Removed auto-generated cert functionality

It wasn't a great idea to start with (I never used it), so I decided it
was best if it was removed.

Generating self signed certificates is easy enough.

5 files changed, 25 insertions, 64 deletions

diff --git a/server/src/net/usebox/gemini/server/Server.scala b/server/src/net/usebox/gemini/server/Server.scala
index bd3c66c..4dc39c1 100644
--- a/server/src/net/usebox/gemini/server/Server.scala
+++ b/server/src/net/usebox/gemini/server/Server.scala
@@ -65,25 +65,18 @@ case class Server(conf: ServiceConf) {
 
   def serve = {
     val certs = conf.virtualHosts.map { vhost =>
-      vhost.keyStore.fold(
-        (
-          vhost.host,
-          TLSUtils.genSelfSignedCert(vhost.host, conf.genCertValidFor)
+      val KeyStore(path, alias, password) = vhost.keyStore
+      TLSUtils
+        .loadCert(path, alias, password)
+        .fold(
+          err => {
+            logger
+              .error(err)(s"Failed to load $alias cert from keystore $path")
+            system.terminate()
+            throw err
+          },
+          r => (vhost.host, r)
         )
-      ) {
-        case KeyStore(path, alias, password) =>
-          TLSUtils
-            .loadCert(path, alias, password)
-            .fold(
-              err => {
-                logger
-                  .error(err)(s"Failed to load $alias cert from keystore $path")
-                system.terminate()
-                throw err
-              },
-              r => (vhost.host, r)
-            )
-      }
     }.toMap
 
     val sslContext = TLSUtils.genSSLContext(certs)
diff --git a/server/src/net/usebox/gemini/server/ServiceConf.scala b/server/src/net/usebox/gemini/server/ServiceConf.scala
index c6b5d9a..562cb35 100644
--- a/server/src/net/usebox/gemini/server/ServiceConf.scala
+++ b/server/src/net/usebox/gemini/server/ServiceConf.scala
@@ -19,7 +19,7 @@ case class Directory(
 case class VirtualHost(
     host: String,
     root: String,
-    keyStore: Option[KeyStore] = None,
+    keyStore: KeyStore,
     indexFile: String = "index.gmi",
     directoryListing: Boolean = true,
     geminiParams: Option[String] = None,
@@ -81,7 +81,6 @@ case class ServiceConf(
     defaultMimeType: String,
     mimeTypes: Option[Map[String, List[String]]] = None,
     virtualHosts: List[VirtualHost],
-    genCertValidFor: FiniteDuration,
     enabledProtocols: List[String],
     enabledCipherSuites: List[String]
 )
diff --git a/server/src/net/usebox/gemini/server/TLSUtils.scala b/server/src/net/usebox/gemini/server/TLSUtils.scala
index 012da2f..75b2645 100644
--- a/server/src/net/usebox/gemini/server/TLSUtils.scala
+++ b/server/src/net/usebox/gemini/server/TLSUtils.scala
@@ -1,13 +1,10 @@
 package net.usebox.gemini.server
 
 import java.io.FileInputStream
-import java.math.BigInteger
 import java.net.Socket
-import java.security.{KeyPairGenerator, KeyStore, Principal, PrivateKey, SecureRandom, Security}
+import java.security.{KeyStore, Principal, PrivateKey, SecureRandom, Security}
 import java.security.cert.X509Certificate
 import java.security.KeyStore.PrivateKeyEntry
-import java.time.Instant
-import java.util.Date
 import javax.net.ssl.{
   ExtendedSSLSession,
   KeyManagerFactory,
@@ -19,13 +16,10 @@ import javax.net.ssl.{
   X509ExtendedKeyManager
 }
 
-import scala.concurrent.duration.FiniteDuration
 import scala.jdk.CollectionConverters._
 import scala.util.Try
 
 import org.bouncycastle.jce.provider.BouncyCastleProvider
-import org.bouncycastle.jce.X509Principal
-import org.bouncycastle.x509.X509V3CertificateGenerator
 import org.log4s._
 
 object TLSUtils {
@@ -133,38 +127,6 @@ object TLSUtils {
       )
     }.toEither
 
-  def genSelfSignedCert(
-      host: String,
-      validFor: FiniteDuration
-  ): (X509Certificate, PrivateKey) = {
-
-    val keyPairGenerator = KeyPairGenerator.getInstance("RSA")
-    keyPairGenerator.initialize(2048)
-    val kp = keyPairGenerator.generateKeyPair()
-
-    val v3CertGen = new X509V3CertificateGenerator()
-    v3CertGen.setSerialNumber(
-      BigInteger.valueOf(new SecureRandom().nextInt()).abs()
-    )
-    v3CertGen.setIssuerDN(
-      new X509Principal("CN=" + host + ", OU=None, O=None L=None, C=None")
-    )
-    v3CertGen.setNotBefore(
-      Date.from(Instant.now().minusSeconds(60 * 60))
-    )
-    v3CertGen.setNotAfter(
-      Date.from(Instant.now().plusSeconds(validFor.toSeconds))
-    )
-    v3CertGen.setSubjectDN(
-      new X509Principal("CN=" + host + ", OU=None, O=None L=None, C=None")
-    )
-
-    v3CertGen.setPublicKey(kp.getPublic())
-    v3CertGen.setSignatureAlgorithm("SHA256WithRSAEncryption")
-
-    (v3CertGen.generateX509Certificate(kp.getPrivate()), kp.getPrivate())
-  }
-
   def genSSLContext(
       certs: Map[String, (X509Certificate, PrivateKey)]
   ): SSLContext = {
@@ -199,5 +161,4 @@ object TLSUtils {
     )
     ctx
   }
-
 }
diff --git a/server/test/src/ServiceConfSpec.scala b/server/test/src/ServiceConfSpec.scala
index d886b4f..959f15d 100644
--- a/server/test/src/ServiceConfSpec.scala
+++ b/server/test/src/ServiceConfSpec.scala
@@ -124,10 +124,14 @@ class ServiceConfSpec extends AnyFlatSpec with Matchers {
       virtualHosts = List(
         VirtualHost(
           host = "localhost",
-          root = getClass.getResource("/").getPath()
+          root = getClass.getResource("/").getPath(),
+          keyStore = KeyStore(
+            path = "/tmp/unused.jks",
+            alias = "localhost",
+            password = "secret"
+          )
         )
       ),
-      genCertValidFor = 1.day,
       enabledProtocols = Nil,
       enabledCipherSuites = Nil
     )
diff --git a/server/test/src/TestData.scala b/server/test/src/TestData.scala
index df3fbd6..64ac43b 100644
--- a/server/test/src/TestData.scala
+++ b/server/test/src/TestData.scala
@@ -16,10 +16,14 @@ object TestData {
     virtualHosts = List(
       VirtualHost(
         host = host,
-        root = getClass.getResource("/").getPath()
+        root = getClass.getResource("/").getPath(),
+        keyStore = KeyStore(
+          path = "/tmp/unused.jks",
+          alias = "localhost",
+          password = "secret"
+        )
       )
     ),
-    genCertValidFor = 1.day,
     enabledProtocols = Nil,
     enabledCipherSuites = Nil
   )