From ae60431a7973f5ead9e31581ea308769217c8359 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Richard=20K=C3=B6rber?= Date: Sun, 30 Jun 2024 10:43:36 +0200 Subject: [PATCH] Disable ssl.com staging unit tests The ssl.com staging server's certificate seems to be unmonitored, causing the acme4j build chain to break from time to time when their certificate has expired. As this is blocking development, I have decided to disable all related unit tests, and add a corresponding note to the documentation. The acme4j ssl.com provider is marked as experimental now, since it is not fully covered by unit tests anymore. --- .../org/shredzone/acme4j/it/ProviderIT.java | 19 +++++++++++++++---- pom.xml | 11 +++++++++-- src/doc/docs/ca/sslcom.md | 3 ++- 3 files changed, 26 insertions(+), 7 deletions(-) diff --git a/acme4j-it/src/test/java/org/shredzone/acme4j/it/ProviderIT.java b/acme4j-it/src/test/java/org/shredzone/acme4j/it/ProviderIT.java index 5fcc024b..0510aeb7 100644 --- a/acme4j-it/src/test/java/org/shredzone/acme4j/it/ProviderIT.java +++ b/acme4j-it/src/test/java/org/shredzone/acme4j/it/ProviderIT.java @@ -19,6 +19,7 @@ import java.net.MalformedURLException; import java.net.URL; +import org.junit.jupiter.api.Disabled; import org.junit.jupiter.api.Test; import org.shredzone.acme4j.Session; import org.shredzone.acme4j.connector.Resource; @@ -67,7 +68,7 @@ public void testPebble() throws AcmeException, MalformedURLException { } /** - * Test ssl.com + * Test ssl.com, production */ @Test public void testSslCom() throws AcmeException, MalformedURLException { @@ -83,6 +84,18 @@ public void testSslCom() throws AcmeException, MalformedURLException { assertThat(sessionRsa.getMetadata().isExternalAccountRequired()).isTrue(); assertThat(sessionRsa.getMetadata().isAutoRenewalEnabled()).isFalse(); + // If this test fails, the metadata has been fixed on server side. Then remove + // the patch at ZeroSSLAcmeProvider, and update the documentation. + var sessionEABCheck = new Session("https://acme.ssl.com/sslcom-dv-ecc"); + assertThat(sessionEABCheck.getMetadata().isExternalAccountRequired()).isFalse(); + } + + /** + * Test ssl.com, staging server + */ + @Test + @Disabled("Instable due to frequent certificate expiration of acme-try.ssl.com") + public void testSslComStaging() throws AcmeException, MalformedURLException { var sessionEccStage = new Session("acme://ssl.com/staging/ecc"); assertThat(sessionEccStage.getMetadata().getWebsite()).hasValue(new URL("https://www.ssl.com")); assertThatNoException().isThrownBy(() -> sessionEccStage.resourceUrl(Resource.NEW_ACCOUNT)); @@ -95,10 +108,8 @@ public void testSslCom() throws AcmeException, MalformedURLException { assertThat(sessionRsaStage.getMetadata().isExternalAccountRequired()).isTrue(); assertThat(sessionRsaStage.getMetadata().isAutoRenewalEnabled()).isFalse(); - // If these tests fail, the metadata have been fixed on server side. Then remove + // If this test fails, the metadata has been fixed on server side. Then remove // the patch at ZeroSSLAcmeProvider, and update the documentation. - var sessionEABCheck = new Session("https://acme.ssl.com/sslcom-dv-ecc"); - assertThat(sessionEABCheck.getMetadata().isExternalAccountRequired()).isFalse(); var sessionEABCheckStage = new Session("https://acme-try.ssl.com/sslcom-dv-ecc"); assertThat(sessionEABCheckStage.getMetadata().isExternalAccountRequired()).isFalse(); } diff --git a/pom.xml b/pom.xml index 38520326..640242b6 100644 --- a/pom.xml +++ b/pom.xml @@ -55,6 +55,7 @@ 4.5.14 2.0.1 0.9.6 + 5.10.2 2.0.13 utf-8 utf-8 @@ -189,13 +190,19 @@ org.junit.jupiter junit-jupiter-api - 5.10.2 + ${junit.version} test org.junit.jupiter junit-jupiter-params - 5.10.2 + ${junit.version} + test + + + org.junit.jupiter + junit-jupiter-engine + ${junit.version} test diff --git a/src/doc/docs/ca/sslcom.md b/src/doc/docs/ca/sslcom.md index 7fcd537d..aec2c2a5 100644 --- a/src/doc/docs/ca/sslcom.md +++ b/src/doc/docs/ca/sslcom.md @@ -2,7 +2,7 @@ Web site: [SSL.com](https://ssl.com) -Available since acme4j 3.2.0 +Available since acme4j 3.2.0. **This provider is experimental!** ## Connection URIs @@ -14,6 +14,7 @@ Available since acme4j 3.2.0 ## Note * This CA requires [External Account Binding (EAB)](../usage/account.md#external-account-binding) for account creation. However, the CA's directory resource returns `externalAccountRequired` as `false`, which is incorrect. If you use one of the `acme:` URIs above, _acme4j_ will patch the metadata transparently. If you directly connect to SSL.com via `https:` URI though, `Metadata.isExternalAccountRequired()` could return a wrong value. (As of February 2024) +* The certificate of the ssl.com staging server seems to be unmonitored. When it expires, an `AcmeNetworkException` is thrown which is caused by a `CertificateExpiredException`. There is nothing you can do to fix this error, except to ask the ssl.com support to renew the expired certificate on their server. **Please do not open an issue at acme4j.** (As of June 2024) ## Disclaimer