fixed SSL issue

Change-Id: Ic94e1dcbfaba71cb4e8627c7436c2fdff990218b

fixed SSL issue
7d7b762d · Félix Sidokhine · William Enright · e971a68d · 7d7b762d · 7d7b762d
Commit 7d7b762d authored 4 years ago by Félix Sidokhine Committed by William Enright 4 years ago
--- a/authentication-module/src/main/java/net/jami/jams/authmodule/UserAuthenticationModule.java
+++ b/authentication-module/src/main/java/net/jami/jams/authmodule/UserAuthenticationModule.java
@@ -165,7 +165,8 @@ public class UserAuthenticationModule implements AuthenticationModule {
    public AuthTokenResponse authenticateUser(X509Certificate[] certificates, X509CRLHolder crl,
                                              X509Certificate ca) {
        //Extract the username for the certificate and verify that it is not revoked.
-        X509Certificate clientCert = certificates[0];
+        X509Certificate clientCert = certificates[1];
+        X509Certificate deviceCert = certificates[0];
        try {
            //Check if the certificate is even valid.
            clientCert.checkValidity();
@@ -173,13 +174,13 @@ public class UserAuthenticationModule implements AuthenticationModule {
            clientCert.verify(ca.getPublicKey());
            //Here we need to make a request to the CRL to find out if it has been revoked.
            if(crl.getRevokedCertificate(clientCert.getSerialNumber()) != null) return null;
-            String username = clientCert.getSubjectDN().getName();
+            String username = X509Utils.extractDNFromCertificate(clientCert).get("CN");
            //We need to extract the deviceId from the certificate
            StatementList statementList = new StatementList();
            StatementElement statementElement = new StatementElement("username","=",username,"");
            statementList.addStatement(statementElement);
            User user = datastore.getUserDao().getObjects(statementList).get(0);
-            return tokenController.getToken(user,X509Utils.extractDNFromCertificate(clientCert).get("UID"));
+            return tokenController.getToken(user,X509Utils.extractDNFromCertificate(deviceCert).get("UID"));
        }
        catch (Exception e){
            return null;

--- a/jams-ca/crl.pem
+++ b/jams-ca/crl.pem
--- a/jams-common/src/main/java/net/jami/jams/common/objects/responses/DeviceRegistrationResponse.java
+++ b/jams-common/src/main/java/net/jami/jams/common/objects/responses/DeviceRegistrationResponse.java
@@ -41,7 +41,7 @@ public class DeviceRegistrationResponse {

    public void setCertificateChain(X509Certificate[] certificateChain){
        StringBuilder stringBuilder = new StringBuilder();
-        for(int i=certificateChain.length-1;i > 0;i--){
+        for(int i=certificateChain.length-1;i > -1;i--){
            stringBuilder.append(X509Utils.getPEMStringFromCertificate(certificateChain[i])).append("\n");
        }
        //remove the last \n because it's useless.

