From 258c6f116a24f107ba1eb06420d8be1cff1ff36e Mon Sep 17 00:00:00 2001
From: Vladimir Tsanev <tsachev@gmail.com>
Date: Thu, 11 Sep 2014 01:20:03 +0300
Subject: [PATCH] Add store type and store provider properties to SSL
 configuration

Closes gh-1545
---
 .../appendix-application-properties.adoc      |   4 ++
 .../boot/context/embedded/Ssl.java            |  40 ++++++++++++++++++
 .../JettyEmbeddedServletContainerFactory.java |  12 ++++++
 ...TomcatEmbeddedServletContainerFactory.java |  12 ++++++
 ...tEmbeddedServletContainerFactoryTests.java |  40 ++++++++++++++++++
 spring-boot/src/test/resources/test.p12       | Bin 0 -> 2336 bytes
 6 files changed, 108 insertions(+)
 create mode 100644 spring-boot/src/test/resources/test.p12

diff --git a/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc b/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc
index e9b0bba440f..1f08b411959 100644
--- a/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc
+++ b/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc
@@ -61,9 +61,13 @@ content into your application; rather pick only the properties that you need.
 	server.ssl.key-password=
 	server.ssl.key-store=
 	server.ssl.key-store-password=
+	server.ssl.key-store-provider=
+	server.ssl.key-store-type=
 	server.ssl.protocol=TLS
 	server.ssl.trust-store=
 	server.ssl.trust-store-password=
+	server.ssl.trust-store-provider=
+	server.ssl.trust-store-type=
 	server.tomcat.access-log-pattern= # log pattern of the access log
 	server.tomcat.access-log-enabled=false # is access logging enabled
 	server.tomcat.protocol-header=x-forwarded-proto # ssl forward headers
diff --git a/spring-boot/src/main/java/org/springframework/boot/context/embedded/Ssl.java b/spring-boot/src/main/java/org/springframework/boot/context/embedded/Ssl.java
index b8726771434..1bed8222221 100644
--- a/spring-boot/src/main/java/org/springframework/boot/context/embedded/Ssl.java
+++ b/spring-boot/src/main/java/org/springframework/boot/context/embedded/Ssl.java
@@ -36,10 +36,18 @@ public class Ssl {
 
 	private String keyStorePassword;
 
+	private String keyStoreType;
+
+	private String keyStoreProvider;
+
 	private String trustStore;
 
 	private String trustStorePassword;
 
+	private String trustStoreType;
+
+	private String trustStoreProvider;
+
 	private String protocol = "TLS";
 
 	public ClientAuth getClientAuth() {
@@ -90,6 +98,22 @@ public class Ssl {
 		this.keyStorePassword = keyStorePassword;
 	}
 
+	public String getKeyStoreType() {
+		return this.keyStoreType;
+	}
+
+	public void setKeyStoreType(String keyStoreType) {
+		this.keyStoreType = keyStoreType;
+	}
+
+	public String getKeyStoreProvider() {
+		return this.keyStoreProvider;
+	}
+
+	public void setKeyStoreProvider(String keyStoreProvider) {
+		this.keyStoreProvider = keyStoreProvider;
+	}
+
 	public String getTrustStore() {
 		return this.trustStore;
 	}
@@ -106,6 +130,22 @@ public class Ssl {
 		this.trustStorePassword = trustStorePassword;
 	}
 
+	public String getTrustStoreType() {
+		return this.trustStoreType;
+	}
+
+	public void setTrustStoreType(String trustStoreType) {
+		this.trustStoreType = trustStoreType;
+	}
+
+	public String getTrustStoreProvider() {
+		return this.trustStoreProvider;
+	}
+
+	public void setTrustStoreProvider(String trustStoreProvider) {
+		this.trustStoreProvider = trustStoreProvider;
+	}
+
 	public String getProtocol() {
 		return this.protocol;
 	}
diff --git a/spring-boot/src/main/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactory.java b/spring-boot/src/main/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactory.java
index 5268dc1ee5d..8e228cedf68 100644
--- a/spring-boot/src/main/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactory.java
+++ b/spring-boot/src/main/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactory.java
@@ -175,6 +175,12 @@ public class JettyEmbeddedServletContainerFactory extends
 			throw new EmbeddedServletContainerException("Could not find key store '"
 					+ ssl.getKeyStore() + "'", ex);
 		}
+		if (ssl.getKeyStoreType() != null) {
+			factory.setKeyStoreType(ssl.getKeyStoreType());
+		}
+		if (ssl.getKeyStoreProvider() != null) {
+			factory.setKeyStoreProvider(ssl.getKeyStoreProvider());
+		}
 	}
 
