Added keystore type and truststore type to rabbit properties

See gh-10251
This commit is contained in:
Martin Greber 2017-09-11 23:02:35 +10:00 committed by Stephane Nicoll
parent f04fa32c27
commit b70ac99bcb
5 changed files with 101 additions and 6 deletions

View File

@ -113,8 +113,14 @@ public class RabbitAutoConfiguration {
if (ssl.getAlgorithm() != null) { if (ssl.getAlgorithm() != null) {
factory.setSslAlgorithm(ssl.getAlgorithm()); factory.setSslAlgorithm(ssl.getAlgorithm());
} }
if (ssl.getKeyStoreType() != null) {
factory.setKeyStoreType(ssl.getKeyStoreType());
}
factory.setKeyStore(ssl.getKeyStore()); factory.setKeyStore(ssl.getKeyStore());
factory.setKeyStorePassphrase(ssl.getKeyStorePassword()); factory.setKeyStorePassphrase(ssl.getKeyStorePassword());
if (ssl.getTrustStoreType() != null) {
factory.setTrustStoreType(ssl.getTrustStoreType());
}
factory.setTrustStore(ssl.getTrustStore()); factory.setTrustStore(ssl.getTrustStore());
factory.setTrustStorePassphrase(ssl.getTrustStorePassword()); factory.setTrustStorePassphrase(ssl.getTrustStorePassword());
} }

View File

@ -314,6 +314,11 @@ public class RabbitProperties {
*/ */
private String keyStore; private String keyStore;
/**
* Set the key store type (jks, pkcs12, etc).
*/
private String keyStoreType;
/** /**
* Password used to access the key store. * Password used to access the key store.
*/ */
@ -324,6 +329,11 @@ public class RabbitProperties {
*/ */
private String trustStore; private String trustStore;
/**
* Set the trust store type (jks, pkcs12, etc).
*/
private String trustStoreType;
/** /**
* Password used to access the trust store. * Password used to access the trust store.
*/ */
@ -351,6 +361,14 @@ public class RabbitProperties {
this.keyStore = keyStore; this.keyStore = keyStore;
} }
public String getKeyStoreType() {
return this.keyStoreType;
}
public void setKeyStoreType(String keyStoreType) {
this.keyStoreType = keyStoreType;
}
public String getKeyStorePassword() { public String getKeyStorePassword() {
return this.keyStorePassword; return this.keyStorePassword;
} }
@ -367,6 +385,14 @@ public class RabbitProperties {
this.trustStore = trustStore; this.trustStore = trustStore;
} }
public String getTrustStoreType() {
return this.trustStoreType;
}
public void setTrustStoreType(String trustStoreType) {
this.trustStoreType = trustStoreType;
}
public String getTrustStorePassword() { public String getTrustStorePassword() {
return this.trustStorePassword; return this.trustStorePassword;
} }

