From 7d7b762d38e3933435e70a8e0d6f13cb62807e5a Mon Sep 17 00:00:00 2001
From: Felix Sidokhine <felix.sidokhine@savoirfairelinux.com>
Date: Thu, 18 Jun 2020 17:10:00 +0300
Subject: [PATCH] fixed SSL issue
Change-Id: Ic94e1dcbfaba71cb4e8627c7436c2fdff990218b
---
.../authmodule/UserAuthenticationModule.java | 7 ++-
jams-ca/crl.pem | Bin 0 -> 643 bytes
.../responses/DeviceRegistrationResponse.java | 2 +-
.../server/core/TomcatConnectorFactory.java | 2 +-
server.key | 52 ++++++++++++++++++
server.pem | 33 +++++++++++
6 files changed, 91 insertions(+), 5 deletions(-)
create mode 100644 jams-ca/crl.pem
create mode 100644 server.key
create mode 100644 server.pem
diff --git a/authentication-module/src/main/java/net/jami/jams/authmodule/UserAuthenticationModule.java b/authentication-module/src/main/java/net/jami/jams/authmodule/UserAuthenticationModule.java
index 07849099..6d57ea70 100644
--- a/authentication-module/src/main/java/net/jami/jams/authmodule/UserAuthenticationModule.java
+++ b/authentication-module/src/main/java/net/jami/jams/authmodule/UserAuthenticationModule.java
@@ -165,7 +165,8 @@ public class UserAuthenticationModule implements AuthenticationModule {
public AuthTokenResponse authenticateUser(X509Certificate[] certificates, X509CRLHolder crl,
X509Certificate ca) {
//Extract the username for the certificate and verify that it is not revoked.
- X509Certificate clientCert = certificates[0];
+ X509Certificate clientCert = certificates[1];
+ X509Certificate deviceCert = certificates[0];
try {
//Check if the certificate is even valid.
clientCert.checkValidity();
@@ -173,13 +174,13 @@ public class UserAuthenticationModule implements AuthenticationModule {
clientCert.verify(ca.getPublicKey());
//Here we need to make a request to the CRL to find out if it has been revoked.
if(crl.getRevokedCertificate(clientCert.getSerialNumber()) != null) return null;
- String username = clientCert.getSubjectDN().getName();
+ String username = X509Utils.extractDNFromCertificate(clientCert).get("CN");
//We need to extract the deviceId from the certificate
StatementList statementList = new StatementList();
StatementElement statementElement = new StatementElement("username","=",username,"");
statementList.addStatement(statementElement);
User user = datastore.getUserDao().getObjects(statementList).get(0);
- return tokenController.getToken(user,X509Utils.extractDNFromCertificate(clientCert).get("UID"));
+ return tokenController.getToken(user,X509Utils.extractDNFromCertificate(deviceCert).get("UID"));
}
catch (Exception e){
return null;
diff --git a/jams-ca/crl.pem b/jams-ca/crl.pem
new file mode 100644
index 0000000000000000000000000000000000000000..11df6239fd914fbb807755737216c113adb6c5bd
GIT binary patch
literal 643
zcmXqLVyZXDWMX7A;AP{~YV&CO&dbQi%gSINZzy2E$HpAW!py@Sl3HA%;OuC~ZNLc<
zVH0L@3lirwGB7YRv@kR_F*P=iGEg;8W@2HjG@67i!DGP1#vCdu%EHXW$cbhPa}yII
zgLTv!p1CKlSHy;YKP|rF=r*Nh*4F*m`CgAWL;d;wm@}P8k$JZ!Wct$=p|<V$d$*O{
z*rM0KxF>zhqpenFZLYrle~WKhv3P)!pPfM9y#E>x{{($c(RP$(TfaW6Uo~}(Sm)mD
z)t#2Fv@bE8yHoBPrf~6Yj~mZcwV(;*IhHH0Nf%f!-DPW8dZNY0GS_J8`i1S=?re%@
zeYfFz*_D^vpH|&`b5zb(|KAFk?_EdiHd&~7XGBHi2MZbV?3~y%_tU@Es=tmYPx*F0
zS@~1?D?!ee=Z*$0*iftFXV|c+O^eTQ!v8zHucHlJj<xQYpT0%Axuis1a^wDx8u3@$
zj^Z~?L==awSJ{3&^We<)?=7qnUg)j(<Mldlk<Lbk8@1lWNsp`Jvrp{XQT|f5{_*$o
zmmRA&9#WsOXYR_<3&o#uKYeu!apuyCp8sH8t*mM8Rq3AWjvLb3b|t<%BmJD|;tZA?
