From 2502bf0d1402d14940b29a9f4e56ccbfd0a80ea8 Mon Sep 17 00:00:00 2001 From: Nathan Zender Date: Mon, 19 Jul 2021 09:21:52 -0400 Subject: [PATCH] No reason we cant deprecate the old constructor and use the new one --- .../io/micronaut/acme/events/CertificateEvent.java | 13 +++++++++++-- .../io/micronaut/acme/services/AcmeService.java | 4 ++-- .../acme/events/CertificateEventSpec.groovy | 4 +++- 3 files changed, 16 insertions(+), 5 deletions(-) diff --git a/acme/src/main/java/io/micronaut/acme/events/CertificateEvent.java b/acme/src/main/java/io/micronaut/acme/events/CertificateEvent.java index e44e031c..3127cb39 100644 --- a/acme/src/main/java/io/micronaut/acme/events/CertificateEvent.java +++ b/acme/src/main/java/io/micronaut/acme/events/CertificateEvent.java @@ -27,19 +27,28 @@ public class CertificateEvent { private boolean validationCert; /** + * @deprecated See constructor that takes full certificate chain instead. + * * Creates a new CertificateEvent. * @param certificate X509 certificate file * @param domainKeyPair key pair used to encrypt the certificate * @param validationCert if this certificate is to be used for tls-apln-01 account validation */ + @Deprecated public CertificateEvent(X509Certificate certificate, KeyPair domainKeyPair, boolean validationCert) { this.domainKeyPair = domainKeyPair; this.validationCert = validationCert; this.fullCertificateChain = new X509Certificate[]{certificate}; } - public CertificateEvent(KeyPair domainKeyPair, X509Certificate... fullCertificateChain) { - this.validationCert = false; + /** + * Creates a new CertificateEvent containing the full certificate chain + * @param domainKeyPair key pair used to encrypt the certificate + * @param validationCert if this certificate is to be used for tls-apln-01 account validation + * @param fullCertificateChain X509 certificate file + */ + public CertificateEvent(KeyPair domainKeyPair, boolean validationCert, X509Certificate... fullCertificateChain) { + this.validationCert = validationCert; this.domainKeyPair = domainKeyPair; this.fullCertificateChain = fullCertificateChain; } diff --git a/acme/src/main/java/io/micronaut/acme/services/AcmeService.java b/acme/src/main/java/io/micronaut/acme/services/AcmeService.java index c5d3c325..4590e69f 100644 --- a/acme/src/main/java/io/micronaut/acme/services/AcmeService.java +++ b/acme/src/main/java/io/micronaut/acme/services/AcmeService.java @@ -481,7 +481,7 @@ private void doChallengeSpecificSetup(Authorization auth, Challenge challenge) t } KeyPair domainKeyPair = getDomainKeyPair(); X509Certificate tlsAlpn01Certificate = CertificateUtils.createTlsAlpn01Certificate(domainKeyPair, auth.getIdentifier(), ((TlsAlpn01Challenge) challenge).getAcmeValidation()); - eventPublisher.publishEvent(new CertificateEvent(tlsAlpn01Certificate, domainKeyPair, true)); + eventPublisher.publishEvent(new CertificateEvent(domainKeyPair, true, tlsAlpn01Certificate)); } else if (challenge instanceof Http01Challenge) { Http01Challenge http01Challenge = (Http01Challenge) challenge; eventPublisher.publishEvent(new HttpChallengeDetails(http01Challenge.getToken(), http01Challenge.getAuthorization())); @@ -501,7 +501,7 @@ private void doChallengeSpecificSetup(Authorization auth, Challenge challenge) t * Setup the certificate that has been saved to disk and configures it for use. */ public void setupCurrentCertificate() { - eventPublisher.publishEvent(new CertificateEvent(getDomainKeyPair(), getFullCertificateChain())); + eventPublisher.publishEvent(new CertificateEvent(getDomainKeyPair(), false, getFullCertificateChain())); } /** diff --git a/acme/src/test/groovy/io/micronaut/acme/events/CertificateEventSpec.groovy b/acme/src/test/groovy/io/micronaut/acme/events/CertificateEventSpec.groovy index 92c6e604..adca44d8 100644 --- a/acme/src/test/groovy/io/micronaut/acme/events/CertificateEventSpec.groovy +++ b/acme/src/test/groovy/io/micronaut/acme/events/CertificateEventSpec.groovy @@ -108,12 +108,14 @@ ${DOMAIN_CERT} X509Certificate domainCert = cf.generateCertificate(new ByteArrayInputStream(FULL_CHAIN_CERT.bytes)) Collection certs = cf.generateCertificates(new ByteArrayInputStream(FULL_CHAIN_CERT.bytes)) KeyPair keyPair = KeyPairUtils.createKeyPair(2048) + def expectedValidationCert = new Random().nextBoolean() when : - CertificateEvent event = new CertificateEvent(keyPair, certs as X509Certificate[]) + CertificateEvent event = new CertificateEvent(keyPair, expectedValidationCert, certs as X509Certificate[]) then: event.getCert() == domainCert + event.isValidationCert() == expectedValidationCert event.getFullCertificateChain().length == 2 event.getFullCertificateChain() == certs.toArray() }