revert bouncy castle to test only

Dockerfile

@@ -16,5 +16,5 @@ FROM gcr.io/distroless/java17:nonroot
 COPY --from=BUILD /opt/target/vault-crd.jar /opt/vault-crd.jar
 COPY --from=BUILD /java.security /etc/java-17-openjdk/security/java.security
 
-ENTRYPOINT ["/usr/bin/java", "-Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts", "-Djavax.net.ssl.trustStorePassword=changeit", "-Djavax.net.ssl.trustStoreType=jks"]
+ENTRYPOINT ["/usr/bin/java", "-Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts", "-Djavax.net.ssl.trustStorePassword=changeit", "-Djavax.net.ssl.trustStoreType=jks", "-Dkeystore.pkcs12.legacy"]
 CMD ["-jar", "/opt/vault-crd.jar"]

examples/pkijks.yml

@@ -5,6 +5,8 @@ metadata:
 spec:
   path: "testpki/issue/testrole"
   type: "PKIJKS"
+  jksConfiguration:
+    caAlias: CARoot
   pkiConfiguration:
     commonName: "vault.koudingspawn.de"
     ttl: "7m"

pom.xml

@@ -68,11 +68,6 @@
 			<version>2.5.4</version>
 		</dependency>
 
-		<dependency>
-			<groupId>org.bouncycastle</groupId>
-			<artifactId>bcpkix-jdk15on</artifactId>
-			<version>1.58</version>
-		</dependency>
 
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
@@ -85,6 +80,12 @@
 			<version>2.17.0</version>
 			<scope>test</scope>
 		</dependency>
+		<dependency>
+			<groupId>org.bouncycastle</groupId>
+			<artifactId>bcpkix-jdk15on</artifactId>
+			<version>1.58</version>
+			<scope>test</scope>
+		</dependency>
 
 		<dependency>
 			<groupId>org.junit.vintage</groupId>

src/main/java/de/koudingspawn/vault/VaultApplication.java

@@ -1,18 +1,14 @@
 package de.koudingspawn.vault;
 
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.scheduling.annotation.EnableScheduling;
 
-import java.security.Security;
-
 @SpringBootApplication
 @EnableScheduling
 public class VaultApplication {
 
-	public static void main(String[] args) {
-		Security.addProvider(new BouncyCastleProvider());
-		SpringApplication.run(VaultApplication.class, args);
-	}
+    public static void main(String[] args) {
+        SpringApplication.run(VaultApplication.class, args);
+    }
 }

src/main/java/de/koudingspawn/vault/vault/impl/SharedVaultResponseMapper.java

@@ -6,7 +6,6 @@
 import de.koudingspawn.vault.vault.VaultSecret;
 import de.koudingspawn.vault.vault.communication.SecretNotAccessibleException;
 import de.koudingspawn.vault.vault.impl.pki.VaultResponseData;
-import org.bouncycastle.jcajce.PKCS12StoreParameter;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
 import org.springframework.util.StringUtils;
@@ -82,11 +81,9 @@ private String getKey(VaultResponseData responseData) {
     }
 
     VaultSecret mapJks(VaultResponseData data, VaultJKSConfiguration jksConfiguration, VaultType type) throws SecretNotAccessibleException {
-
         try {
-            KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(getPassword(jksConfiguration).toCharArray(), "HmacPBESHA1", null);
-            KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
-            keyStore.load(() -> passwordProtection);
+            KeyStore keyStore = KeyStore.getInstance("PKCS12");
+            keyStore.load(null, null);
 
             Certificate[] publicKeyList = getPublicKey(data.getCertificate());
 
@@ -104,7 +101,7 @@ VaultSecret mapJks(VaultResponseData data, VaultJKSConfiguration jksConfiguratio
             }
 
             ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
-            keyStore.store(new PKCS12StoreParameter(outputStream, passwordProtection));
+            keyStore.store(outputStream, getPassword(jksConfiguration).toCharArray());
             String b64KeyStore = Base64.getEncoder().encodeToString(outputStream.toByteArray());
 
             HashMap<String, String> secretData = new HashMap<>() {{