Skip to content
Snippets Groups Projects
Commit 5c77dd3a authored by Felix Sidokhine's avatar Felix Sidokhine
Browse files

upgrade back to tomcat 10M5 - fixed issue with SSL

parent c78b32e3
Branches
Tags
No related merge requests found
...@@ -140,7 +140,13 @@ public class JamsCA implements CertificateAuthority { ...@@ -140,7 +140,13 @@ public class JamsCA implements CertificateAuthority {
@Override @Override
public boolean shutdownThreads() { public boolean shutdownThreads() {
//Unsafe but acceptable. //Unsafe but acceptable.
crlWorker.stop(); crlWorker.getStop().set(true);
crlWorker.interrupt();
Thread.State state = crlWorker.getState();
while(!state.equals(Thread.State.TERMINATED)){
state = crlWorker.getState();
}
crlWorker = null;
ocspWorker.stop(); ocspWorker.stop();
return true; return true;
} }
......
...@@ -23,6 +23,7 @@ ...@@ -23,6 +23,7 @@
package net.jami.jams.ca.workers.crl; package net.jami.jams.ca.workers.crl;
import lombok.Getter; import lombok.Getter;
import lombok.Setter;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import net.jami.jams.ca.JamsCA; import net.jami.jams.ca.JamsCA;
import net.jami.jams.ca.workers.X509Worker; import net.jami.jams.ca.workers.X509Worker;
...@@ -36,6 +37,7 @@ import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; ...@@ -36,6 +37,7 @@ import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import java.security.PrivateKey; import java.security.PrivateKey;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.util.Date; import java.util.Date;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicReference; import java.util.concurrent.atomic.AtomicReference;
@Slf4j @Slf4j
...@@ -44,6 +46,9 @@ public class CRLWorker extends X509Worker<RevocationRequest> { ...@@ -44,6 +46,9 @@ public class CRLWorker extends X509Worker<RevocationRequest> {
@Getter @Getter
private AtomicReference<X509CRLHolder> existingCRL = null; private AtomicReference<X509CRLHolder> existingCRL = null;
@Getter @Setter
private AtomicBoolean stop = new AtomicBoolean(false);
public CRLWorker(PrivateKey privateKey, X509Certificate certificate) { public CRLWorker(PrivateKey privateKey, X509Certificate certificate) {
super(privateKey, certificate); super(privateKey, certificate);
this.setDaemon(true); this.setDaemon(true);
...@@ -74,7 +79,7 @@ public class CRLWorker extends X509Worker<RevocationRequest> { ...@@ -74,7 +79,7 @@ public class CRLWorker extends X509Worker<RevocationRequest> {
@Override @Override
public void run() { public void run() {
boolean needsRefresh = false; boolean needsRefresh = false;
while(true){ while(!stop.get()){
try{ try{
while(getInput().isEmpty()){ while(getInput().isEmpty()){
if(needsRefresh){ if(needsRefresh){
...@@ -97,5 +102,6 @@ public class CRLWorker extends X509Worker<RevocationRequest> { ...@@ -97,5 +102,6 @@ public class CRLWorker extends X509Worker<RevocationRequest> {
log.error("An error has occured in the CRL signing thread: " + e.toString()); log.error("An error has occured in the CRL signing thread: " + e.toString());
} }
} }
log.info("Stopped CRL Worker Thread...");
} }
} }
...@@ -87,6 +87,7 @@ public class AppStarter extends Thread { ...@@ -87,6 +87,7 @@ public class AppStarter extends Thread {
} }
if(doUpdate.get()){ if(doUpdate.get()){
Server.tomcatLauncher.stopTomcat(); Server.tomcatLauncher.stopTomcat();
LibraryLoader.classLoader.destroy();
//This will trigger a force reload of the lib. //This will trigger a force reload of the lib.
