Generate debug key from Gradle task, drop private API usage

3 files changed, 15 insertions, 53 deletions

diff --git a/build.gradle b/build.gradle
index f7595ac2..7de01cdf 100644
--- a/build.gradle
+++ b/build.gradle
@@ -44,4 +44,16 @@ allprojects {
         }
     }
 }
+class GenKey extends DefaultTask {
+    @OutputFile
+    String keystore
+    @TaskAction
+    def generate() {
+        ant.genkey(alias:"1", keystore:keystore.toString(), storepass:"secret", dname:"CN=localhost", keysize:2048)
+    }
+}
+
+task generateDebugKey(type: GenKey) {
+    keystore = "${projectDir}/juick.p12"
+}
 
diff --git a/juick-server/build.gradle b/juick-server/build.gradle
index 9a6196da..9b0a6496 100644
--- a/juick-server/build.gradle
+++ b/juick-server/build.gradle
@@ -58,7 +58,6 @@ asciidoctor {
     outputDir = docsOutputDir
 }
 
-
 dependencies {
     compile project(':juick-common')
     compile 'com.github.ben-manes.caffeine:caffeine:2.6.2'
@@ -115,5 +114,6 @@ bootJar {
     launchScript()
 }
 
+bootRun.dependsOn ':generateDebugKey'
 compileFrontend.dependsOn 'yarn'
 processResources.dependsOn 'compileFrontend'
diff --git a/juick-server/src/main/java/com/juick/server/KeystoreManager.java b/juick-server/src/main/java/com/juick/server/KeystoreManager.java
index dd962527..44b0b90e 100644
--- a/juick-server/src/main/java/com/juick/server/KeystoreManager.java
+++ b/juick-server/src/main/java/com/juick/server/KeystoreManager.java
@@ -5,25 +5,20 @@ import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
 import org.springframework.util.Base64Utils;
-import sun.security.x509.*;
 
 import javax.annotation.PostConstruct;
 import javax.net.ssl.KeyManagerFactory;
 import java.io.FileInputStream;
-import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.InputStream;
-import java.math.BigInteger;
 import java.security.*;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-import java.util.Date;
 
 @Component
 public class KeystoreManager {
     private static final Logger logger = LoggerFactory.getLogger("com.juick.server");
-    @Value("${keystore:juick.p12}")
+    @Value("${keystore:../juick.p12}")
     private String keystore;
     @Value("${keystore_password:secret}")
     private String keystorePassword;
@@ -41,19 +36,7 @@ public class KeystoreManager {
                     .getDefaultAlgorithm());
             kmf.init(ks, keystorePassword.toCharArray());
         } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
-            logger.warn("Keystore error, creating self-signed");
-            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
-            keyPairGenerator.initialize(4096);
-            KeyPair keyPair = keyPairGenerator.generateKeyPair();
-
-            Certificate[] chain = {generateCertificate("cn=localhost", keyPair, 365, "SHA256withRSA")};
-
-            ks = KeyStore.getInstance(KeyStore.getDefaultType());
-            ks.load(null, null);
-            ks.setKeyEntry("1", keyPair.getPrivate(), keystorePassword.toCharArray(), chain);
-            kmf = KeyManagerFactory.getInstance(KeyManagerFactory
-                    .getDefaultAlgorithm());
-            kmf.init(ks, keystorePassword.toCharArray());
+            logger.error("Keystore error", e);
         }
     }
 
@@ -80,37 +63,4 @@ public class KeystoreManager {
         return String.format("-----BEGIN RSA PUBLIC KEY-----\n%s\n-----END RSA PUBLIC KEY-----\n",
                 new String(Base64Utils.encode(getKeyPair().getPublic().getEncoded())));
     }
-    private X509Certificate generateCertificate(String dn, KeyPair keyPair, int validity, String sigAlgName) throws GeneralSecurityException, IOException {
-        PrivateKey privateKey = keyPair.getPrivate();
-
-        X509CertInfo info = new X509CertInfo();
-
-        Date from = new Date();
-        Date to = new Date(from.getTime() + validity * 1000L * 24L * 60L * 60L);
-
-        CertificateValidity interval = new CertificateValidity(from, to);
-        BigInteger serialNumber = new BigInteger(64, new SecureRandom());
-        X500Name owner = new X500Name(dn);
-        AlgorithmId sigAlgId = new AlgorithmId(AlgorithmId.sha256WithRSAEncryption_oid);
-
-        info.set(X509CertInfo.VALIDITY, interval);
-        info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(serialNumber));
-        info.set(X509CertInfo.SUBJECT, owner);
-        info.set(X509CertInfo.ISSUER, owner);
-        info.set(X509CertInfo.KEY, new CertificateX509Key(keyPair.getPublic()));
-        info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
-        info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(sigAlgId));
-
-        // Sign the cert to identify the algorithm that's used.
-        X509CertImpl certificate = new X509CertImpl(info);
-        certificate.sign(privateKey, sigAlgName);
-
-        // Update the algorith, and resign.
-        sigAlgId = (AlgorithmId) certificate.get(X509CertImpl.SIG_ALG);
-        info.set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM, sigAlgId);
-        certificate = new X509CertImpl(info);
-        certificate.sign(privateKey, sigAlgName);
-
-        return certificate;
-    }
 }