From b6ebce766ce41f73489588d0005f9a58ea07f3c9 Mon Sep 17 00:00:00 2001 From: Andreas Abraham Date: Mon, 25 Nov 2019 15:26:36 +0100 Subject: mac os allows that TLS certs are only valid for 2 years --- .../java/at/gv/egiz/bku/webstart/TLSServerCA.java | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) (limited to 'BKUWebStart') diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/TLSServerCA.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/TLSServerCA.java index 4b817ae1..379b9711 100644 --- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/TLSServerCA.java +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/TLSServerCA.java @@ -56,7 +56,8 @@ import org.slf4j.LoggerFactory; public class TLSServerCA { public static final int CA_VALIDITY_Y = 3; public static final String MOCCA_TLS_SERVER_ALIAS = "server"; - public static final int SERVER_VALIDITY_Y = 3; + public static final int SERVER_VALIDITY_Y = 3; + public static final int SERVER_VALIDITY_Y_MAC = 2; private final static Logger log = LoggerFactory.getLogger(TLSServerCA.class); private KeyPair caKeyPair; @@ -139,14 +140,26 @@ public class TLSServerCA { GregorianCalendar date = new GregorianCalendar(); date.add(Calendar.HOUR_OF_DAY, -1); - serverCert.setValidNotBefore(date.getTime()); - date.add(Calendar.YEAR,SERVER_VALIDITY_Y); + serverCert.setValidNotBefore(date.getTime()); + if (isMacOs()) { + date.add(Calendar.YEAR,SERVER_VALIDITY_Y_MAC); + } else { + date.add(Calendar.YEAR,SERVER_VALIDITY_Y); + } date.add(Calendar.HOUR_OF_DAY, -1); serverCert.setValidNotAfter(date.getTime()); serverCert.sign(AlgorithmID.sha256WithRSAEncryption, caKeyPair.getPrivate()); log.debug("successfully generated MOCCA TLS Server certificate " + serverCert.getSubjectDN()); caKeyPair = null; + } + + private boolean isMacOs() { + String os = System.getProperty("os.name").toLowerCase(); + if (os.contains("mac")) { + return true; + } + return false; } public KeyStore generateKeyStore(char[] password) throws GeneralSecurityException, IOException, CodingException { -- cgit v1.2.3