:41 +02:00
Richard Körber 57ec36054a
Use latest Pebble docker image for integration tests 
- Updated to the latest pebble and challtestsrv images
- Could not use the docker images as intended, because I found no way to
  let the docker-maven-plugin setup a network with fixed IP addresses.
  The original images are based on scratch, so getent is not present
  there. The only fix was to build own images based on alpine, and copy
  the apps from the original images. Ugly, but working.
- Fixed broken integration tests
- Fixed an old bug: DNS records were removed with two trailing full
  stops.
 2024-03-19 22:16:35 +01:00
Richard Körber 4f36055be5
Update wiremock dependency 2024-03-19 21:52:38 +01:00
Richard Körber 773cacde4f
Add subdomain validation support (RFC 9444) 2024-03-15 17:18:01 +01:00
Richard Körber b5a7e00ac3
Use example IPs according to RFC3849/RFC5737 2024-03-13 20:27:12 +01:00
Richard Körber 97a6708db3
[maven-release-plugin] prepare for next development iteration 2024-03-11 17:28:06 +01:00
Richard Körber 565eab9fa4
[maven-release-plugin] prepare release v3.2.1 2024-03-11 17:28:06 +01:00
Richard Körber e97ced5e45
Dependency updates 2024-03-11 17:26:16 +01:00
Richard Körber 511954171d
Use en locale for uppercase/lowercase (fixes #156) 2024-03-09 16:14:20 +01:00
Richard Körber bbc057b81f
Align unit test names 2024-02-29 17:06:18 +01:00
Richard Körber 65e6e28bff
[maven-release-plugin] prepare for next development iteration 2024-02-28 18:02:55 +01:00
Richard Körber c16d1a45cc
[maven-release-plugin] prepare release v3.2.0 2024-02-28 18:02:55 +01:00
Richard Körber fdbd82e887
Minor documentation fixes 2024-02-28 18:00:02 +01:00
Richard Körber d40e30ab56
Revert json-unit-assertj update 
Reason: The new version would require JDK 17 for building
 2024-02-26 20:04:30 +01:00
Richard Körber d57f4abb60
Update dependencies 2024-02-26 18:45:39 +01:00
Richard Körber f9d479a8f7
Simplify handling of Retry-After header 2024-02-26 18:26:45 +01:00
Richard Körber 908e11b152
Workaround for ssl.com metadata bug 
ssl.com requires EAB for account creation, but the metadata's
"externalAccountRequired" property gives "false", indicating that no EAB
is used.

This fix patches the read directory's metadata if the ssl.com provider
is used.
 2024-02-26 18:26:45 +01:00
Richard Körber 081e53f137
SSL.com: Add support for ECC and RSA mode 2024-02-26 18:26:45 +01:00
Richard Körber 98ef2b8466
Give instance URL if user action is required 2024-02-26 18:26:45 +01:00
Richard Körber 73c71be754
Documentation review 2024-02-26 18:26:45 +01:00
Richard Körber f2ae26b822
Make the example universal and CA neutral 
I like to avoid having different examples for different CAs or
scenarios, as it takes unnecessary time to keep them in sync and
updated.

For this reason, I merged both examples back in a single example again,
which now also handles EAB if necessary.

I also used a generic example CA (example.org) so no CA is favored in
the source code. The desired connection URI must now be configured
first, in order to make the example run.

