GitHub-Spring
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Allow key password to be set for a PemSslStoreBundle 

Closes gh-35983
pull/36062/head
Scott Frederick 3 years ago
parent
b645eb32ac
commit
493987fc1a
2 changed files with 41 additions and 3 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 18
      spring-boot-project/spring-boot/src/main/java/org/springframework/boot/ssl/pem/PemSslStoreBundle.java
  2. 26
      spring-boot-project/spring-boot/src/test/java/org/springframework/boot/ssl/pem/PemSslStoreBundleTests.java

18
spring-boot-project/spring-boot/src/main/java/org/springframework/boot/ssl/pem/PemSslStoreBundle.java
Unescape View File

@ -42,6 +42,8 @@ public class PemSslStoreBundle implements SslStoreBundle { @@ -42,6 +42,8 @@ public class PemSslStoreBundle implements SslStoreBundle {
private final String keyAlias;
private final String keyPassword;
/**
* Create a new {@link PemSslStoreBundle} instance.
* @param keyStoreDetails the key store details
@ -59,9 +61,22 @@ public class PemSslStoreBundle implements SslStoreBundle { @@ -59,9 +61,22 @@ public class PemSslStoreBundle implements SslStoreBundle {
*/
public PemSslStoreBundle(PemSslStoreDetails keyStoreDetails, PemSslStoreDetails trustStoreDetails,
String keyAlias) {
this(keyStoreDetails, trustStoreDetails, keyAlias, null);
}
/**
* Create a new {@link PemSslStoreBundle} instance.
* @param keyStoreDetails the key store details
* @param trustStoreDetails the trust store details
* @param keyAlias the key alias to use or {@code null} to use a default alias
* @param keyPassword the password to use for the key
*/
public PemSslStoreBundle(PemSslStoreDetails keyStoreDetails, PemSslStoreDetails trustStoreDetails, String keyAlias,
String keyPassword) {
this.keyAlias = keyAlias;
this.keyStoreDetails = keyStoreDetails;
this.trustStoreDetails = trustStoreDetails;
this.keyPassword = keyPassword;
}
@Override
@ -104,7 +119,8 @@ public class PemSslStoreBundle implements SslStoreBundle { @@ -104,7 +119,8 @@ public class PemSslStoreBundle implements SslStoreBundle {
throws KeyStoreException {
String alias = (this.keyAlias != null) ? this.keyAlias : DEFAULT_KEY_ALIAS;
if (privateKey != null) {
keyStore.setKeyEntry(alias, privateKey, null, certificates);
keyStore.setKeyEntry(alias, privateKey, (this.keyPassword != null) ? this.keyPassword.toCharArray() : null,
certificates);
}
else {
for (int index = 0; index < certificates.length; index++) {

26
spring-boot-project/spring-boot/src/test/java/org/springframework/boot/ssl/pem/PemSslStoreBundleTests.java
Unescape View File

@ -33,6 +33,8 @@ import static org.assertj.core.api.Assertions.assertThat; @@ -33,6 +33,8 @@ import static org.assertj.core.api.Assertions.assertThat;
*/
class PemSslStoreBundleTests {
private static final char[] EMPTY_KEY_PASSWORD = new char[] {};
@Test
void whenNullStores() {
PemSslStoreDetails keyStoreDetails = null;
@ -117,6 +119,18 @@ class PemSslStoreBundleTests { @@ -117,6 +119,18 @@ class PemSslStoreBundleTests {
assertThat(bundle.getTrustStore()).satisfies(storeContainingCertAndKey("PKCS12", "ssl"));
}
@Test
void whenHasKeyStoreDetailsAndTrustStoreDetailsAndKeyPassword() {
PemSslStoreDetails keyStoreDetails = PemSslStoreDetails.forCertificate("classpath:test-cert.pem")
.withPrivateKey("classpath:test-key.pem");
PemSslStoreDetails trustStoreDetails = PemSslStoreDetails.forCertificate("classpath:test-cert.pem")
.withPrivateKey("classpath:test-key.pem");
PemSslStoreBundle bundle = new PemSslStoreBundle(keyStoreDetails, trustStoreDetails, "test-alias", "keysecret");
assertThat(bundle.getKeyStore()).satisfies(storeContainingCertAndKey("test-alias", "keysecret".toCharArray()));
assertThat(bundle.getTrustStore())
.satisfies(storeContainingCertAndKey("test-alias", "keysecret".toCharArray()));
}
private Consumer<KeyStore> storeContainingCert(String keyAlias) {
return storeContainingCert(KeyStore.getDefaultType(), keyAlias);
}
@ -127,7 +141,7 @@ class PemSslStoreBundleTests { @@ -127,7 +141,7 @@ class PemSslStoreBundleTests {
assertThat(keyStore.getType()).isEqualTo(keyStoreType);
assertThat(keyStore.containsAlias(keyAlias)).isTrue();
assertThat(keyStore.getCertificate(keyAlias)).isNotNull();
assertThat(keyStore.getKey(keyAlias, new char[] {})).isNull();
assertThat(keyStore.getKey(keyAlias, EMPTY_KEY_PASSWORD)).isNull();
});
}
@ -136,12 +150,20 @@ class PemSslStoreBundleTests { @@ -136,12 +150,20 @@ class PemSslStoreBundleTests {
}
private Consumer<KeyStore> storeContainingCertAndKey(String keyStoreType, String keyAlias) {
return storeContainingCertAndKey(keyStoreType, keyAlias, EMPTY_KEY_PASSWORD);
}
private Consumer<KeyStore> storeContainingCertAndKey(String keyAlias, char[] keyPassword) {
return storeContainingCertAndKey(KeyStore.getDefaultType(), keyAlias, keyPassword);
}
private Consumer<KeyStore> storeContainingCertAndKey(String keyStoreType, String keyAlias, char[] keyPassword) {
return ThrowingConsumer.of((keyStore) -> {
assertThat(keyStore).isNotNull();
assertThat(keyStore.getType()).isEqualTo(keyStoreType);
assertThat(keyStore.containsAlias(keyAlias)).isTrue();
assertThat(keyStore.getCertificate(keyAlias)).isNotNull();
assertThat(keyStore.getKey(keyAlias, new char[] {})).isNotNull();
assertThat(keyStore.getKey(keyAlias, keyPassword)).isNotNull();
});
}

Write Preview
Loading…
Cancel
Save