Add configuration for Rabbit's key store and trust store algorithm

topikachu · snicoll · commit 489062b2038a · 2020-12-15T10:50:17.000+01:00
See gh-24076
diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/amqp/RabbitAutoConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/amqp/RabbitAutoConfiguration.java
@@ -140,9 +140,11 @@ private RabbitConnectionFactoryBean getRabbitConnectionFactoryBean(RabbitPropert
 				map.from(ssl::getKeyStoreType).to(factory::setKeyStoreType);
 				map.from(ssl::getKeyStore).to(factory::setKeyStore);
 				map.from(ssl::getKeyStorePassword).to(factory::setKeyStorePassphrase);
+				map.from(ssl::getKeyStoreAlgorithm).whenNonNull().to(factory::setKeyStoreAlgorithm);
 				map.from(ssl::getTrustStoreType).to(factory::setTrustStoreType);
 				map.from(ssl::getTrustStore).to(factory::setTrustStore);
 				map.from(ssl::getTrustStorePassword).to(factory::setTrustStorePassphrase);
+				map.from(ssl::getTrustStoreAlgorithm).whenNonNull().to(factory::setTrustStoreAlgorithm);
 				map.from(ssl::isValidateServerCertificate)
 						.to((validate) -> factory.setSkipServerCertificateValidation(!validate));
 				map.from(ssl::getVerifyHostname).to(factory::setEnableHostnameVerification);
diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/amqp/RabbitProperties.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/amqp/RabbitProperties.java
@@ -363,6 +363,8 @@ public Template getTemplate() {
 
 	public class Ssl {
 
+		private static final String SUN_X509 = "SunX509";
+
 		/**
 		 * Whether to enable SSL support. Determined automatically if an address is
 		 * provided with the protocol (amqp:// vs. amqps://).
@@ -384,6 +386,11 @@ public class Ssl {
 		 */
 		private String keyStorePassword;
 
+		/**
+		 * Key store algorithm.
+		 */
+		private String keyStoreAlgorithm = SUN_X509;
+
 		/**
 		 * Trust store that holds SSL certificates.
 		 */
@@ -399,6 +406,11 @@ public class Ssl {
 		 */
 		private String trustStorePassword;
 
+		/**
+		 * Trust store algorithm.
+		 */
+		private String trustStoreAlgorithm = SUN_X509;
+
 		/**
 		 * SSL algorithm to use. By default, configured by the Rabbit client library.
 		 */
@@ -462,6 +474,14 @@ public void setKeyStorePassword(String keyStorePassword) {
 			this.keyStorePassword = keyStorePassword;
 		}
 
+		public String getKeyStoreAlgorithm() {
+			return this.keyStoreAlgorithm;
+		}
+
+		public void setKeyStoreAlgorithm(String keyStoreAlgorithm) {
+			this.keyStoreAlgorithm = keyStoreAlgorithm;
+		}
+
 		public String getTrustStore() {
 			return this.trustStore;
 		}
@@ -486,6 +506,14 @@ public void setTrustStorePassword(String trustStorePassword) {
 			this.trustStorePassword = trustStorePassword;
 		}
 
+		public String getTrustStoreAlgorithm() {
+			return this.trustStoreAlgorithm;
+		}
+
+		public void setTrustStoreAlgorithm(String trustStoreAlgorithm) {
+			this.trustStoreAlgorithm = trustStoreAlgorithm;
+		}
+
 		public String getAlgorithm() {
 			return this.algorithm;
 		}
diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/amqp/RabbitAutoConfigurationTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/amqp/RabbitAutoConfigurationTests.java
@@ -738,6 +738,36 @@ void enableSslWithValidateServerCertificateDefault() throws Exception {
 				});
 	}
 
+	@Test
+	void enableSslWithValidStoreAlgorithmShouldWork() throws Exception {
+		this.contextRunner.withUserConfiguration(TestConfiguration.class)
+				.withPropertyValues("spring.rabbitmq.ssl.enabled:true",
+						"spring.rabbitmq.ssl.keyStore=/org/springframework/boot/autoconfigure/amqp/test.jks",
+						"spring.rabbitmq.ssl.keyStoreType=jks", "spring.rabbitmq.ssl.keyStorePassword=secret",
+						"spring.rabbitmq.ssl.keyStoreAlgorithm=PKIX",
+						"spring.rabbitmq.ssl.trustStore=/org/springframework/boot/autoconfigure/amqp/test.jks",
+						"spring.rabbitmq.ssl.trustStoreType=jks", "spring.rabbitmq.ssl.trustStorePassword=secret",
+						"spring.rabbitmq.ssl.trustStoreAlgorithm=PKIX")
+				.run((context) -> assertThat(context).hasNotFailed());
+	}
+
+	@Test
+	void enableSslWithInvalidStoreAlgorithmShouldFail() throws Exception {
+		this.contextRunner.withUserConfiguration(TestConfiguration.class)
+				.withPropertyValues("spring.rabbitmq.ssl.enabled:true",
+						"spring.rabbitmq.ssl.keyStore=/org/springframework/boot/autoconfigure/amqp/test.jks",
+						"spring.rabbitmq.ssl.keyStoreType=jks", "spring.rabbitmq.ssl.keyStorePassword=secret",
+						"spring.rabbitmq.ssl.keyStoreAlgorithm=foo",
+						"spring.rabbitmq.ssl.trustStore=/org/springframework/boot/autoconfigure/amqp/test.jks",
+						"spring.rabbitmq.ssl.trustStoreType=jks", "spring.rabbitmq.ssl.trustStorePassword=secret",
+						"spring.rabbitmq.ssl.trustStoreAlgorithm=foo")
+				.run((context) -> {
+					assertThat(context).hasFailed();
+					assertThat(context).getFailure().hasMessageContaining("foo");
+					assertThat(context).getFailure().hasRootCauseInstanceOf(NoSuchAlgorithmException.class);
+				});
+	}
+
 	@Test
 	void whenACredentialsProviderIsAvailableThenConnectionFactoryIsConfiguredToUseIt() throws Exception {
 		this.contextRunner.withUserConfiguration(CredentialsProviderConfiguration.class)
