From 33eb041d9ad2dc6090c4ae4dd5f6a2ceb42d8a88 Mon Sep 17 00:00:00 2001
From: William Enright <william.enright@savoirfairelinux.com>
Date: Mon, 8 Feb 2021 15:52:32 -0500
Subject: [PATCH] Fixed certificate of update server not being added to java
 trust store

Change-Id: I68374f01adca84e0416725c86c6a0706d364b250
---
 .../jams/server/update/UpdateCheckTask.java   |  5 +++
 .../jams/server/update/UpdateDownloader.java  |  4 +++
 jams-server/src/main/resources/oem/update.crt | 35 +++++++++++++++++++
 3 files changed, 44 insertions(+)
 create mode 100644 jams-server/src/main/resources/oem/update.crt

diff --git a/jams-server/src/main/java/net/jami/jams/server/update/UpdateCheckTask.java b/jams-server/src/main/java/net/jami/jams/server/update/UpdateCheckTask.java
index 6fc231eb..89ac515b 100644
--- a/jams-server/src/main/java/net/jami/jams/server/update/UpdateCheckTask.java
+++ b/jams-server/src/main/java/net/jami/jams/server/update/UpdateCheckTask.java
@@ -63,6 +63,11 @@ public class UpdateCheckTask extends TimerTask {
             trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
             trustStore.load(null, null);
             trustStore.setCertificateEntry("ca",certificate);
+
+            is = UpdateCheckTask.class.getClassLoader().getResourceAsStream("oem/update.crt");
+            certificate = X509Utils.getCertificateFromPEMString(new String(is.readAllBytes()));
+            trustStore.setCertificateEntry("update",certificate);
+
             //Inject the SSL Connection here for a first time.
             sslContext = SSLContexts.custom().loadTrustMaterial(trustStore, null).build();
 
