Skip to content
Snippets Groups Projects
Commit 96511f30 authored by Léo Banno-Cloutier's avatar Léo Banno-Cloutier
Browse files

ca: warn if caLifetime < userLifetime < deviceLifetime 

Change-Id: I7d4c73baf8a673018807030e32f7349b0aa62456
parent daae2398
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
jams-ca/src/main/java/net/jami/jams/ca/JamsCA.java
+ 16
1
View file @ 96511f30
...@@ -78,12 +78,27 @@ public class JamsCA implements CertificateAuthority { ...@@ -78,12 +78,27 @@ public class JamsCA implements CertificateAuthority {
CertificateAuthorityConfig config = CertificateAuthorityConfig config =
gson.fromJson(settings, CertificateAuthorityConfig.class); gson.fromJson(settings, CertificateAuthorityConfig.class);
CA = ca; CA = ca;
OCSP = ca; OCSP = ocsp;
serverDomain = config.getServerDomain(); serverDomain = config.getServerDomain();
signingAlgorithm = config.getSigningAlgorithm(); signingAlgorithm = config.getSigningAlgorithm();
crlLifetime = config.getCrlLifetime(); crlLifetime = config.getCrlLifetime();
userLifetime = config.getUserLifetime(); userLifetime = config.getUserLifetime();
deviceLifetime = config.getDeviceLifetime(); deviceLifetime = config.getDeviceLifetime();
if (deviceLifetime > userLifetime) {
log.warn(
"Device lifetime is greater than user lifetime, this is not recommended, please change this in the config file.");
}
X509Certificate cert = ca.getCertificate();
long caLifetime = cert.getNotAfter().getTime() - cert.getNotBefore().getTime();
if (userLifetime > caLifetime) {
log.warn(
"User lifetime is greater than CA lifetime, this is not recommended, please change this in the config file.");
}
if (ca != null && ocsp != null) { if (ca != null && ocsp != null) {
crlWorker = new CRLWorker(CA.getPrivateKey(), CA.getCertificate()); crlWorker = new CRLWorker(CA.getPrivateKey(), CA.getCertificate());
try { try {
......
jams-react-client/src/components/ServerParameters/ServerParameters.tsx
+ 0
2
View file @ 96511f30
...@@ -62,13 +62,11 @@ export default function ServerParameters(props) { ...@@ -62,13 +62,11 @@ export default function ServerParameters(props) {
{ value: 7889238000, label: i18next.t("3_months", "3 months") }, { value: 7889238000, label: i18next.t("3_months", "3 months") },
{ value: 15778476000, label: i18next.t("6_months", "6 months") }, { value: 15778476000, label: i18next.t("6_months", "6 months") },
{ value: 31556952000, label: i18next.t("1_year", "1 year") }, { value: 31556952000, label: i18next.t("1_year", "1 year") },
{ value: 157784760000, label: i18next.t("5_years", "5 years") },
]; ];
const userAccountLifetimeTypes = [ const userAccountLifetimeTypes = [
{ value: 31556952000, label: i18next.t("1_year", "1 year") }, { value: 31556952000, label: i18next.t("1_year", "1 year") },
{ value: 157784760000, label: i18next.t("5_years", "5 years") }, { value: 157784760000, label: i18next.t("5_years", "5 years") },
{ value: 315569520000, label: i18next.t("10_years", "10 years") },
]; ];
const certificateRevocationTypesItems = tool.buildSelectMenuItems( const certificateRevocationTypesItems = tool.buildSelectMenuItems(
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment