Signal/Signal-Server
1
0
Fork 0
mirror of https://github.com/signalapp/Signal-Server synced 2026-04-20 15:08:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Use complete certificate chains from the TLS keystore

Browse Source
This commit is contained in:
Jon Chambers
2024-05-22 12:13:58 -04:00
committed by Jon Chambers
parent 08faa0c009
commit 907ff89011
1 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java
View File

@@ -36,6 +36,7 @@ import java.security.cert.X509Certificate;
import java.time.Clock;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.EnumSet;
import java.util.List;
@@ -837,7 +838,7 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
}
};
@Nullable final X509Certificate noiseWebSocketTlsCertificate;
@Nullable final X509Certificate[] noiseWebSocketTlsCertificateChain;
@Nullable final PrivateKey noiseWebSocketTlsPrivateKey;
if (config.getNoiseWebSocketTunnelConfiguration().tlsKeyStoreFile() != null &&
@@ -851,11 +852,13 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
final KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(config.getNoiseWebSocketTunnelConfiguration().tlsKeyStoreEntryAlias(),
new KeyStore.PasswordProtection(config.getNoiseWebSocketTunnelConfiguration().tlsKeyStorePassword().value().toCharArray()));
noiseWebSocketTlsCertificate = (X509Certificate) privateKeyEntry.getCertificate();
noiseWebSocketTlsCertificateChain =
Arrays.copyOf(privateKeyEntry.getCertificateChain(), privateKeyEntry.getCertificateChain().length, X509Certificate[].class);
noiseWebSocketTlsPrivateKey = privateKeyEntry.getPrivateKey();
}
} else {
noiseWebSocketTlsCertificate = null;
noiseWebSocketTlsCertificateChain = null;
noiseWebSocketTlsPrivateKey = null;
}
@@ -870,7 +873,7 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
final NoiseWebSocketTunnelServer noiseWebSocketTunnelServer = new NoiseWebSocketTunnelServer(
config.getNoiseWebSocketTunnelConfiguration().port(),
new X509Certificate[] { noiseWebSocketTlsCertificate },
noiseWebSocketTlsCertificateChain,
noiseWebSocketTlsPrivateKey,
noiseWebSocketEventLoopGroup,
noiseWebSocketDelegatedTaskExecutor,