View File

@ -16,6 +16,8 @@
package org.springframework.boot.autoconfigure.amqp; package org.springframework.boot.autoconfigure.amqp;
import java.security.NoSuchAlgorithmException;
import javax.net.SocketFactory; import javax.net.SocketFactory;
import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.SSLSocketFactory;
@ -540,21 +542,80 @@ public class RabbitAutoConfigurationTests {
@Test @Test
// Make sure that we at least attempt to load the store // Make sure that we at least attempt to load the store
public void enableSslWithExtraConfig() { public void enableSslWithNonexistingKeystoreShouldFail() {
this.contextRunner.withUserConfiguration(TestConfiguration.class) this.contextRunner
.withUserConfiguration(TestConfiguration.class)
.withPropertyValues("spring.rabbitmq.ssl.enabled:true", .withPropertyValues("spring.rabbitmq.ssl.enabled:true",
"spring.rabbitmq.ssl.keyStore=foo", "spring.rabbitmq.ssl.keyStore=foo",
"spring.rabbitmq.ssl.keyStorePassword=secret", "spring.rabbitmq.ssl.keyStorePassword=secret")
.run(context -> {
assertThat(context).hasFailed();
assertThat(context).getFailure().hasMessageContaining("foo");
assertThat(context).getFailure().hasMessageContaining("does not exist");
});
}
@Test
// Make sure that we at least attempt to load the store
public void enableSslWithNonexistingTruststoreShouldFail() {
this.contextRunner
.withUserConfiguration(TestConfiguration.class)
.withPropertyValues(
"spring.rabbitmq.ssl.enabled:true",
"spring.rabbitmq.ssl.trustStore=bar", "spring.rabbitmq.ssl.trustStore=bar",
"spring.rabbitmq.ssl.trustStorePassword=secret") "spring.rabbitmq.ssl.trustStorePassword=secret")
.run((context) -> { .run((context) -> {
assertThat(context).hasFailed(); assertThat(context).hasFailed();
assertThat(context).getFailure().hasMessageContaining("foo"); assertThat(context).getFailure().hasMessageContaining("bar");
assertThat(context).getFailure() assertThat(context).getFailure().hasMessageContaining("does not exist");
.hasMessageContaining("does not exist");
}); });
} }
@Test
public void enableSslWithInvalidKeystoreTypeShouldFail() throws Exception {
this.contextRunner
.withUserConfiguration(TestConfiguration.class)
.withPropertyValues(
"spring.rabbitmq.ssl.enabled:true",
"spring.rabbitmq.ssl.keyStore=foo",
"spring.rabbitmq.ssl.keyStoreType=fooType")
.run(context -> {
assertThat(context).hasFailed();
assertThat(context).getFailure().hasMessageContaining("fooType");
assertThat(context).getFailure().hasRootCauseInstanceOf(NoSuchAlgorithmException.class);
});
}
@Test
public void enableSslWithInvalidTruststoreTypeShouldFail() throws Exception {
this.contextRunner
.withUserConfiguration(TestConfiguration.class)
.withPropertyValues(
"spring.rabbitmq.ssl.enabled:true",
"spring.rabbitmq.ssl.trustStore=bar",
"spring.rabbitmq.ssl.trustStoreType=barType")
.run(context -> {
assertThat(context).hasFailed();
assertThat(context).getFailure().hasMessageContaining("barType");
assertThat(context).getFailure().hasRootCauseInstanceOf(NoSuchAlgorithmException.class);
});
}
@Test
public void enableSslWithKeystoreTypeAndTrustStoreTypeShouldWork() throws Exception {
this.contextRunner
.withUserConfiguration(TestConfiguration.class)
.withPropertyValues(
"spring.rabbitmq.ssl.enabled:true",
"spring.rabbitmq.ssl.keyStore=/org/springframework/boot/autoconfigure/amqp/test.jks",
"spring.rabbitmq.ssl.keyStoreType=jks",
"spring.rabbitmq.ssl.keyStorePassword=secret",
"spring.rabbitmq.ssl.trustStore=/org/springframework/boot/autoconfigure/amqp/test.jks",
"spring.rabbitmq.ssl.trustStoreType=jks",
"spring.rabbitmq.ssl.trustStorePassword=secret")
.run(context -> assertThat(context).hasNotFailed());
}
private com.rabbitmq.client.ConnectionFactory getTargetConnectionFactory( private com.rabbitmq.client.ConnectionFactory getTargetConnectionFactory(
AssertableApplicationContext context) { AssertableApplicationContext context) {
CachingConnectionFactory connectionFactory = context CachingConnectionFactory connectionFactory = context

View File

@ -1051,8 +1051,10 @@ content into your application; rather pick only the properties that you need.
spring.rabbitmq.requested-heartbeat= # Requested heartbeat timeout, in seconds; zero for none. spring.rabbitmq.requested-heartbeat= # Requested heartbeat timeout, in seconds; zero for none.
spring.rabbitmq.ssl.enabled=false # Enable SSL support. spring.rabbitmq.ssl.enabled=false # Enable SSL support.
spring.rabbitmq.ssl.key-store= # Path to the key store that holds the SSL certificate. spring.rabbitmq.ssl.key-store= # Path to the key store that holds the SSL certificate.
spring.rabbitmq.ssl.key-store-type= # Type of key store (jks, pkcs12,..). Defaults to pkcs12 if not set
spring.rabbitmq.ssl.key-store-password= # Password used to access the key store. spring.rabbitmq.ssl.key-store-password= # Password used to access the key store.
spring.rabbitmq.ssl.trust-store= # Trust store that holds SSL certificates. spring.rabbitmq.ssl.trust-store= # Trust store that holds SSL certificates.
spring.rabbitmq.ssl.trust-store-type= # Type of trust store (jks, pkcs12,..). Defaults to jks if not set
spring.rabbitmq.ssl.trust-store-password= # Password used to access the trust store. spring.rabbitmq.ssl.trust-store-password= # Password used to access the trust store.
spring.rabbitmq.ssl.algorithm= # SSL algorithm to use. By default configure by the rabbit client library. spring.rabbitmq.ssl.algorithm= # SSL algorithm to use. By default configure by the rabbit client library.
spring.rabbitmq.template.mandatory=false # Enable mandatory messages. spring.rabbitmq.template.mandatory=false # Enable mandatory messages.