diff --git a/jams-server/src/main/java/net/jami/jams/server/update/UpdateDownloader.java b/jams-server/src/main/java/net/jami/jams/server/update/UpdateDownloader.java
index ff39a2ce..c4ae6ce6 100644
--- a/jams-server/src/main/java/net/jami/jams/server/update/UpdateDownloader.java
+++ b/jams-server/src/main/java/net/jami/jams/server/update/UpdateDownloader.java
@@ -63,6 +63,10 @@ public class UpdateDownloader {
             trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
             trustStore.load(null, null);
             trustStore.setCertificateEntry("ca", certificate);
+
+            is = UpdateDownloader.class.getClassLoader().getResourceAsStream("oem/update.crt");
+            certificate = X509Utils.getCertificateFromPEMString(new String(is.readAllBytes()));
+            trustStore.setCertificateEntry("update",certificate);
         }
         catch (Exception e){
             log.info("Could not load SFL's CA - this should not happen! detailed error: {}",e.getMessage());
diff --git a/jams-server/src/main/resources/oem/update.crt b/jams-server/src/main/resources/oem/update.crt
new file mode 100644
index 00000000..88ff041e
--- /dev/null
+++ b/jams-server/src/main/resources/oem/update.crt
@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGITCCBAmgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBmzELMAkGA1UEBhMCQ0Ex
+CzAJBgNVBAgTAlFDMREwDwYDVQQHEwhNb250cmVhbDEgMB4GA1UEChMXU2F2b2ly
+LWZhaXJlIExpbnV4IEluYy4xDTALBgNVBAsTBEpBTVMxGjAYBgNVBAMTEUpBTVMg
+TGljZW5zaW5nIENBMR8wHQYJKoZIhvcNAQkBFhBzdXBwb3J0QGphbWkubmV0MB4X
+DTIwMDIxNzIzNTAwMFoXDTIyMDIxNzIzNTAwMFowgZoxCzAJBgNVBAYTAkNBMQsw
+CQYDVQQIEwJRQzERMA8GA1UEBxMITW9udHJlYWwxIDAeBgNVBAoTF1Nhdm9pci1m
+YWlyZSBMaW51eCBJbmMuMQ0wCwYDVQQLEwRKQU1TMRkwFwYDVQQDExB1cGRhdGVz
+LmphbWkubmV0MR8wHQYJKoZIhvcNAQkBFhBzdXBwb3J0QGphbWkubmV0MIICIjAN
+BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1rnJy3+/uFJpUUY65hNNpH0dxvxn
+vvMNjgxPQKdTPgN636OrX7KsDWNETM8K5h+70FmvekVyoolUuSa5meiOIGdTiMp6
+MqdbjqFNGfnCbvAESn5w3XXqUxKSwsATQXcOMTqNpLD4ZQGop5FXTB8t0dLbXaXA
+k3Pf25ABxpi1bnQSuaSj5dznC3b1IX2aztyyTR2GL1P7KUWWXGuMRjuwpwzIg3k+
+DqhLWBj3U5qiuIbBX5E6SwOffGb/5mVA9R3DdbaRDDF50tAXoKDeYDY5Wy0KlMPl
+pv+4Oe2pNRdBCbww+6LzQ+XT6Pj8CrAXXXDqq2qc+2igN5n16rytBhVF4gpFBY9l
+bGxe62BHUmMLL31yaTKE0PodG7EpoReqQFk+sCrSHAfccFCqtspgrN2hOHCNZ6S5
+DBFv3rlWlTGglxggGAXT6ydCGs+W81wkDRwMQo08OQUvyoXjhLiW5/ySvLnWN1Ga
++MDkaJ+fMF0YFpzYhs53xKdkh2u0ZRs/nTswZjKgZLJqHLf0tRVvN0MjsmBCsViQ
+GOl+pQGpN8gH2oEr9OWB8iM0zPXlX1jRm3Nhf+111sfLJaiwnZiH4vJNNvKcpRge
+LMrOw3HRQgf2CH+v+V0VglydWzqbzMU6LcQAvTAkXvWe/m6LiTEPH2MPjrySBnrn
+erVuBCzb01NJzWECAwEAAaNvMG0wDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUZyQ8
+DNUY2kujMG68IEnw2fpQqZswCwYDVR0PBAQDAgXgMBEGCWCGSAGG+EIBAQQEAwIG
+QDAeBglghkgBhvhCAQ0EERYPeGNhIGNlcnRpZmljYXRlMA0GCSqGSIb3DQEBCwUA
+A4ICAQAG5hec75JxdN+gbadbRVl3Viki6Wfow/1+0SuFr44oz80fYKszBxhWAnFm
+6Q9L4GHLFaGMtDuSQ3fLHFPe+h2DZbPCife72KmKfC2E/A5FWj3DGGJKYZYVAd/l
++X48SNwklA4xpo9KFidWTSaIMVxQPdS6Pz5zRZnM71FIqUwU5urbAuQLBDZHDB88
+tqnA/uvlJ8qdv8xI0IHd8lS8KpGrBA6/tIfLOiS/vlODqxkCibhAqrv9+T2hSzQN
+mWy+FO8QEY7mIJGqEV8MZxuWtbFo6Xqkb/W4cK7U/Ygfr9S48wgmZsMejXo3El3l
+qJwvra3a+kN17o+0czZ4QarNYzGoTz44/Ws28tRKfzkd5F9CCT0dLWTSF/TcitK4
+axBNXmO24XT5iFiVuaR6YUgMaEPNXj7AcM5Ylyy4jYCpSl5CWbDc0AfkEwWy5o/5
+FPlPzE9JGPDoh7z93nzg7HpDl9BUUd0zed7TOye+cDgPwDYDcHgfr/zXIp3FdcVV
+5OSg7b0YulwsHXnhEG0doOuOoNWvk2OUq3DCTsX83iA8CV/W2XnJjhY6Q2AvT+JH
+CYO9HaAO9CTvBN+K1HlTBWfKOOXGP3+3D6eSSu50HqDoX8ojjKcdorYRkOwbRPH+
+RZ9f6/5QPW/Un1zGxGO8sdWgoto6kpfevFHJfhWFyuUtm1bZjQ==
+-----END CERTIFICATE-----
\ No newline at end of file
-- 
GitLab