restored tomcat SSL functions fully

64be0d5b · Felix Sidokhine · 56dcfb9c · 64be0d5b · 64be0d5b
Commit 64be0d5b authored 4 years ago by Felix Sidokhine
--- a/jams-server/src/main/java/net/jami/jams/server/core/TomcatConnectorFactory.java
+++ b/jams-server/src/main/java/net/jami/jams/server/core/TomcatConnectorFactory.java
@@ -4,19 +4,27 @@ import lombok.extern.slf4j.Slf4j;
 import org.apache.catalina.connector.Connector;

 import java.io.File;
+import java.nio.file.Files;
+import java.nio.file.Paths;

 @Slf4j
 public class TomcatConnectorFactory {

    public static Connector getSSLConnectorWithTrustStore(String certificateFile, String keyFile, int port) {
-        Connector connector = getSSLConnectorWithoutTrustStore(certificateFile,keyFile,port);
-        connector.setAttribute("truststoreFile",System.getProperty("user.dir") + File.separator  + "keystore.jks");
-        connector.setAttribute("clientAuth","optional");
-        connector.setAttribute("truststorePassword","changeit");
+        Connector connector = getSSLConnectorWithoutTrustStore(certificateFile, keyFile, port);
+        if (Files.exists(Paths.get(System.getProperty("user.dir") + File.separator + "keystore.jks"))) {
+            connector.setAttribute("truststoreFile", System.getProperty("user.dir") + File.separator + "keystore.jks");
+            connector.setAttribute("clientAuth", "optional");
+            connector.setAttribute("truststorePassword", "changeit");
+        } else {
+            log.error("Could not find a keystore for the SSL Connector - this is critical as client auth will not be available!");
+            log.error("Proceeding to boot tomcat with just SSL parameters...");
+        }
        return connector;
    }

    public static Connector getSSLConnectorWithoutTrustStore(String certificateFile, String keyFile, int port) {
+        //Check if trust store exists or create it if necessary.
        Connector connector = new Connector();
        connector.setPort(port);
        connector.setSecure(true);

--- a/jams-server/src/main/java/net/jami/jams/server/core/workflows/InstallationFinalizer.java
+++ b/jams-server/src/main/java/net/jami/jams/server/core/workflows/InstallationFinalizer.java
@@ -16,6 +16,7 @@ import net.jami.jams.server.startup.AuthModuleLoader;
 import java.io.File;
 import java.io.FileOutputStream;
 import java.io.OutputStream;
+import java.security.KeyStore;

 import static net.jami.jams.server.Server.*;

@@ -82,6 +83,15 @@ public class InstallationFinalizer {
            if(serverSettings.getLdapConfiguration() != null)
                userAuthenticationModule.attachAuthSource(AuthenticationSourceType.LDAP,serverSettings.getLdapConfiguration());
            if(useLocalNS) nameServer = new LocalNameServer(dataStore,userAuthenticationModule,serverSettings.getServerPublicURI());
+            log.info("Building keystore for client auth for tomcat...");
+            KeyStore ks = KeyStore.getInstance("JKS");
+            char[] password = "changeit".toCharArray();
+            ks.load(null, password);
+            ks.setCertificateEntry("jams-ca",certificateAuthority.getCA());
+            FileOutputStream fos = new FileOutputStream( "keystore.jks");
+            ks.store(fos, password);
+            fos.close();
+            log.info("Successfully built keystore for for tomcat!");
            Server.isInstalled.set(true);
            log.info("The installation has completed successfully, you can now use JAMS!");
        } catch (Exception e) {