Skip to content

Commit

Permalink
revert bouncy castle to test only
Browse files Browse the repository at this point in the history
  • Loading branch information
Björn Wenzel committed Aug 15, 2022
1 parent df84b2d commit a3dc895
Show file tree
Hide file tree
Showing 5 changed files with 15 additions and 19 deletions.
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -16,5 +16,5 @@ FROM gcr.io/distroless/java17:nonroot
COPY --from=BUILD /opt/target/vault-crd.jar /opt/vault-crd.jar
COPY --from=BUILD /java.security /etc/java-17-openjdk/security/java.security

ENTRYPOINT ["/usr/bin/java", "-Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts", "-Djavax.net.ssl.trustStorePassword=changeit", "-Djavax.net.ssl.trustStoreType=jks"]
ENTRYPOINT ["/usr/bin/java", "-Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts", "-Djavax.net.ssl.trustStorePassword=changeit", "-Djavax.net.ssl.trustStoreType=jks", "-Dkeystore.pkcs12.legacy"]
CMD ["-jar", "/opt/vault-crd.jar"]
2 changes: 2 additions & 0 deletions examples/pkijks.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ metadata:
spec:
path: "testpki/issue/testrole"
type: "PKIJKS"
jksConfiguration:
caAlias: CARoot
pkiConfiguration:
commonName: "vault.koudingspawn.de"
ttl: "7m"
11 changes: 6 additions & 5 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -68,11 +68,6 @@
<version>2.5.4</version>
</dependency>

<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<version>1.58</version>
</dependency>

<dependency>
<groupId>org.springframework.boot</groupId>
Expand All @@ -85,6 +80,12 @@
<version>2.17.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<version>1.58</version>
<scope>test</scope>
</dependency>

<dependency>
<groupId>org.junit.vintage</groupId>
Expand Down
10 changes: 3 additions & 7 deletions src/main/java/de/koudingspawn/vault/VaultApplication.java
Original file line number Diff line number Diff line change
@@ -1,18 +1,14 @@
package de.koudingspawn.vault;

import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.scheduling.annotation.EnableScheduling;

import java.security.Security;

@SpringBootApplication
@EnableScheduling
public class VaultApplication {

public static void main(String[] args) {
Security.addProvider(new BouncyCastleProvider());
SpringApplication.run(VaultApplication.class, args);
}
public static void main(String[] args) {
SpringApplication.run(VaultApplication.class, args);
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@
import de.koudingspawn.vault.vault.VaultSecret;
import de.koudingspawn.vault.vault.communication.SecretNotAccessibleException;
import de.koudingspawn.vault.vault.impl.pki.VaultResponseData;
import org.bouncycastle.jcajce.PKCS12StoreParameter;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
Expand Down Expand Up @@ -82,11 +81,9 @@ private String getKey(VaultResponseData responseData) {
}

VaultSecret mapJks(VaultResponseData data, VaultJKSConfiguration jksConfiguration, VaultType type) throws SecretNotAccessibleException {

try {
KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(getPassword(jksConfiguration).toCharArray(), "HmacPBESHA1", null);
KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
keyStore.load(() -> passwordProtection);
KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(null, null);

Certificate[] publicKeyList = getPublicKey(data.getCertificate());

Expand All @@ -104,7 +101,7 @@ VaultSecret mapJks(VaultResponseData data, VaultJKSConfiguration jksConfiguratio
}

ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
keyStore.store(new PKCS12StoreParameter(outputStream, passwordProtection));
keyStore.store(outputStream, getPassword(jksConfiguration).toCharArray());
String b64KeyStore = Base64.getEncoder().encodeToString(outputStream.toByteArray());

HashMap<String, String> secretData = new HashMap<>() {{
Expand Down

0 comments on commit a3dc895

Please sign in to comment.