Add Buypass provider

acme4j-client/src/main/java/org/shredzone/acme4j/provider/buypass/BuypassAcmeProvider.java

@@ -0,0 +1,63 @@
+/*
+ * acme4j - Java ACME client
+ *
+ * Copyright (C) 2024 Richard "Shred" Körber
+ *   http://acme4j.shredzone.org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ */
+package org.shredzone.acme4j.provider.buypass;
+
+import java.net.MalformedURLException;
+import java.net.URI;
+import java.net.URL;
+
+import org.shredzone.acme4j.exception.AcmeProtocolException;
+import org.shredzone.acme4j.provider.AbstractAcmeProvider;
+import org.shredzone.acme4j.provider.AcmeProvider;
+
+/**
+ * An {@link AcmeProvider} for the <em>Buypass</em>.
+ * <p>
+ * The {@code serverUri} is {@code "acme://buypass.com"} for the production server,
+ * and {@code "acme://buypass.com/staging"} for the staging server.
+ *
+ * @see <a href="https://www.buypass.com/products/tls-ssl-certificates/go-ssl">https://www.buypass.com/products/tls-ssl-certificates/go-ssl</a>
+ * @since 3.5.0
+ */
+public class BuypassAcmeProvider extends AbstractAcmeProvider {
+
+    private static final String PRODUCTION_DIRECTORY_URL = "https://api.buypass.com/acme/directory";
+    private static final String STAGING_DIRECTORY_URL = "https://api.test4.buypass.no/acme/directory";
+
+    @Override
+    public boolean accepts(URI serverUri) {
+        return "acme".equals(serverUri.getScheme())
+                && "buypass.com".equals(serverUri.getHost());
+    }
+
+    @Override
+    public URL resolve(URI serverUri) {
+        var path = serverUri.getPath();
+        String directoryUrl;
+        if (path == null || path.isEmpty() || "/".equals(path)) {
+            directoryUrl = PRODUCTION_DIRECTORY_URL;
+        } else if ("/staging".equals(path)) {
+            directoryUrl = STAGING_DIRECTORY_URL;
+        } else {
+            throw new IllegalArgumentException("Unknown URI " + serverUri);
+        }
+
+        try {
+            return new URL(directoryUrl);
+        } catch (MalformedURLException ex) {
+            throw new AcmeProtocolException(directoryUrl, ex);
+        }
+    }
+
+}

acme4j-client/src/main/java/org/shredzone/acme4j/provider/buypass/package-info.java

@@ -0,0 +1,29 @@
+/*
+ * acme4j - Java ACME client
+ *
+ * Copyright (C) 2024 Richard "Shred" Körber
+ *   http://acme4j.shredzone.org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+/**
+ * This package contains the {@link org.shredzone.acme4j.provider.AcmeProvider} for+
+ * Buypass.
+ *
+ * @see <a href="https://www.buypass.com/products/tls-ssl-certificates/go-ssl">https://www.buypass.com/products/tls-ssl-certificates/go-ssl</a>
+ */
+@ReturnValuesAreNonnullByDefault
+@DefaultAnnotationForParameters(NonNull.class)
+@DefaultAnnotationForFields(NonNull.class)
+package org.shredzone.acme4j.provider.buypass;
+
+import edu.umd.cs.findbugs.annotations.DefaultAnnotationForFields;
+import edu.umd.cs.findbugs.annotations.DefaultAnnotationForParameters;
+import edu.umd.cs.findbugs.annotations.NonNull;
+import edu.umd.cs.findbugs.annotations.ReturnValuesAreNonnullByDefault;

acme4j-client/src/main/resources/META-INF/services/org.shredzone.acme4j.provider.AcmeProvider

@@ -1,4 +1,7 @@
 
+#  Buypass: https://buypass.com/
+org.shredzone.acme4j.provider.buypass.BuypassAcmeProvider
+
 #  Google Trust Services: https://pki.goog/
 org.shredzone.acme4j.provider.google.GoogleAcmeProvider
 

acme4j-client/src/test/java/org/shredzone/acme4j/provider/buypass/BuypassAcmeProviderTest.java

