From b70ac99bcbbe1abdb966b69d894a609960f366e7 Mon Sep 17 00:00:00 2001
From: Martin Greber <martin.greber@gmail.com>
Date: Mon, 11 Sep 2017 23:02:35 +1000
Subject: [PATCH] Added keystore type and truststore type to rabbit properties

See gh-10251
---
 .../amqp/RabbitAutoConfiguration.java         |   6 ++
 .../autoconfigure/amqp/RabbitProperties.java  |  26 +++++++
 .../amqp/RabbitAutoConfigurationTests.java    |  73 ++++++++++++++++--
 .../boot/autoconfigure/amqp/test.jks          | Bin 0 -> 1294 bytes
 .../appendix-application-properties.adoc      |   2 +
 5 files changed, 101 insertions(+), 6 deletions(-)
 create mode 100644 spring-boot-autoconfigure/src/test/resources/org/springframework/boot/autoconfigure/amqp/test.jks

diff --git a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/amqp/RabbitAutoConfiguration.java b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/amqp/RabbitAutoConfiguration.java
index 0ea5a3e4e3f..2b849b50663 100644
--- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/amqp/RabbitAutoConfiguration.java
+++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/amqp/RabbitAutoConfiguration.java
@@ -113,8 +113,14 @@ public class RabbitAutoConfiguration {
 				if (ssl.getAlgorithm() != null) {
 					factory.setSslAlgorithm(ssl.getAlgorithm());
 				}
+				if (ssl.getKeyStoreType() != null) {
+					factory.setKeyStoreType(ssl.getKeyStoreType());
+				}
 				factory.setKeyStore(ssl.getKeyStore());
 				factory.setKeyStorePassphrase(ssl.getKeyStorePassword());
+				if (ssl.getTrustStoreType() != null) {
+					factory.setTrustStoreType(ssl.getTrustStoreType());
+				}
 				factory.setTrustStore(ssl.getTrustStore());
 				factory.setTrustStorePassphrase(ssl.getTrustStorePassword());
 			}
diff --git a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/amqp/RabbitProperties.java b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/amqp/RabbitProperties.java
index 66e7f483be5..2b57df1cd15 100644
--- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/amqp/RabbitProperties.java
+++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/amqp/RabbitProperties.java
@@ -314,6 +314,11 @@ public class RabbitProperties {
 		 */
 		private String keyStore;
 
+		/**
+		 * Set the key store type (jks, pkcs12, etc).
+		 */
+		private String keyStoreType;
+
 		/**
 		 * Password used to access the key store.
 		 */
@@ -324,6 +329,11 @@ public class RabbitProperties {
 		 */
 		private String trustStore;
 
+		/**
+		 * Set the trust store type (jks, pkcs12, etc).
+		 */
+		private String trustStoreType;
+
 		/**
 		 * Password used to access the trust store.
 		 */
@@ -351,6 +361,14 @@ public class RabbitProperties {
 			this.keyStore = keyStore;
 		}
 
+		public String getKeyStoreType() {
+			return this.keyStoreType;
+		}
+
+		public void setKeyStoreType(String keyStoreType) {
+			this.keyStoreType = keyStoreType;
+		}
+
 		public String getKeyStorePassword() {
 			return this.keyStorePassword;
 		}
@@ -367,6 +385,14 @@ public class RabbitProperties {
 			this.trustStore = trustStore;
 		}
 
+		public String getTrustStoreType() {
+			return this.trustStoreType;
+		}
+
+		public void setTrustStoreType(String trustStoreType) {
+			this.trustStoreType = trustStoreType;
+		}
+
 		public String getTrustStorePassword() {
 			return this.trustStorePassword;
 		}
diff --git a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/amqp/RabbitAutoConfigurationTests.java b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/amqp/RabbitAutoConfigurationTests.java
index 9132448dc81..782c426b280 100644
--- a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/amqp/RabbitAutoConfigurationTests.java
+++ b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/amqp/RabbitAutoConfigurationTests.java
@@ -16,6 +16,8 @@
 
 package org.springframework.boot.autoconfigure.amqp;
 
+import java.security.NoSuchAlgorithmException;
+
 import javax.net.SocketFactory;
 import javax.net.ssl.SSLSocketFactory;
 
