From 87bbb9efbfb59ff9534dab2316e7fff732327d4b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Richard=20K=C3=B6rber?= Date: Sun, 22 Sep 2024 16:54:17 +0200 Subject: [PATCH] Add Buypass provider --- .../provider/buypass/BuypassAcmeProvider.java | 63 ++++++++++++++++++ .../acme4j/provider/buypass/package-info.java | 29 +++++++++ ...org.shredzone.acme4j.provider.AcmeProvider | 3 + .../buypass/BuypassAcmeProviderTest.java | 65 +++++++++++++++++++ .../org/shredzone/acme4j/it/ProviderIT.java | 20 ++++++ src/doc/docs/ca/buypass.md | 22 +++++++ src/doc/docs/ca/index.md | 8 ++- src/doc/mkdocs.yml | 1 + 8 files changed, 208 insertions(+), 3 deletions(-) create mode 100644 acme4j-client/src/main/java/org/shredzone/acme4j/provider/buypass/BuypassAcmeProvider.java create mode 100644 acme4j-client/src/main/java/org/shredzone/acme4j/provider/buypass/package-info.java create mode 100644 acme4j-client/src/test/java/org/shredzone/acme4j/provider/buypass/BuypassAcmeProviderTest.java create mode 100644 src/doc/docs/ca/buypass.md diff --git a/acme4j-client/src/main/java/org/shredzone/acme4j/provider/buypass/BuypassAcmeProvider.java b/acme4j-client/src/main/java/org/shredzone/acme4j/provider/buypass/BuypassAcmeProvider.java new file mode 100644 index 00000000..0160b2be --- /dev/null +++ b/acme4j-client/src/main/java/org/shredzone/acme4j/provider/buypass/BuypassAcmeProvider.java @@ -0,0 +1,63 @@ +/* + * acme4j - Java ACME client + * + * Copyright (C) 2024 Richard "Shred" Körber + * http://acme4j.shredzone.org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + */ +package org.shredzone.acme4j.provider.buypass; + +import java.net.MalformedURLException; +import java.net.URI; +import java.net.URL; + +import org.shredzone.acme4j.exception.AcmeProtocolException; +import org.shredzone.acme4j.provider.AbstractAcmeProvider; +import org.shredzone.acme4j.provider.AcmeProvider; + +/** + * An {@link AcmeProvider} for the Buypass. + *

+ * The {@code serverUri} is {@code "acme://buypass.com"} for the production server, + * and {@code "acme://buypass.com/staging"} for the staging server. + * + * @see https://www.buypass.com/products/tls-ssl-certificates/go-ssl + * @since 3.5.0 + */ +public class BuypassAcmeProvider extends AbstractAcmeProvider { + + private static final String PRODUCTION_DIRECTORY_URL = "https://api.buypass.com/acme/directory"; + private static final String STAGING_DIRECTORY_URL = "https://api.test4.buypass.no/acme/directory"; + + @Override + public boolean accepts(URI serverUri) { + return "acme".equals(serverUri.getScheme()) + && "buypass.com".equals(serverUri.getHost()); + } + + @Override + public URL resolve(URI serverUri) { + var path = serverUri.getPath(); + String directoryUrl; + if (path == null || path.isEmpty() || "/".equals(path)) { + directoryUrl = PRODUCTION_DIRECTORY_URL; + } else if ("/staging".equals(path)) { + directoryUrl = STAGING_DIRECTORY_URL; + } else { + throw new IllegalArgumentException("Unknown URI " + serverUri); + } + + try { + return new URL(directoryUrl); + } catch (MalformedURLException ex) { + throw new AcmeProtocolException(directoryUrl, ex); + } + } + +} diff --git a/acme4j-client/src/main/java/org/shredzone/acme4j/provider/buypass/package-info.java b/acme4j-client/src/main/java/org/shredzone/acme4j/provider/buypass/package-info.java new file mode 100644 index 00000000..8a92116a --- /dev/null +++ b/acme4j-client/src/main/java/org/shredzone/acme4j/provider/buypass/package-info.java @@ -0,0 +1,29 @@ +/* + * acme4j - Java ACME client + * + * Copyright (C) 2024 Richard "Shred" Körber + * http://acme4j.shredzone.org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + */ + +/** + * This package contains the {@link