Update to draft-ietf-acme-ari-05

2025-12-13 11:14:02 +08:00 · 2024-08-24 12:19:13 +02:00
parent afa60ae76f
commit 0ccd68c09a
8 changed files with 102 additions and 8 deletions
--- a/acme4j-client/src/main/java/org/shredzone/acme4j/OrderBuilder.java
+++ b/acme4j-client/src/main/java/org/shredzone/acme4j/OrderBuilder.java
@@ -343,6 +343,10 @@ public class OrderBuilder {
            throw new AcmeNotSupportedException("auto-renewal");
        }

+        if (replaces != null && session.resourceUrlOptional(Resource.RENEWAL_INFO).isEmpty()) {
+            throw new AcmeNotSupportedException("renewal-information");
+        }
+
        var hasAncestorDomain = identifierSet.stream()
                .filter(id -> Identifier.TYPE_DNS.equals(id.getType()))
                .anyMatch(id -> id.toMap().containsKey(Identifier.KEY_ANCESTOR_DOMAIN));
--- a/acme4j-client/src/test/java/org/shredzone/acme4j/OrderBuilderTest.java
+++ b/acme4j-client/src/test/java/org/shredzone/acme4j/OrderBuilderTest.java
@@ -14,8 +14,7 @@
 package org.shredzone.acme4j;

 import static net.javacrumbs.jsonunit.assertj.JsonAssertions.assertThatJson;
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.assertj.core.api.Assertions.*;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.shredzone.acme4j.toolbox.AcmeUtils.parseTimestamp;
 import static org.shredzone.acme4j.toolbox.TestUtils.getJSON;
@@ -169,7 +168,6 @@ public class OrderBuilderTest {
                        .autoRenewalLifetime(validity)
                        .autoRenewalLifetimeAdjust(predate)
                        .autoRenewalEnableGet()
-                        .replaces("aYhba4dGQEHhs3uEe6CuLN4ByNQ.AIdlQyE")
                        .create();

        try (var softly = new AutoCloseableSoftAssertions()) {
@@ -335,4 +333,73 @@ public class OrderBuilderTest {
        provider.close();
    }

+    /**
+     * Test that the ARI replaces field is set.
+     */
+    @Test
+    public void testARIReplaces() throws Exception {
+        var provider = new TestableConnectionProvider() {
+            @Override
+            public int sendSignedRequest(URL url, JSONBuilder claims, Login login) {
+                assertThat(url).isEqualTo(resourceUrl);
+                assertThatJson(claims.toString()).isEqualTo(getJSON("requestReplacesRequest").toString());
+                assertThat(login).isNotNull();
+                return HttpURLConnection.HTTP_CREATED;
+            }
+
+            @Override
+            public JSON readJsonResponse() {
+                return getJSON("requestReplacesResponse");
+            }
+
+            @Override
+            public URL getLocation() {
+                return locationUrl;
+            }
+        };
+
+        var login = provider.createLogin();
+
+        provider.putTestResource(Resource.NEW_ORDER, resourceUrl);
+        provider.putTestResource(Resource.RENEWAL_INFO, resourceUrl);
+
+        var account = new Account(login);
+        account.newOrder()
+                .domain("example.org")
+                .replaces("aYhba4dGQEHhs3uEe6CuLN4ByNQ.AIdlQyE")
+                .create();
+
+        provider.close();
+    }
+
+    /**
+     * Test that exception is thrown if the ARI replaces field is set but ARI is not
+     * supported.
+     */
+    @Test
+    public void testARIReplaceFails() throws Exception {
+        var provider = new TestableConnectionProvider() {
+            @Override
+            public int sendSignedRequest(URL url, JSONBuilder claims, Login login) {
+                fail("Request was sent");
+                return HttpURLConnection.HTTP_FORBIDDEN;
+            }
+        };
+
+        var login = provider.createLogin();
+
+        provider.putTestResource(Resource.NEW_ORDER, resourceUrl);
+
+        var account = new Account(login);
+        assertThatExceptionOfType(AcmeNotSupportedException.class).isThrownBy(() -> {
+                    account.newOrder()
+                            .domain("example.org")
+                            .replaces("aYhba4dGQEHhs3uEe6CuLN4ByNQ.AIdlQyE")
+                            .create();
+                })
+                .withMessage("Server does not support renewal-information");
+
+        provider.close();
+    }
+
 }
--- a/acme4j-client/src/test/resources/json/requestAutoRenewOrderRequest.json
+++ b/acme4j-client/src/test/resources/json/requestAutoRenewOrderRequest.json
@@ -11,6 +11,5 @@
    "lifetime": 604800,
    "lifetime-adjust": 518400,
    "allow-certificate-get": true
-  },
-  "replaces": "aYhba4dGQEHhs3uEe6CuLN4ByNQ.AIdlQyE"
+  }
 }
--- a/acme4j-client/src/test/resources/json/requestReplacesRequest.json
+++ b/acme4j-client/src/test/resources/json/requestReplacesRequest.json
@@ -0,0 +1,9 @@
+{
+  "identifiers": [
+    {
+      "type": "dns",
+      "value": "example.org"
+    }
+  ],
+  "replaces": "aYhba4dGQEHhs3uEe6CuLN4ByNQ.AIdlQyE"
+}
--- a/acme4j-client/src/test/resources/json/requestReplacesResponse.json
+++ b/acme4j-client/src/test/resources/json/requestReplacesResponse.json
@@ -0,0 +1,15 @@
+{
+  "status": "pending",
+  "expires": "2016-01-10T00:00:00Z",
+  "identifiers": [
+    {
+      "type": "dns",
+      "value": "example.org"
+    }
+  ],
+  "authorizations": [
+    "https://example.com/acme/authz/1234",
+    "https://example.com/acme/authz/2345"
+  ],
+  "finalize": "https://example.com/acme/acct/1/order/1/finalize"
+}