@@ -540,21 +542,80 @@ public class RabbitAutoConfigurationTests {
 
 	@Test
 	// Make sure that we at least attempt to load the store
-	public void enableSslWithExtraConfig() {
-		this.contextRunner.withUserConfiguration(TestConfiguration.class)
+	public void enableSslWithNonexistingKeystoreShouldFail() {
+		this.contextRunner
+				.withUserConfiguration(TestConfiguration.class)
 				.withPropertyValues("spring.rabbitmq.ssl.enabled:true",
 						"spring.rabbitmq.ssl.keyStore=foo",
-						"spring.rabbitmq.ssl.keyStorePassword=secret",
+						"spring.rabbitmq.ssl.keyStorePassword=secret")
+				.run(context -> {
+					assertThat(context).hasFailed();
+					assertThat(context).getFailure().hasMessageContaining("foo");
+					assertThat(context).getFailure().hasMessageContaining("does not exist");
+				});
+	}
+
+	@Test
+	// Make sure that we at least attempt to load the store
+	public void enableSslWithNonexistingTruststoreShouldFail() {
+		this.contextRunner
+				.withUserConfiguration(TestConfiguration.class)
+				.withPropertyValues(
+						"spring.rabbitmq.ssl.enabled:true",
 						"spring.rabbitmq.ssl.trustStore=bar",
 						"spring.rabbitmq.ssl.trustStorePassword=secret")
 				.run((context) -> {
 					assertThat(context).hasFailed();
-					assertThat(context).getFailure().hasMessageContaining("foo");
-					assertThat(context).getFailure()
-							.hasMessageContaining("does not exist");
+					assertThat(context).getFailure().hasMessageContaining("bar");
+					assertThat(context).getFailure().hasMessageContaining("does not exist");
 				});
 	}
 
