Do not set Tomcat's trust store password when null

See gh-24041
pull/24789/head
Andy Wilkinson 4 years ago
parent 2425dcd200
commit 006d4bc36d

@ -148,7 +148,9 @@ class SslConnectorCustomizer implements TomcatConnectorCustomizer {
throw new WebServerException("Could not load trust store: " + ex.getMessage(), ex);
}
}
protocol.setTruststorePass(ssl.getTrustStorePassword());
if (ssl.getTrustStorePassword() != null) {
protocol.setTruststorePass(ssl.getTrustStorePassword());
}
if (ssl.getTrustStoreType() != null) {
protocol.setTruststoreType(ssl.getTrustStoreType());
}

@ -206,6 +206,17 @@ class SslConnectorCustomizerTests {
assertThat(protocol.getKeyPass()).isEqualTo("password");
}
@Test
void trustStorePasswordIsNotSetWhenNull() {
Http11NioProtocol protocol = (Http11NioProtocol) this.tomcat.getConnector().getProtocolHandler();
protocol.setTruststorePass("password");
Ssl ssl = new Ssl();
ssl.setKeyStore("src/test/resources/test.jks");
ssl.setTrustStore("src/test/resources/test.jks");
new SslConnectorCustomizer(ssl, null).customize(this.tomcat.getConnector());
assertThat(protocol.getTruststorePass()).isEqualTo("password");
}
private KeyStore loadStore() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
KeyStore keyStore = KeyStore.getInstance("JKS");
Resource resource = new ClassPathResource("test.jks");

Loading…
Cancel
Save