Skip to content
Snippets Groups Projects
Commit 64be0d5b authored by Felix Sidokhine's avatar Felix Sidokhine
Browse files

restored tomcat SSL functions fully

parent 56dcfb9c
No related branches found
No related tags found
No related merge requests found
...@@ -4,19 +4,27 @@ import lombok.extern.slf4j.Slf4j; ...@@ -4,19 +4,27 @@ import lombok.extern.slf4j.Slf4j;
import org.apache.catalina.connector.Connector; import org.apache.catalina.connector.Connector;
import java.io.File; import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
@Slf4j @Slf4j
public class TomcatConnectorFactory { public class TomcatConnectorFactory {
public static Connector getSSLConnectorWithTrustStore(String certificateFile, String keyFile, int port) { public static Connector getSSLConnectorWithTrustStore(String certificateFile, String keyFile, int port) {
Connector connector = getSSLConnectorWithoutTrustStore(certificateFile, keyFile, port); Connector connector = getSSLConnectorWithoutTrustStore(certificateFile, keyFile, port);
if (Files.exists(Paths.get(System.getProperty("user.dir") + File.separator + "keystore.jks"))) {
connector.setAttribute("truststoreFile", System.getProperty("user.dir") + File.separator + "keystore.jks"); connector.setAttribute("truststoreFile", System.getProperty("user.dir") + File.separator + "keystore.jks");
connector.setAttribute("clientAuth", "optional"); connector.setAttribute("clientAuth", "optional");
connector.setAttribute("truststorePassword", "changeit"); connector.setAttribute("truststorePassword", "changeit");
} else {
log.error("Could not find a keystore for the SSL Connector - this is critical as client auth will not be available!");
log.error("Proceeding to boot tomcat with just SSL parameters...");
}
return connector; return connector;
} }
public static Connector getSSLConnectorWithoutTrustStore(String certificateFile, String keyFile, int port) { public static Connector getSSLConnectorWithoutTrustStore(String certificateFile, String keyFile, int port) {
//Check if trust store exists or create it if necessary.
Connector connector = new Connector(); Connector connector = new Connector();
connector.setPort(port); connector.setPort(port);
connector.setSecure(true); connector.setSecure(true);
......
...@@ -16,6 +16,7 @@ import net.jami.jams.server.startup.AuthModuleLoader; ...@@ -16,6 +16,7 @@ import net.jami.jams.server.startup.AuthModuleLoader;
import java.io.File; import java.io.File;
import java.io.FileOutputStream; import java.io.FileOutputStream;
import java.io.OutputStream; import java.io.OutputStream;
import java.security.KeyStore;
import static net.jami.jams.server.Server.*; import static net.jami.jams.server.Server.*;
...@@ -82,6 +83,15 @@ public class InstallationFinalizer { ...@@ -82,6 +83,15 @@ public class InstallationFinalizer {
if(serverSettings.getLdapConfiguration() != null) if(serverSettings.getLdapConfiguration() != null)
userAuthenticationModule.attachAuthSource(AuthenticationSourceType.LDAP,serverSettings.getLdapConfiguration()); userAuthenticationModule.attachAuthSource(AuthenticationSourceType.LDAP,serverSettings.getLdapConfiguration());
if(useLocalNS) nameServer = new LocalNameServer(dataStore,userAuthenticationModule,serverSettings.getServerPublicURI()); if(useLocalNS) nameServer = new LocalNameServer(dataStore,userAuthenticationModule,serverSettings.getServerPublicURI());
log.info("Building keystore for client auth for tomcat...");
KeyStore ks = KeyStore.getInstance("JKS");
char[] password = "changeit".toCharArray();
ks.load(null, password);
ks.setCertificateEntry("jams-ca",certificateAuthority.getCA());
FileOutputStream fos = new FileOutputStream( "keystore.jks");
ks.store(fos, password);
fos.close();
log.info("Successfully built keystore for for tomcat!");
Server.isInstalled.set(true); Server.isInstalled.set(true);
log.info("The installation has completed successfully, you can now use JAMS!"); log.info("The installation has completed successfully, you can now use JAMS!");
} catch (Exception e) { } catch (Exception e) {
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment