From 47555b915cec55ee848afff3375f800746c9e033 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Richard=20K=C3=B6rber?= <github@shredzone.org>
Date: Tue, 7 Oct 2025 14:19:21 +0200
Subject: [PATCH] Remove Buypass provider

Reason: Buypass terminates its ACME service
---
 README.md                                     |  2 +-
 acme4j-client/src/main/java/module-info.java  |  1 -
 .../provider/buypass/BuypassAcmeProvider.java | 63 ------------------
 .../acme4j/provider/buypass/package-info.java | 29 ---------
 ...org.shredzone.acme4j.provider.AcmeProvider |  3 -
 .../buypass/BuypassAcmeProviderTest.java      | 65 -------------------
 .../org/shredzone/acme4j/it/ProviderIT.java   | 20 ------
 src/doc/docs/ca/buypass.md                    | 22 -------
 src/doc/docs/ca/index.md                      |  1 -
 src/doc/docs/index.md                         |  2 +-
 src/doc/docs/migration.md                     |  1 +
 src/doc/mkdocs.yml                            |  1 -
 12 files changed, 3 insertions(+), 207 deletions(-)
 delete mode 100644 acme4j-client/src/main/java/org/shredzone/acme4j/provider/buypass/BuypassAcmeProvider.java
 delete mode 100644 acme4j-client/src/main/java/org/shredzone/acme4j/provider/buypass/package-info.java
 delete mode 100644 acme4j-client/src/test/java/org/shredzone/acme4j/provider/buypass/BuypassAcmeProviderTest.java
 delete mode 100644 src/doc/docs/ca/buypass.md

