Tigase Forge
Dashboards
Projects
Pull Requests
Issues
Builds
Packages
Code Search
tigase-utils
Code
Pull Requests
Issues
List
Boards
Iterations
Builds
Statistics
Child Projects
OneDev 10.9.4
Documentation Support & Bug Report RESTful API Incompatibilities License Agreement Check Update
Projects tigase _server tigase-utils Issues #25
Create CertificateGenerator based on keytool (#25)
Closed
wojciech.kapcia@tigase.net opened 3 years ago

Currently sun.security.* API is being closed off (understandable). There is no reasonable alternative API to generate self-signed certificate within newer versions of JDK. One option would be to use BouncyCastle but this is yet another external library and we are trying to minimise dependency on those (memory usage).

One alternative solution would be to use keytool command line tool to obtain the certificate - no additional dependencies and compatibility with newer versions of JDK.
wojciech.kapcia@tigase.net commented 3 years ago

This can be done in 8.3 as we will bump JDK requirement to JDK17 in that version
wojciech.kapcia@tigase.net commented 3 years ago

Implemented self-signed certificated generation using keytool executable utilising Process API, which will be used only under JDK17 and newer (current version for tigase-utils is still set for JDK11 so it's still executable with older Java versions, for example when using it as library in clients).

There is a JDK bug that mentions this API change and they even have API prototype but it's still not available... possible in newer Java version it could be used.
wojciech.kapcia@tigase.net commented 2 years ago

In docker:

2022-03-24 11:56:21:953] [SEVERE  ] [              in_0-c2s ] SSLContextContainer.getSSLContext(): Can not initialize SSLContext for domain: atlantiscity, protocol: TLS
java.io.IOException: Cannot run program "keytool": error=0, Failed to exec spawn helper: pid: 601, exit value: 1
at java.base/java.lang.ProcessBuilder.start(Unknown Source)
at java.base/java.lang.ProcessBuilder.start(Unknown Source)
at tigase.cert.KeytoolCertificateGenerator.generateSelfSignedCertificateEntry(KeytoolCertificateGenerator.java:100)
at tigase.cert.CertificateUtil.createSelfSignedCertificate(CertificateUtil.java:142)
at tigase.io.CertificateContainer.createCertificateKmf(CertificateContainer.java:532)
at tigase.io.CertificateContainer.createCertificate(CertificateContainer.java:144)
at tigase.io.SSLContextContainerAbstract.createCertificate(SSLContextContainerAbstract.java:112)
at tigase.io.SSLContextContainerAbstract.createContextHolder(SSLContextContainerAbstract.java:144)
at tigase.io.SSLContextContainer.getSSLContext(SSLContextContainer.java:285)
at tigase.io.SSLContextContainer.getSSLContext(SSLContextContainer.java:268)
at tigase.io.SSLContextContainer.createIoInterface(SSLContextContainer.java:209)
at tigase.net.IOService.startTLS(IOService.java:428)
at tigase.server.xmppclient.ClientConnectionManager.processCommand(ClientConnectionManager.java:768)
at tigase.server.xmppclient.ClientConnectionManager.processPacket(ClientConnectionManager.java:129)
at tigase.server.AbstractMessageReceiver$QueueListener.run(AbstractMessageReceiver.java:1398)
Caused by: java.io.IOException: error=0, Failed to exec spawn helper: pid: 601, exit value: 1
at java.base/java.lang.ProcessImpl.forkAndExec(Native Method)
at java.base/java.lang.ProcessImpl.<init>(Unknown Source)
at java.base/java.lang.ProcessImpl.start(Unknown Source)
... 15 more
wojciech.kapcia@tigase.net commented 2 years ago

Looks like the issue with emulating x86 on arm platform, which is very slow (so most likely execution of keytool process just timeouts/fails). Works fine with native image.
issue 1 of 1
Type
Task
Priority
Normal
Assignee
wojciech.kapcia@tigase.net
Version
tigase-server-8.3.0
Related
Issue Votes (0)
Login to vote
Watchers (0)
Reference
tigase/_server/tigase-utils#25
Please wait...
Page is in error, reload to recover