zi6&z)h6^0Gx_9rCx7YEVyDL1Et@-}dC8wip%Wgdq&OUqT;RaXJCLO1zPLqPKum=6M
zKA5QaId0qjyHC2Fs3(_en-wr+PM-2mB*w~CZ#C-|pEZ~59yz5oN2j0MImL0l+n%75
zn^nC(J_t1!ryrY{m(p$`<lFGC@$JHJFWpHEnKPH3`Y!**$NfrLCyQ)Ap!v=ohuz{U
Y<AlpHijI7=JSnOWFIi?P@<i1I0PY$TBLDyZ
literal 0
HcmV?d00001
diff --git a/jams-common/src/main/java/net/jami/jams/common/objects/responses/DeviceRegistrationResponse.java b/jams-common/src/main/java/net/jami/jams/common/objects/responses/DeviceRegistrationResponse.java
index 0e271218..87ebdaad 100644
--- a/jams-common/src/main/java/net/jami/jams/common/objects/responses/DeviceRegistrationResponse.java
+++ b/jams-common/src/main/java/net/jami/jams/common/objects/responses/DeviceRegistrationResponse.java
@@ -41,7 +41,7 @@ public class DeviceRegistrationResponse {
public void setCertificateChain(X509Certificate[] certificateChain){
StringBuilder stringBuilder = new StringBuilder();
- for(int i=certificateChain.length-1;i > 0;i--){
+ for(int i=certificateChain.length-1;i > -1;i--){
stringBuilder.append(X509Utils.getPEMStringFromCertificate(certificateChain[i])).append("\n");
}
//remove the last \n because it's useless.
diff --git a/jams-server/src/main/java/net/jami/jams/server/core/TomcatConnectorFactory.java b/jams-server/src/main/java/net/jami/jams/server/core/TomcatConnectorFactory.java
index 68198f8b..ae33580a 100644
--- a/jams-server/src/main/java/net/jami/jams/server/core/TomcatConnectorFactory.java
+++ b/jams-server/src/main/java/net/jami/jams/server/core/TomcatConnectorFactory.java
@@ -49,7 +49,7 @@ public class TomcatConnectorFactory {
sslHostConfigCertificate.setCertificateFile(System.getProperty("user.dir") + File.separator + certificateFile);
sslHostConfigCertificate.setCertificateKeyFile(System.getProperty("user.dir") + File.separator + keyFile);
sslConfig.addCertificate(sslHostConfigCertificate);
- sslConfig.setProtocols("TLSv1.3");
+ sslConfig.setProtocols("TLSv1.2");
