Skip to content

Commit ba4c26d

Browse files
Ryan Baxterryanjbaxter
Ryan Baxter
and
ryanjbaxter
authored
Allow for the creation of the truststore without needing a keystore (#1394)
Co-authored-by: Ryan Baxter <[email protected]>
1 parent d64695a commit ba4c26d

File tree

1 file changed

+25
-15
lines changed

1 file changed

+25
-15
lines changed

spring-cloud-commons/src/main/java/org/springframework/cloud/configuration/SSLContextFactory.java

Lines changed: 25 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -25,12 +25,16 @@
2525

2626
import javax.net.ssl.SSLContext;
2727

28+
import org.apache.commons.logging.Log;
29+
import org.apache.commons.logging.LogFactory;
2830
import org.apache.hc.core5.ssl.SSLContextBuilder;
2931

3032
import org.springframework.core.io.Resource;
3133

3234
public class SSLContextFactory {
3335

36+
private static Log logger = LogFactory.getLog(SSLContextFactory.class);
37+
3438
private TlsProperties properties;
3539

3640
public SSLContextFactory(TlsProperties properties) {
@@ -39,26 +43,32 @@ public SSLContextFactory(TlsProperties properties) {
3943

4044
public SSLContext createSSLContext() throws GeneralSecurityException, IOException {
4145
SSLContextBuilder builder = new SSLContextBuilder();
42-
char[] keyPassword = properties.keyPassword();
43-
KeyStore keyStore = createKeyStore();
4446

45-
try {
46-
builder.loadKeyMaterial(keyStore, keyPassword);
47+
KeyStore trust = createTrustStore();
48+
if (trust != null) {
49+
builder.loadTrustMaterial(trust, null);
4750
}
48-
catch (UnrecoverableKeyException e) {
49-
if (keyPassword.length == 0) {
50-
// Retry if empty password, see
51-
// https://rt.openssl.org/Ticket/Display.html?id=1497&user=guest&pass=guest
52-
builder.loadKeyMaterial(keyStore, new char[] { '\0' });
51+
52+
char[] keyPassword = properties.keyPassword();
53+
try {
54+
KeyStore keyStore = createKeyStore();
55+
56+
try {
57+
builder.loadKeyMaterial(keyStore, keyPassword);
5358
}
54-
else {
55-
throw e;
59+
catch (UnrecoverableKeyException e) {
60+
if (keyPassword.length == 0) {
61+
// Retry if empty password, see
62+
// https://rt.openssl.org/Ticket/Display.html?id=1497&user=guest&pass=guest
63+
builder.loadKeyMaterial(keyStore, new char[] { '\0' });
64+
}
65+
else {
66+
logger.warn("Could not create keystore.", e);
67+
}
5668
}
5769
}
58-
59-
KeyStore trust = createTrustStore();
60-
if (trust != null) {
61-
builder.loadTrustMaterial(trust, null);
70+
catch (KeyStoreException e) {
71+
logger.warn("Could not create keystore.", e);
6272
}
6373

6474
return builder.build();

0 commit comments

Comments
 (0)