From 006d4bc36d7ac9e01353ca83361acecad041a7ff Mon Sep 17 00:00:00 2001 From: Andy Wilkinson Date: Thu, 5 Nov 2020 12:18:32 +0000 Subject: [PATCH] Do not set Tomcat's trust store password when null See gh-24041 --- .../web/embedded/tomcat/SslConnectorCustomizer.java | 4 +++- .../embedded/tomcat/SslConnectorCustomizerTests.java | 11 +++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizer.java b/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizer.java index bc4c50b3d9..959844cb8f 100644 --- a/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizer.java +++ b/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizer.java @@ -148,7 +148,9 @@ class SslConnectorCustomizer implements TomcatConnectorCustomizer { throw new WebServerException("Could not load trust store: " + ex.getMessage(), ex); } } - protocol.setTruststorePass(ssl.getTrustStorePassword()); + if (ssl.getTrustStorePassword() != null) { + protocol.setTruststorePass(ssl.getTrustStorePassword()); + } if (ssl.getTrustStoreType() != null) { protocol.setTruststoreType(ssl.getTrustStoreType()); } diff --git a/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizerTests.java b/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizerTests.java index 3814f91bee..038604a515 100644 --- a/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizerTests.java +++ b/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizerTests.java @@ -206,6 +206,17 @@ class SslConnectorCustomizerTests { assertThat(protocol.getKeyPass()).isEqualTo("password"); } + @Test + void trustStorePasswordIsNotSetWhenNull() { + Http11NioProtocol protocol = (Http11NioProtocol) this.tomcat.getConnector().getProtocolHandler(); + protocol.setTruststorePass("password"); + Ssl ssl = new Ssl(); + ssl.setKeyStore("src/test/resources/test.jks"); + ssl.setTrustStore("src/test/resources/test.jks"); + new SslConnectorCustomizer(ssl, null).customize(this.tomcat.getConnector()); + assertThat(protocol.getTruststorePass()).isEqualTo("password"); + } + private KeyStore loadStore() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException { KeyStore keyStore = KeyStore.getInstance("JKS"); Resource resource = new ClassPathResource("test.jks");