--- a/jams-server/src/main/java/net/jami/jams/server/core/TomcatConnectorFactory.java
+++ b/jams-server/src/main/java/net/jami/jams/server/core/TomcatConnectorFactory.java
@@ -49,7 +49,7 @@ public class TomcatConnectorFactory {
        sslHostConfigCertificate.setCertificateFile(System.getProperty("user.dir") + File.separator + certificateFile);
        sslHostConfigCertificate.setCertificateKeyFile(System.getProperty("user.dir") + File.separator + keyFile);
        sslConfig.addCertificate(sslHostConfigCertificate);
-        sslConfig.setProtocols("TLSv1.3");
+        sslConfig.setProtocols("TLSv1.2");
        connector.addSslHostConfig(sslConfig);
        connector.setPort(port);
        connector.setSecure(true);

--- a/server.key
+++ b/server.key
+-----BEGIN PRIVATE KEY-----
+MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQC07pI/ZDQcHerS
+UP8P8iB93xOG/S+OwUOP4fRsaQzfSl/DxFYJVZuKqrEULLD3VgHzbQ8NRcIsNFCm
+5lIfAcPIAdD8CbDh6Jm3RUJGRwPLxaaT7qYizq7CKF2pLCwIDsB3yTcxN/Lh1C41
+83FB8/3WpWrBos1u10OTRR1AZCPLZfCOoooKqFH+aVgfYyEyM3Zdpou4MMJlr07d
+IhbQYOOVR5vC8rbm27gvmdxK+vA32/5G1PACJhiS2nui2jTznfHJxFLl2BGouIuR
+Hxk2nrF7X4e0ceA/mXCExgPBWMt1IUV3fIwIR38e/syyjfN3AaQWnHxTGFGs9pna
+zQeDXfWFWLfB+Y6byhNZ5h2me5EkCmZc7j1VXRSm23wcRlq59UwA3WL7HXHjfttV
+f+2FvI9SJ4PQg+H+jaf8V0WOS3A3RfYxJZGAtfGIO3q7ntLLwJzMpqV4d6L83KDt
+FEdz+nRoJFEVy+Zp9f0KvGr9k4awXO7Z3ENYwRgQmiwFTFolgybGjW7jBTLsz7Mm
+vPt6VjVbWtKcp9GviScTSYnDNMueiXMGqJmij/xN7hJLswLQnGgR4ysMHZZkrIcN
+CBKDDsITisw0hWP60UGDtNgNNtL+4/kckcBWoKLrl+pviT4ax/BnW7LV2VYGDdYy
+l++ydajgHdoNubRJQlziLFXhnWvbMQIDAQABAoICAEfWdaDPw1TqmAK7gBovs7Dm
+cpVlT42ptI6bU3X7282IdS+Ac/yuzdwn27k76WO69XlWcuR9LxRoDSHHTxHanIZ8
+GiMIIgAAX5AB4seOiLZOms4fsj0dvQuABXgW/sCQQuEMtmpHYZtCqLppFy3tl3qz
+IQkS/+gjdkQx6+RWHlQy/GlVpeOHY07VOtTzggmxnyyd5NnUGktPaMuqLk68OYBa
+90BXKEHPOXlE6M+ohNpY8cPj5gukXptoPjCx3NZhfs/ysEtsF87avyd2pocmSSfI
+DVSa5kO6Q4+kI3eQLvAprrA7dkoPQSzoVBQNAn7c2u7TYRWJEVzQaNQUFgiVtNZ6
+O9hytR25B6foaF9jiyT41ppEXJtzSVNWmL5lx/Et0F6v6+vkCamdZTN3qMbFFaP
+SJ1qnFBSlhkwfHkYHZt+WYvaciKIBFKrmE59bU95iKU/A5fMPna3921CWW6NoJ73