LibraryLoader.loadlibs(System.getProperty("user.dir"), AppStarter.class); LibraryLoader.loadlibs(System.getProperty("user.dir"), AppStarter.class);
server = ServerLoader.loadServer(appUpdater, Integer.toString(port), serverCertificate, serverPrivateKey); server = ServerLoader.loadServer(appUpdater, Integer.toString(port), serverCertificate, serverPrivateKey);
......
...@@ -77,7 +77,7 @@ public class Server { ...@@ -77,7 +77,7 @@ public class Server {
} }
public static void main(String[] args) { public void main(String[] args) {
//Start tomcat. //Start tomcat.
switch (args.length) { switch (args.length) {
case 0: case 0:
......
...@@ -24,6 +24,8 @@ package net.jami.jams.server.core; ...@@ -24,6 +24,8 @@ package net.jami.jams.server.core;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.apache.catalina.connector.Connector; import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.net.SSLHostConfig;
import org.apache.tomcat.util.net.SSLHostConfigCertificate;
import java.io.File; import java.io.File;
...@@ -33,25 +35,26 @@ public class TomcatConnectorFactory { ...@@ -33,25 +35,26 @@ public class TomcatConnectorFactory {
public static Connector getSSLConnectorWithTrustStore(String certificateFile, String keyFile, int port) { public static Connector getSSLConnectorWithTrustStore(String certificateFile, String keyFile, int port) {
log.info(System.getProperty("user.dir") + File.separator + "keystore.jks"); log.info(System.getProperty("user.dir") + File.separator + "keystore.jks");
Connector connector = getSSLConnectorWithoutTrustStore(certificateFile, keyFile, port); Connector connector = getSSLConnectorWithoutTrustStore(certificateFile, keyFile, port);
connector.setAttribute("truststoreFile", System.getProperty("user.dir") + File.separator + "keystore.jks"); //connector.setAttribute("truststoreFile", System.getProperty("user.dir") + File.separator + "keystore.jks");
connector.setAttribute("clientAuth", "optional"); //connector.setAttribute("clientAuth", "optional");
connector.setAttribute("truststorePassword", "changeit"); //connector.setAttribute("truststorePassword", "changeit");
return connector; return connector;
} }
public static Connector getSSLConnectorWithoutTrustStore(String certificateFile, String keyFile, int port) { public static Connector getSSLConnectorWithoutTrustStore(String certificateFile, String keyFile, int port) {
//Check if trust store exists or create it if necessary. //Check if trust store exists or create it if necessary.
Connector connector = new Connector(); Connector connector = new Connector();
SSLHostConfig sslConfig = new SSLHostConfig();
SSLHostConfigCertificate sslHostConfigCertificate = new SSLHostConfigCertificate(sslConfig, SSLHostConfigCertificate.Type.RSA);
sslHostConfigCertificate.setCertificateFile(System.getProperty("user.dir") + File.separator + certificateFile);
sslHostConfigCertificate.setCertificateKeyFile(System.getProperty("user.dir") + File.separator + keyFile);
sslConfig.addCertificate(sslHostConfigCertificate);
sslConfig.setProtocols("TLSv1.3");
connector.addSslHostConfig(sslConfig);
connector.setPort(port); connector.setPort(port);
connector.setSecure(true); connector.setSecure(true);
connector.setScheme("https"); connector.setScheme("https");
connector.setAttribute("protocol", "org.apache.coyote.http11.Http11AprProtocol"); connector.setProperty("SSLEnabled", "true");
connector.setAttribute("SSLCertificateFile", System.getProperty("user.dir") + File.separator + certificateFile);
connector.setAttribute("SSLCertificateKeyFile", System.getProperty("user.dir") + File.separator + keyFile);
connector.setAttribute("protocol", "HTTP/1.1");
connector.setAttribute("sslProtocol", "TLS");
connector.setAttribute("maxThreads", "200");
connector.setAttribute("SSLEnabled", true);
return connector; return connector;
} }
...@@ -60,9 +63,6 @@ public class TomcatConnectorFactory { ...@@ -60,9 +63,6 @@ public class TomcatConnectorFactory {
Connector connector = new Connector(); Connector connector = new Connector();
connector.setPort(port); connector.setPort(port);
connector.setScheme("http"); connector.setScheme("http");
connector.setAttribute("protocol", "org.apache.coyote.http11.Http11NioProtocol");
connector.setAttribute("protocol", "HTTP/1.1");
connector.setAttribute("maxThreads", "200");
return connector; return connector;
} }
......