org.shredzone.acme4j.provider.AcmeProvider} for+ + * Buypass. + * + * @see https://www.buypass.com/products/tls-ssl-certificates/go-ssl + */ +@ReturnValuesAreNonnullByDefault +@DefaultAnnotationForParameters(NonNull.class) +@DefaultAnnotationForFields(NonNull.class) +package org.shredzone.acme4j.provider.buypass; + +import edu.umd.cs.findbugs.annotations.DefaultAnnotationForFields; +import edu.umd.cs.findbugs.annotations.DefaultAnnotationForParameters; +import edu.umd.cs.findbugs.annotations.NonNull; +import edu.umd.cs.findbugs.annotations.ReturnValuesAreNonnullByDefault; diff --git a/acme4j-client/src/main/resources/META-INF/services/org.shredzone.acme4j.provider.AcmeProvider b/acme4j-client/src/main/resources/META-INF/services/org.shredzone.acme4j.provider.AcmeProvider index cfa76ea5..30818632 100644 --- a/acme4j-client/src/main/resources/META-INF/services/org.shredzone.acme4j.provider.AcmeProvider +++ b/acme4j-client/src/main/resources/META-INF/services/org.shredzone.acme4j.provider.AcmeProvider @@ -1,4 +1,7 @@ +# Buypass: https://buypass.com/ +org.shredzone.acme4j.provider.buypass.BuypassAcmeProvider + # Google Trust Services: https://pki.goog/ org.shredzone.acme4j.provider.google.GoogleAcmeProvider diff --git a/acme4j-client/src/test/java/org/shredzone/acme4j/provider/buypass/BuypassAcmeProviderTest.java b/acme4j-client/src/test/java/org/shredzone/acme4j/provider/buypass/BuypassAcmeProviderTest.java new file mode 100644 index 00000000..154a2f85 --- /dev/null +++ b/acme4j-client/src/test/java/org/shredzone/acme4j/provider/buypass/BuypassAcmeProviderTest.java @@ -0,0 +1,65 @@ +/* + * acme4j - Java ACME client + * + * Copyright (C) 2024 Richard "Shred" Körber + * http://acme4j.shredzone.org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + */ +package org.shredzone.acme4j.provider.buypass; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.shredzone.acme4j.toolbox.TestUtils.url; + +import java.net.URI; +import java.net.URISyntaxException; + +import org.assertj.core.api.AutoCloseableSoftAssertions; +import org.junit.jupiter.api.Test; + +/** + * Unit tests for {@link BuypassAcmeProvider}. + */ +public class BuypassAcmeProviderTest { + + private static final String PRODUCTION_DIRECTORY_URL = "https://api.buypass.com/acme/directory"; + private static final String STAGING_DIRECTORY_URL = "https://api.test4.buypass.no/acme/directory"; + + /** + * Tests if the provider accepts the correct URIs. + */ + @Test + public void testAccepts() throws URISyntaxException { + var provider = new BuypassAcmeProvider(); + + try (var softly = new AutoCloseableSoftAssertions()) { + softly.assertThat(provider.accepts(new URI("acme://buypass.com"))).isTrue(); + softly.assertThat(provider.accepts(new URI("acme://buypass.com/"))).isTrue(); + softly.assertThat(provider.accepts(new URI("acme://buypass.com/staging"))).isTrue(); + softly.assertThat(provider.accepts(new URI("acme://example.com"))).isFalse(); + softly.assertThat(provider.accepts(new URI("http://example.com/acme"))).isFalse(); + softly.assertThat(provider.accepts(new URI("https://example.com/acme"))).isFalse(); + } + } + + /** + * Test if acme URIs are properly resolved. + */ + @Test + public void testResolve() throws URISyntaxException { + var provider = new BuypassAcmeProvider(); + + assertThat(provider.resolve(new URI("acme://buypass.com"))).isEqualTo(url(PRODUCTION_DIRECTORY_URL)); + assertThat(provider.resolve(new URI("acme://buypass.com/"))).isEqualTo(url(PRODUCTION_DIRECTORY_URL)); + assertThat(provider.resolve(new URI("acme://buypass.com/staging"))).isEqualTo(url(STAGING_DIRECTORY_URL)); + + assertThrows(IllegalArgumentException.class, () -> provider.resolve(new URI("acme://buypass.com/v99"))); + } + +} diff --git a/acme4j-it/src/test/java/org/shredzone/acme4j/it/ProviderIT.java b/acme4j-it/src/test/java/org/shredzone/acme4j/it/ProviderIT.java index 5d7f5c99..031cda03 100644 --- a/acme4j-it/src/test/java/org/shredzone/acme4j/it/ProviderIT.java +++ b/acme4j-it/src/test/java/org/shredzone/acme4j/it/ProviderIT.java @@ -37,6 +37,26 @@ */ public class ProviderIT { + /** + * Test Buypass + */ + @Test + public void testBuypass() throws AcmeException, MalformedURLException { + var session = new Session("acme://buypass.com"); + assertThat(session.getMetadata().getWebsite()).hasValue(new URL("https://buypass.com/")); + assertThatNoException().isThrownBy(() -> session.resourceUrl(Resource.NEW_ACCOUNT)); + assertThat(session.getMetadata().isExternalAccountRequired()).isFalse(); + assertThat(session.getMetadata().isAutoRenewalEnabled()).isFalse(); + assertThat(session.resourceUrlOptional(Resource.RENEWAL_INFO)).isNotEmpty(); + + var sessionStage = new Session("acme://buypass.com/staging"); + assertThat(sessionStage.getMetadata().getWebsite()).hasValue(new URL("https://buypass.com/")); + assertThatNoException().isThrownBy(() -> sessionStage.resourceUrl(Resource.NEW_ACCOUNT)); + assertThat(sessionStage.getMetadata().isExternalAccountRequired()).isFalse(); + assertThat(sessionStage.getMetadata().isAutoRenewalEnabled()).isFalse(); + assertThat(sessionStage.resourceUrlOptional(Resource.RENEWAL_INFO)).isNotEmpty(); + } + /** * Test Google CA */ diff --git a/src/doc/docs/ca/buypass.md b/src/doc/docs/ca/buypass.md new file mode 100644 index 00000000..080729f5 --- /dev/null +++ b/src/doc/docs/ca/buypass.md @@ -0,0 +1,22 @@ +# Buypass + +Web site: [Buypass](https://buypass.com/) + +Available since acme4j 3.5.0 + +## Connection URIs + +* `acme://buypass.com` - Production server +* `acme://buypass.com/staging` - Staging server + +## Note + +At the time of writing (September 2024), Buypass does not support the `secp384r1` ECDSA key that is generated in the [acme4j example](../example.md). You can fix this by using an RSA key, e.g.: + +```java +private static Supplier ACCOUNT_KEY_SUPPLIER = () -> KeyPairUtils.createKeyPair(4096); +``` + +## Disclaimer + +_acme4j_ is not officially supported or endorsed by Buypass. If you have _acme4j_ related issues, please do not ask them for support, but [open an issue here](https://github.com/shred/acme4j/issues). diff --git a/src/doc/docs/ca/index.md b/src/doc/docs/ca/index.md index 1b6b00d9..2c949f00 100644 --- a/src/doc/docs/ca/index.md +++ b/src/doc/docs/ca/index.md @@ -4,8 +4,12 @@ _acme4j_ should support any CA that is providing an ACME server. ## Available Providers -The _acme4j_ package contains these providers: +!!! note + _acme4j_ is not limited to these providers. **You can always connect to any [RFC 8555](https://tools.ietf.org/html/rfc8555) compliant server** by passing the `URL` of its directory endpoint to the `Session`. + +The _acme4j_ package contains these providers (in alphabetical order): +* [Buypass](buypass.md) * [Google](google.md) * [Let's Encrypt](letsencrypt.md) * [Pebble](pebble.md) @@ -16,5 +20,3 @@ More CAs may be supported in future releases of _acme4j_. Also, CAs can publish provider jar files that plug into _acme4j_ and offer extended support. -!!! note - You can always connect to any [RFC 8555](https://tools.ietf.org/html/rfc8555) compliant server, by passing the `URL` of its directory endpoint to the `Session`. diff --git a/src/doc/mkdocs.yml b/src/doc/mkdocs.yml index 6403b071..517ed7f6 100644 --- a/src/doc/mkdocs.yml +++ b/src/doc/mkdocs.yml @@ -43,6 +43,7 @@ nav: - 'challenge/email-reply-00.md' - CA: - 'ca/index.md' + - 'ca/buypass.md' - 'ca/google.md' - 'ca/letsencrypt.md' - 'ca/pebble.md'