+5k+Um0McXkpwkzNY1BndAsg9IuSc3nMH/4u8sP7HOEgk7we5pphVpj0SfWCk1w3I
+58w3Vgrt2TXB7MMePmrSARSsCVUSXUaQ6Z3vBt0Ildl7w/kdi5JhQ9W/jGyWFBOh
+5meK8ffvWTv3K9af3wnrnAP3ubdiMLQX1khvXcvj523HULUS6SloVtnvnXoCSD/Q
+4WHVHln4KJRE3dX69p1AoIBAQDixydw/WP2aavpKtrRvd6pHDw7TQO3XbOFZBYd
+kBrJ2rK3dkRmTt7BjRuxXU6grhkEyRjGJXlacA4ynX1rAGJtmMBGFnLo1pclMofu
+nKqUWaFjcRAKcIK0tu86M0vJZT+tX7fdkhO8Y4TOEUods8KACvM5hIimOffrPhoV
+dCkQZOp2j9v8mBE01iULU6MMUc6loFbWkP38YCHg8KxG1At3Od1S7GjWGGpAM8G6
+Y5pj6ArX6ivFfV/nSqLN6KR8toGUNTo4vOR0VutF62NR6oJYxB0HkyKG+CvRfCu7
+V8NFK+LladFgFfNCmEaT4/DLCxsnMiucvDWzGDzmoNjwjDZ/AoIBAQDMPxHYFmAt
+ERL6z59t0MVTR9ei5N9JGhlWHdhVTG7xws2VGENhLpYNuwsrWlx1IKxf0qq5Feky
+VDKXeMITo0d9f7md47QBogN5t49LZDZ0WIKei1IL1fB5zkt6P2+s66fsXnK/2vSu
+zF5xGoziZNzAy7naXonm3z0XEipVhHwgXJdqocm5nFz8G7zeWJ9WK4AJXckyDFyM
+gpdMktyPNcVhL4r6TKIGIgSxwOrpGWbYt2p7hcZEjWK8nZi9DKOGxiAG9c3JtgDV
+dlgWYe1glmsQkwu41RxzO7FRRg2tjKn/Tm67Yk7EBLJa2P+3ltLB/8lW1zMzfRn1
+ohPvAPPt/ZPAoIBAGjf+RmD1YrLa7k1HGULDcHfUOuLvkA6kR8LHj8luX3IKgY2
+J4O4zcNs4nWv1QDyApf3+AEKq4hrceVud+XYE6zji2feUd3j/5owODTdNvXMTZqT
+Wvu49HlmcFPWDSJiNISVU46gU4g37d7ul/wMedKFPd5HsHpPLJwZ6C4rviHayaNy
+/CVgnfR1ZERMtYao/owSDpbEDvF78673HnTS80p79CK5OfJo8Boo1VrBXVD+qqUX
+oo5+YK+yEIBxKkCSlnJX+0jp8izrVXrMVO45KXarm1E5dio88ua6Ke9FswR2O0Ql
+H7Lz87/EdD9Ilr8Pr8r8pLajQ6JDf0aY9DqqXTkCggEAMqCrlqmtO16RGtSeS0VF
+tGgJfppG8sLiZuNM/Y/NrGXCOePix9MZZNvpX9ytMGdh8vqwUOKqhEw0ojFPwjhl
+/yjK5OVNeF4liGVEwsZbbSmHby9Prhlg24CUWwAgeXeMj122CfKHVlDYVCblpzSj
+N7MIJaXrfuv1I6PgFISblBX/fnIOI9Erh16EyYSkMmLkAO5bcel4g2fXgyagP2tv
+urBjPboDK4wBJ+KPGCqwwKVuYqH9TH7Ta7eQ5cOdQUoZJECHuyk/Oap1GU863QdM
+ELayYCWLQNEaGfBIca19cgiKEC7FIXeckkJZ2LMtGOODj+AWE/w9lCh+42zScQnD
+pwKCAQAS5TthMVCb1WxWvYrnMI3Xw111T+DnrK3BL3XNL3bnN4H6ZEnbjtmgEI8T
+Vp0WBBf0hRbgLfwNMndzmLCM/rg9PbLfyWalq61QO8D8GqDBCZNjdrEs8estMqfk
+HS9x62ENsu+I0b7QvslmVjAwEdVvJEJ7AVOnpDZeJz0k20egLAJEZUXxZIxX4oCT
+Yf1cGgFi9Rtfhq21fU3x3PLrfXe2qSIhbbbeZVk2Nj26mwwuyRKCCq0Deq2+Nu4O
+7jEkVwLVWBTd7CfESQ+lwP3n5ZFOkSwE5ZUrceGvaHI/9ufqLOxE10oL1r4/uJiJ
+iwFJQL0Kz83sSeVFfBHDpK/Sckx3
+-----END PRIVATE KEY-----
--- a/server.pem
