Merge pull request #941 from /issues/932-backport-apns-certificate

Backport #920 to 1.6.x

pom.xml

@@ -8,7 +8,7 @@
 
     <groupId>io.getlime.security</groupId>
     <artifactId>powerauth-push-server-parent</artifactId>
-    <version>1.6.0</version>
+    <version>1.6.1</version>
     <packaging>pom</packaging>
 
     <parent>

powerauth-push-client/pom.xml

@@ -10,7 +10,7 @@
     <parent>
         <artifactId>powerauth-push-server-parent</artifactId>
         <groupId>io.getlime.security</groupId>
-        <version>1.6.0</version>
+        <version>1.6.1</version>
     </parent>
 
     <dependencies>

powerauth-push-model/pom.xml

@@ -11,7 +11,7 @@
     <parent>
         <artifactId>powerauth-push-server-parent</artifactId>
         <groupId>io.getlime.security</groupId>
-        <version>1.6.0</version>
+        <version>1.6.1</version>
     </parent>
 
     <dependencies>

powerauth-push-server/pom.xml

@@ -11,7 +11,7 @@
     <parent>
         <groupId>io.getlime.security</groupId>
         <artifactId>powerauth-push-server-parent</artifactId>
-        <version>1.6.0</version>
+        <version>1.6.1</version>
     </parent>
 
     <dependencyManagement>

powerauth-push-server/src/main/java/io/getlime/push/util/CaCertUtil.java

@@ -17,17 +17,14 @@
 package io.getlime.push.util;
 
 import io.getlime.push.configuration.PushServiceConfiguration;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.core.io.ClassPathResource;
+import lombok.AllArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.ResourceLoader;
 import org.springframework.stereotype.Service;
 
-import java.io.ByteArrayInputStream;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.nio.file.Files;
+import java.io.*;
+import java.nio.charset.StandardCharsets;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
@@ -43,31 +40,25 @@
  * @author Petr Dvorak, [email protected]
  */
 @Service
+@AllArgsConstructor
+@Slf4j
 public class CaCertUtil {
 
-    private static final Logger logger = LoggerFactory.getLogger(CaCertUtil.class);
-
     // Include those constants to remove dependency on X509Factory.BEGIN_CERT and X509Factory.END_CERT.
     private static final String BEGIN_CERT = "-----BEGIN CERTIFICATE-----";
     private static final String END_CERT = "-----END CERTIFICATE-----";
 
-    private static final String[] embeddedCertificates = {
-            "cacert/GeoTrust_Global_CA.pem",
-            "cacert/AAACertificateServices.pem",
-            "cacert/COMODORSAAAACA.pem",
-            "cacert/USERTrustRSAAAACA.pem"
-    };
+    private static final List<String> EMBEDDED_CERTIFICATES = List.of(
+            "classpath:/cacert/GeoTrust_Global_CA.pem",
+            "classpath:/cacert/AAACertificateServices.pem",
+            "classpath:/cacert/COMODORSAAAACA.pem",
+            "classpath:/cacert/USERTrustRSAAAACA.pem",
+            "classpath:/cacert/USERTrustRSA_CA.pem"
+    );
 
     private final PushServiceConfiguration pushServiceConfiguration;
 
-    /**
-     * Constructor with push service configuration.
-     * @param pushServiceConfiguration Push server configuration.
-     */
-    @Autowired
-    public CaCertUtil(PushServiceConfiguration pushServiceConfiguration) {
-        this.pushServiceConfiguration = pushServiceConfiguration;
-    }
+    private final ResourceLoader resourceLoader;
 
     /**
      * Obtain all registered CA certificates.
@@ -98,13 +89,15 @@ public X509Certificate[] allCerts() {
         }
 
         // Add the locally stored CA certificates required by Apple for APNs
-        for (String certPath : embeddedCertificates) {
+        for (String certPath : EMBEDDED_CERTIFICATES) {
             try {
                 logger.info("Importing embedded certificate: {}", certPath);
-                final File resource = new ClassPathResource(certPath).getFile();
-                final String certString = Files.readString(resource.toPath());
-                final X509Certificate cert = certificateFromPem(certString);
-                result.add(cert);
+                final Resource resource = resourceLoader.getResource(certPath);
+                try (final InputStream inputStream = resource.getInputStream()) {
+                    final String certString = new String(inputStream.readAllBytes(), StandardCharsets.UTF_8);
+                    final X509Certificate cert = certificateFromPem(certString);
+                    result.add(cert);
+                }
             } catch (CertificateException | IOException e) {
                 logger.error("Certificate error: {}", e.getMessage(), e);
             }
@@ -115,8 +108,8 @@ public X509Certificate[] allCerts() {
 
     private X509Certificate certificateFromPem(String pem) throws CertificateException {
         final byte[] decoded = Base64.getDecoder().decode(pem
-                .replaceAll(BEGIN_CERT, "")
-                .replaceAll(END_CERT, "")
+                .replace(BEGIN_CERT, "")
+                .replace(END_CERT, "")
                 .replaceAll("\\s", "")
         );
         return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(decoded));

powerauth-push-server/src/main/resources/cacert/USERTrustRSA_CA.pem

@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB
+iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
+cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
+BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw
+MjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV
+BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU
+aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy
+dGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
+AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B
+3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY
+tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/
+Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2
+VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT
+79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6
+c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT
+Yo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l
+c6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee
+UB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE
+Hg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd
+BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G
+A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF
+Up/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO
+VWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3
+ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs
+8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR
+iQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze
+Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ
+XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/
+qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB
+VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB
+L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG
+jjxDah2nGN59PRbxYvnKkKj9
+-----END CERTIFICATE-----