Merge pull request #10251 from martingreber:add-keystoretype

* pr/10251: Polish "Added keystore type and truststore type to rabbit properties" Added keystore type and truststore type to rabbit properties
7 years ago · 61c6662b9c
parent f04fa32c27 4c53755980
commit 61c6662b9c
5 changed files with 97 additions and 6 deletions
--- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/amqp/RabbitAutoConfiguration.java
+++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/amqp/RabbitAutoConfiguration.java
@ -113,8 +113,10 @@ public class RabbitAutoConfiguration {
 				if (ssl.getAlgorithm() != null) {
 					factory.setSslAlgorithm(ssl.getAlgorithm());
 				}
+				factory.setKeyStoreType(ssl.getKeyStoreType());
 				factory.setKeyStore(ssl.getKeyStore());
 				factory.setKeyStorePassphrase(ssl.getKeyStorePassword());
+				factory.setTrustStoreType(ssl.getTrustStoreType());
 				factory.setTrustStore(ssl.getTrustStore());
 				factory.setTrustStorePassphrase(ssl.getTrustStorePassword());
 			}
--- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/amqp/RabbitProperties.java
+++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/amqp/RabbitProperties.java
@ -314,6 +314,11 @@ public class RabbitProperties {
 		 */
 		private String keyStore;

+		/**
+		 * Key store type.
+		 */
+		private String keyStoreType = "PKCS12";
+
 		/**
 		 * Password used to access the key store.
 		 */
@ -324,6 +329,11 @@ public class RabbitProperties {
 		 */
 		private String trustStore;

+		/**
+		 * Trust store type.
+		 */
+		private String trustStoreType = "JKS";
+
 		/**
 		 * Password used to access the trust store.
 		 */
@ -351,6 +361,14 @@ public class RabbitProperties {
 			this.keyStore = keyStore;
 		}

+		public String getKeyStoreType() {
+			return this.keyStoreType;
+		}
+
+		public void setKeyStoreType(String keyStoreType) {
+			this.keyStoreType = keyStoreType;
+		}
+
 		public String getKeyStorePassword() {
 			return this.keyStorePassword;
 		}
@ -367,6 +385,14 @@ public class RabbitProperties {
 			this.trustStore = trustStore;
 		}

+		public String getTrustStoreType() {
+			return this.trustStoreType;
+		}
+
+		public void setTrustStoreType(String trustStoreType) {
+			this.trustStoreType = trustStoreType;
+		}
+
 		public String getTrustStorePassword() {
 			return this.trustStorePassword;
 		}
--- a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/amqp/RabbitAutoConfigurationTests.java
+++ b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/amqp/RabbitAutoConfigurationTests.java
@ -16,6 +16,8 @@

 package org.springframework.boot.autoconfigure.amqp;

+import java.security.NoSuchAlgorithmException;
+
 import javax.net.SocketFactory;
 import javax.net.ssl.SSLSocketFactory;

@ -540,21 +542,80 @@ public class RabbitAutoConfigurationTests {

 	@Test
 	// Make sure that we at least attempt to load the store
-	public void enableSslWithExtraConfig() {
-		this.contextRunner.withUserConfiguration(TestConfiguration.class)
+	public void enableSslWithNonExistingKeystoreShouldFail() {
+		this.contextRunner
+				.withUserConfiguration(TestConfiguration.class)
 				.withPropertyValues("spring.rabbitmq.ssl.enabled:true",
 						"spring.rabbitmq.ssl.keyStore=foo",
-						"spring.rabbitmq.ssl.keyStorePassword=secret",
+						"spring.rabbitmq.ssl.keyStorePassword=secret")
+				.run(context -> {
+					assertThat(context).hasFailed();
+					assertThat(context).getFailure().hasMessageContaining("foo");
+					assertThat(context).getFailure().hasMessageContaining("does not exist");
+				});
+	}
+
+	@Test
+	// Make sure that we at least attempt to load the store
+	public void enableSslWithNonExistingTrustStoreShouldFail() {
+		this.contextRunner
+				.withUserConfiguration(TestConfiguration.class)
+				.withPropertyValues(
+						"spring.rabbitmq.ssl.enabled:true",
 						"spring.rabbitmq.ssl.trustStore=bar",
 						"spring.rabbitmq.ssl.trustStorePassword=secret")
 				.run((context) -> {
 					assertThat(context).hasFailed();
-					assertThat(context).getFailure().hasMessageContaining("foo");
-					assertThat(context).getFailure()
-							.hasMessageContaining("does not exist");
+					assertThat(context).getFailure().hasMessageContaining("bar");
+					assertThat(context).getFailure().hasMessageContaining("does not exist");
 				});
 	}

+	@Test
+	public void enableSslWithInvalidKeystoreTypeShouldFail() throws Exception {
+		this.contextRunner
+				.withUserConfiguration(TestConfiguration.class)
+				.withPropertyValues(
+						"spring.rabbitmq.ssl.enabled:true",
+						"spring.rabbitmq.ssl.keyStore=foo",
+						"spring.rabbitmq.ssl.keyStoreType=fooType")
+				.run(context -> {
+					assertThat(context).hasFailed();
+					assertThat(context).getFailure().hasMessageContaining("fooType");
+					assertThat(context).getFailure().hasRootCauseInstanceOf(NoSuchAlgorithmException.class);
+				});
+	}
+
+	@Test
+	public void enableSslWithInvalidTrustStoreTypeShouldFail() throws Exception {
+		this.contextRunner
+				.withUserConfiguration(TestConfiguration.class)
+				.withPropertyValues(
+						"spring.rabbitmq.ssl.enabled:true",
+						"spring.rabbitmq.ssl.trustStore=bar",
+						"spring.rabbitmq.ssl.trustStoreType=barType")
+				.run(context -> {
+					assertThat(context).hasFailed();
+					assertThat(context).getFailure().hasMessageContaining("barType");
+					assertThat(context).getFailure().hasRootCauseInstanceOf(NoSuchAlgorithmException.class);
+				});
+	}
+
+	@Test
+	public void enableSslWithKeystoreTypeAndTrustStoreTypeShouldWork() throws Exception {
+		this.contextRunner
+				.withUserConfiguration(TestConfiguration.class)
+				.withPropertyValues(
+						"spring.rabbitmq.ssl.enabled:true",
+						"spring.rabbitmq.ssl.keyStore=/org/springframework/boot/autoconfigure/amqp/test.jks",
+						"spring.rabbitmq.ssl.keyStoreType=jks",
+						"spring.rabbitmq.ssl.keyStorePassword=secret",
+						"spring.rabbitmq.ssl.trustStore=/org/springframework/boot/autoconfigure/amqp/test.jks",
+						"spring.rabbitmq.ssl.trustStoreType=jks",
+						"spring.rabbitmq.ssl.trustStorePassword=secret")
+				.run(context -> assertThat(context).hasNotFailed());
+	}
+
 	private com.rabbitmq.client.ConnectionFactory getTargetConnectionFactory(
 			AssertableApplicationContext context) {
 		CachingConnectionFactory connectionFactory = context
--- a/spring-boot-autoconfigure/src/test/resources/org/springframework/boot/autoconfigure/amqp/test.jks
+++ b/spring-boot-autoconfigure/src/test/resources/org/springframework/boot/autoconfigure/amqp/test.jks
--- a/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc
+++ b/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc
@ -1052,8 +1052,10 @@ content into your application; rather pick only the properties that you need.
 	spring.rabbitmq.ssl.enabled=false # Enable SSL support.
 	spring.rabbitmq.ssl.key-store= # Path to the key store that holds the SSL certificate.
 	spring.rabbitmq.ssl.key-store-password= # Password used to access the key store.
+	spring.rabbitmq.ssl.key-store-type=PKCS12 # Key store type.
 	spring.rabbitmq.ssl.trust-store= # Trust store that holds SSL certificates.
 	spring.rabbitmq.ssl.trust-store-password= # Password used to access the trust store.
+	spring.rabbitmq.ssl.trust-store-type=JKS # Trust store type.
 	spring.rabbitmq.ssl.algorithm= # SSL algorithm to use. By default configure by the rabbit client library.
 	spring.rabbitmq.template.mandatory=false # Enable mandatory messages.
 	spring.rabbitmq.template.receive-timeout=0 # Timeout for `receive()` methods.