GitHub-Spring
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Use empty key-store-password if storeprovider present 

For tomcat, if an SslStoreProvider is configured,
`SslStoreProviderUrlStreamHandlerFactory` stores the keyStore with an
empty password. Previously, if a password was supplied using the
ssl.key-store-password property, that would be the password used to
load the keystore and the connector would fail with a
"Password verification failed" exception.

Fixes gh-11391
pull/12960/head
Madhura Bhave 8 years ago
parent
a5f3f36b58
commit
877c4f702e
2 changed files with 17 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizer.java
  2. 16
      spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizerTests.java

1
spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizer.java
Unescape View File

@ -113,6 +113,7 @@ class SslConnectorCustomizer implements TomcatConnectorCustomizer { @@ -113,6 +113,7 @@ class SslConnectorCustomizer implements TomcatConnectorCustomizer {
new SslStoreProviderUrlStreamHandlerFactory(sslStoreProvider));
try {
if (sslStoreProvider.getKeyStore() != null) {
protocol.setKeystorePass("");
protocol.setKeystoreFile(SslStoreProviderUrlStreamHandlerFactory.KEY_STORE_URL);
}
if (sslStoreProvider.getTrustStore() != null) {

16
spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizerTests.java
Unescape View File

@ -24,6 +24,7 @@ import java.security.KeyStoreException; @@ -24,6 +24,7 @@ import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import org.apache.catalina.LifecycleState;
import org.apache.catalina.connector.Connector;
import org.apache.catalina.startup.Tomcat;
import org.apache.catalina.webresources.TomcatURLStreamHandlerFactory;
@ -154,6 +155,21 @@ public class SslConnectorCustomizerTests { @@ -154,6 +155,21 @@ public class SslConnectorCustomizerTests {
assertThat(sslHostConfig.getCertificateKeystoreFile()).contains(sslHostConfigWithDefaults.getCertificateKeystoreFile());
}
@Test
public void customizeWhenSslStoreProviderPresentShouldIgnorePasswordFromSsl() throws Exception {
Ssl ssl = new Ssl();
ssl.setKeyPassword("password");
ssl.setKeyStorePassword("secret");
SslStoreProvider sslStoreProvider = mock(SslStoreProvider.class);
given(sslStoreProvider.getTrustStore()).willReturn(loadStore());
given(sslStoreProvider.getKeyStore()).willReturn(loadStore());
SslConnectorCustomizer customizer = new SslConnectorCustomizer(ssl, sslStoreProvider);
Connector connector = this.tomcat.getConnector();
customizer.customize(connector);
this.tomcat.start();
assertThat(connector.getState()).isEqualTo(LifecycleState.STARTED);
}
private KeyStore loadStore() throws KeyStoreException, IOException,
NoSuchAlgorithmException, CertificateException {
KeyStore keyStore = KeyStore.getInstance("JKS");

Write Preview
Loading…
Cancel
Save