jenkins has issues opening certificate :(

java_console/io/io.iml

@@ -16,5 +16,6 @@
     <orderEntry type="library" exported="" name="annotations" level="project" />
     <orderEntry type="module" module-name="inifile" exported="" />
     <orderEntry type="library" exported="" name="javax.json" level="project" />
+    <orderEntry type="module" module-name="proxy_server" />
   </component>
 </module>

java_console/io/src/main/java/com/rusefi/io/tcp/BinaryProtocolServer.java

@@ -7,8 +7,8 @@ import com.rusefi.binaryprotocol.*;
 import com.rusefi.config.generated.Fields;
 import com.rusefi.io.LinkManager;
 import com.rusefi.io.commands.HelloCommand;
+import com.rusefi.server.rusEFISSLContext;
 
-import javax.net.ssl.SSLServerSocketFactory;
 import java.io.*;
 import java.net.ServerSocket;
 import java.net.Socket;
@@ -18,7 +18,8 @@ import java.util.concurrent.atomic.AtomicInteger;
 import java.util.function.Function;
 
 import static com.rusefi.binaryprotocol.IoHelper.swap16;
-import static com.rusefi.config.generated.Fields.*;
+import static com.rusefi.config.generated.Fields.TS_PROTOCOL;
+import static com.rusefi.config.generated.Fields.TS_RESPONSE_BURN_OK;
 
 /**
  * This class makes rusEfi console a proxy for other tuning software, this way we can have two tools connected via same
@@ -35,13 +36,7 @@ public class BinaryProtocolServer implements BinaryProtocolCommands {
 
     public AtomicInteger unknownCommands = new AtomicInteger();
 
-    public static final Function<Integer, ServerSocket> SECURE_SOCKET_FACTORY = port -> {
-        try {
-            return SSLServerSocketFactory.getDefault().createServerSocket(port);
-        } catch (IOException e) {
-            throw new IllegalStateException("Error binding secure server socket " + port, e);
-        }
-    };
+    public static final Function<Integer, ServerSocket> SECURE_SOCKET_FACTORY = rusEFISSLContext::getSSLServerSocket;
 
     public static final Function<Integer, ServerSocket> PLAIN_SOCKET_FACTORY = port -> {
         try {
@@ -79,7 +74,7 @@ public class BinaryProtocolServer implements BinaryProtocolCommands {
      *
      * @param port                         server port to accept connections
      * @param threadName
-     * @param socketRunnableFactory  method to invoke on a new thread for each new client connection
+     * @param socketRunnableFactory        method to invoke on a new thread for each new client connection
      * @param logger
      * @param serverSocketCreationCallback this callback is invoked once we open the server socket
      */

java_console/io/src/main/java/com/rusefi/server/rusEFISSLContext.java

@@ -0,0 +1,108 @@
+package com.rusefi.server;
+
+import javax.net.ssl.*;
+import java.io.File;
+import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.ServerSocket;
+import java.net.Socket;
+import java.security.KeyStore;
+import java.security.cert.X509Certificate;
+
+public class rusEFISSLContext {
+    private static final String TLS = "TLS";
+//    private static KeyStore key;
+
+    // todo: one day once rusEFI has a proper commercial certificate this should be removed
+    private static TrustManager[] trustAllCerts = new TrustManager[]{
+            new X509TrustManager() {
+                public java.security.cert.X509Certificate[] getAcceptedIssuers() {
+                    return new X509Certificate[0];
+                }
+
+                public void checkClientTrusted(
+                        java.security.cert.X509Certificate[] certs, String authType) {
+                }
+
+                public void checkServerTrusted(
+                        java.security.cert.X509Certificate[] certs, String authType) {
+                }
+            }
+    };
+
+    public static void init(String fileName, String password) throws MalformedURLException {
+        // system property setup does not work under Jenkins?
+        Backend.setupCertificates(new File(fileName), password);
+
+        //key = getFromPath(fileName, "PKCS12", password);
+    }
+
+    public static ServerSocket getSSLServerSocket(int port) {
+        try {
+            return SSLServerSocketFactory.getDefault().createServerSocket(port);
+        } catch (IOException e) {
+            throw new IllegalStateException("Error binding secure server socket " + port, e);
+        }
+//        try {
+//            return getSSLServerSocketFactory(key, TLS).createServerSocket(port);
+//        } catch (Exception e) {
+//            throw new IllegalStateException(e);
+//        }
+    }
+
+    public static Socket getSSLSocket(String host, int port) {
+        try {
+            return getSSLSocketFactory(null /*key*/, TLS).createSocket(host, port);
+        } catch (Exception e) {
+            throw new IllegalStateException(e);
+        }
+    }
+
+    /*
+        private static SSLServerSocketFactory getSSLServerSocketFactory(KeyStore trustKey, String sslAlgorithm) {
+            try {
+                TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+                tmf.init(trustKey);
+
+                SSLContext context = SSLContext.getInstance(sslAlgorithm);
+                context.init(null, tmf.getTrustManagers(), null);
+
+                return context.getServerSocketFactory();
+            } catch (Exception e) {
+                throw new IllegalStateException(e);
+            }
+        }
+    */
+    private static SSLSocketFactory getSSLSocketFactory(KeyStore trustKey, String sslAlgorithm) {
+        try {
+//            TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+//            tmf.init(trustKey);
+
+            SSLContext context = SSLContext.getInstance(sslAlgorithm);
+            context.init(null, trustAllCerts/*tmf.getTrustManagers()*/, null);
+
+            return context.getSocketFactory();
+        } catch (Exception e) {
+            throw new IllegalStateException(e);
+        }
+    }
+/*
+    private static KeyStore getFromPath(String path, String algorithm, String filePassword) {
+        try {
+            File f = new File(path);
+
+            if (!f.exists())
+                throw new RuntimeException("File not found: " + path);
+
+            FileInputStream keyFile = new FileInputStream(f);
+            KeyStore keystore = KeyStore.getInstance(algorithm);
+            keystore.load(keyFile, filePassword.toCharArray());
+            keyFile.close();
+
+            return keystore;
+        } catch (Exception e) {
+            throw new IllegalStateException(e);
+        }
+    }
+*/
+}

