aboutsummaryrefslogtreecommitdiff
path: root/server/src/net/usebox/gemini
diff options
context:
space:
mode:
authorJuan J. Martinez <jjm@usebox.net>2024-04-20 13:43:19 +0100
committerJuan J. Martinez <jjm@usebox.net>2024-04-20 13:43:19 +0100
commit4fcdc4a237a217262c29e9b1a1804dda410ba0a0 (patch)
tree792dce23d9bd3c307c1b8d300034d8e4f409e6a8 /server/src/net/usebox/gemini
parent9a60fc8286960bf4efd69ebe152741306db59887 (diff)
downloadspacebeans-4fcdc4a237a217262c29e9b1a1804dda410ba0a0.tar.gz
spacebeans-4fcdc4a237a217262c29e9b1a1804dda410ba0a0.zip
Removed auto-generated cert functionality
It wasn't a great idea to start with (I never used it), so I decided it was best if it was removed. Generating self signed certificates is easy enough.
Diffstat (limited to 'server/src/net/usebox/gemini')
-rw-r--r--server/src/net/usebox/gemini/server/Server.scala29
-rw-r--r--server/src/net/usebox/gemini/server/ServiceConf.scala3
-rw-r--r--server/src/net/usebox/gemini/server/TLSUtils.scala41
3 files changed, 13 insertions, 60 deletions
diff --git a/server/src/net/usebox/gemini/server/Server.scala b/server/src/net/usebox/gemini/server/Server.scala
index bd3c66c..4dc39c1 100644
--- a/server/src/net/usebox/gemini/server/Server.scala
+++ b/server/src/net/usebox/gemini/server/Server.scala
@@ -65,25 +65,18 @@ case class Server(conf: ServiceConf) {
def serve = {
val certs = conf.virtualHosts.map { vhost =>
- vhost.keyStore.fold(
- (
- vhost.host,
- TLSUtils.genSelfSignedCert(vhost.host, conf.genCertValidFor)
+ val KeyStore(path, alias, password) = vhost.keyStore
+ TLSUtils
+ .loadCert(path, alias, password)
+ .fold(
+ err => {
+ logger
+ .error(err)(s"Failed to load $alias cert from keystore $path")
+ system.terminate()
+ throw err
+ },
+ r => (vhost.host, r)
)
- ) {
- case KeyStore(path, alias, password) =>
- TLSUtils
- .loadCert(path, alias, password)
- .fold(
- err => {
- logger
- .error(err)(s"Failed to load $alias cert from keystore $path")
- system.terminate()
- throw err
- },
- r => (vhost.host, r)
- )
- }
}.toMap
val sslContext = TLSUtils.genSSLContext(certs)
diff --git a/server/src/net/usebox/gemini/server/ServiceConf.scala b/server/src/net/usebox/gemini/server/ServiceConf.scala
index c6b5d9a..562cb35 100644
--- a/server/src/net/usebox/gemini/server/ServiceConf.scala
+++ b/server/src/net/usebox/gemini/server/ServiceConf.scala
@@ -19,7 +19,7 @@ case class Directory(
case class VirtualHost(
host: String,
root: String,
- keyStore: Option[KeyStore] = None,
+ keyStore: KeyStore,
indexFile: String = "index.gmi",
directoryListing: Boolean = true,
geminiParams: Option[String] = None,
@@ -81,7 +81,6 @@ case class ServiceConf(
defaultMimeType: String,
mimeTypes: Option[Map[String, List[String]]] = None,
virtualHosts: List[VirtualHost],
- genCertValidFor: FiniteDuration,
enabledProtocols: List[String],
enabledCipherSuites: List[String]
)
diff --git a/server/src/net/usebox/gemini/server/TLSUtils.scala b/server/src/net/usebox/gemini/server/TLSUtils.scala
index 012da2f..75b2645 100644
--- a/server/src/net/usebox/gemini/server/TLSUtils.scala
+++ b/server/src/net/usebox/gemini/server/TLSUtils.scala
@@ -1,13 +1,10 @@
package net.usebox.gemini.server
import java.io.FileInputStream
-import java.math.BigInteger
import java.net.Socket
-import java.security.{KeyPairGenerator, KeyStore, Principal, PrivateKey, SecureRandom, Security}
+import java.security.{KeyStore, Principal, PrivateKey, SecureRandom, Security}
import java.security.cert.X509Certificate
import java.security.KeyStore.PrivateKeyEntry
-import java.time.Instant
-import java.util.Date
import javax.net.ssl.{
ExtendedSSLSession,
KeyManagerFactory,
@@ -19,13 +16,10 @@ import javax.net.ssl.{
X509ExtendedKeyManager
}
-import scala.concurrent.duration.FiniteDuration
import scala.jdk.CollectionConverters._
import scala.util.Try
import org.bouncycastle.jce.provider.BouncyCastleProvider
-import org.bouncycastle.jce.X509Principal
-import org.bouncycastle.x509.X509V3CertificateGenerator
import org.log4s._
object TLSUtils {
@@ -133,38 +127,6 @@ object TLSUtils {
)
}.toEither
- def genSelfSignedCert(
- host: String,
- validFor: FiniteDuration
- ): (X509Certificate, PrivateKey) = {
-
- val keyPairGenerator = KeyPairGenerator.getInstance("RSA")
- keyPairGenerator.initialize(2048)
- val kp = keyPairGenerator.generateKeyPair()
-
- val v3CertGen = new X509V3CertificateGenerator()
- v3CertGen.setSerialNumber(
- BigInteger.valueOf(new SecureRandom().nextInt()).abs()
- )
- v3CertGen.setIssuerDN(
- new X509Principal("CN=" + host + ", OU=None, O=None L=None, C=None")
- )
- v3CertGen.setNotBefore(
- Date.from(Instant.now().minusSeconds(60 * 60))
- )
- v3CertGen.setNotAfter(
- Date.from(Instant.now().plusSeconds(validFor.toSeconds))
- )
- v3CertGen.setSubjectDN(
- new X509Principal("CN=" + host + ", OU=None, O=None L=None, C=None")
- )
-
- v3CertGen.setPublicKey(kp.getPublic())
- v3CertGen.setSignatureAlgorithm("SHA256WithRSAEncryption")
-
- (v3CertGen.generateX509Certificate(kp.getPrivate()), kp.getPrivate())
- }
-
def genSSLContext(
certs: Map[String, (X509Certificate, PrivateKey)]
): SSLContext = {
@@ -199,5 +161,4 @@ object TLSUtils {
)
ctx
}
-
}