Skip to content

Commit

Permalink
Polish "Fix bug in webserver start when loading PKCS#11 KeyStore"
Browse files Browse the repository at this point in the history
  • Loading branch information
mhalbritter committed Dec 1, 2022
1 parent 716a839 commit 1656909
Show file tree
Hide file tree
Showing 6 changed files with 10 additions and 17 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.URL;
import java.util.Objects;

import org.eclipse.jetty.alpn.server.ALPNServerConnectionFactory;
import org.eclipse.jetty.http.HttpVersion;
Expand Down Expand Up @@ -222,10 +221,10 @@ private void configureSslPasswords(SslContextFactory.Server factory, Ssl ssl) {
}

private void configureSslKeyStore(SslContextFactory.Server factory, Ssl ssl) {
final String keystoreType = Objects.requireNonNullElse(ssl.getKeyStoreType(), "JKS");
final String keystoreLocation = ssl.getKeyStore();
String keystoreType = (ssl.getKeyStoreType() != null) ? ssl.getKeyStoreType() : "JKS";
String keystoreLocation = ssl.getKeyStore();
if (keystoreType.equalsIgnoreCase("PKCS11")) {
if (keystoreLocation != null && !keystoreLocation.isBlank()) {
if (keystoreLocation != null && !keystoreLocation.isEmpty()) {
throw new IllegalArgumentException("Input keystore location is not valid for keystore type 'PKCS11': '"
+ keystoreLocation + "'. Must be undefined / null.");
}
Expand All @@ -239,7 +238,6 @@ private void configureSslKeyStore(SslContextFactory.Server factory, Ssl ssl) {
throw new WebServerException("Could not load key store '" + keystoreLocation + "'", ex);
}
}

factory.setKeyStoreType(keystoreType);
if (ssl.getKeyStoreProvider() != null) {
factory.setKeyStoreProvider(ssl.getKeyStoreProvider());
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -173,11 +173,10 @@ private KeyStore loadStore(String type, String provider, String resource, String
type = (type != null) ? type : "JKS";
KeyStore store = (provider != null) ? KeyStore.getInstance(type, provider) : KeyStore.getInstance(type);
if (type.equalsIgnoreCase("PKCS11")) {
if (resource != null && !resource.isBlank()) {
if (resource != null && !resource.isEmpty()) {
throw new IllegalArgumentException("Input keystore location is not valid for keystore type 'PKCS11': '"
+ resource + "'. Must be undefined / null.");
}

store.load(null, (password != null) ? password.toCharArray() : null);
}
else {
Expand All @@ -191,7 +190,6 @@ private KeyStore loadStore(String type, String provider, String resource, String
throw new WebServerException("Could not load key store '" + resource + "'", ex);
}
}

return store;
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@
package org.springframework.boot.web.embedded.tomcat;

import java.io.FileNotFoundException;
import java.util.Objects;

import org.apache.catalina.connector.Connector;
import org.apache.coyote.ProtocolHandler;
Expand Down Expand Up @@ -141,10 +140,10 @@ protected void configureSslStoreProvider(AbstractHttp11JsseProtocol<?> protocol,
}

private void configureSslKeyStore(SSLHostConfigCertificate certificate, Ssl ssl) {
final String keystoreType = Objects.requireNonNullElse(ssl.getKeyStoreType(), "JKS");
final String keystoreLocation = ssl.getKeyStore();
String keystoreType = (ssl.getKeyStoreType() != null) ? ssl.getKeyStoreType() : "JKS";
String keystoreLocation = ssl.getKeyStore();
if (keystoreType.equalsIgnoreCase("PKCS11")) {
if (keystoreLocation != null && !keystoreLocation.isBlank()) {
if (keystoreLocation != null && !keystoreLocation.isEmpty()) {
throw new IllegalArgumentException("Input keystore location is not valid for keystore type 'PKCS11': '"
+ keystoreLocation + "'. Must be undefined / null.");
}
Expand All @@ -157,7 +156,6 @@ private void configureSslKeyStore(SSLHostConfigCertificate certificate, Ssl ssl)
throw new WebServerException("Could not load key store '" + keystoreLocation + "'", ex);
}
}

certificate.setCertificateKeystoreType(keystoreType);
if (ssl.getKeyStoreProvider() != null) {
certificate.setCertificateKeystoreProvider(ssl.getKeyStoreProvider());
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -182,11 +182,10 @@ private KeyStore loadStore(String type, String provider, String resource, String
type = (type != null) ? type : "JKS";
KeyStore store = (provider != null) ? KeyStore.getInstance(type, provider) : KeyStore.getInstance(type);
if (type.equalsIgnoreCase("PKCS11")) {
if (resource != null && !resource.isBlank()) {
if (resource != null && !resource.isEmpty()) {
throw new IllegalArgumentException("Input keystore location is not valid for keystore type 'PKCS11': '"
+ resource + "'. Must be undefined / null.");
}

store.load(null, (password != null) ? password.toCharArray() : null);
}
else {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ public class MockPkcs11SecurityProvider extends Provider {

private static final String DEFAULT_PROVIDER_NAME = "Mock-PKCS11";

private static final String VERSION = "0.1";
private static final double VERSION = 0.1;

private static final String DESCRIPTION = "Mock PKCS11 Provider";

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -40,8 +40,8 @@

import org.springframework.boot.testsupport.system.CapturedOutput;
import org.springframework.boot.testsupport.system.OutputCaptureExtension;
import org.springframework.boot.web.embedded.netty.MockPkcs11SecurityProvider;
import org.springframework.boot.testsupport.web.servlet.DirtiesUrlFactories;
import org.springframework.boot.web.embedded.netty.MockPkcs11SecurityProvider;
import org.springframework.boot.web.server.Ssl;
import org.springframework.boot.web.server.SslStoreProvider;
import org.springframework.boot.web.server.WebServerException;
Expand Down

0 comments on commit 1656909

Please sign in to comment.