@@ -0,0 +1,65 @@
+/*
+ * acme4j - Java ACME client
+ *
+ * Copyright (C) 2024 Richard "Shred" Körber
+ *   http://acme4j.shredzone.org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ */
+package org.shredzone.acme4j.provider.buypass;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.shredzone.acme4j.toolbox.TestUtils.url;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+
+import org.assertj.core.api.AutoCloseableSoftAssertions;
+import org.junit.jupiter.api.Test;
+
+/**
+ * Unit tests for {@link BuypassAcmeProvider}.
+ */
+public class BuypassAcmeProviderTest {
+
+    private static final String PRODUCTION_DIRECTORY_URL = "https://api.buypass.com/acme/directory";
+    private static final String STAGING_DIRECTORY_URL = "https://api.test4.buypass.no/acme/directory";
+
+    /**
+     * Tests if the provider accepts the correct URIs.
+     */
+    @Test
+    public void testAccepts() throws URISyntaxException {
+        var provider = new BuypassAcmeProvider();
+
+        try (var softly = new AutoCloseableSoftAssertions()) {
+            softly.assertThat(provider.accepts(new URI("acme://buypass.com"))).isTrue();
+            softly.assertThat(provider.accepts(new URI("acme://buypass.com/"))).isTrue();
+            softly.assertThat(provider.accepts(new URI("acme://buypass.com/staging"))).isTrue();
+            softly.assertThat(provider.accepts(new URI("acme://example.com"))).isFalse();
+            softly.assertThat(provider.accepts(new URI("http://example.com/acme"))).isFalse();
+            softly.assertThat(provider.accepts(new URI("https://example.com/acme"))).isFalse();
+        }
+    }
+
+    /**
+     * Test if acme URIs are properly resolved.
+     */
+    @Test
+    public void testResolve() throws URISyntaxException {
+        var provider = new BuypassAcmeProvider();
+
+        assertThat(provider.resolve(new URI("acme://buypass.com"))).isEqualTo(url(PRODUCTION_DIRECTORY_URL));
+        assertThat(provider.resolve(new URI("acme://buypass.com/"))).isEqualTo(url(PRODUCTION_DIRECTORY_URL));
+        assertThat(provider.resolve(new URI("acme://buypass.com/staging"))).isEqualTo(url(STAGING_DIRECTORY_URL));
+
+        assertThrows(IllegalArgumentException.class, () -> provider.resolve(new URI("acme://buypass.com/v99")));
+    }
+
+}

acme4j-it/src/test/java/org/shredzone/acme4j/it/ProviderIT.java

@@ -37,6 +37,26 @@
  */
 public class ProviderIT {
 
+    /**
+     * Test Buypass
+     */
+    @Test
+    public void testBuypass() throws AcmeException, MalformedURLException {
+        var session = new Session("acme://buypass.com");
+        assertThat(session.getMetadata().getWebsite()).hasValue(new URL("https://buypass.com/"));
+        assertThatNoException().isThrownBy(() -> session.resourceUrl(Resource.NEW_ACCOUNT));
+        assertThat(session.getMetadata().isExternalAccountRequired()).isFalse();
+        assertThat(session.getMetadata().isAutoRenewalEnabled()).isFalse();
+        assertThat(session.resourceUrlOptional(Resource.RENEWAL_INFO)).isNotEmpty();
+
+        var sessionStage = new Session("acme://buypass.com/staging");
+        assertThat(sessionStage.getMetadata().getWebsite()).hasValue(new URL("https://buypass.com/"));
+        assertThatNoException().isThrownBy(() -> sessionStage.resourceUrl(Resource.NEW_ACCOUNT));
+        assertThat(sessionStage.getMetadata().isExternalAccountRequired()).isFalse();
+        assertThat(sessionStage.getMetadata().isAutoRenewalEnabled()).isFalse();
+        assertThat(sessionStage.resourceUrlOptional(Resource.RENEWAL_INFO)).isNotEmpty();
+    }
+
     /**
      * Test Google CA
      */

src/doc/docs/ca/buypass.md

@@ -0,0 +1,22 @@
+# Buypass
+
+Web site: [Buypass](https://buypass.com/)
+
+Available since acme4j 3.5.0
+
+## Connection URIs
+
+* `acme://buypass.com` - Production server
+* `acme://buypass.com/staging` - Staging server
+
+## Note
+
+At the time of writing (September 2024), Buypass does not support the `secp384r1` ECDSA key that is generated in the [acme4j example](../example.md). You can fix this by using an RSA key, e.g.:
+
+```java
+private static Supplier<KeyPair> ACCOUNT_KEY_SUPPLIER = () -> KeyPairUtils.createKeyPair(4096);
+```
+
+## Disclaimer
+
+_acme4j_ is not officially supported or endorsed by Buypass. If you have _acme4j_ related issues, please do not ask them for support, but [open an issue here](https://github.com/shred/acme4j/issues).

src/doc/docs/ca/index.md

@@ -4,8 +4,12 @@ _acme4j_ should support any CA that is providing an ACME server.
 
 ## Available Providers
 
-The _acme4j_ package contains these providers:
+!!! note
+    _acme4j_ is not limited to these providers. **You can always connect to any [RFC 8555](https://tools.ietf.org/html/rfc8555) compliant server** by passing the `URL` of its directory endpoint to the `Session`.
+
+The _acme4j_ package contains these providers (in alphabetical order):
 
+* [Buypass](buypass.md)
 * [Google](google.md)
 * [Let's Encrypt](letsencrypt.md)
 * [Pebble](pebble.md)
@@ -16,5 +20,3 @@ More CAs may be supported in future releases of _acme4j_.
 
 Also, CAs can publish provider jar files that plug into _acme4j_ and offer extended support.
 
-!!! note
-    You can always connect to any [RFC 8555](https://tools.ietf.org/html/rfc8555) compliant server, by passing the `URL` of its directory endpoint to the `Session`.

src/doc/mkdocs.yml

@@ -43,6 +43,7 @@ nav:
     - 'challenge/email-reply-00.md'
   - CA:
     - 'ca/index.md'
+    - 'ca/buypass.md'
     - 'ca/google.md'
     - 'ca/letsencrypt.md'
     - 'ca/pebble.md'