From c43a41635e7e11b4a9fdfb9cb36391eed96afba4 Mon Sep 17 00:00:00 2001 From: Oleksandr Porunov Date: Fri, 2 Aug 2019 03:30:40 +0300 Subject: [PATCH] Fix chain and fullchain certificates; Update acme to 2.7; Gradle to 5.5.1; bouncycastle to 1.62 --- build.gradle | 6 ++-- gradle/wrapper/gradle-wrapper.properties | 5 ++-- .../certificate/CertificateCommand.java | 6 ++-- .../manager/CertificateManager.java | 30 ++++++++++++------- src/main/resources/application.properties | 2 +- 5 files changed, 29 insertions(+), 20 deletions(-) diff --git a/build.gradle b/build.gradle index fcba9d1..37de9b9 100644 --- a/build.gradle +++ b/build.gradle @@ -32,9 +32,9 @@ targetCompatibility = 1.8 dependencies { compile group: 'ch.qos.logback', name: 'logback-classic', version: '1.2.3' - compile group: 'org.shredzone.acme4j', name: 'acme4j-client', version: '2.2' - compile group: 'org.shredzone.acme4j', name: 'acme4j-utils', version: '2.2' - compile group: 'org.bouncycastle', name: 'bcprov-jdk15on', version: '1.60' + compile group: 'org.shredzone.acme4j', name: 'acme4j-client', version: '2.7' + compile group: 'org.shredzone.acme4j', name: 'acme4j-utils', version: '2.7' + compile group: 'org.bouncycastle', name: 'bcprov-jdk15on', version: '1.62' compile group: 'com.google.code.gson', name: 'gson', version: '2.8.5' compile group: 'com.beust', name: 'jcommander', version: '1.72' } \ No newline at end of file diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index a95009c..491eab5 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,5 +1,6 @@ +#Fri Aug 02 02:54:54 EEST 2019 +distributionUrl=https\://services.gradle.org/distributions/gradle-5.5.1-all.zip distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-4.9-bin.zip -zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists +zipStoreBase=GRADLE_USER_HOME diff --git a/src/main/java/com/jblur/acme_client/command/certificate/CertificateCommand.java b/src/main/java/com/jblur/acme_client/command/certificate/CertificateCommand.java index ddd6b74..a2959da 100644 --- a/src/main/java/com/jblur/acme_client/command/certificate/CertificateCommand.java +++ b/src/main/java/com/jblur/acme_client/command/certificate/CertificateCommand.java @@ -123,7 +123,7 @@ void writeChallengeByAuthorization(AuthorizationManager authorizationManagement) if (getParameters().isOneDirForWellKnown()) { path = Paths.get(getParameters().getWellKnownDir(), http01Challenge.getToken()).toString(); } else { - String subdir = authorizationManagement.getAuthorization().getDomain()+ + String subdir = authorizationManagement.getAuthorization().getIdentifier().getDomain()+ returnIfWildcard(authorizationManagement.getAuthorization()); path = Paths.get(getParameters().getWellKnownDir(), subdir).toString(); IOManager.createDirectories(path); @@ -140,7 +140,7 @@ void writeChallengeByAuthorization(AuthorizationManager authorizationManagement) String fileSuffix = "_dns_digest"+returnIfWildcard(authorization); IOManager.writeString( Paths.get(getParameters().getDnsDigestDir(), - authorizationManagement.getAuthorization().getDomain() + fileSuffix).toString(), + authorizationManagement.getAuthorization().getIdentifier().getDomain() + fileSuffix).toString(), dns01Challenge.getDigest() ); break; @@ -256,7 +256,7 @@ List getNotExpiredCertificates() { } String getDomain(Authorization authorization){ - String domain = authorization.getDomain(); + String domain = authorization.getIdentifier().getDomain(); if(authorization.isWildcard() && !domain.startsWith("*.")){ domain = "*."+domain; } diff --git a/src/main/java/com/jblur/acme_client/manager/CertificateManager.java b/src/main/java/com/jblur/acme_client/manager/CertificateManager.java index 10352f8..88398b0 100644 --- a/src/main/java/com/jblur/acme_client/manager/CertificateManager.java +++ b/src/main/java/com/jblur/acme_client/manager/CertificateManager.java @@ -10,6 +10,8 @@ import java.net.URL; import java.security.KeyPair; import java.security.cert.X509Certificate; +import java.util.Arrays; +import java.util.List; public class CertificateManager { @@ -34,20 +36,26 @@ public X509Certificate downloadCertificate() { } public X509Certificate[] downloadCertificateChain() { - return this.certificate.getCertificateChain().toArray(new X509Certificate[]{}); + + X509Certificate[] fullChain = downloadFullChainCertificate(); + + if(fullChain.length==0){ + return fullChain; + } + + if (fullChain.length==1){ + return new X509Certificate[0]; + } + + X509Certificate[] chain = new X509Certificate[fullChain.length-1]; + + System.arraycopy(fullChain, 1, chain, 0, fullChain.length-1); + + return chain; } public X509Certificate[] downloadFullChainCertificate() { - X509Certificate cert = downloadCertificate(); - X509Certificate[] chain = downloadCertificateChain(); - X509Certificate[] fullChain = new X509Certificate[chain.length + 1]; - fullChain[0] = cert; - int i = 1; - for (X509Certificate x509Certificate : chain) { - fullChain[i] = x509Certificate; - i++; - } - return fullChain; + return this.certificate.getCertificateChain().toArray(new X509Certificate[]{}); } public void revokeCertificate() throws AcmeException { diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 6f2e955..bf74b8f 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -1 +1 @@ -version=Porunov Java ACME Client (PJAC) v3.0.0 +version=Porunov Java ACME Client (PJAC) v3.0.1