diff --git a/pom.xml b/pom.xml
index aa5ca7ea2..fe834e023 100644
--- a/pom.xml
+++ b/pom.xml
@@ -8,7 +8,7 @@
io.getlime.security
powerauth-push-server-parent
- 1.6.0
+ 1.6.1
pom
diff --git a/powerauth-push-client/pom.xml b/powerauth-push-client/pom.xml
index c370aec4e..8a3347352 100644
--- a/powerauth-push-client/pom.xml
+++ b/powerauth-push-client/pom.xml
@@ -10,7 +10,7 @@
powerauth-push-server-parent
io.getlime.security
- 1.6.0
+ 1.6.1
diff --git a/powerauth-push-model/pom.xml b/powerauth-push-model/pom.xml
index a9743f6ed..7e8ec8bdf 100644
--- a/powerauth-push-model/pom.xml
+++ b/powerauth-push-model/pom.xml
@@ -11,7 +11,7 @@
powerauth-push-server-parent
io.getlime.security
- 1.6.0
+ 1.6.1
diff --git a/powerauth-push-server/pom.xml b/powerauth-push-server/pom.xml
index a008e75fe..37b7f92b4 100644
--- a/powerauth-push-server/pom.xml
+++ b/powerauth-push-server/pom.xml
@@ -11,7 +11,7 @@
io.getlime.security
powerauth-push-server-parent
- 1.6.0
+ 1.6.1
diff --git a/powerauth-push-server/src/main/java/io/getlime/push/util/CaCertUtil.java b/powerauth-push-server/src/main/java/io/getlime/push/util/CaCertUtil.java
index d040447dc..edb5bbe91 100644
--- a/powerauth-push-server/src/main/java/io/getlime/push/util/CaCertUtil.java
+++ b/powerauth-push-server/src/main/java/io/getlime/push/util/CaCertUtil.java
@@ -17,17 +17,14 @@
package io.getlime.push.util;
import io.getlime.push.configuration.PushServiceConfiguration;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.core.io.ClassPathResource;
+import lombok.AllArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.ResourceLoader;
import org.springframework.stereotype.Service;
-import java.io.ByteArrayInputStream;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.nio.file.Files;
+import java.io.*;
+import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
@@ -43,31 +40,25 @@
* @author Petr Dvorak, petr@wultra.com
*/
@Service
+@AllArgsConstructor
+@Slf4j
public class CaCertUtil {
- private static final Logger logger = LoggerFactory.getLogger(CaCertUtil.class);
-
// Include those constants to remove dependency on X509Factory.BEGIN_CERT and X509Factory.END_CERT.
private static final String BEGIN_CERT = "-----BEGIN CERTIFICATE-----";
private static final String END_CERT = "-----END CERTIFICATE-----";
- private static final String[] embeddedCertificates = {
- "cacert/GeoTrust_Global_CA.pem",
- "cacert/AAACertificateServices.pem",
- "cacert/COMODORSAAAACA.pem",
- "cacert/USERTrustRSAAAACA.pem"
- };
+ private static final List EMBEDDED_CERTIFICATES = List.of(
+ "classpath:/cacert/GeoTrust_Global_CA.pem",
+ "classpath:/cacert/AAACertificateServices.pem",
+ "classpath:/cacert/COMODORSAAAACA.pem",
+ "classpath:/cacert/USERTrustRSAAAACA.pem",
+ "classpath:/cacert/USERTrustRSA_CA.pem"
+ );
private final PushServiceConfiguration pushServiceConfiguration;
- /**
- * Constructor with push service configuration.
- * @param pushServiceConfiguration Push server configuration.
- */
- @Autowired
- public CaCertUtil(PushServiceConfiguration pushServiceConfiguration) {
- this.pushServiceConfiguration = pushServiceConfiguration;
- }
+ private final ResourceLoader resourceLoader;
/**
* Obtain all registered CA certificates.
@@ -98,13 +89,15 @@ public X509Certificate[] allCerts() {
}
// Add the locally stored CA certificates required by Apple for APNs
- for (String certPath : embeddedCertificates) {
+ for (String certPath : EMBEDDED_CERTIFICATES) {
try {
logger.info("Importing embedded certificate: {}", certPath);
- final File resource = new ClassPathResource(certPath).getFile();
- final String certString = Files.readString(resource.toPath());
- final X509Certificate cert = certificateFromPem(certString);
- result.add(cert);
+ final Resource resource = resourceLoader.getResource(certPath);
+ try (final InputStream inputStream = resource.getInputStream()) {
+ final String certString = new String(inputStream.readAllBytes(), StandardCharsets.UTF_8);
+ final X509Certificate cert = certificateFromPem(certString);
+ result.add(cert);
+ }
} catch (CertificateException | IOException e) {
logger.error("Certificate error: {}", e.getMessage(), e);
}
@@ -115,8 +108,8 @@ public X509Certificate[] allCerts() {
private X509Certificate certificateFromPem(String pem) throws CertificateException {
final byte[] decoded = Base64.getDecoder().decode(pem
- .replaceAll(BEGIN_CERT, "")
- .replaceAll(END_CERT, "")
+ .replace(BEGIN_CERT, "")
+ .replace(END_CERT, "")
.replaceAll("\\s", "")
);
return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(decoded));
diff --git a/powerauth-push-server/src/main/resources/cacert/USERTrustRSA_CA.pem b/powerauth-push-server/src/main/resources/cacert/USERTrustRSA_CA.pem
new file mode 100644
index 000000000..2795cf313
--- /dev/null
+++ b/powerauth-push-server/src/main/resources/cacert/USERTrustRSA_CA.pem
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB
+iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
+cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
+BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw
+MjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV
+BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU
+aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy
+dGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
+AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B
+3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY
+tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/
+Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2
+VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT
+79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6
+c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT
+Yo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l
+c6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee
+UB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE
+Hg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd
+BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G
+A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF
+Up/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO
+VWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3
+ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs
+8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR
+iQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze
+Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ
+XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/
+qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB
+VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB
+L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG
+jjxDah2nGN59PRbxYvnKkKj9
+-----END CERTIFICATE-----