connector.addSslHostConfig(sslConfig);
connector.setPort(port);
connector.setSecure(true);
diff --git a/server.key b/server.key
new file mode 100644
index 00000000..40c109d8
--- /dev/null
+++ b/server.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQC07pI/ZDQcHerS
+UP8P8iB93xOG/S+OwUOP4fRsaQzfSl/DxFYJVZuKqrEULLD3VgHzbQ8NRcIsNFCm
+5lIfAcPIAdD8CbDh6Jm3RUJGRwPLxaaT7qYizq7CKF2pLCwIDsB3yTcxN/Lh1C41
+83FB8/3WpWrBos1u10OTRR1AZCPLZfCOoooKqFH+aVgfYyEyM3Zdpou4MMJlr07d
+IhbQYOOVR5vC8rbm27gvmdxK+vA32/5G1PACJhiS2nui2jTznfHJxFLl2BGouIuR
+Hxk2nrF7X4e0ceA/mXCExgPBWMt1IUV3fIwIR38e/syyjfN3AaQWnHxTGFGs9pna
+zQeDXfWFWLfB+Y6byhNZ5h2me5EkCmZc7j1VXRSm23wcRlq59UwA3WL7HXHjfttV
+f+2FvI9SJ4PQg+H+jaf8V0WOS3A3RfYxJZGAtfGIO3q7ntLLwJzMpqV4d6L83KDt
+FEdz+nRoJFEVy+Zp9f0KvGr9k4awXO7Z3ENYwRgQmiwFTFolgybGjW7jBTLsz7Mm
+vPt6VjVbWtKcp9GviScTSYnDNMueiXMGqJmij/xN7hJLswLQnGgR4ysMHZZkrIcN
+CBKDDsITisw0hWP60UGDtNgNNtL+4/kckcBWoKLrl+pviT4ax/BnW7LV2VYGDdYy
+l++ydajgHdoNubRJQlziLFXhnWvbMQIDAQABAoICAEfWdaDPw1TqmAK7gBovs7Dm
+cpVlT42ptI6bU3X7282IdS+Ac/yuzdwn27k76WO69XlWcuR9LxRoDSHHTxHanIZ8
+GiMIIgAAX5AB4seOiLZOms4fsj0dvQuABXgW/sCQQuEMtmpHYZtCqLppFy3tl3qz
+IQkS/+gjdkQx6+RWHlQy/GlVpeOHY07VOtTzggmxnyyd5NnUGktPaMuqLk68OYBa
+90BXKEHPOXlE6M+ohNpY8cPj5gukXptoPjCx3NZhfs/ysEtsF87avyd2pocmSSfI
+DVSa5kO6Q4+kI3eQLvAprrA7dkoPQSzoVBQNAn7c2u7TYRWJEVzQaNQUFgiVtNZ6
++O9hytR25B6foaF9jiyT41ppEXJtzSVNWmL5lx/Et0F6v6+vkCamdZTN3qMbFFaP
+SJ1qnFBSlhkwfHkYHZt+WYvaciKIBFKrmE59bU95iKU/A5fMPna3921CWW6NoJ73
+5k+Um0McXkpwkzNY1BndAsg9IuSc3nMH/4u8sP7HOEgk7we5pphVpj0SfWCk1w3I
+58w3Vgrt2TXB7MMePmrSARSsCVUSXUaQ6Z3vBt0Ildl7w/kdi5JhQ9W/jGyWFBOh
+5meK8ffvWTv3K9af3wnrnAP3ubdiMLQX1khvXcvj523HULUS6SloVtnvnXoCSD/Q
++4WHVHln4KJRE3dX69p1AoIBAQDixydw/WP2aavpKtrRvd6pHDw7TQO3XbOFZBYd
+kBrJ2rK3dkRmTt7BjRuxXU6grhkEyRjGJXlacA4ynX1rAGJtmMBGFnLo1pclMofu
+nKqUWaFjcRAKcIK0tu86M0vJZT+tX7fdkhO8Y4TOEUods8KACvM5hIimOffrPhoV