 	private void configureSslTrustStore(SslContextFactory factory, Ssl ssl) {
@@ -191,6 +197,12 @@ public class JettyEmbeddedServletContainerFactory extends
 						"Could not find trust store '" + ssl.getTrustStore() + "'", ex);
 			}
 		}
+		if (ssl.getTrustStoreType() != null) {
+			factory.setTrustStoreType(ssl.getTrustStoreType());
+		}
+		if (ssl.getTrustStoreProvider() != null) {
+			factory.setTrustStoreProvider(ssl.getTrustStoreProvider());
+		}
 	}
 
 	/**
diff --git a/spring-boot/src/main/java/org/springframework/boot/context/embedded/tomcat/TomcatEmbeddedServletContainerFactory.java b/spring-boot/src/main/java/org/springframework/boot/context/embedded/tomcat/TomcatEmbeddedServletContainerFactory.java
index b1385094679..51fa948a82e 100644
--- a/spring-boot/src/main/java/org/springframework/boot/context/embedded/tomcat/TomcatEmbeddedServletContainerFactory.java
+++ b/spring-boot/src/main/java/org/springframework/boot/context/embedded/tomcat/TomcatEmbeddedServletContainerFactory.java
@@ -290,6 +290,12 @@ public class TomcatEmbeddedServletContainerFactory extends
 			throw new EmbeddedServletContainerException("Could not find key store "
 					+ ssl.getKeyStore(), ex);
 		}
+		if (ssl.getKeyStoreType() != null) {
+			protocol.setKeystoreType(ssl.getKeyStoreType());
+		}
+		if (ssl.getKeyStoreProvider() != null) {
+			protocol.setKeystoreProvider(ssl.getKeyStoreProvider());
+		}
 	}
 
 	private void configureSslTrustStore(AbstractHttp11JsseProtocol<?> protocol, Ssl ssl) {
@@ -304,6 +310,12 @@ public class TomcatEmbeddedServletContainerFactory extends
 			}
 		}
 		protocol.setTruststorePass(ssl.getTrustStorePassword());
+		if (ssl.getTrustStoreType() != null) {
+			protocol.setTruststoreType(ssl.getTrustStoreType());
+		}
+		if (ssl.getTrustStoreProvider() != null) {
+			protocol.setTruststoreProvider(ssl.getTrustStoreProvider());
+		}
 	}
 
 	/**
diff --git a/spring-boot/src/test/java/org/springframework/boot/context/embedded/AbstractEmbeddedServletContainerFactoryTests.java b/spring-boot/src/test/java/org/springframework/boot/context/embedded/AbstractEmbeddedServletContainerFactoryTests.java
index 74bbd7aab93..2850624d4dd 100644
--- a/spring-boot/src/test/java/org/springframework/boot/context/embedded/AbstractEmbeddedServletContainerFactoryTests.java
+++ b/spring-boot/src/test/java/org/springframework/boot/context/embedded/AbstractEmbeddedServletContainerFactoryTests.java
@@ -341,6 +341,46 @@ public abstract class AbstractEmbeddedServletContainerFactoryTests {
 				equalTo("test"));
 	}
 
+	@Test
+	public void pkcs12KeyStoreAndTrustStore() throws Exception {
+		FileCopyUtils.copy("test",
+				new FileWriter(this.temporaryFolder.newFile("test.txt")));
+
+		AbstractEmbeddedServletContainerFactory factory = getFactory();
+		factory.setDocumentRoot(this.temporaryFolder.getRoot());
+
+		Ssl ssl = new Ssl();
+		ssl.setKeyStore("src/test/resources/test.p12");
+		ssl.setKeyStorePassword("secret");
+		ssl.setKeyStoreType("pkcs12");
+		ssl.setTrustStore("src/test/resources/test.p12");
+		ssl.setTrustStorePassword("secret");
+		ssl.setTrustStoreType("pkcs12");
+		ssl.setClientAuth(ClientAuth.NEED);
+		factory.setSsl(ssl);
+
+		this.container = factory.getEmbeddedServletContainer();
+		this.container.start();
+
+		KeyStore keyStore = KeyStore.getInstance("pkcs12");
+		keyStore.load(new FileInputStream(new File("src/test/resources/test.p12")),
+				"secret".toCharArray());
+
+		SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
+				new SSLContextBuilder()
+						.loadTrustMaterial(null, new TrustSelfSignedStrategy())
+						.loadKeyMaterial(keyStore, "secret".toCharArray()).build());
+
+		HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory)
+				.build();
+
+		HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(
+				httpClient);
+
+		assertThat(getResponse(getLocalUrl("https", "/test.txt"), requestFactory),
+				equalTo("test"));
+	}
+
 	@Test
 	public void sslNeedsClientAuthenticationSucceedsWithClientCertificate()
 			throws Exception {
diff --git a/spring-boot/src/test/resources/test.p12 b/spring-boot/src/test/resources/test.p12
new file mode 100644
index 0000000000000000000000000000000000000000..5726ff02f4bec25e4f8cab48aa6f300694ec010e
GIT binary patch
literal 2336
zcmZXUcTf`u8pYE|Lhma|QIuX16qa@@RVh-X*8tLmAjQzd&<t%^BtfJY5FtPWlo~W4
z2tp9)C?W`gf+9t!;zD5AnY-JYx%uYJH}l@i`|tNqc*H3X5RAgZ7hnj5bkp=7+&~T>
z84n+a;Nio^_5cbG4)`a6k?~;XW6K@{1ROuhe-a?-6b$+A2Cm~q9tb?g`eL(8AbSb~
zf&-HAU@4!5v2>nz&p&M_l@Zd(aBv<!I@xiD&rzwNvZDrmY7=hW?beonyS*DKbaY9~
zf4x?s+VCJFmBZ%377nPrYVp<rmE17LgXLDy3WJ;jw}`*|MloW<Q)!r6q2p^N39nR?
zel-7dvnZr5@3icPPHatDk7+n>lct9$7PnbahqnEbcln3h`DNbsUzni*b_YAo*|?hL
z`78Jda%ysM#wzLTtjc|D0kKV0R5k?&Plr-e<m9uw`b83^AC{!<*ZTfkVCaue=QPGt
zR^^SK@@huPMVAtX$A%q(uEo#)W@{Dc$|EqFrJNe{Xfy;KXCJqn6ex&omj&W=FQCq{
zJn;8&FN%)c<!8>GWRVn+MMpErBZXB92iMs<J#*8!vZ<v&vzfGJx+Xlyk5BL?$Y40{
z!|9R$CNKM^6wgG-PMv0hr^p>~)ia2Uegoq>XA|zxUp1{XlWt33QwH*Seq0bcyEA$s