...@@ -25,10 +25,13 @@ package net.jami.jams.server.core; ...@@ -25,10 +25,13 @@ package net.jami.jams.server.core;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import net.jami.jams.ca.JamsCA; import net.jami.jams.ca.JamsCA;
import net.jami.jams.common.utils.LibraryLoader;
import net.jami.jams.server.Server; import net.jami.jams.server.Server;
import org.apache.catalina.WebResourceRoot; import org.apache.catalina.WebResourceRoot;
import org.apache.catalina.connector.Connector; import org.apache.catalina.connector.Connector;
import org.apache.catalina.core.StandardContext; import org.apache.catalina.core.StandardContext;
import org.apache.catalina.loader.WebappClassLoader;
import org.apache.catalina.loader.WebappClassLoaderBase;
import org.apache.catalina.startup.Tomcat; import org.apache.catalina.startup.Tomcat;
import org.apache.catalina.webresources.DirResourceSet; import org.apache.catalina.webresources.DirResourceSet;
import org.apache.catalina.webresources.JarResourceSet; import org.apache.catalina.webresources.JarResourceSet;
...@@ -48,9 +51,9 @@ import static net.jami.jams.server.Server.certificateAuthority; ...@@ -48,9 +51,9 @@ import static net.jami.jams.server.Server.certificateAuthority;
@Slf4j @Slf4j
public class TomcatLauncher { public class TomcatLauncher {
private Tomcat tomcat = new Tomcat(); private final Tomcat tomcat = new Tomcat();
private static Connector connector; private Connector connector;
private static StandardContext context; private StandardContext context;
public TomcatLauncher(int port) { public TomcatLauncher(int port) {
tomcat.getService().addConnector(TomcatConnectorFactory.getNoSSLConnector(port)); tomcat.getService().addConnector(TomcatConnectorFactory.getNoSSLConnector(port));
...@@ -122,8 +125,9 @@ public class TomcatLauncher { ...@@ -122,8 +125,9 @@ public class TomcatLauncher {
synchronized (tomcat) { synchronized (tomcat) {
certificateAuthority.shutdownThreads(); certificateAuthority.shutdownThreads();
tomcat.stop(); tomcat.stop();
tomcat.destroy();
context.destroy(); context.destroy();
tomcat.destroy();
LibraryLoader.classLoader.destroy();
} }
} catch (Exception e) { } catch (Exception e) {
log.info("Failed to stop tomcat server with error {}", e.getMessage()); log.info("Failed to stop tomcat server with error {}", e.getMessage());
......
...@@ -34,7 +34,7 @@ ...@@ -34,7 +34,7 @@
<lombok.version>1.18.12</lombok.version> <lombok.version>1.18.12</lombok.version>
<log4j.version>1.7.30</log4j.version> <log4j.version>1.7.30</log4j.version>
<jupiter.api.version>5.7.0-M1</jupiter.api.version> <jupiter.api.version>5.7.0-M1</jupiter.api.version>
<tomcat.version>9.0.35</tomcat.version> <tomcat.version>10.0.0-M5</tomcat.version>
<map.struct.version>1.3.0.Final</map.struct.version> <map.struct.version>1.3.0.Final</map.struct.version>
<maven.surefire.version>2.19.1</maven.surefire.version> <maven.surefire.version>2.19.1</maven.surefire.version>
<junit.surefire.version>1.1.0</junit.surefire.version> <junit.surefire.version>1.1.0</junit.surefire.version>
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment