Affects Version/s: None
Fix Version/s: EJBCA 6.14.0
Sprint:EJBCA Sprint 14, EJBCA Sprint 15, EJBCA Sprint 16
This should be completed before GUI or persistence is implemented
This is an implementation mismatch from the previous version and not related to the RFC update.
AcmeConfiguration (which can be part of the URL corresponding to "aliases" in CMP/SCEP/EST to serve different types of ACME clients) maps to EEP, link to ToS and is where external account requirement is configured.
AcmeAccount represents the ACME client (key pair).
AcmeAccounts are global for all aliases, but needs to agree to the ToS for each AcmeConfiguration ("alias").
External account requirement is however only checked for the AcmeConfiguration the account is created under. → Makes it optional.
We could have the option make the external account binding configuration global (e.g. shared for all "aliases"), but this would prevent ACME on the same installation to be used for both "public" and "external" accounts.
Since different AcmeConfigurations ("aliases") can have different requirements on the AcmeAccount we should add a AcmeAccount.configurationId field.
An ACME client will still be able to register separate AcmeAccounts for different AcmeConfigurations.