z>an9^a!Tp^nGY<Pb}>_fjnN=4Em~?QE`!^pzxD|GBymz<Q9KK+_zdOSa=6hP9j%_$
zH;^hKxmTxb%Sqtf7cP7`6gHUi=m$q!iBh4Db$hZ8p=PU|>0Jc#rKNHGh5>Zwn-2@D
z3aYIfPzVOWyhHjQ0Zf6nBh*|$qqZnwq|^;U1a!^9PjbezoT!KH+LISHeZEZHW<aw;
z2lYzqWHe$GYxlEYp9}(2qZ$i(x|BAtX@|YYE=%iH<P^tzSVb0lT089S8MV8wl3rEc
zl@sSD^`#d098eA~S#3__JkoX-H7!#kLXg50+4C=1&>L35-dc<g<VPx)=eNI)L^Vsl
zN&OKnZVz6gbfd<Hn)@X7n(FmRA|E};MCz>*sNpZqIVc@mk{lbq_3V@Iu7gDN?M5+j
zM6YWSQTJ2P;?uA%`&w$%dAmJvJZhA&Ex9@`LqV*q_vxat{z)yNOWFtT9}LQn#@Z6E
zNe$wIwdqHgP{P(TY@oHdgyCcNmEh&7`;n(aTIzEJt39jFxjn&JIVJDI`7GX?pUk}l
zwIe&o2}S6efW+V8%I_;AXY8OmoZNWgvQc=b`~Lt%#zQS3c&OR2ZE`FF80UZRLIOc#
zJY*e(hkX5i>b}vdH_(W5$G@qA;32HXzp8aF;5hTplF{TP(YCnwAO-&AtS?g#*vYvw
zyjf3vk-f-4Oat2$`W8>@bcAoM-t<u@i%Tq*Hyz%zEQFf$Ar;9~mq>S+hZ7*{hwUQj
zLz^&*Zu*o+T|r?AY+l)U^_J&z*lORCsc~LOHOD0`Upn0DM4)-=l=;o0&x)e}Wu<1w
zFBBYY-=TN2k5l=#+4Z<0Azf$|_WEnb&!biORXLu>R--Plw3N9Mt`41r<s?+k+O^&!
z3m7t~exQ<xbic1|*qQB!5|cfD#T)8wlrra=e~PhqeXc6e9W+zk(B#$5NOP0?j_Q<a
zn#v@ZT5$`?S0+R@Ec*YseaNSHg<an$NfDh8jCWTaQtvRViNkxR3m9_(j`(nwhe=1!
z_i(ym2VLM0wD^vm@i9<F!8ItPKyWtN^Qg9%85ud;w&A2k?2R}dX>Bk*b)#!9wxCeB
zGiJ7~am@H6=Ydwz)7t3!CaxFFc$vU`113wZ&BZ<#|FCR{+;y}vrAp+sez)`nb2UB1
zIjMV}FI{(hC^!d^VN=xo1mWOy{e#VUhEM*Lf3exUE{;xBcixx07GmJ5OGS6DGJ<Ay
zhelNeuC}j_SP^ahz$&J*2>MR}R9g|TJC}i;toJ*6PR#6I7xM>#3%oZT7{`9~3(x%Q
zL9q;%L<n2N`_KsN;2))`*QcC3p9WH1L%z$&S4he#Wm#0B?aD?HHshXKHp*)i^}?Lw
zgHxoNUV8eGCb({rbEx3wSHyQ{=Nbw*`()Y6KJ{kdO78pSg&N@87=_u08viw`%7x-$
zZUpUX#~N6d8Hm2MVq6!~QzJzGI)Z%6AB+%Mg13JwTG`dR&#{FziGuOHo_SD7Ba$<7
z&Rsd%dFbTz(a0qvN&S0sz5j#ya=<DJV?nYj*0Ztrl1<<;lc(WmOJimJFwX|2{}x6S
zp=OnMm1q@CBF4|I?1O0~Iy|jTCSe<@Cv(zfG%T0OyIWbhjTx6u+G&zUtU6Y`H|>LT
zG}zppdw<kW-~28eA3d|G>hy}L+#i#xeR#9`+P28-g&sK{n_?qY#J7bcYDjQnT|jJ*
zgwYoStET5&h+RPr%mY@@I)B;l1Mg7aCF80r(}cWl*_qh&8+jl3Dl`Z!-#J9}!e=Jj
zI7anjC(XFpfK(g$gN*Z3p`7(5MtZ;0<&%M$T2r+lE_qaE@v~`|KXI;$%O0ZNH2=8!
z;B;x1*M<g8d@CTozA@olFUv5s4SIr8KwT@2b!o2N&zZ`^c5O@FGmJpqaVt&?JHci6
zS(*|P!zk5&6G}CDeXFWDGBtmOP8e)=#iI2tFJSpnDmPm;UVJpWh55Z{V}RI8(Gh$_
z{~Qr6JCI*yQvI%reFy$<ry{`by;i_{N`8qMYn+V%iPRk0XT0cxc<8`^QC~jk2I{@g
zk+Kq4m~7OR*1<}?Cgi4K?%S*{+pcwbNgO7!Y)xWG&X|x^xeoQE%{_&>6>IeXJJmUm
zY}3%|b~i2c4@x-K>Xa9gW1YOymeuYV-~A?ikE-I0DcI7<X%#z$CwmYW{WzVO>CY?s
ztg~hDx~g(X&vwZqgJc4T-}C5S^w18!w)^nqyzHai$o+&m;opOnHCA!&fX{Gs255cM
ziT|!6LI}+zfdm8t`~XqM7mJeqClW@BK!oh<lR>Q2d+mq$rIu=L6@x7hxFHISI*mfW
upo%<TkQfvI5yH^YhaIOq0;gOU*k5WEjc3Bd+#&Fz-hsF2d!tf+59nXztWUE5

literal 0
HcmV?d00001