java_console/ui/src/test/java/com/rusefi/ServerTest.java

@@ -15,7 +15,6 @@ import com.rusefi.tools.online.ProxyClient;
 import org.junit.Before;
 import org.junit.Test;
 
-import java.io.File;
 import java.io.IOException;
 import java.net.MalformedURLException;
 import java.util.List;
@@ -43,8 +42,7 @@ public class ServerTest {
     public void setTestCertificate() throws MalformedURLException {
         NetworkConnector.RUSEFI_PROXY_HOSTNAME = ProxyClient.LOCALHOST;
 
-        File certificate = new File("certificate/test_pkcs12.jks");
-        Backend.setupCertificates(certificate, "password");
+        rusEFISSLContext.init("certificate/test_pkcs12.jks", "password");
     }
 
     @Test

java_tools/proxy_server/src/main/java/com/rusefi/LocalApplicationProxy.java

@@ -7,6 +7,7 @@ import com.rusefi.io.tcp.BinaryProtocolProxy;
 import com.rusefi.io.tcp.TcpIoStream;
 import com.rusefi.proxy.NetworkConnector;
 import com.rusefi.server.ApplicationRequest;
+import com.rusefi.server.rusEFISSLContext;
 
 import javax.net.ssl.SSLSocketFactory;
 import java.io.IOException;
@@ -26,7 +27,7 @@ public class LocalApplicationProxy {
      * @param authenticatorPort local port we would bind for TunerStudio to connect to
      */
     static void startAndRun(Logger logger, int serverPortForRemoteUsers, ApplicationRequest applicationRequest, int authenticatorPort) throws IOException {
-        IoStream authenticatorToProxyStream = new TcpIoStream(logger, SSLSocketFactory.getDefault().createSocket(NetworkConnector.RUSEFI_PROXY_HOSTNAME, serverPortForRemoteUsers));
+        IoStream authenticatorToProxyStream = new TcpIoStream(logger, rusEFISSLContext.getSSLSocket(NetworkConnector.RUSEFI_PROXY_HOSTNAME, serverPortForRemoteUsers));
         LocalApplicationProxy localApplicationProxy = new LocalApplicationProxy(logger, applicationRequest);
         localApplicationProxy.run(authenticatorToProxyStream);
 

java_tools/proxy_server/src/main/java/com/rusefi/proxy/NetworkConnector.java

@@ -5,12 +5,11 @@ import com.rusefi.io.IoStream;
 import com.rusefi.io.commands.HelloCommand;
 import com.rusefi.io.tcp.BinaryProtocolServer;
 import com.rusefi.io.tcp.TcpIoStream;
-import com.rusefi.proxy.BaseBroadcastingThread;
 import com.rusefi.server.ControllerInfo;
 import com.rusefi.server.SessionDetails;
+import com.rusefi.server.rusEFISSLContext;
 import org.jetbrains.annotations.NotNull;
 
-import javax.net.ssl.SSLSocketFactory;
 import java.io.IOException;
 
 /**
@@ -29,7 +28,7 @@ public class NetworkConnector {
 
         SessionDetails deviceSessionDetails = new SessionDetails(ci, authToken, SessionDetails.createOneTimeCode());
 
-        BaseBroadcastingThread baseBroadcastingThread = new BaseBroadcastingThread(SSLSocketFactory.getDefault().createSocket(RUSEFI_PROXY_HOSTNAME, serverPortForControllers),
+        BaseBroadcastingThread baseBroadcastingThread = new BaseBroadcastingThread(rusEFISSLContext.getSSLSocket(RUSEFI_PROXY_HOSTNAME, serverPortForControllers),
                 deviceSessionDetails,
                 logger) {
             @Override