From b07a2f5a31c1d533e4972d04622066371ab5ae41 Mon Sep 17 00:00:00 2001
From: Felix Sidokhine <felix.sidokhine@savoirfairelinux.com>
Date: Fri, 19 Jun 2020 01:26:05 +0300
Subject: [PATCH] changed setCertificate to setCertificateChain in tomcat
Change-Id: Ief0fec6b2cb2110578320ffac173b90c3760f87e
---
jams-ca/crl.pem | Bin 643 -> 0 bytes
.../jams/ca/workers/csr/CertificateWorker.java | 2 ++
.../ca/workers/csr/builders/DeviceBuilder.java | 4 +++-
.../jams/ca/workers/csr/builders/UserBuilder.java | 4 +++-
.../jams/server/core/TomcatConnectorFactory.java | 4 ++--
5 files changed, 10 insertions(+), 4 deletions(-)
delete mode 100644 jams-ca/crl.pem
diff --git a/jams-ca/crl.pem b/jams-ca/crl.pem
deleted file mode 100644
index 11df6239fd914fbb807755737216c113adb6c5bd..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 643
zcmXqLVyZXDWMX7A;AP{~YV&CO&dbQi%gSINZzy2E$HpAW!py@Sl3HA%;OuC~ZNLc<
zVH0L@3lirwGB7YRv@kR_F*P=iGEg;8W@2HjG@67i!DGP1#vCdu%EHXW$cbhPa}yII
zgLTv!p1CKlSHy;YKP|rF=r*Nh*4F*m`CgAWL;d;wm@}P8k$JZ!Wct$=p|<V$d$*O{
z*rM0KxF>zhqpenFZLYrle~WKhv3P)!pPfM9y#E>x{{($c(RP$(TfaW6Uo~}(Sm)mD
z)t#2Fv@bE8yHoBPrf~6Yj~mZcwV(;*IhHH0Nf%f!-DPW8dZNY0GS_J8`i1S=?re%@
zeYfFz*_D^vpH|&`b5zb(|KAFk?_EdiHd&~7XGBHi2MZbV?3~y%_tU@Es=tmYPx*F0
zS@~1?D?!ee=Z*$0*iftFXV|c+O^eTQ!v8zHucHlJj<xQYpT0%Axuis1a^wDx8u3@$
zj^Z~?L==awSJ{3&^We<)?=7qnUg)j(<Mldlk<Lbk8@1lWNsp`Jvrp{XQT|f5{_*$o
zmmRA&9#WsOXYR_<3&o#uKYeu!apuyCp8sH8t*mM8Rq3AWjvLb3b|t<%BmJD|;tZA?
zi6&z)h6^0Gx_9rCx7YEVyDL1Et@-}dC8wip%Wgdq&OUqT;RaXJCLO1zPLqPKum=6M
zKA5QaId0qjyHC2Fs3(_en-wr+PM-2mB*w~CZ#C-|pEZ~59yz5oN2j0MImL0l+n%75
zn^nC(J_t1!ryrY{m(p$`<lFGC@$JHJFWpHEnKPH3`Y!**$NfrLCyQ)Ap!v=ohuz{U
Y<AlpHijI7=JSnOWFIi?P@<i1I0PY$TBLDyZ
diff --git a/jams-ca/src/main/java/net/jami/jams/ca/workers/csr/CertificateWorker.java b/jams-ca/src/main/java/net/jami/jams/ca/workers/csr/CertificateWorker.java
index d6e2b6de..20211087 100644
--- a/jams-ca/src/main/java/net/jami/jams/ca/workers/csr/CertificateWorker.java
+++ b/jams-ca/src/main/java/net/jami/jams/ca/workers/csr/CertificateWorker.java
@@ -33,6 +33,8 @@ import net.jami.jams.common.objects.user.User;
@Slf4j
public class CertificateWorker {
+ public static final long SHIFT = 43200000L;
+
//The CSR here is null because we generate a certificate and keypair.
public static SystemAccount getSignedCertificate(SystemAccount systemAccount) {
switch (systemAccount.getSystemAccountType()){
diff --git a/jams-ca/src/main/java/net/jami/jams/ca/workers/csr/builders/DeviceBuilder.java b/jams-ca/src/main/java/net/jami/jams/ca/workers/csr/builders/DeviceBuilder.java
index 40a1b992..c1544356 100644
--- a/jams-ca/src/main/java/net/jami/jams/ca/workers/csr/builders/DeviceBuilder.java
+++ b/jams-ca/src/main/java/net/jami/jams/ca/workers/csr/builders/DeviceBuilder.java
@@ -36,6 +36,8 @@ import java.math.BigInteger;
import java.security.SecureRandom;
import java.util.Date;
+import static net.jami.jams.ca.workers.csr.CertificateWorker.SHIFT;
+
@Slf4j
public class DeviceBuilder {
@@ -47,7 +49,7 @@ public class DeviceBuilder {
X509v3CertificateBuilder builder = new X509v3CertificateBuilder(
new JcaX509CertificateHolder(user.getCertificate()).getSubject(),
new BigInteger(256, new SecureRandom()),
- new Date(System.currentTimeMillis()),
+ new Date(System.currentTimeMillis() - SHIFT),
new Date(System.currentTimeMillis() + JamsCA.deviceLifetime),
device.getCertificationRequest().getSubject(),
device.getCertificationRequest().getSubjectPublicKeyInfo()
diff --git a/jams-ca/src/main/java/net/jami/jams/ca/workers/csr/builders/UserBuilder.java b/jams-ca/src/main/java/net/jami/jams/ca/workers/csr/builders/UserBuilder.java
index eb43f856..6570601b 100644
--- a/jams-ca/src/main/java/net/jami/jams/ca/workers/csr/builders/UserBuilder.java
+++ b/jams-ca/src/main/java/net/jami/jams/ca/workers/csr/builders/UserBuilder.java
@@ -38,6 +38,8 @@ import java.security.KeyPairGenerator;
import java.security.SecureRandom;
import java.util.Date;
+import static net.jami.jams.ca.workers.csr.CertificateWorker.SHIFT;
+
@Slf4j
public class UserBuilder {
@@ -49,7 +51,7 @@ public class UserBuilder {
X509v3CertificateBuilder builder = new X509v3CertificateBuilder(
new JcaX509CertificateHolder(JamsCA.CA.getCertificate()).getSubject(),
new BigInteger(256, new SecureRandom()),
- new Date(System.currentTimeMillis()),
+ new Date(System.currentTimeMillis() - SHIFT),
new Date(System.currentTimeMillis() + JamsCA.userLifetime),
new X500Name(user.getX509Fields().getDN()),
SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded())
diff --git a/jams-server/src/main/java/net/jami/jams/server/core/TomcatConnectorFactory.java b/jams-server/src/main/java/net/jami/jams/server/core/TomcatConnectorFactory.java
index ae33580a..6ac48c34 100644
--- a/jams-server/src/main/java/net/jami/jams/server/core/TomcatConnectorFactory.java
+++ b/jams-server/src/main/java/net/jami/jams/server/core/TomcatConnectorFactory.java
@@ -46,10 +46,10 @@ public class TomcatConnectorFactory {
Connector connector = new Connector();
SSLHostConfig sslConfig = new SSLHostConfig();
SSLHostConfigCertificate sslHostConfigCertificate = new SSLHostConfigCertificate(sslConfig, SSLHostConfigCertificate.Type.RSA);
- sslHostConfigCertificate.setCertificateFile(System.getProperty("user.dir") + File.separator + certificateFile);
+ sslHostConfigCertificate.setCertificateChainFile(System.getProperty("user.dir") + File.separator + certificateFile);
sslHostConfigCertificate.setCertificateKeyFile(System.getProperty("user.dir") + File.separator + keyFile);
sslConfig.addCertificate(sslHostConfigCertificate);
- sslConfig.setProtocols("TLSv1.2");
+ sslConfig.setProtocols("TLSv1,TLSv1.2,TLSv1.3");
connector.addSslHostConfig(sslConfig);
connector.setPort(port);
connector.setSecure(true);
--
GitLab