Workaround for ssl.com metadata bug

ssl.com requires EAB for account creation, but the metadata's "externalAccountRequired" property gives "false", indicating that no EAB is used. This fix patches the read directory's metadata if the ssl.com provider is used.
2025-12-13 11:14:02 +08:00 · 2024-02-26 18:22:07 +01:00
parent 081e53f137
commit 908e11b152
4 changed files with 48 additions and 5 deletions
--- a/acme4j-it/src/test/java/org/shredzone/acme4j/it/ProviderIT.java
+++ b/acme4j-it/src/test/java/org/shredzone/acme4j/it/ProviderIT.java
@@ -74,26 +74,33 @@ public class ProviderIT {
        var sessionEcc = new Session("acme://ssl.com/ecc");
        assertThat(sessionEcc.getMetadata().getWebsite()).hasValue(new URL("https://www.ssl.com"));
        assertThatNoException().isThrownBy(() -> sessionEcc.resourceUrl(Resource.NEW_ACCOUNT));
-        assertThat(sessionEcc.getMetadata().isExternalAccountRequired()).isFalse();
+        assertThat(sessionEcc.getMetadata().isExternalAccountRequired()).isTrue();
        assertThat(sessionEcc.getMetadata().isAutoRenewalEnabled()).isFalse();

        var sessionRsa = new Session("acme://ssl.com/rsa");
        assertThat(sessionRsa.getMetadata().getWebsite()).hasValue(new URL("https://www.ssl.com"));
        assertThatNoException().isThrownBy(() -> sessionRsa.resourceUrl(Resource.NEW_ACCOUNT));
-        assertThat(sessionRsa.getMetadata().isExternalAccountRequired()).isFalse();
+        assertThat(sessionRsa.getMetadata().isExternalAccountRequired()).isTrue();
        assertThat(sessionRsa.getMetadata().isAutoRenewalEnabled()).isFalse();

        var sessionEccStage = new Session("acme://ssl.com/staging/ecc");
        assertThat(sessionEccStage.getMetadata().getWebsite()).hasValue(new URL("https://www.ssl.com"));
        assertThatNoException().isThrownBy(() -> sessionEccStage.resourceUrl(Resource.NEW_ACCOUNT));
-        assertThat(sessionEccStage.getMetadata().isExternalAccountRequired()).isFalse();
+        assertThat(sessionEccStage.getMetadata().isExternalAccountRequired()).isTrue();
        assertThat(sessionEccStage.getMetadata().isAutoRenewalEnabled()).isFalse();

        var sessionRsaStage = new Session("acme://ssl.com/staging/rsa");
        assertThat(sessionRsaStage.getMetadata().getWebsite()).hasValue(new URL("https://www.ssl.com"));
        assertThatNoException().isThrownBy(() -> sessionRsaStage.resourceUrl(Resource.NEW_ACCOUNT));
-        assertThat(sessionRsaStage.getMetadata().isExternalAccountRequired()).isFalse();
+        assertThat(sessionRsaStage.getMetadata().isExternalAccountRequired()).isTrue();
        assertThat(sessionRsaStage.getMetadata().isAutoRenewalEnabled()).isFalse();
+
+        // If these tests fail, the metadata have been fixed on server side. Then remove
+        // the patch at ZeroSSLAcmeProvider, and update the documentation.
+        var sessionEABCheck = new Session("https://acme.ssl.com/sslcom-dv-ecc");
+        assertThat(sessionEABCheck.getMetadata().isExternalAccountRequired()).isFalse();
+        var sessionEABCheckStage = new Session("https://acme-try.ssl.com/sslcom-dv-ecc");
+        assertThat(sessionEABCheckStage.getMetadata().isExternalAccountRequired()).isFalse();
    }

    /**