Honour SSL key and trust store providers when configuring Netty

Closes spring-projectsgh-14714
anshuman-mor · Oct 8, 2018 · 5d3f30e · 5d3f30e
1 parent d6d59ed
commit 5d3f30e
Show file tree

Hide file tree

Showing 2 changed files with 79 additions and 7 deletions.
diff --git a/...g-boot/src/main/java/org/springframework/boot/web/embedded/netty/SslServerCustomizer.java b/...g-boot/src/main/java/org/springframework/boot/web/embedded/netty/SslServerCustomizer.java
@@ -97,8 +97,8 @@ private KeyStore getKeyStore(Ssl ssl, SslStoreProvider sslStoreProvider)
 		if (sslStoreProvider != null) {
 			return sslStoreProvider.getKeyStore();
 		}
-		return loadKeyStore(ssl.getKeyStoreType(), ssl.getKeyStore(),
-				ssl.getKeyStorePassword());
+		return loadKeyStore(ssl.getKeyStoreType(), ssl.getKeyStoreProvider(),
+				ssl.getKeyStore(), ssl.getKeyStorePassword());
 	}
 
 	protected TrustManagerFactory getTrustManagerFactory(Ssl ssl,
@@ -120,17 +120,18 @@ private KeyStore getTrustStore(Ssl ssl, SslStoreProvider sslStoreProvider)
 		if (sslStoreProvider != null) {
 			return sslStoreProvider.getTrustStore();
 		}
-		return loadKeyStore(ssl.getTrustStoreType(), ssl.getTrustStore(),
-				ssl.getTrustStorePassword());
+		return loadKeyStore(ssl.getTrustStoreType(), ssl.getTrustStoreProvider(),
+				ssl.getTrustStore(), ssl.getTrustStorePassword());
 	}
 
-	private KeyStore loadKeyStore(String type, String resource, String password)
-			throws Exception {
+	private KeyStore loadKeyStore(String type, String provider, String resource,
+			String password) throws Exception {
 		type = (type != null) ? type : "JKS";
 		if (resource == null) {
 			return null;
 		}
-		KeyStore store = KeyStore.getInstance(type);
+		KeyStore store = (provider != null) ? KeyStore.getInstance(type, provider)
+				: KeyStore.getInstance(type);
 		URL url = ResourceUtils.getURL(resource);
 		store.load(url.openStream(), (password != null) ? password.toCharArray() : null);
 		return store;

diff --git a/...t/src/test/java/org/springframework/boot/web/embedded/netty/SslServerCustomizerTests.java b/...t/src/test/java/org/springframework/boot/web/embedded/netty/SslServerCustomizerTests.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2012-2018 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.boot.web.embedded.netty;
+
+import java.security.NoSuchProviderException;
+
+import org.junit.Test;
+
+import org.springframework.boot.web.server.Ssl;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.Assert.fail;
+
+/**
+ * Tests for {@link SslServerCustomizer}.
+ *
+ * @author Andy Wilkinson
+ */
+public class SslServerCustomizerTests {
+
+	@Test
+	public void keyStoreProviderIsUsedWhenCreatingKeyStore() throws Exception {
+		Ssl ssl = new Ssl();
+		ssl.setKeyPassword("password");
+		ssl.setKeyStore("src/test/resources/test.jks");
+		ssl.setKeyStoreProvider("com.example.KeyStoreProvider");
+		SslServerCustomizer customizer = new SslServerCustomizer(ssl, null);
+		try {
+			customizer.getKeyManagerFactory(ssl, null);
+			fail();
+		}
+		catch (IllegalStateException ex) {
+			Throwable cause = ex.getCause();
+			assertThat(cause).isInstanceOf(NoSuchProviderException.class);
+			assertThat(cause).hasMessageContaining("com.example.KeyStoreProvider");
+		}
+	}
+
+	@Test
+	public void trustStoreProviderIsUsedWhenCreatingTrustStore() throws Exception {
+		Ssl ssl = new Ssl();
+		ssl.setTrustStorePassword("password");
+		ssl.setTrustStore("src/test/resources/test.jks");
+		ssl.setTrustStoreProvider("com.example.TrustStoreProvider");
+		SslServerCustomizer customizer = new SslServerCustomizer(ssl, null);
+		try {
+			customizer.getTrustManagerFactory(ssl, null);
+			fail();
+		}
+		catch (IllegalStateException ex) {
+			Throwable cause = ex.getCause();
+			assertThat(cause).isInstanceOf(NoSuchProviderException.class);
+			assertThat(cause).hasMessageContaining("com.example.TrustStoreProvider");
+		}
+	}
+
+}