Third party library - Java Client

DavideF1986 · September 1, 2015, 5:28pm

Hi all,
during the last few days I manage to develop a simple Java ACME client but before publishing the code I have a issue to solve.
How should we (developing a client library) handle agreement between the customer and the CA ?
At the moment we ask the application using the library to provide the agreement URI to the library; is this enough ?
Where will developers found the links to the latest policy they need to agree in order to get certificates ?

tlussnig · September 3, 2015, 8:17am

Hi,

this is an good question. Even more if there is an automated part for issuing certs for new domains.
How should it be handled if there is an agreement change.

DavideF1986 · September 15, 2015, 7:25pm

@jsha @schoen @roland Any chance to get an official statement about how third party API (ACME) client should handle the legal agreement between the CA and the end user ?

josh · September 15, 2015, 9:15pm

I will have a response for you shortly.

josh · September 18, 2015, 8:37pm

When an ACME interaction occurs and a client signals that the potential new subscriber has agreed to the current Let’s Encrypt subscriber agreement, it must be true that the potential new subscriber has been given a chance to review the subscriber agreement and has explicitly agreed to be bound by its terms. The potential new subscriber’s review of the subscriber agreement can be done inside or outside or the client software, but the client must obtain confirmation from the potential new subscriber that he/she has reviewed and explicitly agrees to the subscriber agreement before the client software signals agreement. If the client signals agreement without receiving this confirmation, then the client is behaving improperly and the resulting certificate may be revoked.

If you are only providing a library then you’re probably not directly responsible for making sure this happens, it’s up to the client software using your library.

DavideF1986 · September 18, 2015, 10:01pm

Thanks a lot for your reply.

I’ve updated the example client (using the current staging server) to make sure that the user using it have reviewed the agreement by asking the user to write the agreement url as a command line argument.
I’ve uploaded the code of the library on github here: https://github.com/zero11it/acme-client

Looking forward to tryout the beta.

tlussnig · November 5, 2015, 8:29pm

Hi,

based on your work i created an java client that can be used without any other jar.
https://suche.org/letsencrypt/Acme.java
Only negative point is that the client use sun internal stuff.