root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Be more defensive about a null password in Undertow SSL 

Fixes gh-6387
This commit is contained in:
Dave Syer 2016-07-13 15:36:55 +01:00
parent b1dd92881d
commit af426d0856
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
spring-boot/src/main/java/org/springframework/boot/context/embedded/undertow/UndertowEmbeddedServletContainerFactory.java
View File

@ -294,14 +294,17 @@ public class UndertowEmbeddedServletContainerFactory
}
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
URL url = ResourceUtils.getURL(ssl.getKeyStore());
keyStore.load(url.openStream(), ssl.getKeyStorePassword().toCharArray());
char[] keyStorePassword = ssl.getKeyStorePassword() != null
? ssl.getKeyStorePassword().toCharArray()
: null;
keyStore.load(url.openStream(), keyStorePassword);
// Get key manager to provide client credentials.
KeyManagerFactory keyManagerFactory = KeyManagerFactory
.getInstance(KeyManagerFactory.getDefaultAlgorithm());
char[] keyPassword = ssl.getKeyPassword() != null
? ssl.getKeyPassword().toCharArray()
: ssl.getKeyStorePassword().toCharArray();
: keyStorePassword;
keyManagerFactory.init(keyStore, keyPassword);
return keyManagerFactory.getKeyManagers();
}