diff --git a/README.md b/README.md
index 8d245def..7964b46c 100644
--- a/README.md
+++ b/README.md
@@ -20,7 +20,7 @@ This Java client helps to connect to an ACME server, and performing all necessar
 * Supports [draft-ietf-acme-dns-account-label-01](https://datatracker.ietf.org/doc/draft-ietf-acme-dns-account-label/) for DNS labeled with ACME account ID challenges (experimental)
 * Easy to use Java API
 * Requires JRE 17 or higher
-* Supports [Actalis](https://www.actalis.com/), [Buypass](https://buypass.com/), [Google Trust Services](https://pki.goog/), [Let's Encrypt](https://letsencrypt.org/), [SSL.com](https://www.ssl.com/), [ZeroSSL](https://zerossl.com/), and **all other CAs that comply with the ACME protocol (RFC 8555)**. Note that _acme4j_ is an independent project that is not supported or endorsed by any of the CAs.
+* Supports [Actalis](https://www.actalis.com/), [Google Trust Services](https://pki.goog/), [Let's Encrypt](https://letsencrypt.org/), [SSL.com](https://www.ssl.com/), [ZeroSSL](https://zerossl.com/), and **all other CAs that comply with the ACME protocol (RFC 8555)**. Note that _acme4j_ is an independent project that is not supported or endorsed by any of the CAs.
 * Built with maven, packages available at [Maven Central](http://search.maven.org/#search|ga|1|g%3A%22org.shredzone.acme4j%22)
 * Extensive unit and integration tests
 * Adheres to [Semantic Versioning](https://semver.org/)
diff --git a/acme4j-client/src/main/java/module-info.java b/acme4j-client/src/main/java/module-info.java
index 10f228d1..47fb0639 100644
--- a/acme4j-client/src/main/java/module-info.java
+++ b/acme4j-client/src/main/java/module-info.java
@@ -37,7 +37,6 @@ module org.shredzone.acme4j {
     provides org.shredzone.acme4j.provider.AcmeProvider
             with org.shredzone.acme4j.provider.GenericAcmeProvider,
                  org.shredzone.acme4j.provider.actalis.ActalisAcmeProvider,
-                 org.shredzone.acme4j.provider.buypass.BuypassAcmeProvider,
                  org.shredzone.acme4j.provider.google.GoogleAcmeProvider,
                  org.shredzone.acme4j.provider.letsencrypt.LetsEncryptAcmeProvider,
                  org.shredzone.acme4j.provider.pebble.PebbleAcmeProvider,
diff --git a/acme4j-client/src/main/java/org/shredzone/acme4j/provider/buypass/BuypassAcmeProvider.java b/acme4j-client/src/main/java/org/shredzone/acme4j/provider/buypass/BuypassAcmeProvider.java
deleted file mode 100644
index 46002036..00000000
--- a/acme4j-client/src/main/java/org/shredzone/acme4j/provider/buypass/BuypassAcmeProvider.java
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
- * acme4j - Java ACME client
- *
- * Copyright (C) 2024 Richard "Shred" Körber
- *   http://acme4j.shredzone.org
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- */
-package org.shredzone.acme4j.provider.buypass;
-
-import java.net.MalformedURLException;
-import java.net.URI;
-import java.net.URL;
-
-import org.shredzone.acme4j.exception.AcmeProtocolException;
-import org.shredzone.acme4j.provider.AbstractAcmeProvider;
-import org.shredzone.acme4j.provider.AcmeProvider;
-
-/**
- * An {@link AcmeProvider} for the <em>Buypass</em>.
- * <p>
- * The {@code serverUri} is {@code "acme://buypass.com"} for the production server,
- * and {@code "acme://buypass.com/staging"} for the staging server.
- *
- * @see <a href="https://www.buypass.com/products/tls-ssl-certificates/go-ssl">https://www.buypass.com/products/tls-ssl-certificates/go-ssl</a>
- * @since 3.5.0
- */
-public class BuypassAcmeProvider extends AbstractAcmeProvider {
-
-    private static final String PRODUCTION_DIRECTORY_URL = "https://api.buypass.com/acme/directory";
-    private static final String STAGING_DIRECTORY_URL = "https://api.test4.buypass.no/acme/directory";
-
-    @Override
-    public boolean accepts(URI serverUri) {
-        return "acme".equals(serverUri.getScheme())
-                && "buypass.com".equals(serverUri.getHost());
-    }
-
-    @Override
-    public URL resolve(URI serverUri) {
-        var path = serverUri.getPath();
-        String directoryUrl;
-        if (path == null || path.isEmpty() || "/".equals(path)) {
-            directoryUrl = PRODUCTION_DIRECTORY_URL;
-        } else if ("/staging".equals(path)) {
-            directoryUrl = STAGING_DIRECTORY_URL;
-        } else {
-            throw new IllegalArgumentException("Unknown URI " + serverUri);
-        }
-
-        try {
-            return URI.create(directoryUrl).toURL();
-        } catch (MalformedURLException ex) {
-            throw new AcmeProtocolException(directoryUrl, ex);
-        }
-    }
-
-}
diff --git a/acme4j-client/src/main/java/org/shredzone/acme4j/provider/buypass/package-info.java b/acme4j-client/src/main/java/org/shredzone/acme4j/provider/buypass/package-info.java
deleted file mode 100644
index 8a92116a..00000000
--- a/acme4j-client/src/main/java/org/shredzone/acme4j/provider/buypass/package-info.java
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
- * acme4j - Java ACME client
- *
- * Copyright (C) 2024 Richard "Shred" Körber
- *   http://acme4j.shredzone.org
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-/**
- * This package contains the {@link org.shredzone.acme4j.provider.AcmeProvider} for+
- * Buypass.
- *
- * @see <a href="https://www.buypass.com/products/tls-ssl-certificates/go-ssl">https://www.buypass.com/products/tls-ssl-certificates/go-ssl</a>
- */
-@ReturnValuesAreNonnullByDefault
-@DefaultAnnotationForParameters(NonNull.class)
-@DefaultAnnotationForFields(NonNull.class)
-package org.shredzone.acme4j.provider.buypass;
-
-import edu.umd.cs.findbugs.annotations.DefaultAnnotationForFields;
-import edu.umd.cs.findbugs.annotations.DefaultAnnotationForParameters;
-import edu.umd.cs.findbugs.annotations.NonNull;
-import edu.umd.cs.findbugs.annotations.ReturnValuesAreNonnullByDefault;
diff --git a/acme4j-client/src/main/resources/META-INF/services/org.shredzone.acme4j.provider.AcmeProvider b/acme4j-client/src/main/resources/META-INF/services/org.shredzone.acme4j.provider.AcmeProvider
index 48b80b59..0cb444e6 100644
--- a/acme4j-client/src/main/resources/META-INF/services/org.shredzone.acme4j.provider.AcmeProvider
+++ b/acme4j-client/src/main/resources/META-INF/services/org.shredzone.acme4j.provider.AcmeProvider
@@ -2,9 +2,6 @@
 # Actalis: https://www.actalis.com/
 org.shredzone.acme4j.provider.actalis.ActalisAcmeProvider
 
-# Buypass: https://buypass.com/
-org.shredzone.acme4j.provider.buypass.BuypassAcmeProvider
-
 # Google Trust Services: https://pki.goog/
 org.shredzone.acme4j.provider.google.GoogleAcmeProvider
 
diff --git a/acme4j-client/src/test/java/org/shredzone/acme4j/provider/buypass/BuypassAcmeProviderTest.java b/acme4j-client/src/test/java/org/shredzone/acme4j/provider/buypass/BuypassAcmeProviderTest.java
deleted file mode 100644
index 154a2f85..00000000
--- a/acme4j-client/src/test/java/org/shredzone/acme4j/provider/buypass/BuypassAcmeProviderTest.java
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * acme4j - Java ACME client
- *
- * Copyright (C) 2024 Richard "Shred" Körber
- *   http://acme4j.shredzone.org
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- */
-package org.shredzone.acme4j.provider.buypass;
-
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.junit.jupiter.api.Assertions.assertThrows;
-import static org.shredzone.acme4j.toolbox.TestUtils.url;
-
-import java.net.URI;
-import java.net.URISyntaxException;
-
-import org.assertj.core.api.AutoCloseableSoftAssertions;
-import org.junit.jupiter.api.Test;
-
-/**
- * Unit tests for {@link BuypassAcmeProvider}.
- */
-public class BuypassAcmeProviderTest {
-
-    private static final String PRODUCTION_DIRECTORY_URL = "https://api.buypass.com/acme/directory";
-    private static final String STAGING_DIRECTORY_URL = "https://api.test4.buypass.no/acme/directory";
-
-    /**
-     * Tests if the provider accepts the correct URIs.
-     */
-    @Test
-    public void testAccepts() throws URISyntaxException {
-        var provider = new BuypassAcmeProvider();
-
-        try (var softly = new AutoCloseableSoftAssertions()) {
-            softly.assertThat(provider.accepts(new URI("acme://buypass.com"))).isTrue();
-            softly.assertThat(provider.accepts(new URI("acme://buypass.com/"))).isTrue();
-            softly.assertThat(provider.accepts(new URI("acme://buypass.com/staging"))).isTrue();
-            softly.assertThat(provider.accepts(new URI("acme://example.com"))).isFalse();
-            softly.assertThat(provider.accepts(new URI("http://example.com/acme"))).isFalse();
-            softly.assertThat(provider.accepts(new URI("https://example.com/acme"))).isFalse();
-        }
-    }
-
-    /**
-     * Test if acme URIs are properly resolved.
-     */
-    @Test
-    public void testResolve() throws URISyntaxException {
-        var provider = new BuypassAcmeProvider();
-
-        assertThat(provider.resolve(new URI("acme://buypass.com"))).isEqualTo(url(PRODUCTION_DIRECTORY_URL));
-        assertThat(provider.resolve(new URI("acme://buypass.com/"))).isEqualTo(url(PRODUCTION_DIRECTORY_URL));
-        assertThat(provider.resolve(new URI("acme://buypass.com/staging"))).isEqualTo(url(STAGING_DIRECTORY_URL));
-
-        assertThrows(IllegalArgumentException.class, () -> provider.resolve(new URI("acme://buypass.com/v99")));
-    }
-
-}
diff --git a/acme4j-it/src/test/java/org/shredzone/acme4j/it/ProviderIT.java b/acme4j-it/src/test/java/org/shredzone/acme4j/it/ProviderIT.java
index cddabde1..1b14b5e1 100644
--- a/acme4j-it/src/test/java/org/shredzone/acme4j/it/ProviderIT.java
+++ b/acme4j-it/src/test/java/org/shredzone/acme4j/it/ProviderIT.java
@@ -50,26 +50,6 @@ public class ProviderIT {
         assertThat(session.resourceUrlOptional(Resource.RENEWAL_INFO)).isNotEmpty();
     }
 
-    /**
-     * Test Buypass
-     */
-    @Test
-    public void testBuypass() throws AcmeException, MalformedURLException {
-        var session = new Session("acme://buypass.com");
-        assertThat(session.getMetadata().getWebsite()).hasValue(URI.create("https://buypass.com/").toURL());
-        assertThatNoException().isThrownBy(() -> session.resourceUrl(Resource.NEW_ACCOUNT));
-        assertThat(session.getMetadata().isExternalAccountRequired()).isFalse();
-        assertThat(session.getMetadata().isAutoRenewalEnabled()).isFalse();
-        assertThat(session.resourceUrlOptional(Resource.RENEWAL_INFO)).isNotEmpty();
-
-        var sessionStage = new Session("acme://buypass.com/staging");
-        assertThat(sessionStage.getMetadata().getWebsite()).hasValue(URI.create("https://buypass.com/").toURL());
-        assertThatNoException().isThrownBy(() -> sessionStage.resourceUrl(Resource.NEW_ACCOUNT));
-        assertThat(sessionStage.getMetadata().isExternalAccountRequired()).isFalse();
-        assertThat(sessionStage.getMetadata().isAutoRenewalEnabled()).isFalse();
-        assertThat(sessionStage.resourceUrlOptional(Resource.RENEWAL_INFO)).isNotEmpty();
-    }
-
     /**
      * Test Google CA
      */
diff --git a/src/doc/docs/ca/buypass.md b/src/doc/docs/ca/buypass.md
deleted file mode 100644
index 730a4814..00000000
--- a/src/doc/docs/ca/buypass.md
+++ /dev/null
@@ -1,22 +0,0 @@
-# Buypass
-
-Website: [Buypass](https://buypass.com/)
-
-Available since acme4j 3.5.0
-
-## Connection URIs
-
-* `acme://buypass.com` - Production server
-* `acme://buypass.com/staging` - Staging server
-
-## Note
-
-At the time of writing (September 2024), Buypass does not support the `secp384r1` ECDSA key that is generated in the [acme4j example](../example.md). You can fix this by using an RSA key, e.g.:
-
-```java
-private static Supplier<KeyPair> ACCOUNT_KEY_SUPPLIER = () -> KeyPairUtils.createKeyPair(4096);
-```
-
-## Disclaimer
-
-_acme4j_ is not officially supported or endorsed by Buypass. If you have _acme4j_ related issues, please do not ask them for support, but [open an issue here](https://codeberg.org/shred/acme4j/issues).
diff --git a/src/doc/docs/ca/index.md b/src/doc/docs/ca/index.md
index 373aa22c..d06b60d5 100644
--- a/src/doc/docs/ca/index.md
+++ b/src/doc/docs/ca/index.md
@@ -10,7 +10,6 @@ _acme4j_ should support any CA that is providing an ACME server.
 The _acme4j_ package contains these providers (in alphabetical order):
 
 * [Actalis](actalis.md)
-* [Buypass](buypass.md)
 * [Google](google.md)
 * [Let's Encrypt](letsencrypt.md)
 * [Pebble](pebble.md)
diff --git a/src/doc/docs/index.md b/src/doc/docs/index.md
index 3fd99027..244c43ee 100644
--- a/src/doc/docs/index.md
+++ b/src/doc/docs/index.md
@@ -24,7 +24,7 @@ Latest version: ![maven central](https://shredzone.org/maven-central/org.shredzo
 * Supports [draft-ietf-acme-dns-account-label-01](https://datatracker.ietf.org/doc/draft-ietf-acme-dns-account-label/) for DNS labeled with ACME account ID challenges (experimental)
 * Easy to use Java API
 * Requires JRE 17 or higher
-* Supports [Actalis](https://www.actalis.com/), [Buypass](https://buypass.com/), [Google Trust Services](https://pki.goog/), [Let's Encrypt](https://letsencrypt.org/), [SSL.com](https://www.ssl.com/), [ZeroSSL](https://zerossl.com/), and **all other CAs that comply with the ACME protocol (RFC 8555)**. Note that _acme4j_ is an independent project that is not supported or endorsed by any of the CAs.
+* Supports [Actalis](https://www.actalis.com/), [Google Trust Services](https://pki.goog/), [Let's Encrypt](https://letsencrypt.org/), [SSL.com](https://www.ssl.com/), [ZeroSSL](https://zerossl.com/), and **all other CAs that comply with the ACME protocol (RFC 8555)**. Note that _acme4j_ is an independent project that is not supported or endorsed by any of the CAs.
 * Built with maven, packages available at [Maven Central](http://search.maven.org/#search|ga|1|g%3A%22org.shredzone.acme4j%22)
 * Extensive unit and integration tests
 * Adheres to [Semantic Versioning](https://semver.org/)
diff --git a/src/doc/docs/migration.md b/src/doc/docs/migration.md
index ead39ae9..770b1640 100644
--- a/src/doc/docs/migration.md
+++ b/src/doc/docs/migration.md
@@ -8,6 +8,7 @@ This document will help you migrate your code to the latest _acme4j_ version.
 - _acme4j_ requires JRE 17 or higher now.
 - In order to keep the API consistent, the static method `Dns01Challenge.toRRName()` is replaced with a class method `Dns01Challenge.getRRName()`. So all you have to do is to invoke `challenge.getRRName()` instead of `Dns01Challenge.toRRName()`.
 - Default network timeout has been increased from 10 seconds to 30 seconds. If you require short timeouts, you can change the duration in the [network settings](usage/advanced.md#network-settings).
+- [**Buypass terminates the issuance of GoSSL certificates.**](https://community.buypass.com/t/y4y130p) Starting October 15, 2025, no new certificates will be issued. On April 15, 2026, their ACME services will be terminated. For this reason, Buypass support has been completely removed from _acme4j_. **If you require _acme4j_ for Buypass services (e.g. for revocation), do not update to this version before April 15, 2026.**
 
 ## Migration to Version 3.5.0
 
diff --git a/src/doc/mkdocs.yml b/src/doc/mkdocs.yml
index c7bc7271..b67e77ee 100644
--- a/src/doc/mkdocs.yml
+++ b/src/doc/mkdocs.yml
@@ -45,7 +45,6 @@ nav:
   - CA:
     - 'ca/index.md'
     - 'ca/actalis.md'
-    - 'ca/buypass.md'
     - 'ca/google.md'
     - 'ca/letsencrypt.md'
     - 'ca/pebble.md'