WebClientOptions sslClientCertificateStore is transient

rbri · rbri · commit aaedfbbefdf4 · 2025-01-26T11:45:34.000+01:00
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
@@ -7,6 +7,13 @@
     </properties>
 
     <body>
+        <release version="4.10.0" date="February xx, 2025" description="Bugfixes">
+            <action type="fix" dev="rbri">
+                WebClientOptions sslClientCertificateStore is transient.
+            </action>
+        </release>
+
+
         <release version="4.9.0" date="January 22, 2025" description="Chrome/Edge 132, Firefox 134, BigInt, Bugfixes">
             <action type="fix" dev="rbri">
                 WebClientOptions SSLTrustStore is transient.
@@ -32,6 +39,7 @@
             </action>
         </release>
 
+
         <release version="4.8.0" date="January 12, 2025" description="Bugfixes, css colors, less dependencies, improved javascript support">
             <action type="add" dev="rbri">
                 cssparser: support plain color definitions with var/calc.
diff --git a/src/main/java/org/htmlunit/WebClientOptions.java b/src/main/java/org/htmlunit/WebClientOptions.java
@@ -53,7 +53,7 @@ public class WebClientOptions implements Serializable {
     private boolean isRedirectEnabled_ = true;
     private File tempFileDirectory_;
 
-    private KeyStore sslClientCertificateStore_;
+    private transient KeyStore sslClientCertificateStore_;
     private char[] sslClientCertificatePassword_;
     private transient KeyStore sslTrustStore_;
     private String[] sslClientProtocols_;
@@ -188,6 +188,7 @@ public boolean isRedirectEnabled() {
      * In some cases the impl seems to pick old certificates from the {@link KeyStore}. To avoid
      * that, wrap your {@link KeyStore} inside your own {@link KeyStore} impl and filter out outdated
      * certificates.
+     * <p>This property is transient (because KeyStore is not serializable)
      *
      * @param keyStore {@link KeyStore} to use
      * @param keyStorePassword the keystore password
@@ -205,6 +206,7 @@ public void setSSLClientCertificateKeyStore(final KeyStore keyStore, final char[
      * "sun.security.ssl.allowUnsafeRenegotiation" to true, as hinted in
      * <a href="http://www.oracle.com/technetwork/java/javase/documentation/tlsreadme2-176330.html">
      * TLS Renegotiation Issue</a>.
+     * <p>This property is transient (because KeyStore is not serializable)
      *
      * @param keyStoreUrl the URL which locates the certificate {@link KeyStore}
      * @param keyStorePassword the certificate {@link KeyStore} password
@@ -253,6 +255,8 @@ public void setSSLClientCertificateKeyStore(final InputStream keyStoreInputStrea
 
     /**
      * Gets the SSLClientCertificateStore.
+     * <p>This property is transient (because KeyStore is not serializable)
+     *
      * @return the KeyStore for use on SSL connections
      */
     public KeyStore getSSLClientCertificateStore() {
@@ -542,8 +546,7 @@ public String getSSLInsecureProtocol() {
      * Sets the SSL server certificate trust store. All server certificates will be validated against
      * this trust store.
      * <p>This property is transient (because KeyStore is not serializable)
-     * <p>
-     * The needed parameters are used to construct a {@link java.security.KeyStore}.
+     * <p>The needed parameters are used to construct a {@link java.security.KeyStore}.
      *
      * @param sslTrustStoreUrl the URL which locates the trust store
      * @param sslTrustStorePassword the trust store password
diff --git a/src/test/java/org/htmlunit/WebClientOptionsTest.java b/src/test/java/org/htmlunit/WebClientOptionsTest.java
@@ -20,6 +20,7 @@
 
 import org.apache.commons.lang3.SerializationUtils;
 import org.htmlunit.junit.BrowserRunner;
+import org.junit.Assert;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 
@@ -126,4 +127,21 @@ public void serializationSSLTrustStore() throws Exception {
 
         assertNull(deserialized.getSSLTrustStore());
     }
+
+    /**
+     * @throws Exception if an error occurs
+     */
+    @Test
+    public void sslClientCertificateStore() throws Exception {
+        final WebClientOptions original = new WebClientOptions();
+
+        final KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+        original.setSSLClientCertificateKeyStore(keyStore, "secret".toCharArray());
+
+        final byte[] bytes = SerializationUtils.serialize(original);
+        final WebClientOptions deserialized = (WebClientOptions) SerializationUtils.deserialize(bytes);
+
+        assertNull(deserialized.getSSLClientCertificateStore());
+        Assert.assertArrayEquals("secret".toCharArray(), deserialized.getSSLClientCertificatePassword());
+    }
 }
