From 3e8c1aebec6927833d1d673fa321e0de09e635c8 Mon Sep 17 00:00:00 2001
From: Ming Wang <miwan@redhat.com>
Date: Thu, 23 Nov 2023 11:05:24 -0500
Subject: [PATCH] set up server cert

---
 .../java/io/cryostat/agent/WebServer.java     | 29 ++++++++++++-------
 1 file changed, 18 insertions(+), 11 deletions(-)

diff --git a/src/main/java/io/cryostat/agent/WebServer.java b/src/main/java/io/cryostat/agent/WebServer.java
index c8407b9c..0244913f 100644
--- a/src/main/java/io/cryostat/agent/WebServer.java
+++ b/src/main/java/io/cryostat/agent/WebServer.java
@@ -28,7 +28,9 @@
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
 import java.time.Duration;
 import java.util.Arrays;
 import java.util.HashSet;
@@ -44,7 +46,6 @@
 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLEngine;
-import javax.net.ssl.SSLParameters;
 import javax.net.ssl.TrustManagerFactory;
 
 import io.cryostat.agent.remote.RemoteContext;
@@ -118,23 +119,29 @@ void start() throws IOException, NoSuchAlgorithmException {
             SSLContext sslContext = SSLContext.getInstance("TLS");
 
             // initialize keystore
-            FileInputStream passwordFile = new FileInputStream("keystore.pass");
-            char[] password = new String(passwordFile.readAllBytes()).toCharArray();
-            passwordFile.close();
+            FileInputStream passwordFis = new FileInputStream("keystore.pass");
+            char[] password = new String(passwordFis.readAllBytes()).toCharArray();
+            passwordFis.close();
             KeyStore ks = KeyStore.getInstance("JKS");
-            FileInputStream fis = new FileInputStream("cryostat-keystore.p12");
-            ks.load(fis, password);
-            
+            FileInputStream keystoreFis = new FileInputStream("cryostat-keystore.p12");
+            ks.load(keystoreFis, password);
+
+            // set up certificate factory
+            FileInputStream certFis = new FileInputStream("server.cer");
+            CertificateFactory cf = CertificateFactory.getInstance("X.509");
+            Certificate cert = cf.generateCertificate(certFis);
+            ks.setCertificateEntry("serverCert", cert);
+
             // set up key manager factory
             KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
             kmf.init(ks, password);
-
+            
             // set up trust manager factory
-            // TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
-            // tmf.init(ks);
+            TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+            tmf.init(ks);
 
             // set up HTTPS context
-            sslContext.init(kmf.getKeyManagers(), null, null);
+            sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
             this.https.setHttpsConfigurator(new HttpsConfigurator(sslContext) {
                 public void configure(HttpsParameters params) {
                     try {