From 890d103d644c7833dfedd73b4e6ee44ca8b603e4 Mon Sep 17 00:00:00 2001
From: d036670 <markus.strehle@sap.com>
Date: Sun, 7 Jan 2024 12:25:28 +0100
Subject: [PATCH] Prepare Tomcat 10 update

fix https://github.com/cloudfoundry/uaa-release/issues/677
Add SSLHostConfig which is a must
https://tomcat.apache.org/tomcat-10.0-doc/ssl-howto.html
https://tomcat.apache.org/tomcat-9.0-doc/config/http.html#Key_store_types
---
 .../templates/config/tomcat/tomcat.server.xml.erb    | 12 +++++++-----
 spec/compare/all-properties-tomcat-server.xml        | 12 +++++++-----
 2 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/jobs/uaa/templates/config/tomcat/tomcat.server.xml.erb b/jobs/uaa/templates/config/tomcat/tomcat.server.xml.erb
index 697abd5a2d..0c2c592318 100644
--- a/jobs/uaa/templates/config/tomcat/tomcat.server.xml.erb
+++ b/jobs/uaa/templates/config/tomcat/tomcat.server.xml.erb
@@ -70,12 +70,14 @@
                clientAuth="false"
                sslProtocol="TLS"
                keystoreFile="/var/vcap/data/uaa/uaa_keystore.p12"
-               keystoreType="PKCS12"
-               keyAlias="uaa_ssl_cert"
-               keystorePass="k0*l*s3cur1tyr0ck$"
+               defaultSSLHostConfigName="localhost"
                bindOnInit="false"
-               maxHttpHeaderSize="14336"
-    />
+               maxHttpHeaderSize="14336">
+      <SSLHostConfig hostName="localhost" protocols="<%= p('uaa.ssl.enabled_protocols') %>">
+        <Certificate certificateKeystoreFile="/var/vcap/data/uaa/uaa_keystore.p12" certificateKeyAlias="uaa_ssl_cert"
+                     type="RSA" certificateKeystoreType="PKCS12"  certificateKeystorePassword="k0*l*s3cur1tyr0ck$"/>
+      </SSLHostConfig>
+    </Connector>
 
     <Engine name="Catalina" defaultHost="localhost">
 
diff --git a/spec/compare/all-properties-tomcat-server.xml b/spec/compare/all-properties-tomcat-server.xml
index 86b389cf67..1e985e67c0 100644
--- a/spec/compare/all-properties-tomcat-server.xml
+++ b/spec/compare/all-properties-tomcat-server.xml
@@ -27,12 +27,14 @@
                clientAuth="false"
                sslProtocol="TLS"
                keystoreFile="/var/vcap/data/uaa/uaa_keystore.p12"
-               keystoreType="PKCS12"
-               keyAlias="uaa_ssl_cert"
-               keystorePass="k0*l*s3cur1tyr0ck$"
+               defaultSSLHostConfigName="localhost"
                bindOnInit="false"
-               maxHttpHeaderSize="14336"
-    />
+               maxHttpHeaderSize="14336">
+      <SSLHostConfig hostName="localhost" protocols="TLSv1.2,TLSv1.3">
+        <Certificate certificateKeystoreFile="/var/vcap/data/uaa/uaa_keystore.p12" certificateKeyAlias="uaa_ssl_cert"
+                     type="RSA" certificateKeystoreType="PKCS12"  certificateKeystorePassword="k0*l*s3cur1tyr0ck$"/>
+      </SSLHostConfig>
+    </Connector>
 
     <Engine name="Catalina" defaultHost="localhost">
       <Host name="localhost"