All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.shredzone.acme4j.provider.sslcom.SslComAcmeProvider Maven / Gradle / Ivy

/*
 * acme4j - Java ACME client
 *
 * Copyright (C) 2024 Richard "Shred" Körber
 *   http://acme4j.shredzone.org
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 */
package org.shredzone.acme4j.provider.sslcom;

import java.net.MalformedURLException;
import java.net.URI;
import java.net.URL;
import java.util.Map;

import org.shredzone.acme4j.Session;
import org.shredzone.acme4j.exception.AcmeException;
import org.shredzone.acme4j.exception.AcmeProtocolException;
import org.shredzone.acme4j.provider.AbstractAcmeProvider;
import org.shredzone.acme4j.provider.AcmeProvider;
import org.shredzone.acme4j.toolbox.JSON;

/**
 * An {@link AcmeProvider} for SSL.com.
 * 

* The {@code serverUri} is {@code "acme://ssl.com"} for the production server, * and {@code "acme://acme-try.ssl.com"} for a testing server. *

* If you want to use SSL.com, always prefer to use this provider. * * @see SSL.com * @since 3.2.0 */ public class SslComAcmeProvider extends AbstractAcmeProvider { private static final String PRODUCTION_ECC_DIRECTORY_URL = "https://acme.ssl.com/sslcom-dv-ecc"; private static final String PRODUCTION_RSA_DIRECTORY_URL = "https://acme.ssl.com/sslcom-dv-rsa"; private static final String STAGING_ECC_DIRECTORY_URL = "https://acme-try.ssl.com/sslcom-dv-ecc"; private static final String STAGING_RSA_DIRECTORY_URL = "https://acme-try.ssl.com/sslcom-dv-rsa"; @Override public boolean accepts(URI serverUri) { return "acme".equals(serverUri.getScheme()) && "ssl.com".equals(serverUri.getHost()); } @Override public URL resolve(URI serverUri) { var path = serverUri.getPath(); String directoryUrl; if (path == null || path.isEmpty() || "/".equals(path) || "/ecc".equals(path)) { directoryUrl = PRODUCTION_ECC_DIRECTORY_URL; } else if ("/rsa".equals(path)) { directoryUrl = PRODUCTION_RSA_DIRECTORY_URL; } else if ("/staging".equals(path) || "/staging/ecc".equals(path)) { directoryUrl = STAGING_ECC_DIRECTORY_URL; } else if ("/staging/rsa".equals(path)) { directoryUrl = STAGING_RSA_DIRECTORY_URL; } else { throw new IllegalArgumentException("Unknown URI " + serverUri); } try { return new URL(directoryUrl); } catch (MalformedURLException ex) { throw new AcmeProtocolException(directoryUrl, ex); } } @Override @SuppressWarnings("unchecked") public JSON directory(Session session, URI serverUri) throws AcmeException { // This is a workaround for a bug at SSL.com. It requires account registration // by EAB, but the "externalAccountRequired" flag in the directory is set to // false. This patch reads the directory and forcefully sets the flag to true. // The entire method can be removed once it is fixed on SSL.com side. var superdirectory = super.directory(session, serverUri); if (superdirectory == null) { return null; } var directory = superdirectory.toMap(); var meta = directory.get("meta"); if (meta instanceof Map) { var metaMap = ((Map) meta); metaMap.remove("externalAccountRequired"); metaMap.put("externalAccountRequired", true); } return JSON.fromMap(directory); } }





© 2015 - 2025 Weber Informatics LLC | Privacy Policy