+dCkQZOp2j9v8mBE01iULU6MMUc6loFbWkP38YCHg8KxG1At3Od1S7GjWGGpAM8G6
+Y5pj6ArX6ivFfV/nSqLN6KR8toGUNTo4vOR0VutF62NR6oJYxB0HkyKG+CvRfCu7
+V8NFK+LladFgFfNCmEaT4/DLCxsnMiucvDWzGDzmoNjwjDZ/AoIBAQDMPxHYFmAt
+ERL6z59t0MVTR9ei5N9JGhlWHdhVTG7xws2VGENhLpYNuwsrWlx1IKxf0qq5Feky
+VDKXeMITo0d9f7md47QBogN5t49LZDZ0WIKei1IL1fB5zkt6P2+s66fsXnK/2vSu
+zF5xGoziZNzAy7naXonm3z0XEipVhHwgXJdqocm5nFz8G7zeWJ9WK4AJXckyDFyM
+gpdMktyPNcVhL4r6TKIGIgSxwOrpGWbYt2p7hcZEjWK8nZi9DKOGxiAG9c3JtgDV
+dlgWYe1glmsQkwu41RxzO7FRRg2tjKn/Tm67Yk7EBLJa2P+3ltLB/8lW1zMzfRn1
++ohPvAPPt/ZPAoIBAGjf+RmD1YrLa7k1HGULDcHfUOuLvkA6kR8LHj8luX3IKgY2
+J4O4zcNs4nWv1QDyApf3+AEKq4hrceVud+XYE6zji2feUd3j/5owODTdNvXMTZqT
+Wvu49HlmcFPWDSJiNISVU46gU4g37d7ul/wMedKFPd5HsHpPLJwZ6C4rviHayaNy
+/CVgnfR1ZERMtYao/owSDpbEDvF78673HnTS80p79CK5OfJo8Boo1VrBXVD+qqUX
+oo5+YK+yEIBxKkCSlnJX+0jp8izrVXrMVO45KXarm1E5dio88ua6Ke9FswR2O0Ql
+H7Lz87/EdD9Ilr8Pr8r8pLajQ6JDf0aY9DqqXTkCggEAMqCrlqmtO16RGtSeS0VF
+tGgJfppG8sLiZuNM/Y/NrGXCOePix9MZZNvpX9ytMGdh8vqwUOKqhEw0ojFPwjhl
+/yjK5OVNeF4liGVEwsZbbSmHby9Prhlg24CUWwAgeXeMj122CfKHVlDYVCblpzSj
+N7MIJaXrfuv1I6PgFISblBX/fnIOI9Erh16EyYSkMmLkAO5bcel4g2fXgyagP2tv
+urBjPboDK4wBJ+KPGCqwwKVuYqH9TH7Ta7eQ5cOdQUoZJECHuyk/Oap1GU863QdM
+ELayYCWLQNEaGfBIca19cgiKEC7FIXeckkJZ2LMtGOODj+AWE/w9lCh+42zScQnD
+pwKCAQAS5TthMVCb1WxWvYrnMI3Xw111T+DnrK3BL3XNL3bnN4H6ZEnbjtmgEI8T
+Vp0WBBf0hRbgLfwNMndzmLCM/rg9PbLfyWalq61QO8D8GqDBCZNjdrEs8estMqfk
+HS9x62ENsu+I0b7QvslmVjAwEdVvJEJ7AVOnpDZeJz0k20egLAJEZUXxZIxX4oCT
+Yf1cGgFi9Rtfhq21fU3x3PLrfXe2qSIhbbbeZVk2Nj26mwwuyRKCCq0Deq2+Nu4O
+7jEkVwLVWBTd7CfESQ+lwP3n5ZFOkSwE5ZUrceGvaHI/9ufqLOxE10oL1r4/uJiJ
+iwFJQL0Kz83sSeVFfBHDpK/Sckx3
+-----END PRIVATE KEY-----
diff --git a/server.pem b/server.pem
new file mode 100644
index 00000000..706489d2
--- /dev/null
+++ b/server.pem
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFnzCCA4egAwIBAgIUXZ3/FHcJwGzw9ad1kqmpy4/zTKcwDQYJKoZIhvcNAQEL
+BQAwXzELMAkGA1UEBhMCQ0ExCzAJBgNVBAgMAlFDMREwDwYDVQQHDAhNb250cmVh
