Honour SSL key and trust store providers when configuring Undertow

Closes gh-14713

Author: wilkinsona

spring-boot/src/main/java/org/springframework/boot/context/embedded/undertow/UndertowEmbeddedServletContainerFactory.java

@@ -347,8 +347,8 @@ private KeyStore getKeyStore() throws Exception {
 			return getSslStoreProvider().getKeyStore();
 		}
 		Ssl ssl = getSsl();
-		return loadKeyStore(ssl.getKeyStoreType(), ssl.getKeyStore(),
-				ssl.getKeyStorePassword());
+		return loadKeyStore(ssl.getKeyStoreType(), ssl.getKeyStoreProvider(),
+				ssl.getKeyStore(), ssl.getKeyStorePassword());
 	}
 
 	private TrustManager[] getTrustManagers() {
@@ -369,17 +369,18 @@ private KeyStore getTrustStore() throws Exception {
 			return getSslStoreProvider().getTrustStore();
 		}
 		Ssl ssl = getSsl();
-		return loadKeyStore(ssl.getTrustStoreType(), ssl.getTrustStore(),
-				ssl.getTrustStorePassword());
+		return loadKeyStore(ssl.getTrustStoreType(), ssl.getTrustStoreProvider(),
+				ssl.getTrustStore(), ssl.getTrustStorePassword());
 	}
 
-	private KeyStore loadKeyStore(String type, String resource, String password)
-			throws Exception {
+	private KeyStore loadKeyStore(String type, String provider, String resource,
+			String password) throws Exception {
 		type = (type != null) ? type : "JKS";
 		if (resource == null) {
 			return null;
 		}
-		KeyStore store = KeyStore.getInstance(type);
+		KeyStore store = (provider != null) ? KeyStore.getInstance(type, provider)
+				: KeyStore.getInstance(type);
 		URL url = ResourceUtils.getURL(resource);
 		store.load(url.openStream(), (password != null) ? password.toCharArray() : null);
 		return store;

spring-boot/src/test/java/org/springframework/boot/context/embedded/undertow/UndertowEmbeddedServletContainerFactoryTests.java

@@ -21,6 +21,7 @@
 import java.net.SocketException;
 import java.net.URISyntaxException;
 import java.nio.charset.Charset;
+import java.security.NoSuchProviderException;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.HashSet;
@@ -54,6 +55,7 @@
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.hamcrest.CoreMatchers.anyOf;
 import static org.hamcrest.CoreMatchers.instanceOf;
+import static org.junit.Assert.fail;
 import static org.mockito.Matchers.anyObject;
 import static org.mockito.Mockito.inOrder;
 import static org.mockito.Mockito.mock;
@@ -194,6 +196,41 @@ public void accessLogCanBeCustomized()
 		testAccessLog("my_access.", "logz", "my_access.logz");
 	}
 
+	@Test
+	public void sslKeyStoreProvider() {
+		AbstractEmbeddedServletContainerFactory factory = getFactory();
+		Ssl ssl = getSsl(null, "password", "classpath:test.jks");
+		ssl.setKeyStoreProvider("com.example.KeyStoreProvider");
+		factory.setSsl(ssl);
+		try {
+			factory.getEmbeddedServletContainer();
+			fail();
+		}
+		catch (Exception ex) {
+			Throwable cause = ex.getCause();
+			assertThat(cause).isInstanceOf(NoSuchProviderException.class);
+			assertThat(cause).hasMessageContaining("com.example.KeyStoreProvider");
+		}
+	}
+
+	@Test
+	public void sslTrustStoreProvider() {
+		AbstractEmbeddedServletContainerFactory factory = getFactory();
+		Ssl ssl = getSsl(null, null, null);
+		ssl.setTrustStore("classpath:test.jks");
+		ssl.setTrustStoreProvider("com.example.TrustStoreProvider");
+		factory.setSsl(ssl);
+		try {
+			factory.getEmbeddedServletContainer();
+			fail();
+		}
+		catch (Exception ex) {
+			Throwable cause = ex.getCause();
+			assertThat(cause).isInstanceOf(NoSuchProviderException.class);
+			assertThat(cause).hasMessageContaining("com.example.TrustStoreProvider");
+		}
+	}
+
 	private void testAccessLog(String prefix, String suffix, String expectedFile)
 			throws IOException, URISyntaxException, InterruptedException {
 		UndertowEmbeddedServletContainerFactory factory = getFactory();