+	@Test
+	public void enableSslWithInvalidKeystoreTypeShouldFail() throws Exception {
+		this.contextRunner
+				.withUserConfiguration(TestConfiguration.class)
+				.withPropertyValues(
+						"spring.rabbitmq.ssl.enabled:true",
+						"spring.rabbitmq.ssl.keyStore=foo",
+						"spring.rabbitmq.ssl.keyStoreType=fooType")
+				.run(context -> {
+					assertThat(context).hasFailed();
+					assertThat(context).getFailure().hasMessageContaining("fooType");
+					assertThat(context).getFailure().hasRootCauseInstanceOf(NoSuchAlgorithmException.class);
+				});
+	}
+
+	@Test
+	public void enableSslWithInvalidTruststoreTypeShouldFail() throws Exception {
+		this.contextRunner
+				.withUserConfiguration(TestConfiguration.class)
+				.withPropertyValues(
+						"spring.rabbitmq.ssl.enabled:true",
+						"spring.rabbitmq.ssl.trustStore=bar",
+						"spring.rabbitmq.ssl.trustStoreType=barType")
+				.run(context -> {
+					assertThat(context).hasFailed();
+					assertThat(context).getFailure().hasMessageContaining("barType");
+					assertThat(context).getFailure().hasRootCauseInstanceOf(NoSuchAlgorithmException.class);
+				});
+	}
+
+	@Test
+	public void enableSslWithKeystoreTypeAndTrustStoreTypeShouldWork() throws Exception {
+		this.contextRunner
+				.withUserConfiguration(TestConfiguration.class)
+				.withPropertyValues(
+						"spring.rabbitmq.ssl.enabled:true",
+						"spring.rabbitmq.ssl.keyStore=/org/springframework/boot/autoconfigure/amqp/test.jks",
+						"spring.rabbitmq.ssl.keyStoreType=jks",
+						"spring.rabbitmq.ssl.keyStorePassword=secret",
+						"spring.rabbitmq.ssl.trustStore=/org/springframework/boot/autoconfigure/amqp/test.jks",
+						"spring.rabbitmq.ssl.trustStoreType=jks",
+						"spring.rabbitmq.ssl.trustStorePassword=secret")
+				.run(context -> assertThat(context).hasNotFailed());
+	}
+
 	private com.rabbitmq.client.ConnectionFactory getTargetConnectionFactory(
 			AssertableApplicationContext context) {
 		CachingConnectionFactory connectionFactory = context
diff --git a/spring-boot-autoconfigure/src/test/resources/org/springframework/boot/autoconfigure/amqp/test.jks b/spring-boot-autoconfigure/src/test/resources/org/springframework/boot/autoconfigure/amqp/test.jks
new file mode 100644
index 0000000000000000000000000000000000000000..8413be810956262d0da0387e8781fc4d27f6b027
GIT binary patch
literal 1294
zcmezO_TO6u1_mY|W&~r_+{*0KN+2&TwQlnkAl+}!#Mo`X$Ht}2#>m2`#U#kc$jZRd
z#8^J5!~Wmp7|YE9c_o202CEfvPJAt&F-z+E+Y5Je-P@SM3x!M{?<`L$d7kPy>HgY<
z0rl+7ddFPf9_^UC?)~PM8U_ciTzNlZu6ENGso!d;PtM$lt<~ROC~|P;oYPIU`ifCm
z3xrl>nF}qFRax}#!Gf-mKc9ryWTqXD5RA>>WDIzayKC#wV=9~F(x>fBQsZQ6{U|+U
z!WW$>x*Dgfn4=QHB86`zaB53NZvW1sG()7e{`<U!S?8zCS9z5CW6v$FyNvpa>TIV!
z&3V4Ogyo;agqT?@rcV<jL#tUeZw9W-J`kJyeuA8BvZmfzLn+VcqDAwji7ix8`;_3Y
zY2n_+uW^g_$Vn8*UJ*I{Q0Z-4lYgK&%j@7dhc<^knH@Y;y<I`?L&Li49M)R~$$_aQ
z?=JfJC@rpBmV4^(%rioF|4sA%^toN((EI)pu16ocyA5q-DBibbT=zBh#lh8v*$=D}
z&Ph7z6xNH`o?NqG*_mGMMG6Iqv-^bJ_1?ej-0|eOcM~L*BJ@lREEyP>Ee)EOO%0lu
zJ}+QqVq{`s(UY*NH{fPt*J|@PXTieE%3zRVC;*H-=1>+kVfN6x?7aN)JeUXvh6p=`
z2p5J3H--o^T*N?5oY&CYz!C_}4NXl=qCi|jBLfR4m(H$fV%z~ty*jYqU<7jHnHn1z
z{?-RK%9aXg2Hp3Xqxa^?^KXLNgKXZrFdUY%Z`c;7mgySnpcME!(zZ9^*Z!klcNu&;
zJv%h#dZTrNtV#Z-w1n;1GXs_`nLqypOSOQ~A^+Vgum9VAO!|j)`14~cmWlGS{BHhs
z`Ka7sCesk%D6xq~-%3BP(@wmu_5PC*v*g^19*oDCL>Z<h1oVq4bD!BXX=l@-*Dc&1
zB4oaToc8_Ug4S!ZZSS4lvpU9XNBGXlDeHItvU=6@Gu(&Umc1!GFfzPv*Of^BXNBwn
zjSX8o#R`>Q_-Kd;Z$Hmz)N^9lLmRQG?vR>ZjR%X@$!Tw1Ryr|naXt4hMbo5@zmuvM
zRjkh}`M7UI;DpW<&G#QhJ)O@ssXHyMp*mDGh0(|Q-+50h=EhbAkUKiu|LR|O{i|~8
zG#9?b`_jG2zRtb(d;J9c=WfRw1SLMc;#t4^)bdH$I%1_8mU!~AelPGZ&F0$q@R`9O
zTlJYe_wAPLtUcO4Q%WhRoN3F19Qh9Ow1TBSOuwH0IP>TZsa20}Jy&_$o4sju^m418
zzVifG8;&#`T)}fG(e3OcJ!7?pmWGQJ4de}Ef$3J3k420{WPN8vSnXA<!mrme*PZ?L
z%*nN-o*N~dGwU-L=rD<B6q$wY7vp-IX<fc$#jEHOx8F_kXA-d~+AFiYeA~YN+1I~b
he<go)d!F{}Lp97Id)QjtHUveOI|oSiZN4wW002kI0+Ij#

literal 0
HcmV?d00001

diff --git a/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc b/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc
index a23ce5c6060..3e5e7acf3cb 100644
--- a/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc
+++ b/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc
@@ -1051,8 +1051,10 @@ content into your application; rather pick only the properties that you need.
 	spring.rabbitmq.requested-heartbeat= # Requested heartbeat timeout, in seconds; zero for none.
 	spring.rabbitmq.ssl.enabled=false # Enable SSL support.
 	spring.rabbitmq.ssl.key-store= # Path to the key store that holds the SSL certificate.
+	spring.rabbitmq.ssl.key-store-type= # Type of key store (jks, pkcs12,..). Defaults to pkcs12 if not set
 	spring.rabbitmq.ssl.key-store-password= # Password used to access the key store.
 	spring.rabbitmq.ssl.trust-store= # Trust store that holds SSL certificates.
+	spring.rabbitmq.ssl.trust-store-type= # Type of trust store (jks, pkcs12,..). Defaults to jks if not set
 	spring.rabbitmq.ssl.trust-store-password= # Password used to access the trust store.
 	spring.rabbitmq.ssl.algorithm= # SSL algorithm to use. By default configure by the rabbit client library.
 	spring.rabbitmq.template.mandatory=false # Enable mandatory messages.