From b6ebce766ce41f73489588d0005f9a58ea07f3c9 Mon Sep 17 00:00:00 2001
From: Andreas Abraham <andreas.abraham@egiz.gv.at>
Date: Mon, 25 Nov 2019 15:26:36 +0100
Subject: mac os allows that TLS certs are only valid for 2 years

---
 .../java/at/gv/egiz/bku/webstart/TLSServerCA.java     | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

(limited to 'BKUWebStart')

diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/TLSServerCA.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/TLSServerCA.java
index 4b817ae1..379b9711 100644
--- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/TLSServerCA.java
+++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/TLSServerCA.java
@@ -56,7 +56,8 @@ import org.slf4j.LoggerFactory;
 public class TLSServerCA {
   public static final int CA_VALIDITY_Y = 3;
   public static final String MOCCA_TLS_SERVER_ALIAS = "server";
-  public static final int SERVER_VALIDITY_Y = 3;
+  public static final int SERVER_VALIDITY_Y = 3;  
+  public static final int SERVER_VALIDITY_Y_MAC = 2;
   private final static Logger log = LoggerFactory.getLogger(TLSServerCA.class);
 
   private KeyPair caKeyPair;
@@ -139,14 +140,26 @@ public class TLSServerCA {
 
     GregorianCalendar date = new GregorianCalendar();
     date.add(Calendar.HOUR_OF_DAY, -1);
-    serverCert.setValidNotBefore(date.getTime());
-    date.add(Calendar.YEAR,SERVER_VALIDITY_Y);
+    serverCert.setValidNotBefore(date.getTime());
+    if (isMacOs()) {
+    	date.add(Calendar.YEAR,SERVER_VALIDITY_Y_MAC);
+    } else {
+    	date.add(Calendar.YEAR,SERVER_VALIDITY_Y);
+    }
     date.add(Calendar.HOUR_OF_DAY, -1);
     serverCert.setValidNotAfter(date.getTime());
     serverCert.sign(AlgorithmID.sha256WithRSAEncryption, caKeyPair.getPrivate());
 
     log.debug("successfully generated MOCCA TLS Server certificate " + serverCert.getSubjectDN());
     caKeyPair = null;
+  }
+  
+  private boolean isMacOs() {
+		String os = System.getProperty("os.name").toLowerCase();
+		if (os.contains("mac")) {
+			return true;
+		}
+		return false;   
   }
 
   public KeyStore generateKeyStore(char[] password) throws GeneralSecurityException, IOException, CodingException {
-- 
cgit v1.2.3