upgrade back to tomcat 10M5 - fixed issue with SSL

5c77dd3a · Felix Sidokhine · c78b32e3 · 5c77dd3a · 5c77dd3a · 5c77dd3a
Commit 5c77dd3a authored 5 years ago by Felix Sidokhine
--- a/jams-ca/src/main/java/net/jami/jams/ca/JamsCA.java
+++ b/jams-ca/src/main/java/net/jami/jams/ca/JamsCA.java
@@ -140,7 +140,13 @@ public class JamsCA implements CertificateAuthority {
    @Override
    public boolean shutdownThreads() {
        //Unsafe but acceptable.
-        crlWorker.stop();
+        crlWorker.getStop().set(true);
+        crlWorker.interrupt();
+        Thread.State state = crlWorker.getState();
+        while(!state.equals(Thread.State.TERMINATED)){
+            state = crlWorker.getState();
+        }
+        crlWorker = null;
        ocspWorker.stop();
        return true;
    }

--- a/jams-ca/src/main/java/net/jami/jams/ca/workers/crl/CRLWorker.java
+++ b/jams-ca/src/main/java/net/jami/jams/ca/workers/crl/CRLWorker.java
@@ -23,6 +23,7 @@
 package net.jami.jams.ca.workers.crl;
 import lombok.Getter;
+import lombok.Setter;
 import lombok.extern.slf4j.Slf4j;
 import net.jami.jams.ca.JamsCA;
 import net.jami.jams.ca.workers.X509Worker;
@@ -36,6 +37,7 @@ import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
 import java.util.Date;
+import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.concurrent.atomic.AtomicReference;
 @Slf4j
@@ -44,6 +46,9 @@ public class CRLWorker extends X509Worker<RevocationRequest> {
    @Getter
    private AtomicReference<X509CRLHolder> existingCRL = null;
+    @Getter @Setter
+    private AtomicBoolean stop = new AtomicBoolean(false);
    public CRLWorker(PrivateKey privateKey, X509Certificate certificate) {
        super(privateKey, certificate);
        this.setDaemon(true);
@@ -74,7 +79,7 @@ public class CRLWorker extends X509Worker<RevocationRequest> {
    @Override
    public void run() {
        boolean needsRefresh = false;
-        while(true){
+        while(!stop.get()){
            try{
                while(getInput().isEmpty()){
                    if(needsRefresh){
@@ -97,5 +102,6 @@ public class CRLWorker extends X509Worker<RevocationRequest> {
                log.error("An error has occured in the CRL signing thread: " + e.toString());
            }
        }
+        log.info("Stopped CRL Worker Thread...");
    }
 }
--- a/jams-launcher/src/main/java/launcher/AppStarter.java
+++ b/jams-launcher/src/main/java/launcher/AppStarter.java
@@ -87,6 +87,7 @@ public class AppStarter extends Thread {
                }
                if(doUpdate.get()){
                    Server.tomcatLauncher.stopTomcat();
+                    LibraryLoader.classLoader.destroy();
                    //This will trigger a force reload of the lib.
                    LibraryLoader.loadlibs(System.getProperty("user.dir"), AppStarter.class);
                    server = ServerLoader.loadServer(appUpdater, Integer.toString(port), serverCertificate, serverPrivateKey);

--- a/jams-server/src/main/java/net/jami/jams/server/Server.java
+++ b/jams-server/src/main/java/net/jami/jams/server/Server.java
@@ -77,7 +77,7 @@ public class Server {
    }
-    public static void main(String[] args) {
+    public void main(String[] args) {
        //Start tomcat.
        switch (args.length) {
            case 0:

