SSL cert: use system default SSL context instead of custom truststore

Removed the manual KeyStore creation and switched to SSLContexts.createSystemDefault()
to rely on Java’s built-in truststore for validating SSL certificates.
It fixes the SSLHandshakeException.

Change-Id: I4cc8afda87825c2da95ddc8f2b74d3d93d0994e6

jams-server/src/main/java/net/jami/jams/server/update/UpdateCheckTask.java

@@ -26,7 +26,6 @@ import lombok.extern.slf4j.Slf4j;
 import net.jami.jams.common.serialization.adapters.GsonFactory;
 import net.jami.jams.common.updater.FileDescription;
 import net.jami.jams.common.utils.VersioningUtils;
-import net.jami.jams.common.utils.X509Utils;
 
 import org.apache.http.HttpResponse;
 import org.apache.http.client.HttpClient;
@@ -38,7 +37,6 @@ import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.io.Reader;
 import java.security.KeyStore;
-import java.security.cert.X509Certificate;
 import java.util.HashMap;
 import java.util.TimerTask;
 
@@ -59,20 +57,8 @@ public class UpdateCheckTask extends TimerTask {
 
     protected UpdateCheckTask() {
         try {
-            InputStream is =
-                    UpdateCheckTask.class.getClassLoader().getResourceAsStream("oem/ca.crt");
-            X509Certificate certificate =
-                    X509Utils.getCertificateFromPEMString(new String(is.readAllBytes()));
-            trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
-            trustStore.load(null, null);
-            trustStore.setCertificateEntry("ca", certificate);
-
-            is = UpdateCheckTask.class.getClassLoader().getResourceAsStream("oem/update.crt");
-            certificate = X509Utils.getCertificateFromPEMString(new String(is.readAllBytes()));
-            trustStore.setCertificateEntry("update", certificate);
-
-            // Inject the SSL Connection here for a first time.
-            sslContext = SSLContexts.custom().loadTrustMaterial(trustStore, null).build();
+            // Load the trust store
+            sslContext = SSLContexts.createSystemDefault();
 
             // read config json
             InputStream input =

jams-server/src/main/java/net/jami/jams/server/update/UpdateDownloader.java

@@ -49,7 +49,6 @@ public class UpdateDownloader {
 
     private SSLContext sslContext;
     private static final String KEYSTORE_TYPE = "JKS";
-    private KeyStore trustStore;
     private static volatile String UPDATE_SERVER_URL;
 
     private final HashMap<String, FileDescription> remoteChecksums = new HashMap<>();
@@ -58,22 +57,6 @@ public class UpdateDownloader {
 
     public UpdateDownloader() {
 
-        try {
-            InputStream is =
-                    UpdateCheckTask.class.getClassLoader().getResourceAsStream("oem/ca.crt");
-            X509Certificate certificate =
-                    X509Utils.getCertificateFromPEMString(new String(is.readAllBytes()));
-            trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
-            trustStore.load(null, null);
-            trustStore.setCertificateEntry("ca", certificate);
-
-            is = UpdateDownloader.class.getClassLoader().getResourceAsStream("oem/update.crt");
-            certificate = X509Utils.getCertificateFromPEMString(new String(is.readAllBytes()));
-            trustStore.setCertificateEntry("update", certificate);
-        } catch (Exception e) {
-            log.info("An unexpected error occurred while loading SFL CA: {}", e.getMessage());
-        }
-
         InputStream input = this.getClass().getClassLoader().getResourceAsStream("oem/config.json");
 
         if (input == null) {
@@ -102,11 +85,8 @@ public class UpdateDownloader {
                     JAMSUpdater.privateKey,
                     "".toCharArray(),
                     new Certificate[] {JAMSUpdater.certificate});
-            sslContext =
-                    SSLContexts.custom()
-                            .loadKeyMaterial(ks, "".toCharArray())
-                            .loadTrustMaterial(trustStore, null)
-                            .build();
+            sslContext = SSLContexts.createSystemDefault();
+
         } catch (Exception e) {
             log.warn("An error occurred while downloading the update: " + e);
         }

