With this change, it is not stricly required anymore to create the CSR
oneself. The Order class contains all information to generate a basic
CSR itself.
The separation of acme4j-client and acme4j-utils was a design decision
that should avoid BouncyCastle to be a hard dependency of acme4j-client.
Anyhow acme4j is not really usable without BouncyCastle, so acme4j-utils
is used in almost all projects anyway.
This merge allows to extend the client API with some nice methods that
will make it easier to use.
Before this patch, Order generated and bound new Authorization and
Certificate objects everytime the respective getters were invoked. Each
of these instances keeps a separate copy of the server state, which causes
unnecessary traffic.
With this patch, the list of Authorizations and the Certificates are now
loaded lazily and kept in a cache, so the same instance is returned
everytime the getter is invoked.
Similar to getCertificate(), getAutoRenewalCertificate() would only
return an empty optional if the order state is not valid. To keep the
API simple, getAutoRenewalCertificate() now always returns a non-null
certificate, and throws an exception otherwise.
While reviewing the code, it turned out that the invoker of
getLocation() always expected to find a location header. To keep the API
simple, getLocation() now always returns the non-null Location header.
If the header is not present, an AcmeProtocolException is now thrown
instead.
- Some Optional return values could only be empty if a method was
invoked although the server did not support that feature. In order to
keep the API simple, a newly introduced AcmeNotSupportedException is
now thrown in that case, so these methods will immediately return a
non-null value. There is always a method to check if a feature is
available or not, so the invoker can check in advance and does not
need to actively handle that exception.
- Some other places that previously threw an exception because of
missing features, are now also throwing AcmeNotSupportedException for
consistency.
getCertificate() would only return Optional.empty() if it was invoked
before the order was finalized. In order to keep the API simple, that
state will now throw an IllegalStateException, and getCertificate()
directly returns a non-null Certificate now.
Before this patch, it was only the language tag of the selected Locale.
Now it also offers the language itself (without the country) and any
other available language as fallback. It is also possible to set the
locale to null, which will accept any language.
- Fully support S/MIME header protection
- Validation of signature using cacerts, certificates or other
trust stores
- Improved checks of protected headers
Still missing:
- Unit tests
- EmailProcessor supporting all new features
