From a3dc895e3240b0686d6491b26e21d06e85cc1d45 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Wenzel?= <bjoern.wenzel@dbschenker.com>
Date: Mon, 15 Aug 2022 17:41:43 +0200
Subject: [PATCH] revert bouncy castle to test only

---
 Dockerfile                                            |  2 +-
 examples/pkijks.yml                                   |  2 ++
 pom.xml                                               | 11 ++++++-----
 .../java/de/koudingspawn/vault/VaultApplication.java  | 10 +++-------
 .../vault/vault/impl/SharedVaultResponseMapper.java   |  9 +++------
 5 files changed, 15 insertions(+), 19 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 58abc21..f75348e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -16,5 +16,5 @@ FROM gcr.io/distroless/java17:nonroot
 COPY --from=BUILD /opt/target/vault-crd.jar /opt/vault-crd.jar
 COPY --from=BUILD /java.security /etc/java-17-openjdk/security/java.security
 
-ENTRYPOINT ["/usr/bin/java", "-Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts", "-Djavax.net.ssl.trustStorePassword=changeit", "-Djavax.net.ssl.trustStoreType=jks"]
+ENTRYPOINT ["/usr/bin/java", "-Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts", "-Djavax.net.ssl.trustStorePassword=changeit", "-Djavax.net.ssl.trustStoreType=jks", "-Dkeystore.pkcs12.legacy"]
 CMD ["-jar", "/opt/vault-crd.jar"]
diff --git a/examples/pkijks.yml b/examples/pkijks.yml
index eec51ba..a8bc597 100644
--- a/examples/pkijks.yml
+++ b/examples/pkijks.yml
@@ -5,6 +5,8 @@ metadata:
 spec:
   path: "testpki/issue/testrole"
   type: "PKIJKS"
+  jksConfiguration:
+    caAlias: CARoot
   pkiConfiguration:
     commonName: "vault.koudingspawn.de"
     ttl: "7m"
diff --git a/pom.xml b/pom.xml
index 9587a80..d60ff06 100644
--- a/pom.xml
+++ b/pom.xml
@@ -68,11 +68,6 @@
 			<version>2.5.4</version>
 		</dependency>
 
-		<dependency>
-			<groupId>org.bouncycastle</groupId>
-			<artifactId>bcpkix-jdk15on</artifactId>
-			<version>1.58</version>
-		</dependency>
 
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
@@ -85,6 +80,12 @@
 			<version>2.17.0</version>
 			<scope>test</scope>
 		</dependency>
+		<dependency>
+			<groupId>org.bouncycastle</groupId>
+			<artifactId>bcpkix-jdk15on</artifactId>
+			<version>1.58</version>
+			<scope>test</scope>
+		</dependency>
 
 		<dependency>
 			<groupId>org.junit.vintage</groupId>
diff --git a/src/main/java/de/koudingspawn/vault/VaultApplication.java b/src/main/java/de/koudingspawn/vault/VaultApplication.java
index 173e8e1..97a6d7f 100644
--- a/src/main/java/de/koudingspawn/vault/VaultApplication.java
+++ b/src/main/java/de/koudingspawn/vault/VaultApplication.java
@@ -1,18 +1,14 @@
 package de.koudingspawn.vault;
 
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.scheduling.annotation.EnableScheduling;
 
-import java.security.Security;
-
 @SpringBootApplication
 @EnableScheduling
 public class VaultApplication {
 
-	public static void main(String[] args) {
-		Security.addProvider(new BouncyCastleProvider());
-		SpringApplication.run(VaultApplication.class, args);
-	}
+    public static void main(String[] args) {
+        SpringApplication.run(VaultApplication.class, args);
+    }
 }
diff --git a/src/main/java/de/koudingspawn/vault/vault/impl/SharedVaultResponseMapper.java b/src/main/java/de/koudingspawn/vault/vault/impl/SharedVaultResponseMapper.java
index 6395068..2af30ec 100644
--- a/src/main/java/de/koudingspawn/vault/vault/impl/SharedVaultResponseMapper.java
+++ b/src/main/java/de/koudingspawn/vault/vault/impl/SharedVaultResponseMapper.java
@@ -6,7 +6,6 @@
 import de.koudingspawn.vault.vault.VaultSecret;
 import de.koudingspawn.vault.vault.communication.SecretNotAccessibleException;
 import de.koudingspawn.vault.vault.impl.pki.VaultResponseData;
-import org.bouncycastle.jcajce.PKCS12StoreParameter;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
 import org.springframework.util.StringUtils;
@@ -82,11 +81,9 @@ private String getKey(VaultResponseData responseData) {
     }
 
     VaultSecret mapJks(VaultResponseData data, VaultJKSConfiguration jksConfiguration, VaultType type) throws SecretNotAccessibleException {
-
         try {
-            KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(getPassword(jksConfiguration).toCharArray(), "HmacPBESHA1", null);
-            KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
-            keyStore.load(() -> passwordProtection);
+            KeyStore keyStore = KeyStore.getInstance("PKCS12");
+            keyStore.load(null, null);
 
             Certificate[] publicKeyList = getPublicKey(data.getCertificate());
 
@@ -104,7 +101,7 @@ VaultSecret mapJks(VaultResponseData data, VaultJKSConfiguration jksConfiguratio
             }
 
             ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
-            keyStore.store(new PKCS12StoreParameter(outputStream, passwordProtection));
+            keyStore.store(outputStream, getPassword(jksConfiguration).toCharArray());
             String b64KeyStore = Base64.getEncoder().encodeToString(outputStream.toByteArray());
 
             HashMap<String, String> secretData = new HashMap<>() {{