jams-server/src/main/resources/oem/ca.crt

------BEGIN CERTIFICATE-----
-MIIDZTCCAk2gAwIBAgIUS02g4gL3VQx8eXWEMXZmq1dFm4wwDQYJKoZIhvcNAQEL
-BQAwQjEYMBYGA1UEAwwPSkFNUyBVcGRhdGVzIENBMRkwFwYDVQQKDBBTYXZvaXJG
-YWlyZUxpbnV4MQswCQYDVQQGEwJDQTAeFw0yMDEyMDMxNDA5NThaFw0zMDEyMDEx
-NDA5NThaMEIxGDAWBgNVBAMMD0pBTVMgVXBkYXRlcyBDQTEZMBcGA1UECgwQU2F2
-b2lyRmFpcmVMaW51eDELMAkGA1UEBhMCQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-DwAwggEKAoIBAQCn00GMb4HVpJvedsHXHq94oiaCRpMv8M6pR9Y8CsG15IltIdAr
-/8lawIfeQLlG/tTSX3ClxYvEJ2n1CQuN05yOw9SRceZNO5raba0PE195RLLL2jRl
-SGOcvgM9e1H19PcS5K8BQRdgrY/QxY3166BxJxk5Zw5H+bO4cB6ILE87ZGNPyyh5
-GIiKuv2oUKjEj8JDKXI09iDzNbqEZVPAgRHyo0cGS2ByCRn+3F43UlyPQSncCaBm
-5H4DEqPkZyOEjKmZUM6+qfMzddeiBmSpEfYPNkkSXLltJDJkBNhwzc7A4/GhJDzr
-XYdB9NthWbkEWdREU3YKsz0TGrZLB7FlkpirAgMBAAGjUzBRMB0GA1UdDgQWBBQj
-5X9MIZHyNmvGi+hUCFvk1s+CoTAfBgNVHSMEGDAWgBQj5X9MIZHyNmvGi+hUCFvk
-1s+CoTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB+jnpJzAkF
-+xznUp9Sp3jwJ33oCAzZ3tYWfpdU1PoRNJGPK9RBeZe/94N+9f1OGtB2LgIHdHZs
-6hupaGj8spnbt/wuf3w/u1EbTd1ZjUZDZ2fdRcsUAjAXbOyKFNU6Ynb+AyWUg7AF
-Xnb5P5xkfHR+MK6KchmsHy1AXZaJ+KkydT+umkWyMGL+njecM3yIeUfNCe94DFjL
-mVridYaqgiFEZNy1JOfl0JSdbPajWKcnjDKsJ5mbpNZSThiQla1kC/Qh2hSHyX+A
-57w0qGJxRyHbOwN/thnfoTgtw3O0BH7JiwXbx3xI6cmTVXeY+kT8rPuwfGJI7BW6
-HSlflSvyFdPQ
------END CERTIFICATE-----

jams-server/src/main/resources/oem/update.crt

------BEGIN CERTIFICATE-----
-MIIG4zCCBcugAwIBAgIJALwXQ5qoglNFMA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
-VQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEa
-MBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xLTArBgNVBAsTJGh0dHA6Ly9jZXJ0
-cy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzEzMDEGA1UEAxMqR28gRGFkZHkgU2Vj
-dXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTIxMTAwMTAxMzEyOVoX
-DTIyMTEwMjAxMzEyOVowaTELMAkGA1UEBhMCQ0ExEDAOBgNVBAgMB1F1w6liZWMx
-EjAQBgNVBAcMCU1vbnRyw6lhbDEfMB0GA1UECgwWTGUgUHJvamV0IELDqWx1Z2Eg
-SW5jLjETMBEGA1UEAwwKKi5qYW1pLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBAJV9RplmP2ASbEe+BubJMgkBZMPi4yseohtVIaR+pp0UhF/pGv9f
-238r1WGvpKuAi0lvMcFgcOKKBiC+aSCtoL18h64dun8pcB8eon/8tQ/v56iXOJY9
-hz+/zidYfVfO2Tobn9RseoOFp0qMIS29EyHjtIhPkQP5XSpN3u90NAp3pKn+FWjc
-yv6h47u+jxnp6ciUtvCM2GG181C5V7LUZpVP1lHcIGvrxtFRPCyV3m8fW7IoDIOn
-w/RdA8nbWQf+B2QPrRUMvUyyuHF9uS/VKuAO7OftjcJKYoJcqSS75fMHIz0oDJn4
-sBINIpxYuY8IGYWUrkluephNYqopDgOBq80CAwEAAaOCA0AwggM8MAwGA1UdEwEB
-/wQCMAAwKQYDVR0lBCIwIAYIKwYBBQUHAwEGCCsGAQUFBwMCBgpghkgBhvhNAQID
-MA4GA1UdDwEB/wQEAwIFoDA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLmdv
-ZGFkZHkuY29tL2dkaWcyczItMjQuY3JsMF0GA1UdIARWMFQwSAYLYIZIAYb9bQEH
-FwIwOTA3BggrBgEFBQcCARYraHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNv
-bS9yZXBvc2l0b3J5LzAIBgZngQwBAgIwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUF
-BzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wQAYIKwYBBQUHMAKGNGh0dHA6
-Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS9nZGlnMi5jcnQw
-HwYDVR0jBBgwFoAUQMK9J47MNIMwojPX+2yz8LQsgM4wHwYDVR0RBBgwFoIKKi5q
-YW1pLm5ldIIIamFtaS5uZXQwHQYDVR0OBBYEFOT0qymBriizPYdQoexF+DTaKqmT
-MIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdgApeb7wnjk5IfBWc59jpXflvld9
-nGAK+PlNXSZcJV3HhAAAAXw5emW5AAAEAwBHMEUCIH5akdxOyae89AIfqqu8AMWT
-kjBAKmAakLaYetKP6yFBAiEA/1fdq4YFhToEHOn0KMh2pt3qSV183Yw5hZMvgeN3
-C5oAdgDfpV6raIJPH2yt7rhfTj5a6s2iEqRqXo47EsAgRFwqcwAAAXw5emfnAAAE
-AwBHMEUCIQCXnNAYdB5EpAw+W0bSX8Tfd9DVGDp46kbFyE1vkyvidQIgfm4VA+6B
-03FBrjRnl/eyJiWWjX9416w0/F0EBJYFWaEAdwBByMqx3yJGShDGoToJQodeTjGL
-GwPr60vHaPCQYpYG9gAAAXw5emh4AAAEAwBIMEYCIQDGCQpqn6tLyTksrwRmrSCY
-YymPBCj7sEVP21AbQledNQIhAN0AmcRpCDwkoIzAo1kRc1qQIocxQFz2gsN/D+Wa
-fIayMA0GCSqGSIb3DQEBCwUAA4IBAQBhkEQEqFZ9EhC01bTNW0NUBvKh3pynSYUU
-uO0plVJpb6uHQXZg57GwbB30t+cZTrARCnaTCotVx82/Nhd/78PoXJaFYJbxK6R6
-4gMW9nR8B3VfjomkQkPzURe9Y5T4iWpaZsydDHM76K01Fwyy90vpS6ZssuiOIgBX
-6Sm+QcnAAoR7nsL2VmBdfptLE6saqDz94uAk17DwfiMJSKODeOsjdXcYArrtcKwi
-UNUhymbp/IjeFMhS0hSNd2edC6Skc1eURslSHJfryM/p/Qo42m+saoTVlRH8gl4N
-p/sjdZcCnhdOE4qCg/30le4T5OFeDM1x/Q1zHeMhfdCROo+dd5ST
------END CERTIFICATE-----
\ No newline at end of file