Fixed up JKS for self-signed certs. Removed it for certbot certs

JohnPreston · JohnPreston · commit 8f68e9af83c2 · 2023-02-28T08:56:07.000Z
diff --git a/ecs-files-input.json b/ecs-files-input.json
@@ -415,10 +415,6 @@
         "certificates_registry_table_region": {
           "type": "string",
           "description": "Override the top level certificates_registry_table_region"
-        },
-        "jksConfig": {
-          "$ref": "#/definitions/jksConfig",
-          "description": "Automatically creates a JKS with the retrieved certificate."
         }
       }
     }
diff --git a/ecs_files_composer/certbot_aws_store.py b/ecs_files_composer/certbot_aws_store.py
@@ -13,43 +13,15 @@
 from boto3.session import Session
 
 if TYPE_CHECKING:
-    from .input import Model, CertbotAwsStoreCertificate
+    from .input import Model
 
 from os import makedirs, path
 
-import jks as pyjks
 from certbot_aws_store.certificate import AcmeCertificate
-from OpenSSL import crypto
 
 from ecs_files_composer.common import LOG
 
 
-def create_jks_config(
-    certificate_name: str, certificate_job: CertbotAwsStoreCertificate
-):
-    with open(
-        f"{certificate_job.storage_path}/{AcmeCertificate.full_chain_file_name}"
-    ) as full_chain_fd:
-        full_chain = crypto.load_certificate(crypto.FILETYPE_PEM, full_chain_fd.read())
-    with open(
-        f"{certificate_job.storage_path}/{AcmeCertificate.private_key_file_name}"
-    ) as priv_key_fd:
-        private_key = priv_key_fd.read()
-
-    jks_path = path.abspath(
-        f"{certificate_job.storage_path}/{certificate_job.jks_config.file_name}"
-    )
-    pkey = pyjks.jks.PrivateKeyEntry.new(
-        certificate_name,
-        certs=[crypto.dump_certificate(crypto.FILETYPE_ASN1, full_chain)],
-        key=private_key,
-        key_format="rsa_raw",
-    )
-    pkey.encrypt(certificate_job.jks_config.passphrase)
-    keystore = pyjks.KeyStore.new("jks", [pkey])
-    keystore.save(jks_path, certificate_job.jks_config.passphrase)
-
-
 def process_certbot_aws_store_certificates(job: Model) -> None:
     """
     Pulls certificates from certbot-aws-store to local filesystem
@@ -83,5 +55,3 @@ def process_certbot_aws_store_certificates(job: Model) -> None:
             LOG.error(
                 "Failed to download certificate from certbot-aws-store", _hostname
             )
-        if _definition.jks_config:
-            create_jks_config(_hostname, _definition)
diff --git a/ecs_files_composer/certificates_mgmt.py b/ecs_files_composer/certificates_mgmt.py
@@ -20,7 +20,7 @@ class X509Certificate(X509CertDef):
 
     def __init__(self, **data: Any):
         super().__init__(**data)
-        self.key = None
+        self.key: crypto.PKey = None
         self.cert = None
         self.key_content = None
         self.cert_content = None
@@ -106,7 +106,7 @@ def generate_jks(self):
         pkey = pyjks.jks.PrivateKeyEntry.new(
             self.key_file_name,
             certs=[crypto.dump_certificate(crypto.FILETYPE_ASN1, self.cert)],
-            key=self.key_content,
+            key=crypto.dump_privatekey(crypto.FILETYPE_ASN1, self.key),
             key_format="rsa_raw",
         )
         pkey.encrypt(self.jks_config.passphrase)
diff --git a/ecs_files_composer/input.py b/ecs_files_composer/input.py
@@ -1,6 +1,6 @@
 # generated by datamodel-codegen:
 #   filename:  ecs-files-input.json
-#   timestamp: 2023-02-23T00:15:22+00:00
+#   timestamp: 2023-02-28T08:48:36+00:00
 
 from __future__ import annotations
 
@@ -111,11 +111,6 @@ class CertbotAwsStoreCertificate(BaseModel):
     certificates_registry_table_region: Optional[str] = Field(
         None, description="Override the top level certificates_registry_table_region"
     )
-    jks_config: Optional[JksConfig] = Field(
-        None,
-        alias="jksConfig",
-        description="Automatically creates a JKS with the retrieved certificate.",
-    )
 
 
 class CertbotStore(BaseModel):

Original file line number	Diff line number	Diff line change
`@@ -415,10 +415,6 @@`
`415`	`415`	`"certificates_registry_table_region": {`
`416`	`416`	`"type": "string",`
`417`	`417`	`"description": "Override the top level certificates_registry_table_region"`
`418`		`- },`
`419`		`- "jksConfig": {`
`420`		`- "$ref": "#/definitions/jksConfig",`
`421`		`- "description": "Automatically creates a JKS with the retrieved certificate."`
`422`	`418`	`}`
`423`	`419`	`}`
`424`	`420`	`}`