KeyStore and TrustStore are mandatory in SslStoreProvider #11395
Description
The getKeyStore and the getTrustStore methods of the SslStoreProvider interface must always return the desired Key- and TrustStore object (at least in case of using Tomcat, I haven't tested Jetty and Undertow but it seems their case is the same). In other words, there is no way to specify just one of them, e.g.: I want to specify which KeyStore to use but I want to use the default TrustStore shipped with the JDK. Or I want to mess with the TrustStore but I still want to use the KeyStore I configured in the application properties.
I'm using Spring-Boot 1.5.9-RELEASE, OpenJDK 1.8.0_152 and Gradle 4.4
In case of Tomcat, I think this could be fixed in the TomcatEmbeddedServletContainerFactory by just setting the right objects in the right scenarios (see an example below).
The solution in case of Jetty and Undertow seems similar or even simpler to me. I created an example which reproduces the issue, please check the commit which tries to set the TrustStore to make this work.
if (getSslStoreProvider() != null) {
TomcatURLStreamHandlerFactory instance = TomcatURLStreamHandlerFactory
.getInstance();
instance.addUserFactory(
new SslStoreProviderUrlStreamHandlerFactory(getSslStoreProvider()));
if (getSslStoreProvider().getKeyStore() != null) {
protocol.setKeystoreFile(
SslStoreProviderUrlStreamHandlerFactory.KEY_STORE_URL);
}
else {
configureSslKeyStore(protocol, ssl);
}
if (getSslStoreProvider().getTrustStore() != null) {
protocol.setTruststoreFile(
SslStoreProviderUrlStreamHandlerFactory.TRUST_STORE_URL);
}
else {
configureSslTrustStore(protocol, ssl);
}
}
else {
configureSslKeyStore(protocol, ssl);
configureSslTrustStore(protocol, ssl);
}
If this approach could work, I'm happy to create a PR.