The documentation was updated accordingly. Rationale is that I don't
want the documentation to be cluttered with all possible CAs, so none of
them is favored now.
 2024-02-26 18:26:45 +01:00
Richard Körber 7c17645212
Add missing ssl.com unit tests 2024-02-26 18:26:45 +01:00
Richard Körber c0b74bfc59
Add integration tests for the CA providers 
These tests will fail if the directory URLs are changed, or if a
relevant part of the directory changes. If one of the tests should fail,
acme4j will need to be updated to the new directory URL or structure.
 2024-02-26 18:26:45 +01:00
Richard Körber 60342c435f
Add ZeroSSL provider 
As ZeroSSL makes use of the Retry-After header, the example
implementation has also been changed accordingly.
 2024-02-26 18:26:45 +01:00
Dang Thanh 7118a454b2
Update acme4j-example/src/main/java/org/shredzone/acme4j/example/SSLClientWithEabTest.java 
Co-authored-by: George Fergadis <55407250+fergadis@users.noreply.github.com>
 2024-02-26 18:06:14 +01:00
Nguyen Dang Thanh 3a8a905d87
supports SSLCom acme server 2024-02-26 18:06:14 +01:00
George Fergadis 9c6eb5e610 Add SSL.com provider 2024-02-20 16:22:39 +01:00
Richard Körber 48c32f612d
Upgrade to draft-ietf-acme-ari-03 2024-02-19 07:44:40 +01:00
Richard Körber 6a4770c23a
Get unique identifier according to draft-ietf-acme-ari-03 2024-02-18 16:16:29 +01:00
Richard Körber edb7ec83b6
Generic ACME URIs forward query parameters (#152) 2024-02-06 18:20:44 +01:00
Richard Körber 216d30b600
Minor JavaDoc change 2023-11-24 11:56:12 +01:00
Richard Körber 67a90df47f
Do not set two CNs 2023-11-24 11:38:29 +01:00
Richard Körber 50a74251e0
setCommonName() sets CN only 2023-11-24 11:18:45 +01:00
Matthew McPherrin 278f9bd57b Test value changes 
These are genuine functionality changes, and may represent unexpected
impact.  Having two CNs doesn't seem right, but that case is tested so
I'm leaving that here for discussion's sake.

The other test case doesn't have a CN anymore, as expected
 2023-11-24 11:05:27 +01:00
Matthew McPherrin beb1d53dc0 Make setCommonName go through the addValue path 
This ensures the CN is present as a SAN
 2023-11-24 11:05:27 +01:00
Matthew McPherrin 78ccae6bc9 SubjectAlternativeName should be critical for empty subject 
Required by Java as well as the Baseline Requirements, RFC5280, etc.

If the subject field of the certificate is an empty SEQUENCE, this
extension MUST be marked critical, as specified in RFC 5280, Section
4.2.1.6. Otherwise, this extension MUST NOT be marked critical.
 2023-11-24 11:05:27 +01:00
Matthew McPherrin 1cf53b6cf4 Make the Common Name optional in CSRs 
This change doesn't set it by default when adding domains, and adds a
method to explicitly set it if desired.
 2023-11-24 11:05:27 +01:00
Richard Körber e26f8fc572
Add question to FAQ 2023-11-24 11:02:49 +01:00
Richard Körber f9b3242f4c
Improve documentation 
- Rearranged all chapters. It makes content easier to find, as it is not
  buried in unrelated information now.
- Reviewed the content.
- Fixed broken links.
- Added documentation about Renewal Information and Exceptions
 2023-11-24 11:00:29 +01:00
Richard Körber e3cc271cd8
Fix unit tests 2023-11-19 21:33:21 +01:00
Richard Körber f428f1be9c
[maven-release-plugin] prepare for next development iteration 2023-11-15 07:06:11 +01:00
Richard Körber 86c2647ff0
[maven-release-plugin] prepare release v3.1.1 2023-11-15 07:06:11 +01:00
Richard Körber be7e9a690a
Update dependencies 2023-11-15 07:04:52 +01:00
Richard Körber a9bfc8b46e
[maven-release-plugin] prepare for next development iteration 2023-10-11 07:20:24 +02:00
Richard Körber 04fe10c55b
[maven-release-plugin] prepare release v3.1.0 2023-10-11 07:20:24 +02:00
Richard Körber e041decf48
Mark ARI related methods as draft 2023-10-11 07:17:59 +02:00
Richard Körber 78d73d96aa
Update dependencies 2023-10-11 07:15:42 +02:00