+bDENMAsGA1UECgwEVEVTVDENMAsGA1UECwwEVEVTVDESMBAGA1UEAwwJbG9jYWxo
+b3N0MB4XDTIwMDYxODEzMDkwOFoXDTIxMDYxODEzMDkwOFowXzELMAkGA1UEBhMC
+Q0ExCzAJBgNVBAgMAlFDMREwDwYDVQQHDAhNb250cmVhbDENMAsGA1UECgwEVEVT
+VDENMAsGA1UECwwEVEVTVDESMBAGA1UEAwwJbG9jYWxob3N0MIICIjANBgkqhkiG
+9w0BAQEFAAOCAg8AMIICCgKCAgEAtO6SP2Q0HB3q0lD/D/Igfd8Thv0vjsFDj+H0
+bGkM30pfw8RWCVWbiqqxFCyw91YB820PDUXCLDRQpuZSHwHDyAHQ/Amw4eiZt0VC
+RkcDy8Wmk+6mIs6uwihdqSwsCA7Ad8k3MTfy4dQuNfNxQfP91qVqwaLNbtdDk0Ud
+QGQjy2XwjqKKCqhR/mlYH2MhMjN2XaaLuDDCZa9O3SIW0GDjlUebwvK25tu4L5nc
+SvrwN9v+RtTwAiYYktp7oto0853xycRS5dgRqLiLkR8ZNp6xe1+HtHHgP5lwhMYD
+wVjLdSFFd3yMCEd/Hv7Mso3zdwGkFpx8UxhRrPaZ2s0Hg131hVi3wfmOm8oTWeYd
+pnuRJApmXO49VV0Uptt8HEZaufVMAN1i+x1x437bVX/thbyPUieD0IPh/o2n/FdF
+jktwN0X2MSWRgLXxiDt6u57Sy8CczKaleHei/Nyg7RRHc/p0aCRRFcvmafX9Crxq
+/ZOGsFzu2dxDWMEYEJosBUxaJYMmxo1u4wUy7M+zJrz7elY1W1rSnKfRr4knE0mJ
+wzTLnolzBqiZoo/8Te4SS7MC0JxoEeMrDB2WZKyHDQgSgw7CE4rMNIVj+tFBg7TY
+DTbS/uP5HJHAVqCi65fqb4k+GsfwZ1uy1dlWBg3WMpfvsnWo4B3aDbm0SUJc4ixV
+4Z1r2zECAwEAAaNTMFEwHQYDVR0OBBYEFMzPJbDc8A8bbyznB/Gg9VDnUu/dMB8G
+A1UdIwQYMBaAFMzPJbDc8A8bbyznB/Gg9VDnUu/dMA8GA1UdEwEB/wQFMAMBAf8w
+DQYJKoZIhvcNAQELBQADggIBAKKCbGlSTCd66lZTfQKlxGk7EC+j7O9fupaNwXCm
+wfdtnEArOumHEdBQdbCfnnfNWO01lUXheI6iN8zOX66y7zoHwqJF4gvdQL8xPC0S
+PvQ3kZWuQqjiH3N0jB1NMKCWloo7SyUgSSbLAmyFfTlIBYv6NuysBPZ4LDLIqbUx
+xXdkW2sR7UXPTar+UBKtNI7FzM9fBIbHuk/JjB9XOJbjBuFED9tF0OofL8wVkCzG
+bhGw1zZ8wf0rFmWqNmxkFzYXXsZQzmQd1UCwnZ2/IsRoxLO5GJp4CuEnO2G6ayU2
+BPU+3Vl2BEcvQFpApwuSbYIa/B9LrXhcEkMwez4pbIQR3X1fWZ6CDyDsQdNse+sF
+C9w/iTlclPMB9W5J391GJZWXbtp2+gWFsDhjERuvluixJtL+h4Z4ADbERXZoFs5l
+AHD5W3zIgPm6PpJ9hBH28LwwyV939ucUJlhpUXAuHfINe8OzqAR2NcVIggBq53Z8
+4YxFEtA+PvKxYd1rLbozo7078rBiYiGPxYX8wvvkkbAlSgzwKmJaovV0YtvyrpRL
+S7BjzW80Scq1qHxEsGRJ5yaavx+JlefMw3gU8VjI2ilnYNlMNOZh7dRm4eCRcUwc
+3rsTIOoEXDvtrQHsq8xRVi/RwRhBNjrhg5+dKIMxBpHFa8uFyzIyhVOnY2tgRaHX
+UHgl
+-----END CERTIFICATE-----
--
GitLab