Add configuration for Rabbit's key store and trust store algorithm

See gh-24076
2020-11-09 13:25:10 +08:00 · 2020-11-09 13:25:10 +08:00 · 489062b203
parent 315067b379
commit 489062b203
3 changed files with 60 additions and 0 deletions
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/amqp/RabbitAutoConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/amqp/RabbitAutoConfiguration.java
@ -140,9 +140,11 @@ public class RabbitAutoConfiguration {
 				map.from(ssl::getKeyStoreType).to(factory::setKeyStoreType);
 				map.from(ssl::getKeyStore).to(factory::setKeyStore);
 				map.from(ssl::getKeyStorePassword).to(factory::setKeyStorePassphrase);
+				map.from(ssl::getKeyStoreAlgorithm).whenNonNull().to(factory::setKeyStoreAlgorithm);
 				map.from(ssl::getTrustStoreType).to(factory::setTrustStoreType);
 				map.from(ssl::getTrustStore).to(factory::setTrustStore);
 				map.from(ssl::getTrustStorePassword).to(factory::setTrustStorePassphrase);
+				map.from(ssl::getTrustStoreAlgorithm).whenNonNull().to(factory::setTrustStoreAlgorithm);
 				map.from(ssl::isValidateServerCertificate)
 						.to((validate) -> factory.setSkipServerCertificateValidation(!validate));
 				map.from(ssl::getVerifyHostname).to(factory::setEnableHostnameVerification);
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/amqp/RabbitProperties.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/amqp/RabbitProperties.java
@ -363,6 +363,8 @@ public class RabbitProperties {

 	public class Ssl {

+		private static final String SUN_X509 = "SunX509";
+
 		/**
 		 * Whether to enable SSL support. Determined automatically if an address is
 		 * provided with the protocol (amqp:// vs. amqps://).
@ -384,6 +386,11 @@ public class RabbitProperties {
 		 */
 		private String keyStorePassword;

+		/**
+		 * Key store algorithm.
+		 */
+		private String keyStoreAlgorithm = SUN_X509;
+
 		/**
 		 * Trust store that holds SSL certificates.
 		 */
@ -399,6 +406,11 @@ public class RabbitProperties {
 		 */
 		private String trustStorePassword;

+		/**
+		 * Trust store algorithm.
+		 */
+		private String trustStoreAlgorithm = SUN_X509;
+
 		/**
 		 * SSL algorithm to use. By default, configured by the Rabbit client library.
 		 */
@ -462,6 +474,14 @@ public class RabbitProperties {
 			this.keyStorePassword = keyStorePassword;
 		}

+		public String getKeyStoreAlgorithm() {
+			return this.keyStoreAlgorithm;
+		}
+
+		public void setKeyStoreAlgorithm(String keyStoreAlgorithm) {
+			this.keyStoreAlgorithm = keyStoreAlgorithm;
+		}
+
 		public String getTrustStore() {
 			return this.trustStore;
 		}
@ -486,6 +506,14 @@ public class RabbitProperties {
 			this.trustStorePassword = trustStorePassword;
 		}

+		public String getTrustStoreAlgorithm() {
+			return this.trustStoreAlgorithm;
+		}
+
+		public void setTrustStoreAlgorithm(String trustStoreAlgorithm) {
+			this.trustStoreAlgorithm = trustStoreAlgorithm;
+		}
+
 		public String getAlgorithm() {
 			return this.algorithm;
 		}
--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/amqp/RabbitAutoConfigurationTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/amqp/RabbitAutoConfigurationTests.java
@ -738,6 +738,36 @@ class RabbitAutoConfigurationTests {
 				});
 	}

+	@Test
+	void enableSslWithValidStoreAlgorithmShouldWork() throws Exception {
+		this.contextRunner.withUserConfiguration(TestConfiguration.class)
+				.withPropertyValues("spring.rabbitmq.ssl.enabled:true",
+						"spring.rabbitmq.ssl.keyStore=/org/springframework/boot/autoconfigure/amqp/test.jks",
+						"spring.rabbitmq.ssl.keyStoreType=jks", "spring.rabbitmq.ssl.keyStorePassword=secret",
+						"spring.rabbitmq.ssl.keyStoreAlgorithm=PKIX",
+						"spring.rabbitmq.ssl.trustStore=/org/springframework/boot/autoconfigure/amqp/test.jks",
+						"spring.rabbitmq.ssl.trustStoreType=jks", "spring.rabbitmq.ssl.trustStorePassword=secret",
+						"spring.rabbitmq.ssl.trustStoreAlgorithm=PKIX")
+				.run((context) -> assertThat(context).hasNotFailed());
+	}
+
+	@Test
+	void enableSslWithInvalidStoreAlgorithmShouldFail() throws Exception {
+		this.contextRunner.withUserConfiguration(TestConfiguration.class)
+				.withPropertyValues("spring.rabbitmq.ssl.enabled:true",
+						"spring.rabbitmq.ssl.keyStore=/org/springframework/boot/autoconfigure/amqp/test.jks",
+						"spring.rabbitmq.ssl.keyStoreType=jks", "spring.rabbitmq.ssl.keyStorePassword=secret",
+						"spring.rabbitmq.ssl.keyStoreAlgorithm=foo",
+						"spring.rabbitmq.ssl.trustStore=/org/springframework/boot/autoconfigure/amqp/test.jks",
+						"spring.rabbitmq.ssl.trustStoreType=jks", "spring.rabbitmq.ssl.trustStorePassword=secret",
+						"spring.rabbitmq.ssl.trustStoreAlgorithm=foo")
+				.run((context) -> {
+					assertThat(context).hasFailed();
+					assertThat(context).getFailure().hasMessageContaining("foo");
+					assertThat(context).getFailure().hasRootCauseInstanceOf(NoSuchAlgorithmException.class);
+				});
+	}
+
 	@Test
 	void whenACredentialsProviderIsAvailableThenConnectionFactoryIsConfiguredToUseIt() throws Exception {
 		this.contextRunner.withUserConfiguration(CredentialsProviderConfiguration.class)