Use empty trust-store password if SSL store provider present

For Tomcat, if an SslStoreProvider is configured,
`SslStoreProviderUrlStreamHandlerFactory` stores the trust-store with an
empty password. Previously, if a password was supplied using the
ssl.trust-store-password property, that would be the password used to
load the trust-store and the connector would warn with "Password
verification failed" message.

Fixes gh-12688
pull/13312/merge
Ian Chan 7 years ago committed by Madhura Bhave
parent 7849d73828
commit e75d45ca45

@ -118,6 +118,7 @@ class SslConnectorCustomizer implements TomcatConnectorCustomizer {
SslStoreProviderUrlStreamHandlerFactory.KEY_STORE_URL); SslStoreProviderUrlStreamHandlerFactory.KEY_STORE_URL);
} }
if (sslStoreProvider.getTrustStore() != null) { if (sslStoreProvider.getTrustStore() != null) {
protocol.setTruststorePass("");
protocol.setTruststoreFile( protocol.setTruststoreFile(
SslStoreProviderUrlStreamHandlerFactory.TRUST_STORE_URL); SslStoreProviderUrlStreamHandlerFactory.TRUST_STORE_URL);
} }

@ -170,6 +170,7 @@ public class SslConnectorCustomizerTests {
Ssl ssl = new Ssl(); Ssl ssl = new Ssl();
ssl.setKeyPassword("password"); ssl.setKeyPassword("password");
ssl.setKeyStorePassword("secret"); ssl.setKeyStorePassword("secret");
ssl.setTrustStorePassword("trustStoreSecret");
SslStoreProvider sslStoreProvider = mock(SslStoreProvider.class); SslStoreProvider sslStoreProvider = mock(SslStoreProvider.class);
given(sslStoreProvider.getTrustStore()).willReturn(loadStore()); given(sslStoreProvider.getTrustStore()).willReturn(loadStore());
given(sslStoreProvider.getKeyStore()).willReturn(loadStore()); given(sslStoreProvider.getKeyStore()).willReturn(loadStore());

Loading…
Cancel
Save