MirrorMirror
/
Signal-Server
mirror of https://github.com/signalapp/Signal-Server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use complete certificate chains from the TLS keystore

This commit is contained in:
Jon Chambers 2024-05-22 12:13:58 -04:00 committed by Jon Chambers
parent 08faa0c009
commit 907ff89011
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java
View File

@ -36,6 +36,7 @@ import java.security.cert.X509Certificate;
import java.time.Clock; import java.time.Clock;
import java.time.Duration; import java.time.Duration;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections; import java.util.Collections;
import java.util.EnumSet; import java.util.EnumSet;
import java.util.List; import java.util.List;
@ -837,7 +838,7 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
} }
}; };
@Nullable final X509Certificate noiseWebSocketTlsCertificate; @Nullable final X509Certificate[] noiseWebSocketTlsCertificateChain;
@Nullable final PrivateKey noiseWebSocketTlsPrivateKey; @Nullable final PrivateKey noiseWebSocketTlsPrivateKey;
if (config.getNoiseWebSocketTunnelConfiguration().tlsKeyStoreFile() != null && if (config.getNoiseWebSocketTunnelConfiguration().tlsKeyStoreFile() != null &&
@ -851,11 +852,13 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
final KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(config.getNoiseWebSocketTunnelConfiguration().tlsKeyStoreEntryAlias(), final KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(config.getNoiseWebSocketTunnelConfiguration().tlsKeyStoreEntryAlias(),
new KeyStore.PasswordProtection(config.getNoiseWebSocketTunnelConfiguration().tlsKeyStorePassword().value().toCharArray())); new KeyStore.PasswordProtection(config.getNoiseWebSocketTunnelConfiguration().tlsKeyStorePassword().value().toCharArray()));
noiseWebSocketTlsCertificate = (X509Certificate) privateKeyEntry.getCertificate(); noiseWebSocketTlsCertificateChain =
Arrays.copyOf(privateKeyEntry.getCertificateChain(), privateKeyEntry.getCertificateChain().length, X509Certificate[].class);
noiseWebSocketTlsPrivateKey = privateKeyEntry.getPrivateKey(); noiseWebSocketTlsPrivateKey = privateKeyEntry.getPrivateKey();
} }
} else { } else {
noiseWebSocketTlsCertificate = null; noiseWebSocketTlsCertificateChain = null;
noiseWebSocketTlsPrivateKey = null; noiseWebSocketTlsPrivateKey = null;
} }
@ -870,7 +873,7 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
final NoiseWebSocketTunnelServer noiseWebSocketTunnelServer = new NoiseWebSocketTunnelServer( final NoiseWebSocketTunnelServer noiseWebSocketTunnelServer = new NoiseWebSocketTunnelServer(
config.getNoiseWebSocketTunnelConfiguration().port(), config.getNoiseWebSocketTunnelConfiguration().port(),
new X509Certificate[] { noiseWebSocketTlsCertificate }, noiseWebSocketTlsCertificateChain,
noiseWebSocketTlsPrivateKey, noiseWebSocketTlsPrivateKey,
noiseWebSocketEventLoopGroup, noiseWebSocketEventLoopGroup,
noiseWebSocketDelegatedTaskExecutor, noiseWebSocketDelegatedTaskExecutor,