diff --git a/jams-server/src/main/java/net/jami/jams/server/update/UpdateCheckTask.java b/jams-server/src/main/java/net/jami/jams/server/update/UpdateCheckTask.java index a89bc34bdbedb250a6eca514ce0575fb8bd39f38..153fa0b9a6a692f088ec71315f83b07e2e1efde8 100644 --- a/jams-server/src/main/java/net/jami/jams/server/update/UpdateCheckTask.java +++ b/jams-server/src/main/java/net/jami/jams/server/update/UpdateCheckTask.java @@ -26,7 +26,6 @@ import lombok.extern.slf4j.Slf4j; import net.jami.jams.common.serialization.adapters.GsonFactory; import net.jami.jams.common.updater.FileDescription; import net.jami.jams.common.utils.VersioningUtils; -import net.jami.jams.common.utils.X509Utils; import org.apache.http.HttpResponse; import org.apache.http.client.HttpClient; @@ -38,7 +37,6 @@ import java.io.InputStream; import java.io.InputStreamReader; import java.io.Reader; import java.security.KeyStore; -import java.security.cert.X509Certificate; import java.util.HashMap; import java.util.TimerTask; @@ -59,20 +57,8 @@ public class UpdateCheckTask extends TimerTask { protected UpdateCheckTask() { try { - InputStream is = - UpdateCheckTask.class.getClassLoader().getResourceAsStream("oem/ca.crt"); - X509Certificate certificate = - X509Utils.getCertificateFromPEMString(new String(is.readAllBytes())); - trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); - trustStore.load(null, null); - trustStore.setCertificateEntry("ca", certificate); - - is = UpdateCheckTask.class.getClassLoader().getResourceAsStream("oem/update.crt"); - certificate = X509Utils.getCertificateFromPEMString(new String(is.readAllBytes())); - trustStore.setCertificateEntry("update", certificate); - - // Inject the SSL Connection here for a first time. - sslContext = SSLContexts.custom().loadTrustMaterial(trustStore, null).build(); + // Load the trust store + sslContext = SSLContexts.createSystemDefault(); // read config json InputStream input = diff --git a/jams-server/src/main/java/net/jami/jams/server/update/UpdateDownloader.java b/jams-server/src/main/java/net/jami/jams/server/update/UpdateDownloader.java index d96eba7a3cae576668c87294f4feab0c4106d3c7..d88944ad838c405e9772aa7a08ac9769fbc9be33 100644 --- a/jams-server/src/main/java/net/jami/jams/server/update/UpdateDownloader.java +++ b/jams-server/src/main/java/net/jami/jams/server/update/UpdateDownloader.java @@ -49,7 +49,6 @@ public class UpdateDownloader { private SSLContext sslContext; private static final String KEYSTORE_TYPE = "JKS"; - private KeyStore trustStore; private static volatile String UPDATE_SERVER_URL; private final HashMap<String, FileDescription> remoteChecksums = new HashMap<>(); @@ -58,22 +57,6 @@ public class UpdateDownloader { public UpdateDownloader() { - try { - InputStream is = - UpdateCheckTask.class.getClassLoader().getResourceAsStream("oem/ca.crt"); - X509Certificate certificate = - X509Utils.getCertificateFromPEMString(new String(is.readAllBytes())); - trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); - trustStore.load(null, null); - trustStore.setCertificateEntry("ca", certificate); - - is = UpdateDownloader.class.getClassLoader().getResourceAsStream("oem/update.crt"); - certificate = X509Utils.getCertificateFromPEMString(new String(is.readAllBytes())); - trustStore.setCertificateEntry("update", certificate); - } catch (Exception e) { - log.info("An unexpected error occurred while loading SFL CA: {}", e.getMessage()); - } - InputStream input = this.getClass().getClassLoader().getResourceAsStream("oem/config.json"); if (input == null) { @@ -102,11 +85,8 @@ public class UpdateDownloader { JAMSUpdater.privateKey, "".toCharArray(), new Certificate[] {JAMSUpdater.certificate}); - sslContext = - SSLContexts.custom() - .loadKeyMaterial(ks, "".toCharArray()) - .loadTrustMaterial(trustStore, null) - .build(); + sslContext = SSLContexts.createSystemDefault(); + } catch (Exception e) { log.warn("An error occurred while downloading the update: " + e); } diff --git a/jams-server/src/main/resources/oem/ca.crt b/jams-server/src/main/resources/oem/ca.crt deleted file mode 100644 index 4cb1f283a0ddb0489aa35a151b62e0a53cdddd28..0000000000000000000000000000000000000000 --- a/jams-server/src/main/resources/oem/ca.crt +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDZTCCAk2gAwIBAgIUS02g4gL3VQx8eXWEMXZmq1dFm4wwDQYJKoZIhvcNAQEL -BQAwQjEYMBYGA1UEAwwPSkFNUyBVcGRhdGVzIENBMRkwFwYDVQQKDBBTYXZvaXJG -YWlyZUxpbnV4MQswCQYDVQQGEwJDQTAeFw0yMDEyMDMxNDA5NThaFw0zMDEyMDEx -NDA5NThaMEIxGDAWBgNVBAMMD0pBTVMgVXBkYXRlcyBDQTEZMBcGA1UECgwQU2F2 -b2lyRmFpcmVMaW51eDELMAkGA1UEBhMCQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB -DwAwggEKAoIBAQCn00GMb4HVpJvedsHXHq94oiaCRpMv8M6pR9Y8CsG15IltIdAr -/8lawIfeQLlG/tTSX3ClxYvEJ2n1CQuN05yOw9SRceZNO5raba0PE195RLLL2jRl -SGOcvgM9e1H19PcS5K8BQRdgrY/QxY3166BxJxk5Zw5H+bO4cB6ILE87ZGNPyyh5 -GIiKuv2oUKjEj8JDKXI09iDzNbqEZVPAgRHyo0cGS2ByCRn+3F43UlyPQSncCaBm -5H4DEqPkZyOEjKmZUM6+qfMzddeiBmSpEfYPNkkSXLltJDJkBNhwzc7A4/GhJDzr -XYdB9NthWbkEWdREU3YKsz0TGrZLB7FlkpirAgMBAAGjUzBRMB0GA1UdDgQWBBQj -5X9MIZHyNmvGi+hUCFvk1s+CoTAfBgNVHSMEGDAWgBQj5X9MIZHyNmvGi+hUCFvk -1s+CoTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB+jnpJzAkF -+xznUp9Sp3jwJ33oCAzZ3tYWfpdU1PoRNJGPK9RBeZe/94N+9f1OGtB2LgIHdHZs -6hupaGj8spnbt/wuf3w/u1EbTd1ZjUZDZ2fdRcsUAjAXbOyKFNU6Ynb+AyWUg7AF -Xnb5P5xkfHR+MK6KchmsHy1AXZaJ+KkydT+umkWyMGL+njecM3yIeUfNCe94DFjL -mVridYaqgiFEZNy1JOfl0JSdbPajWKcnjDKsJ5mbpNZSThiQla1kC/Qh2hSHyX+A -57w0qGJxRyHbOwN/thnfoTgtw3O0BH7JiwXbx3xI6cmTVXeY+kT8rPuwfGJI7BW6 -HSlflSvyFdPQ ------END CERTIFICATE----- diff --git a/jams-server/src/main/resources/oem/update.crt b/jams-server/src/main/resources/oem/update.crt deleted file mode 100644 index 19f0ac6c3fd2eaea6bcfb94b97f114a6e4ffd093..0000000000000000000000000000000000000000 --- a/jams-server/src/main/resources/oem/update.crt +++ /dev/null @@ -1,39 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIG4zCCBcugAwIBAgIJALwXQ5qoglNFMA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD -VQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEa -MBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xLTArBgNVBAsTJGh0dHA6Ly9jZXJ0 -cy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzEzMDEGA1UEAxMqR28gRGFkZHkgU2Vj -dXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTIxMTAwMTAxMzEyOVoX -DTIyMTEwMjAxMzEyOVowaTELMAkGA1UEBhMCQ0ExEDAOBgNVBAgMB1F1w6liZWMx -EjAQBgNVBAcMCU1vbnRyw6lhbDEfMB0GA1UECgwWTGUgUHJvamV0IELDqWx1Z2Eg -SW5jLjETMBEGA1UEAwwKKi5qYW1pLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAJV9RplmP2ASbEe+BubJMgkBZMPi4yseohtVIaR+pp0UhF/pGv9f -238r1WGvpKuAi0lvMcFgcOKKBiC+aSCtoL18h64dun8pcB8eon/8tQ/v56iXOJY9 -hz+/zidYfVfO2Tobn9RseoOFp0qMIS29EyHjtIhPkQP5XSpN3u90NAp3pKn+FWjc -yv6h47u+jxnp6ciUtvCM2GG181C5V7LUZpVP1lHcIGvrxtFRPCyV3m8fW7IoDIOn -w/RdA8nbWQf+B2QPrRUMvUyyuHF9uS/VKuAO7OftjcJKYoJcqSS75fMHIz0oDJn4 -sBINIpxYuY8IGYWUrkluephNYqopDgOBq80CAwEAAaOCA0AwggM8MAwGA1UdEwEB -/wQCMAAwKQYDVR0lBCIwIAYIKwYBBQUHAwEGCCsGAQUFBwMCBgpghkgBhvhNAQID -MA4GA1UdDwEB/wQEAwIFoDA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLmdv -ZGFkZHkuY29tL2dkaWcyczItMjQuY3JsMF0GA1UdIARWMFQwSAYLYIZIAYb9bQEH -FwIwOTA3BggrBgEFBQcCARYraHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNv -bS9yZXBvc2l0b3J5LzAIBgZngQwBAgIwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUF -BzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wQAYIKwYBBQUHMAKGNGh0dHA6 -Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS9nZGlnMi5jcnQw -HwYDVR0jBBgwFoAUQMK9J47MNIMwojPX+2yz8LQsgM4wHwYDVR0RBBgwFoIKKi5q -YW1pLm5ldIIIamFtaS5uZXQwHQYDVR0OBBYEFOT0qymBriizPYdQoexF+DTaKqmT -MIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdgApeb7wnjk5IfBWc59jpXflvld9 -nGAK+PlNXSZcJV3HhAAAAXw5emW5AAAEAwBHMEUCIH5akdxOyae89AIfqqu8AMWT -kjBAKmAakLaYetKP6yFBAiEA/1fdq4YFhToEHOn0KMh2pt3qSV183Yw5hZMvgeN3 -C5oAdgDfpV6raIJPH2yt7rhfTj5a6s2iEqRqXo47EsAgRFwqcwAAAXw5emfnAAAE -AwBHMEUCIQCXnNAYdB5EpAw+W0bSX8Tfd9DVGDp46kbFyE1vkyvidQIgfm4VA+6B -03FBrjRnl/eyJiWWjX9416w0/F0EBJYFWaEAdwBByMqx3yJGShDGoToJQodeTjGL -GwPr60vHaPCQYpYG9gAAAXw5emh4AAAEAwBIMEYCIQDGCQpqn6tLyTksrwRmrSCY -YymPBCj7sEVP21AbQledNQIhAN0AmcRpCDwkoIzAo1kRc1qQIocxQFz2gsN/D+Wa -fIayMA0GCSqGSIb3DQEBCwUAA4IBAQBhkEQEqFZ9EhC01bTNW0NUBvKh3pynSYUU -uO0plVJpb6uHQXZg57GwbB30t+cZTrARCnaTCotVx82/Nhd/78PoXJaFYJbxK6R6 -4gMW9nR8B3VfjomkQkPzURe9Y5T4iWpaZsydDHM76K01Fwyy90vpS6ZssuiOIgBX -6Sm+QcnAAoR7nsL2VmBdfptLE6saqDz94uAk17DwfiMJSKODeOsjdXcYArrtcKwi -UNUhymbp/IjeFMhS0hSNd2edC6Skc1eURslSHJfryM/p/Qo42m+saoTVlRH8gl4N -p/sjdZcCnhdOE4qCg/30le4T5OFeDM1x/Q1zHeMhfdCROo+dd5ST ------END CERTIFICATE----- \ No newline at end of file