--- a/jams-server/src/main/java/net/jami/jams/server/core/TomcatConnectorFactory.java
+++ b/jams-server/src/main/java/net/jami/jams/server/core/TomcatConnectorFactory.java
@@ -24,6 +24,8 @@ package net.jami.jams.server.core;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.catalina.connector.Connector;
+import org.apache.tomcat.util.net.SSLHostConfig;
+import org.apache.tomcat.util.net.SSLHostConfigCertificate;
 import java.io.File;
@@ -33,25 +35,26 @@ public class TomcatConnectorFactory {
    public static Connector getSSLConnectorWithTrustStore(String certificateFile, String keyFile, int port) {
        log.info(System.getProperty("user.dir") + File.separator + "keystore.jks");
        Connector connector = getSSLConnectorWithoutTrustStore(certificateFile, keyFile, port);
-        connector.setAttribute("truststoreFile", System.getProperty("user.dir") + File.separator + "keystore.jks");
+        //connector.setAttribute("truststoreFile", System.getProperty("user.dir") + File.separator + "keystore.jks");
-        connector.setAttribute("clientAuth", "optional");
+        //connector.setAttribute("clientAuth", "optional");
-        connector.setAttribute("truststorePassword", "changeit");
+        //connector.setAttribute("truststorePassword", "changeit");
        return connector;
    }
    public static Connector getSSLConnectorWithoutTrustStore(String certificateFile, String keyFile, int port) {
        //Check if trust store exists or create it if necessary.
        Connector connector = new Connector();
+        SSLHostConfig sslConfig = new SSLHostConfig();
+        SSLHostConfigCertificate sslHostConfigCertificate = new SSLHostConfigCertificate(sslConfig, SSLHostConfigCertificate.Type.RSA);
+        sslHostConfigCertificate.setCertificateFile(System.getProperty("user.dir") + File.separator + certificateFile);
+        sslHostConfigCertificate.setCertificateKeyFile(System.getProperty("user.dir") + File.separator + keyFile);
+        sslConfig.addCertificate(sslHostConfigCertificate);
+        sslConfig.setProtocols("TLSv1.3");
+        connector.addSslHostConfig(sslConfig);
        connector.setPort(port);
        connector.setSecure(true);
        connector.setScheme("https");
-        connector.setAttribute("protocol", "org.apache.coyote.http11.Http11AprProtocol");
+        connector.setProperty("SSLEnabled", "true");
-        connector.setAttribute("SSLCertificateFile", System.getProperty("user.dir") + File.separator + certificateFile);
-        connector.setAttribute("SSLCertificateKeyFile", System.getProperty("user.dir") + File.separator + keyFile);
-        connector.setAttribute("protocol", "HTTP/1.1");
-        connector.setAttribute("sslProtocol", "TLS");
-        connector.setAttribute("maxThreads", "200");
-        connector.setAttribute("SSLEnabled", true);
        return connector;
    }
@@ -60,9 +63,6 @@ public class TomcatConnectorFactory {
        Connector connector = new Connector();
        connector.setPort(port);
        connector.setScheme("http");
-        connector.setAttribute("protocol", "org.apache.coyote.http11.Http11NioProtocol");
-        connector.setAttribute("protocol", "HTTP/1.1");
-        connector.setAttribute("maxThreads", "200");
        return connector;
    }

--- a/jams-server/src/main/java/net/jami/jams/server/core/TomcatLauncher.java
+++ b/jams-server/src/main/java/net/jami/jams/server/core/TomcatLauncher.java
@@ -25,10 +25,13 @@ package net.jami.jams.server.core;
 import lombok.extern.slf4j.Slf4j;
 import net.jami.jams.ca.JamsCA;
+import net.jami.jams.common.utils.LibraryLoader;
 import net.jami.jams.server.Server;
 import org.apache.catalina.WebResourceRoot;
 import org.apache.catalina.connector.Connector;
 import org.apache.catalina.core.StandardContext;
+import org.apache.catalina.loader.WebappClassLoader;
+import org.apache.catalina.loader.WebappClassLoaderBase;
 import org.apache.catalina.startup.Tomcat;
 import org.apache.catalina.webresources.DirResourceSet;
 import org.apache.catalina.webresources.JarResourceSet;
@@ -48,9 +51,9 @@ import static net.jami.jams.server.Server.certificateAuthority;
 @Slf4j
 public class TomcatLauncher {
-    private Tomcat tomcat = new Tomcat();
+    private final Tomcat tomcat = new Tomcat();
-    private static Connector connector;
+    private Connector connector;
-    private static StandardContext context;
+    private StandardContext context;
    public TomcatLauncher(int port) {
        tomcat.getService().addConnector(TomcatConnectorFactory.getNoSSLConnector(port));
@@ -122,8 +125,9 @@ public class TomcatLauncher {
            synchronized (tomcat) {
                certificateAuthority.shutdownThreads();
                tomcat.stop();
-                tomcat.destroy();
                context.destroy();
+                tomcat.destroy();
+                LibraryLoader.classLoader.destroy();
            }
        } catch (Exception e) {
            log.info("Failed to stop tomcat server with error {}", e.getMessage());

--- a/pom.xml
+++ b/pom.xml
@@ -34,7 +34,7 @@
        <lombok.version>1.18.12</lombok.version>
        <log4j.version>1.7.30</log4j.version>
        <jupiter.api.version>5.7.0-M1</jupiter.api.version>
-        <tomcat.version>9.0.35</tomcat.version>
+        <tomcat.version>10.0.0-M5</tomcat.version>
        <map.struct.version>1.3.0.Final</map.struct.version>
        <maven.surefire.version>2.19.1</maven.surefire.version>
        <junit.surefire.version>1.1.0</junit.surefire.version>