mirror of
https://github.com/spring-projects/spring-boot.git
synced 2024-07-15 01:07:30 +08:00
Apply key property to the keystore and not to the truststore
Update `PropertiesSslBundle` so that key properties are now only applied to the keystore and not the truststore. Closes gh-38125
This commit is contained in:
parent
5dc5c2a4bc
commit
30a7426e86
@ -112,14 +112,18 @@ public final class PropertiesSslBundle implements SslBundle {
|
||||
}
|
||||
|
||||
private static SslStoreBundle asSslStoreBundle(PemSslBundleProperties properties) {
|
||||
PemSslStore keyStore = asPemSslStore(properties.getKeystore(), properties.getKey().getAlias());
|
||||
PemSslStore trustStore = asPemSslStore(properties.getTruststore(), properties.getKey().getAlias());
|
||||
PemSslStore keyStore = asPemSslStore(properties.getKeystore());
|
||||
if (keyStore != null) {
|
||||
keyStore = keyStore.withAlias(properties.getKey().getAlias())
|
||||
.withPassword(properties.getKey().getPassword());
|
||||
}
|
||||
PemSslStore trustStore = asPemSslStore(properties.getTruststore());
|
||||
return new PemSslStoreBundle(keyStore, trustStore);
|
||||
}
|
||||
|
||||
private static PemSslStore asPemSslStore(PemSslBundleProperties.Store properties, String alias) {
|
||||
private static PemSslStore asPemSslStore(PemSslBundleProperties.Store properties) {
|
||||
try {
|
||||
PemSslStoreDetails details = asStoreDetails(properties, alias);
|
||||
PemSslStoreDetails details = asStoreDetails(properties);
|
||||
PemSslStore pemSslStore = PemSslStore.load(details);
|
||||
if (properties.isVerifyKeys()) {
|
||||
CertificateMatcher certificateMatcher = new CertificateMatcher(pemSslStore.privateKey());
|
||||
@ -133,9 +137,9 @@ public final class PropertiesSslBundle implements SslBundle {
|
||||
}
|
||||
}
|
||||
|
||||
private static PemSslStoreDetails asStoreDetails(PemSslBundleProperties.Store properties, String alias) {
|
||||
return new PemSslStoreDetails(properties.getType(), alias, null, properties.getCertificate(),
|
||||
properties.getPrivateKey(), properties.getPrivateKeyPassword());
|
||||
private static PemSslStoreDetails asStoreDetails(PemSslBundleProperties.Store properties) {
|
||||
return new PemSslStoreDetails(properties.getType(), properties.getCertificate(), properties.getPrivateKey(),
|
||||
properties.getPrivateKeyPassword());
|
||||
}
|
||||
|
||||
private static SslStoreBundle asSslStoreBundle(JksSslBundleProperties properties) {
|
||||
|
@ -66,10 +66,10 @@ class PropertiesSslBundleTests {
|
||||
Certificate certificate = sslBundle.getStores().getKeyStore().getCertificate("alias");
|
||||
assertThat(certificate).isNotNull();
|
||||
assertThat(certificate.getType()).isEqualTo("X.509");
|
||||
Key key = sslBundle.getStores().getKeyStore().getKey("alias", null);
|
||||
Key key = sslBundle.getStores().getKeyStore().getKey("alias", "secret".toCharArray());
|
||||
assertThat(key).isNotNull();
|
||||
assertThat(key.getAlgorithm()).isEqualTo("RSA");
|
||||
certificate = sslBundle.getStores().getTrustStore().getCertificate("alias");
|
||||
certificate = sslBundle.getStores().getTrustStore().getCertificate("ssl");
|
||||
assertThat(certificate).isNotNull();
|
||||
assertThat(certificate.getType()).isEqualTo("X.509");
|
||||
}
|
||||
|
@ -65,8 +65,7 @@ public final class WebServerSslBundle implements SslBundle {
|
||||
ssl.getCertificatePrivateKey())
|
||||
.withAlias(ssl.getKeyAlias());
|
||||
PemSslStoreDetails trustStoreDetails = new PemSslStoreDetails(ssl.getTrustStoreType(),
|
||||
ssl.getTrustCertificate(), ssl.getTrustCertificatePrivateKey())
|
||||
.withAlias(ssl.getKeyAlias());
|
||||
ssl.getTrustCertificate(), ssl.getTrustCertificatePrivateKey());
|
||||
return new PemSslStoreBundle(keyStoreDetails, trustStoreDetails);
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user