Removed auto-generated cert functionality

It wasn't a great idea to start with (I never used it), so I decided it was best if it was removed. Generating self signed certificates is easy enough.
author: Juan J. Martinez <jjm@usebox.net> 2024-04-20 13:43:19 +0100
committer: Juan J. Martinez <jjm@usebox.net> 2024-04-20 13:43:19 +0100
commit: 4fcdc4a237a217262c29e9b1a1804dda410ba0a0 (patch)
tree: 792dce23d9bd3c307c1b8d300034d8e4f409e6a8 /server/src/net
parent: 9a60fc8286960bf4efd69ebe152741306db59887 (diff)
download: spacebeans-4fcdc4a237a217262c29e9b1a1804dda410ba0a0.tar.gz
spacebeans-4fcdc4a237a217262c29e9b1a1804dda410ba0a0.zip
3 files changed, 13 insertions, 60 deletions
diff --git a/server/src/net/usebox/gemini/server/Server.scala b/server/src/net/usebox/gemini/server/Server.scala
index bd3c66c..4dc39c1 100644
--- a/server/src/net/usebox/gemini/server/Server.scala
+++ b/server/src/net/usebox/gemini/server/Server.scala
@@ -65,25 +65,18 @@ case class Server(conf: ServiceConf) {
 
   def serve = {
     val certs = conf.virtualHosts.map { vhost =>
-      vhost.keyStore.fold(
-        (
-          vhost.host,
-          TLSUtils.genSelfSignedCert(vhost.host, conf.genCertValidFor)
+      val KeyStore(path, alias, password) = vhost.keyStore
+      TLSUtils
+        .loadCert(path, alias, password)
+        .fold(
+          err => {
+            logger
+              .error(err)(s"Failed to load $alias cert from keystore $path")
+            system.terminate()
+            throw err
+          },
+          r => (vhost.host, r)
         )
-      ) {
-        case KeyStore(path, alias, password) =>
-          TLSUtils
-            .loadCert(path, alias, password)
-            .fold(
-              err => {
-                logger
-                  .error(err)(s"Failed to load $alias cert from keystore $path")
-                system.terminate()
-                throw err
-              },
-              r => (vhost.host, r)
-            )
-      }
     }.toMap
 
     val sslContext = TLSUtils.genSSLContext(certs)
diff --git a/server/src/net/usebox/gemini/server/ServiceConf.scala b/server/src/net/usebox/gemini/server/ServiceConf.scala
index c6b5d9a..562cb35 100644
--- a/server/src/net/usebox/gemini/server/ServiceConf.scala
+++ b/server/src/net/usebox/gemini/server/ServiceConf.scala
@@ -19,7 +19,7 @@ case class Directory(
 case class VirtualHost(
     host: String,
     root: String,
-    keyStore: Option[KeyStore] = None,
+    keyStore: KeyStore,
     indexFile: String = "index.gmi",
     directoryListing: Boolean = true,
     geminiParams: Option[String] = None,
@@ -81,7 +81,6 @@ case class ServiceConf(
     defaultMimeType: String,
     mimeTypes: Option[Map[String, List[String]]] = None,
     virtualHosts: List[VirtualHost],
-    genCertValidFor: FiniteDuration,
     enabledProtocols: List[String],
     enabledCipherSuites: List[String]
 )
diff --git a/server/src/net/usebox/gemini/server/TLSUtils.scala b/server/src/net/usebox/gemini/server/TLSUtils.scala
index 012da2f..75b2645 100644
--- a/server/src/net/usebox/gemini/server/TLSUtils.scala
+++ b/server/src/net/usebox/gemini/server/TLSUtils.scala
@@ -1,13 +1,10 @@
 package net.usebox.gemini.server
 
 import java.io.FileInputStream
-import java.math.BigInteger
 import java.net.Socket
-import java.security.{KeyPairGenerator, KeyStore, Principal, PrivateKey, SecureRandom, Security}
+import java.security.{KeyStore, Principal, PrivateKey, SecureRandom, Security}
 import java.security.cert.X509Certificate
 import java.security.KeyStore.PrivateKeyEntry
-import java.time.Instant
-import java.util.Date
 import javax.net.ssl.{
   ExtendedSSLSession,
   KeyManagerFactory,
@@ -19,13 +16,10 @@ import javax.net.ssl.{
   X509ExtendedKeyManager
 }
 
-import scala.concurrent.duration.FiniteDuration
 import scala.jdk.CollectionConverters._
 import scala.util.Try
 
 import org.bouncycastle.jce.provider.BouncyCastleProvider
-import org.bouncycastle.jce.X509Principal
-import org.bouncycastle.x509.X509V3CertificateGenerator
 import org.log4s._
 
 object TLSUtils {
@@ -133,38 +127,6 @@ object TLSUtils {
       )
     }.toEither
 
-  def genSelfSignedCert(
-      host: String,
-      validFor: FiniteDuration
-  ): (X509Certificate, PrivateKey) = {
-
-    val keyPairGenerator = KeyPairGenerator.getInstance("RSA")
-    keyPairGenerator.initialize(2048)
-    val kp = keyPairGenerator.generateKeyPair()
-
-    val v3CertGen = new X509V3CertificateGenerator()
-    v3CertGen.setSerialNumber(
-      BigInteger.valueOf(new SecureRandom().nextInt()).abs()
-    )
-    v3CertGen.setIssuerDN(
-      new X509Principal("CN=" + host + ", OU=None, O=None L=None, C=None")
-    )
-    v3CertGen.setNotBefore(
-      Date.from(Instant.now().minusSeconds(60 * 60))
-    )
-    v3CertGen.setNotAfter(
-      Date.from(Instant.now().plusSeconds(validFor.toSeconds))
-    )
-    v3CertGen.setSubjectDN(
-      new X509Principal("CN=" + host + ", OU=None, O=None L=None, C=None")
-    )
-
-    v3CertGen.setPublicKey(kp.getPublic())
-    v3CertGen.setSignatureAlgorithm("SHA256WithRSAEncryption")
-
-    (v3CertGen.generateX509Certificate(kp.getPrivate()), kp.getPrivate())
-  }
-
   def genSSLContext(
       certs: Map[String, (X509Certificate, PrivateKey)]
   ): SSLContext = {
@@ -199,5 +161,4 @@ object TLSUtils {
     )
     ctx
   }
-
 }
author	Juan J. Martinez <jjm@usebox.net>	2024-04-20 13:43:19 +0100
committer	Juan J. Martinez <jjm@usebox.net>	2024-04-20 13:43:19 +0100
commit	4fcdc4a237a217262c29e9b1a1804dda410ba0a0 (patch)
tree	792dce23d9bd3c307c1b8d300034d8e4f409e6a8 /server/src/net
parent	9a60fc8286960bf4efd69ebe152741306db59887 (diff)
download	spacebeans-4fcdc4a237a217262c29e9b1a1804dda410ba0a0.tar.gz spacebeans-4fcdc4a237a217262c29e9b1a1804dda410ba0a0.zip