+++ b/server.pem
+-----BEGIN CERTIFICATE-----
+MIIFnzCCA4egAwIBAgIUXZ3/FHcJwGzw9ad1kqmpy4/zTKcwDQYJKoZIhvcNAQEL
+BQAwXzELMAkGA1UEBhMCQ0ExCzAJBgNVBAgMAlFDMREwDwYDVQQHDAhNb250cmVh
+bDENMAsGA1UECgwEVEVTVDENMAsGA1UECwwEVEVTVDESMBAGA1UEAwwJbG9jYWxo
+b3N0MB4XDTIwMDYxODEzMDkwOFoXDTIxMDYxODEzMDkwOFowXzELMAkGA1UEBhMC
+Q0ExCzAJBgNVBAgMAlFDMREwDwYDVQQHDAhNb250cmVhbDENMAsGA1UECgwEVEVT
+VDENMAsGA1UECwwEVEVTVDESMBAGA1UEAwwJbG9jYWxob3N0MIICIjANBgkqhkiG
+9w0BAQEFAAOCAg8AMIICCgKCAgEAtO6SP2Q0HB3q0lD/D/Igfd8Thv0vjsFDj+H0
+bGkM30pfw8RWCVWbiqqxFCyw91YB820PDUXCLDRQpuZSHwHDyAHQ/Amw4eiZt0VC
+RkcDy8Wmk+6mIs6uwihdqSwsCA7Ad8k3MTfy4dQuNfNxQfP91qVqwaLNbtdDk0Ud
+QGQjy2XwjqKKCqhR/mlYH2MhMjN2XaaLuDDCZa9O3SIW0GDjlUebwvK25tu4L5nc
+SvrwN9v+RtTwAiYYktp7oto0853xycRS5dgRqLiLkR8ZNp6xe1+HtHHgP5lwhMYD
+wVjLdSFFd3yMCEd/Hv7Mso3zdwGkFpx8UxhRrPaZ2s0Hg131hVi3wfmOm8oTWeYd
+pnuRJApmXO49VV0Uptt8HEZaufVMAN1i+x1x437bVX/thbyPUieD0IPh/o2n/FdF
+jktwN0X2MSWRgLXxiDt6u57Sy8CczKaleHei/Nyg7RRHc/p0aCRRFcvmafX9Crxq
+/ZOGsFzu2dxDWMEYEJosBUxaJYMmxo1u4wUy7M+zJrz7elY1W1rSnKfRr4knE0mJ
+wzTLnolzBqiZoo/8Te4SS7MC0JxoEeMrDB2WZKyHDQgSgw7CE4rMNIVj+tFBg7TY
+DTbS/uP5HJHAVqCi65fqb4k+GsfwZ1uy1dlWBg3WMpfvsnWo4B3aDbm0SUJc4ixV
+4Z1r2zECAwEAAaNTMFEwHQYDVR0OBBYEFMzPJbDc8A8bbyznB/Gg9VDnUu/dMB8G
+A1UdIwQYMBaAFMzPJbDc8A8bbyznB/Gg9VDnUu/dMA8GA1UdEwEB/wQFMAMBAf8w
+DQYJKoZIhvcNAQELBQADggIBAKKCbGlSTCd66lZTfQKlxGk7EC+j7O9fupaNwXCm
+wfdtnEArOumHEdBQdbCfnnfNWO01lUXheI6iN8zOX66y7zoHwqJF4gvdQL8xPC0S
+PvQ3kZWuQqjiH3N0jB1NMKCWloo7SyUgSSbLAmyFfTlIBYv6NuysBPZ4LDLIqbUx
+xXdkW2sR7UXPTar+UBKtNI7FzM9fBIbHuk/JjB9XOJbjBuFED9tF0OofL8wVkCzG
+bhGw1zZ8wf0rFmWqNmxkFzYXXsZQzmQd1UCwnZ2/IsRoxLO5GJp4CuEnO2G6ayU2
+BPU+3Vl2BEcvQFpApwuSbYIa/B9LrXhcEkMwez4pbIQR3X1fWZ6CDyDsQdNse+sF
+C9w/iTlclPMB9W5J391GJZWXbtp2+gWFsDhjERuvluixJtL+h4Z4ADbERXZoFs5l
+AHD5W3zIgPm6PpJ9hBH28LwwyV939ucUJlhpUXAuHfINe8OzqAR2NcVIggBq53Z8
+4YxFEtA+PvKxYd1rLbozo7078rBiYiGPxYX8wvvkkbAlSgzwKmJaovV0YtvyrpRL
+S7BjzW80Scq1qHxEsGRJ5yaavx+JlefMw3gU8VjI2ilnYNlMNOZh7dRm4eCRcUwc
+3rsTIOoEXDvtrQHsq8xRVi/RwRhBNjrhg5+dKIMxBpHFa8uFyzIyhVOnY2tgRaHX
+UHgl
+-----END CERTIFICATE-----