mirror of
https://github.com/spring-projects/spring-boot.git
synced 2024-07-15 01:07:30 +08:00
Polish SSL
This commit is contained in:
parent
a35fb7505f
commit
d3f177be71
@ -26,6 +26,8 @@ import java.security.cert.Certificate;
|
||||
import java.util.List;
|
||||
import java.util.Objects;
|
||||
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
* Helper used to match certificates against a {@link PrivateKey}.
|
||||
*
|
||||
@ -48,14 +50,16 @@ class CertificateMatcher {
|
||||
private final byte[] generatedSignature;
|
||||
|
||||
CertificateMatcher(PrivateKey privateKey) {
|
||||
Assert.notNull(privateKey, "Private key must not be null");
|
||||
this.privateKey = privateKey;
|
||||
this.signature = createSignature(privateKey);
|
||||
Assert.notNull(this.signature, "Failed to create signature");
|
||||
this.generatedSignature = sign(this.signature, privateKey);
|
||||
}
|
||||
|
||||
private Signature createSignature(PrivateKey privateKey) {
|
||||
try {
|
||||
String algorithm = getSignatureAlgorithm(this.privateKey);
|
||||
String algorithm = getSignatureAlgorithm(privateKey);
|
||||
return (algorithm != null) ? Signature.getInstance(algorithm) : null;
|
||||
}
|
||||
catch (NoSuchAlgorithmException ex) {
|
||||
|
@ -120,7 +120,7 @@ public final class PropertiesSslBundle implements SslBundle {
|
||||
if (properties.isVerifyKeys()) {
|
||||
CertificateMatcher certificateMatcher = new CertificateMatcher(pemSslStore.privateKey());
|
||||
Assert.state(certificateMatcher.matchesAny(pemSslStore.certificates()),
|
||||
"Private key matches none of the certificates in the chain");
|
||||
"Private key in %s matches none of the certificates in the chain".formatted(propertyName));
|
||||
}
|
||||
return pemSslStore;
|
||||
}
|
||||
|
@ -134,7 +134,7 @@ class PropertiesSslBundleTests {
|
||||
properties.getKeystore().setVerifyKeys(true);
|
||||
properties.getKey().setAlias("test-alias");
|
||||
assertThatIllegalStateException().isThrownBy(() -> PropertiesSslBundle.get(properties))
|
||||
.withMessageContaining("Private key matches none of the certificates");
|
||||
.withMessageContaining("Private key in keystore matches none of the certificates");
|
||||
}
|
||||
|
||||
private Consumer<KeyStore> storeContainingCertAndKey(String keyAlias) {
|
||||
|
@ -48,7 +48,7 @@ public final class PemContent {
|
||||
|
||||
private static final Pattern PEM_FOOTER = Pattern.compile("-+END\\s+[^-]*-+", Pattern.CASE_INSENSITIVE);
|
||||
|
||||
private String text;
|
||||
private final String text;
|
||||
|
||||
private PemContent(String text) {
|
||||
this.text = text;
|
||||
|
@ -130,7 +130,7 @@ final class PemPrivateKeyParser {
|
||||
}
|
||||
Assert.state(parameters.isType(ValueType.ENCODED), "Key spec should contain encoded parameters");
|
||||
DerElement contents = DerElement.of(parameters.getContents());
|
||||
Assert.state(contents.isType(ValueType.PRIMITIVE, TagType.OBJECT_IDENTIFIER),
|
||||
Assert.state(contents != null && contents.isType(ValueType.PRIMITIVE, TagType.OBJECT_IDENTIFIER),
|
||||
"Key spec parameters should contain object identifier");
|
||||
return getEcParameters(contents.getContents());
|
||||
}
|
||||
@ -237,6 +237,7 @@ final class PemPrivateKeyParser {
|
||||
return keyFactory.generatePrivate(keySpec);
|
||||
}
|
||||
catch (InvalidKeySpecException | NoSuchAlgorithmException ex) {
|
||||
// Ignore
|
||||
}
|
||||
}
|
||||
return null;
|
||||
@ -264,10 +265,6 @@ final class PemPrivateKeyParser {
|
||||
codeLengthBytes(0x04, bytes);
|
||||
}
|
||||
|
||||
void sequence(int... elements) throws IOException {
|
||||
sequence(bytes(elements));
|
||||
}
|
||||
|
||||
void sequence(byte[] bytes) throws IOException {
|
||||
codeLengthBytes(0x30, bytes);
|
||||
}
|
||||
|
@ -48,7 +48,7 @@ public interface PemSslStore {
|
||||
String alias();
|
||||
|
||||
/**
|
||||
* the password used
|
||||
* The password used when
|
||||
* {@link KeyStore#setKeyEntry(String, java.security.Key, char[], java.security.cert.Certificate[])
|
||||
* setting key entries} in the {@link KeyStore}.
|
||||
* @return the password
|
||||
|
@ -51,7 +51,6 @@ public class PemSslStoreBundle implements SslStoreBundle {
|
||||
* @param keyStoreDetails the key store details
|
||||
* @param trustStoreDetails the trust store details
|
||||
*/
|
||||
@SuppressWarnings("removal")
|
||||
public PemSslStoreBundle(PemSslStoreDetails keyStoreDetails, PemSslStoreDetails trustStoreDetails) {
|
||||
this(keyStoreDetails, trustStoreDetails, null);
|
||||
}
|
||||
|
@ -73,7 +73,7 @@ public record PemSslStoreDetails(String type, String alias, String password, Str
|
||||
* @param privateKeyPassword a password used to decrypt an encrypted private key
|
||||
*/
|
||||
public PemSslStoreDetails(String type, String certificate, String privateKey, String privateKeyPassword) {
|
||||
this(type, null, null, certificate, privateKey, null);
|
||||
this(type, null, null, certificate, privateKey, privateKeyPassword);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -154,13 +154,4 @@ class PemContentTests {
|
||||
assertThat(PemContent.of("test")).hasToString("test");
|
||||
}
|
||||
|
||||
@Test
|
||||
void hashCodeAndEquals() {
|
||||
PemContent a = PemContent.of("1");
|
||||
PemContent b = PemContent.of("1");
|
||||
PemContent c = PemContent.of("2");
|
||||
assertThat(a.hashCode()).isEqualTo(b.hashCode());
|
||||
assertThat(a).isEqualTo(a).isEqualTo(b).isNotEqualTo(c);
|
||||
}
|
||||
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user