fix(deps): update dependency org.shredzone.acme4j:acme4j-client to v3

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.shredzone.acme4j:acme4j-client (source)	2.16 -> 3.1.0

---

Release Notes

shred/acme4j (org.shredzone.acme4j:acme4j-client)

v3.1.0: 3.1.0

• External account binding now permits to set individual MAC algorithms (AccountBuilder.withMacAlgorithm()) and usage of HMAC keys of arbitrary length. Thanks to @​aarcloudera and @​Radranic.
• The draft-ietf-acme-ari-01 implementation was missing a method 'Certificate.markAsReplaced()`. It is added now.
• All classes and methods related to draft-ietf-acme-ari-01 are now marked as @draft. As the draft evolves, they can change without prior notice. SemVer does not apply to parts that are marked as @draft. This is a preparation for draft-ietf-acme-ari-02, which will introduce major and breaking changes.

In the future, I will generally handle all draft implementations like that, as I don't want to do a major version bump of acme4j for every breaking change in a draft.

v3.0.0: 3.0.0

This is a major update!

Still the migration to v3.0.0 should be easy for most of you. See the migration guide for further information.

• acme4j now adheres to Semantic Versioning.
• The acme4j-utils module has been merged into acme4j-client. You can just remove the dependency on acme4j-utils from your project. This also means that BouncyCastle is now a hard requirement for acm4j. The separation of acme4j-client and acme4j-utils has become a blocker for new features though, so this step had to be taken.
• Requires Java 11. (For Java 8, you can still use acme4j v2, however it will only receive security bugfixes.)
• New method Certificate.findCertificate(String issuer) helps to find a certificate from the given issuer.
• Added support for draft-ietf-acme-ari-01 protocol.
• Reduced return of null values where possible. Methods that could have returned null in v2, will now return an Optional (or throw an exception if more appropriate). Collections may be empty, but are never null.
• PebbleAcmeProvider now accepts a port without having to set a host. Thanks to @​mloesch for the contribution!
• A new Order.execute(KeyPair) method takes care for creating a CSR for you. You won't need to do that anymore. See the acme4j-example for how it works.
• New AcmeNotSupportedException is thrown when the ACME server does not support a certain feature.
• HTTP accepts gzip compression. It can be turned off in the NetworkSettings or via org.shredzone.acme4j.gzip_compression system property.
• Uses the java.net.http client now.
• Documentation has been reviewed and extended.
• All deprecated methods have been removed.

The change to v3.0.0 has been blocking acme4j for much too long. I am happy that it is published now, and I can focus on adding new features again.

---

Configuration

📅 Schedule: Branch creation - "after 10pm" in timezone Europe/Prague, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠ Warning: custom changes will be lost.

[timyates]

@wetted So I believe the switch to using the JDK HttpClient means that the timeout exception has changed. It still throws one, but now it's an HttpTimeoutException instead of a SocketException

This should fix it 🤞

diff --git a/acme/src/test/groovy/io/micronaut/acme/AcmeCertRefresherTaskSetsTimeoutSpec.groovy b/acme/src/test/groovy/io/micronaut/acme/AcmeCertRefresherTaskSetsTimeoutSpec.groovy
index fa5ebcf..1a2c64e 100644
--- a/acme/src/test/groovy/io/micronaut/acme/AcmeCertRefresherTaskSetsTimeoutSpec.groovy
+++ b/acme/src/test/groovy/io/micronaut/acme/AcmeCertRefresherTaskSetsTimeoutSpec.groovy
@@ -12,13 +12,11 @@ import org.testcontainers.shaded.org.apache.commons.lang3.exception.ExceptionUti
 import spock.lang.AutoCleanup
 import spock.lang.Shared
 import spock.lang.Specification
-import spock.lang.Stepwise
-import spock.lang.Unroll

+import java.net.http.HttpTimeoutException
 import java.security.KeyPair
 import java.time.Duration

-@Stepwise
 class AcmeCertRefresherTaskSetsTimeoutSpec extends Specification {

     public static final String EXPECTED_DOMAIN = "localhost"
@@ -91,8 +89,7 @@ class AcmeCertRefresherTaskSetsTimeoutSpec extends Specification {
         ] as Map<String, Object>
     }

-    @Unroll
-    def "validate timeout applied if signup is slow"(SlowServerConfig config) {
+    def "validate timeout applied if signup is #config"(SlowServerConfig config) {
         given: "we have all the ports we could ever need"
         expectedHttpPort = SocketUtils.findAvailableTcpPort()
         expectedSecurePort = SocketUtils.findAvailableTcpPort()
@@ -121,8 +118,8 @@ class AcmeCertRefresherTaskSetsTimeoutSpec extends Specification {
         ane?.message == "Network error"

         Throwable rootEx = ExceptionUtils.getRootCause(ex)
-        rootEx instanceof SocketTimeoutException
-        rootEx.message == "Read timed out"
+        rootEx instanceof HttpTimeoutException
+        rootEx.message == "request timed out"

         cleanup:
         appServer?.stop()
@@ -136,9 +133,14 @@ class AcmeCertRefresherTaskSetsTimeoutSpec extends Specification {
     }

     class ActualSlowServerConfig implements SlowServerConfig {
+
         boolean slowSignup
         boolean slowOrdering
         boolean slowAuthorization
         Duration duration = Duration.ofSeconds(networkTimeoutInSecs + 2)
+
+        String toString() {
+            "slowSignup: $slowSignup, slowOrdering: $slowOrdering, slowAuthorization: $slowAuthorization, duration: $duration"
+        }
     }
 }

[timyates]

Pushed that change in f10c6af to validate it on CI

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

[wetted]

@wetted So I believe the switch to using the JDK HttpClient means that the timeout exception has changed. It still throws one, but now it's an HttpTimeoutException instead of a SocketException

This should fix it 🤞

Thanks Tim. I thought that was the case with changing the client. Thanks for confirming, and pushing the fix for the test.