From dc952a7a7a7aa2fe84d5c624e5057979eb882e3c Mon Sep 17 00:00:00 2001
From: Nathan Zender <github@nathanzender.com>
Date: Mon, 19 Jul 2021 09:21:52 -0400
Subject: [PATCH] No reason we cant deprecate the old constructor and use the
 new one

---
 .../io/micronaut/acme/events/CertificateEvent.java  | 13 +++++++++++--
 .../io/micronaut/acme/services/AcmeService.java     |  6 +++---
 .../acme/events/CertificateEventSpec.groovy         |  4 +++-
 3 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/acme/src/main/java/io/micronaut/acme/events/CertificateEvent.java b/acme/src/main/java/io/micronaut/acme/events/CertificateEvent.java
index e44e031c..3127cb39 100644
--- a/acme/src/main/java/io/micronaut/acme/events/CertificateEvent.java
+++ b/acme/src/main/java/io/micronaut/acme/events/CertificateEvent.java
@@ -27,19 +27,28 @@ public class CertificateEvent {
     private boolean validationCert;
 
     /**
+     * @deprecated See constructor that takes full certificate chain instead.
+     *
      * Creates a new CertificateEvent.
      * @param certificate X509 certificate file
      * @param domainKeyPair key pair used to encrypt the certificate
      * @param validationCert if this certificate is to be used for tls-apln-01 account validation
      */
+    @Deprecated
     public CertificateEvent(X509Certificate certificate, KeyPair domainKeyPair, boolean validationCert) {
         this.domainKeyPair = domainKeyPair;
         this.validationCert = validationCert;
         this.fullCertificateChain = new X509Certificate[]{certificate};
     }
 
-    public CertificateEvent(KeyPair domainKeyPair, X509Certificate... fullCertificateChain) {
-        this.validationCert = false;
+    /**
+     * Creates a new CertificateEvent containing the full certificate chain
+     * @param domainKeyPair key pair used to encrypt the certificate
+     * @param validationCert if this certificate is to be used for tls-apln-01 account validation
+     * @param fullCertificateChain X509 certificate file
+     */
+    public CertificateEvent(KeyPair domainKeyPair, boolean validationCert, X509Certificate... fullCertificateChain) {
+        this.validationCert = validationCert;
         this.domainKeyPair = domainKeyPair;
         this.fullCertificateChain = fullCertificateChain;
     }
diff --git a/acme/src/main/java/io/micronaut/acme/services/AcmeService.java b/acme/src/main/java/io/micronaut/acme/services/AcmeService.java
index 116542c5..9f4dce6f 100644
--- a/acme/src/main/java/io/micronaut/acme/services/AcmeService.java
+++ b/acme/src/main/java/io/micronaut/acme/services/AcmeService.java
@@ -285,7 +285,7 @@ public void run() {
                                         try (BufferedWriter writer = Files.newBufferedWriter(domainCsr.toPath(), WRITE, CREATE, TRUNCATE_EXISTING)) {
                                             certificate.writeCertificate(writer);
                                         }
-                                        eventPublisher.publishEvent(new CertificateEvent(domainKeyPair, getFullCertificateChain()));
+                                        eventPublisher.publishEvent(new CertificateEvent(domainKeyPair, false, getFullCertificateChain()));
                                         if (LOG.isInfoEnabled()) {
                                             LOG.info("ACME certificate order success! Certificate URL: {}", certificate.getLocation());
                                         }
@@ -448,7 +448,7 @@ private void doChallengeSpecificSetup(Authorization auth, Challenge challenge) t
             }
             KeyPair domainKeyPair = getDomainKeyPair();
             X509Certificate tlsAlpn01Certificate = CertificateUtils.createTlsAlpn01Certificate(domainKeyPair, auth.getIdentifier(), ((TlsAlpn01Challenge) challenge).getAcmeValidation());
-            eventPublisher.publishEvent(new CertificateEvent(tlsAlpn01Certificate, domainKeyPair, true));
+            eventPublisher.publishEvent(new CertificateEvent(domainKeyPair, true, tlsAlpn01Certificate));
         } else if (challenge instanceof Http01Challenge) {
             Http01Challenge http01Challenge = (Http01Challenge) challenge;
             eventPublisher.publishEvent(new HttpChallengeDetails(http01Challenge.getToken(), http01Challenge.getAuthorization()));
@@ -468,7 +468,7 @@ private void doChallengeSpecificSetup(Authorization auth, Challenge challenge) t
      * Setup the certificate that has been saved to disk and configures it for use.
      */
     public void setupCurrentCertificate() {
-        eventPublisher.publishEvent(new CertificateEvent(getDomainKeyPair(), getFullCertificateChain()));
+        eventPublisher.publishEvent(new CertificateEvent(getDomainKeyPair(), false, getFullCertificateChain()));
     }
 
     /**
diff --git a/acme/src/test/groovy/io/micronaut/acme/events/CertificateEventSpec.groovy b/acme/src/test/groovy/io/micronaut/acme/events/CertificateEventSpec.groovy
index 92c6e604..adca44d8 100644
--- a/acme/src/test/groovy/io/micronaut/acme/events/CertificateEventSpec.groovy
+++ b/acme/src/test/groovy/io/micronaut/acme/events/CertificateEventSpec.groovy
@@ -108,12 +108,14 @@ ${DOMAIN_CERT}
         X509Certificate domainCert = cf.generateCertificate(new ByteArrayInputStream(FULL_CHAIN_CERT.bytes))
         Collection<X509Certificate> certs = cf.generateCertificates(new ByteArrayInputStream(FULL_CHAIN_CERT.bytes))
         KeyPair keyPair = KeyPairUtils.createKeyPair(2048)
+        def expectedValidationCert = new Random().nextBoolean()
 
         when :
-        CertificateEvent event = new CertificateEvent(keyPair, certs as X509Certificate[])
+        CertificateEvent event = new CertificateEvent(keyPair, expectedValidationCert, certs as X509Certificate[])
 
         then:
         event.getCert() == domainCert
+        event.isValidationCert() == expectedValidationCert
         event.getFullCertificateChain().length == 2
         event.getFullCertificateChain() == certs.toArray()
     }