Merge pull request #25884 from alex-bel-apica
* pr/25884: Polish "Properly close input streams when loading key stores" Properly close input streams when loading key stores Closes gh-25884
This commit is contained in:
Stephane Nicoll
commit
1d61da1786
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2012-2020 the original author or authors.
|
* Copyright 2012-2021 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
|
@ -16,6 +16,7 @@
|
||||||
|
|
||||||
package org.springframework.boot.autoconfigure.couchbase;
|
package org.springframework.boot.autoconfigure.couchbase;
|
||||||
|
|
||||||
|
import java.io.InputStream;
|
||||||
import java.net.URL;
|
import java.net.URL;
|
||||||
import java.security.KeyStore;
|
import java.security.KeyStore;
|
||||||
|
|
||||||
|
|
@ -107,7 +108,9 @@ public class CouchbaseAutoConfiguration {
|
||||||
private KeyStore loadKeyStore(String resource, String keyStorePassword) throws Exception {
|
private KeyStore loadKeyStore(String resource, String keyStorePassword) throws Exception {
|
||||||
KeyStore store = KeyStore.getInstance(KeyStore.getDefaultType());
|
KeyStore store = KeyStore.getInstance(KeyStore.getDefaultType());
|
||||||
URL url = ResourceUtils.getURL(resource);
|
URL url = ResourceUtils.getURL(resource);
|
||||||
store.load(url.openStream(), (keyStorePassword != null) ? keyStorePassword.toCharArray() : null);
|
try (InputStream stream = url.openStream()) {
|
||||||
|
store.load(stream, (keyStorePassword != null) ? keyStorePassword.toCharArray() : null);
|
||||||
|
}
|
||||||
return store;
|
return store;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2012-2020 the original author or authors.
|
* Copyright 2012-2021 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
|
@ -16,6 +16,7 @@
|
||||||
|
|
||||||
package org.springframework.boot.web.embedded.netty;
|
package org.springframework.boot.web.embedded.netty;
|
||||||
|
|
||||||
|
import java.io.InputStream;
|
||||||
import java.net.Socket;
|
import java.net.Socket;
|
||||||
import java.net.URL;
|
import java.net.URL;
|
||||||
import java.security.InvalidAlgorithmParameterException;
|
import java.security.InvalidAlgorithmParameterException;
|
||||||
|
|
@ -170,7 +171,9 @@ public class SslServerCustomizer implements NettyServerCustomizer {
|
||||||
KeyStore store = (provider != null) ? KeyStore.getInstance(type, provider) : KeyStore.getInstance(type);
|
KeyStore store = (provider != null) ? KeyStore.getInstance(type, provider) : KeyStore.getInstance(type);
|
||||||
try {
|
try {
|
||||||
URL url = ResourceUtils.getURL(resource);
|
URL url = ResourceUtils.getURL(resource);
|
||||||
store.load(url.openStream(), (password != null) ? password.toCharArray() : null);
|
try (InputStream stream = url.openStream()) {
|
||||||
|
store.load(stream, (password != null) ? password.toCharArray() : null);
|
||||||
|
}
|
||||||
return store;
|
return store;
|
||||||
}
|
}
|
||||||
catch (Exception ex) {
|
catch (Exception ex) {
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2012-2020 the original author or authors.
|
* Copyright 2012-2021 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
|
@ -16,6 +16,7 @@
|
||||||
|
|
||||||
package org.springframework.boot.web.embedded.undertow;
|
package org.springframework.boot.web.embedded.undertow;
|
||||||
|
|
||||||
|
import java.io.InputStream;
|
||||||
import java.net.InetAddress;
|
import java.net.InetAddress;
|
||||||
import java.net.Socket;
|
import java.net.Socket;
|
||||||
import java.net.URL;
|
import java.net.URL;
|
||||||
|
|
@ -181,7 +182,9 @@ class SslBuilderCustomizer implements UndertowBuilderCustomizer {
|
||||||
KeyStore store = (provider != null) ? KeyStore.getInstance(type, provider) : KeyStore.getInstance(type);
|
KeyStore store = (provider != null) ? KeyStore.getInstance(type, provider) : KeyStore.getInstance(type);
|
||||||
try {
|
try {
|
||||||
URL url = ResourceUtils.getURL(resource);
|
URL url = ResourceUtils.getURL(resource);
|
||||||
store.load(url.openStream(), (password != null) ? password.toCharArray() : null);
|
try (InputStream stream = url.openStream()) {
|
||||||
|
store.load(stream, (password != null) ? password.toCharArray() : null);
|
||||||
|
}
|
||||||
return store;
|
return store;
|
||||||
}
|
}
|
||||||
catch (Exception ex) {
|
catch (Exception ex) {
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2012-2020 the original author or authors.
