From 96511f30a0d4c1c132477439bbb4d540a5bb7161 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9o=20Banno-Cloutier?=
 <leo.banno-cloutier@savoirfairelinux.com>
Date: Fri, 11 Aug 2023 18:26:40 -0400
Subject: [PATCH] ca: warn if caLifetime < userLifetime < deviceLifetime

Change-Id: I7d4c73baf8a673018807030e32f7349b0aa62456
---
 .../src/main/java/net/jami/jams/ca/JamsCA.java  | 17 ++++++++++++++++-
 .../ServerParameters/ServerParameters.tsx       |  2 --
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/jams-ca/src/main/java/net/jami/jams/ca/JamsCA.java b/jams-ca/src/main/java/net/jami/jams/ca/JamsCA.java
index 24ff27dd..73b8bf57 100644
--- a/jams-ca/src/main/java/net/jami/jams/ca/JamsCA.java
+++ b/jams-ca/src/main/java/net/jami/jams/ca/JamsCA.java
@@ -78,12 +78,27 @@ public class JamsCA implements CertificateAuthority {
         CertificateAuthorityConfig config =
                 gson.fromJson(settings, CertificateAuthorityConfig.class);
         CA = ca;
-        OCSP = ca;
+        OCSP = ocsp;
         serverDomain = config.getServerDomain();
         signingAlgorithm = config.getSigningAlgorithm();
+
         crlLifetime = config.getCrlLifetime();
         userLifetime = config.getUserLifetime();
         deviceLifetime = config.getDeviceLifetime();
+
+        if (deviceLifetime > userLifetime) {
+            log.warn(
+                    "Device lifetime is greater than user lifetime, this is not recommended, please change this in the config file.");
+        }
+
+        X509Certificate cert = ca.getCertificate();
+        long caLifetime = cert.getNotAfter().getTime() - cert.getNotBefore().getTime();
+
+        if (userLifetime > caLifetime) {
+            log.warn(
+                    "User lifetime is greater than CA lifetime, this is not recommended, please change this in the config file.");
+        }
+
         if (ca != null && ocsp != null) {
             crlWorker = new CRLWorker(CA.getPrivateKey(), CA.getCertificate());
             try {
diff --git a/jams-react-client/src/components/ServerParameters/ServerParameters.tsx b/jams-react-client/src/components/ServerParameters/ServerParameters.tsx
index 1489ab7a..01cf480e 100644
--- a/jams-react-client/src/components/ServerParameters/ServerParameters.tsx
+++ b/jams-react-client/src/components/ServerParameters/ServerParameters.tsx
@@ -62,13 +62,11 @@ export default function ServerParameters(props) {
     { value: 7889238000, label: i18next.t("3_months", "3 months") },
     { value: 15778476000, label: i18next.t("6_months", "6 months") },
     { value: 31556952000, label: i18next.t("1_year", "1 year") },
-    { value: 157784760000, label: i18next.t("5_years", "5 years") },
   ];
 
   const userAccountLifetimeTypes = [
     { value: 31556952000, label: i18next.t("1_year", "1 year") },
     { value: 157784760000, label: i18next.t("5_years", "5 years") },
-    { value: 315569520000, label: i18next.t("10_years", "10 years") },
   ];
 
   const certificateRevocationTypesItems = tool.buildSelectMenuItems(
-- 
GitLab