|
* Copyright 2012-2021 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
|
@ -220,8 +220,8 @@ class SslConnectorCustomizerTests {
|
||||||
private KeyStore loadStore() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
|
private KeyStore loadStore() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
|
||||||
KeyStore keyStore = KeyStore.getInstance("JKS");
|
KeyStore keyStore = KeyStore.getInstance("JKS");
|
||||||
Resource resource = new ClassPathResource("test.jks");
|
Resource resource = new ClassPathResource("test.jks");
|
||||||
try (InputStream inputStream = resource.getInputStream()) {
|
try (InputStream stream = resource.getInputStream()) {
|
||||||
keyStore.load(inputStream, "secret".toCharArray());
|
keyStore.load(stream, "secret".toCharArray());
|
||||||
return keyStore;
|
return keyStore;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -16,8 +16,8 @@
|
||||||
|
|
||||||
package org.springframework.boot.web.reactive.server;
|
package org.springframework.boot.web.reactive.server;
|
||||||
|
|
||||||
import java.io.File;
|
|
||||||
import java.io.FileInputStream;
|
import java.io.FileInputStream;
|
||||||
|
import java.io.InputStream;
|
||||||
import java.net.InetSocketAddress;
|
import java.net.InetSocketAddress;
|
||||||
import java.nio.charset.StandardCharsets;
|
import java.nio.charset.StandardCharsets;
|
||||||
import java.security.KeyStore;
|
import java.security.KeyStore;
|
||||||
|
|
@ -228,7 +228,9 @@ public abstract class AbstractReactiveWebServerFactoryTests {
|
||||||
|
|
||||||
protected ReactorClientHttpConnector buildTrustAllSslWithClientKeyConnector() throws Exception {
|
protected ReactorClientHttpConnector buildTrustAllSslWithClientKeyConnector() throws Exception {
|
||||||
KeyStore clientKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());
|
KeyStore clientKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());
|
||||||
clientKeyStore.load(new FileInputStream(new File("src/test/resources/test.jks")), "secret".toCharArray());
|
try (InputStream stream = new FileInputStream("src/test/resources/test.jks")) {
|
||||||
|
clientKeyStore.load(stream, "secret".toCharArray());
|
||||||
|
}
|
||||||
KeyManagerFactory clientKeyManagerFactory = KeyManagerFactory
|
KeyManagerFactory clientKeyManagerFactory = KeyManagerFactory
|
||||||
.getInstance(KeyManagerFactory.getDefaultAlgorithm());
|
.getInstance(KeyManagerFactory.getDefaultAlgorithm());
|
||||||
clientKeyManagerFactory.init(clientKeyStore, "password".toCharArray());
|
clientKeyManagerFactory.init(clientKeyStore, "password".toCharArray());
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2012-2020 the original author or authors.
|
* Copyright 2012-2021 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
|
@ -16,8 +16,8 @@
|
||||||
|
|
||||||
package org.springframework.boot.web.server;
|
package org.springframework.boot.web.server;
|
||||||
|
|
||||||
import java.io.File;
|
|
||||||
import java.io.FileInputStream;
|
import java.io.FileInputStream;
|
||||||
|
import java.io.InputStream;
|
||||||
import java.security.KeyStore;
|
import java.security.KeyStore;
|
||||||
import java.security.KeyStoreException;
|
import java.security.KeyStoreException;
|
||||||
|
|
||||||
|
|
@ -43,7 +43,9 @@ class SslConfigurationValidatorTests {
|
||||||
@BeforeEach
|
@BeforeEach
|
||||||
void loadKeystore() throws Exception {
|
void loadKeystore() throws Exception {
|
||||||
this.keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
|
this.keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
|
||||||
this.keyStore.load(new FileInputStream(new File("src/test/resources/test.jks")), "secret".toCharArray());
|
try (InputStream stream = new FileInputStream("src/test/resources/test.jks")) {
|
||||||
|
this.keyStore.load(stream, "secret".toCharArray());
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,6 @@
|
||||||
package org.springframework.boot.web.servlet.server;
|
package org.springframework.boot.web.servlet.server;
|
||||||
|
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.io.FileInputStream;
|
|
||||||
import java.io.FileWriter;
|
import java.io.FileWriter;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
|
|
@ -126,6 +125,7 @@ import org.springframework.boot.web.servlet.ServletContextInitializer;
|
||||||
import org.springframework.boot.web.servlet.ServletRegistrationBean;
|
import org.springframework.boot.web.servlet.ServletRegistrationBean;
|
||||||
import org.springframework.boot.web.servlet.server.Session.SessionTrackingMode;
|
import org.springframework.boot.web.servlet.server.Session.SessionTrackingMode;
|
||||||
import org.springframework.core.io.ClassPathResource;
|
import org.springframework.core.io.ClassPathResource;
|
||||||
|
import org.springframework.core.io.FileSystemResource;
|
||||||
import org.springframework.core.io.Resource;
|
import org.springframework.core.io.Resource;
|
||||||
import org.springframework.http.HttpMethod;
|
import org.springframework.http.HttpMethod;
|
||||||
import org.springframework.http.HttpStatus;
|
import org.springframework.http.HttpStatus;
|
||||||
|
|
@ -542,7 +542,7 @@ public abstract class AbstractServletWebServerFactoryTests {
|
||||||
this.webServer = factory.getWebServer();
|
this.webServer = factory.getWebServer();
|
||||||
this.webServer.start();
|
this.webServer.start();
|
||||||
KeyStore keyStore = KeyStore.getInstance("pkcs12");
|
KeyStore keyStore = KeyStore.getInstance("pkcs12");
|
||||||
keyStore.load(new FileInputStream(new File("src/test/resources/test.p12")), "secret".toCharArray());
|
loadStore(keyStore, new FileSystemResource("src/test/resources/test.p12"));
|
||||||
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
|
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
|
||||||
new SSLContextBuilder().loadTrustMaterial(null, new TrustSelfSignedStrategy())
|
new SSLContextBuilder().loadTrustMaterial(null, new TrustSelfSignedStrategy())
|
||||||
.loadKeyMaterial(keyStore, "secret".toCharArray()).build());
|
.loadKeyMaterial(keyStore, "secret".toCharArray()).build());
|
||||||
|
|
@ -559,7 +559,7 @@ public abstract class AbstractServletWebServerFactoryTests {
|
||||||
this.webServer = factory.getWebServer();
|
this.webServer = factory.getWebServer();
|
||||||
this.webServer.start();
|
this.webServer.start();
|
||||||
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
|
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
|
||||||
keyStore.load(new FileInputStream(new File("src/test/resources/test.jks")), "secret".toCharArray());
|
loadStore(keyStore, new FileSystemResource("src/test/resources/test.jks"));
|
||||||
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
|
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
|
||||||
new SSLContextBuilder().loadTrustMaterial(null, new TrustSelfSignedStrategy())
|
new SSLContextBuilder().loadTrustMaterial(null, new TrustSelfSignedStrategy())
|
||||||
.loadKeyMaterial(keyStore, "password".toCharArray()).build());
|
.loadKeyMaterial(keyStore, "password".toCharArray()).build());
|
||||||
|
|
@ -592,7 +592,7 @@ public abstract class AbstractServletWebServerFactoryTests {
|
||||||
this.webServer = factory.getWebServer();
|
this.webServer = factory.getWebServer();
|
||||||
this.webServer.start();
|
this.webServer.start();
|
||||||
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
|
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
|
||||||
keyStore.load(new FileInputStream(new File("src/test/resources/test.jks")), "secret".toCharArray());
|
loadStore(keyStore, new FileSystemResource("src/test/resources/test.jks"));
|
||||||
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
|
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
|
||||||
new SSLContextBuilder().loadTrustMaterial(null, new TrustSelfSignedStrategy())
|
new SSLContextBuilder().loadTrustMaterial(null, new TrustSelfSignedStrategy())
|
||||||
.loadKeyMaterial(keyStore, "password".toCharArray()).build());
|
.loadKeyMaterial(keyStore, "password".toCharArray()).build());
|
||||||
|
|
@ -630,7 +630,7 @@ public abstract class AbstractServletWebServerFactoryTests {
|
||||||
this.webServer = factory.getWebServer();
|
this.webServer = factory.getWebServer();
|
||||||
this.webServer.start();
|
this.webServer.start();
|
||||||
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
|
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
|
||||||
keyStore.load(new FileInputStream(new File("src/test/resources/test.jks")), "secret".toCharArray());
|
loadStore(keyStore, new FileSystemResource("src/test/resources/test.jks"));
|
||||||
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
|
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
|
||||||
new SSLContextBuilder().loadTrustMaterial(null, new TrustSelfSignedStrategy())
|
new SSLContextBuilder().loadTrustMaterial(null, new TrustSelfSignedStrategy())
|
||||||
.loadKeyMaterial(keyStore, "password".toCharArray()).build());
|
.loadKeyMaterial(keyStore, "password".toCharArray()).build());
|
||||||
|
|
@ -1354,9 +1354,14 @@ public abstract class AbstractServletWebServerFactoryTests {
|
||||||
private KeyStore loadStore() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
|
private KeyStore loadStore() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
|
||||||
KeyStore keyStore = KeyStore.getInstance("JKS");
|
KeyStore keyStore = KeyStore.getInstance("JKS");
|
||||||
Resource resource = new ClassPathResource("test.jks");
|
Resource resource = new ClassPathResource("test.jks");
|
||||||
try (InputStream inputStream = resource.getInputStream()) {
|
loadStore(keyStore, resource);
|
||||||
keyStore.load(inputStream, "secret".toCharArray());
|
return keyStore;
|
||||||
return keyStore;
|
}
|
||||||
|
|
||||||
|
private void loadStore(KeyStore keyStore, Resource resource)
|
||||||
|
throws IOException, NoSuchAlgorithmException, CertificateException {
|
||||||
|
try (InputStream stream = resource.getInputStream()) {
|
||||||
|
keyStore.load(stream, "secret".toCharArray());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue