# HG changeset patch
# User Elliott Baron <ebaron@redhat.com>
# Date 1368814087 14400
# Node ID 51540fc0849cc0d6a2c13172b4c31c91b643ff2b
# Parent  c2982ec31c62807ee708dd490107d2980ed1204f
Fix handling of keystores with no password

The previous commit causes some tests in CustomX509TrustManagerTest to
fail that involve keystores that are not password-protected. It appears
these tests were silently ignoring password errors, which were corrected
in the previous commit. The problem is that KeyStore.load expects a null
password if the keystore is not password-protected, and we were
supplying the empty string. This commit changes all instances where we
pass the empty string to KeyStore.load. This also replaces empty.keystore
used in tests. The keystore we have now actually has an entry, this new
keystore is in fact empty.

Reviewed-by: jerboaa
Review-thread: http://icedtea.classpath.org/pipermail/thermostat/2013-May/006582.html

diff -r c2982ec31c62 -r 51540fc0849c common/core/src/main/java/com/redhat/thermostat/common/internal/KeyStoreProvider.java
--- a/common/core/src/main/java/com/redhat/thermostat/common/internal/KeyStoreProvider.java	Fri May 17 14:06:04 2013 -0400
+++ b/common/core/src/main/java/com/redhat/thermostat/common/internal/KeyStoreProvider.java	Fri May 17 14:08:07 2013 -0400
@@ -55,7 +55,12 @@
             try (InputStream is = new FileInputStream(trustStoreFile)) {
                 KeyStore trustStore = KeyStore.getInstance(KeyStore
                         .getDefaultType());
-                trustStore.load(is, keyStorePassword.toCharArray());
+                if (keyStorePassword == null) {
+                    trustStore.load(is, null);
+                }
+                else {
+                    trustStore.load(is, keyStorePassword.toCharArray());
+                }
                 return trustStore;
             } catch (IOException | CertificateException
                     | NoSuchAlgorithmException | KeyStoreException e) {
diff -r c2982ec31c62 -r 51540fc0849c common/core/src/main/java/com/redhat/thermostat/common/ssl/SSLConfiguration.java
--- a/common/core/src/main/java/com/redhat/thermostat/common/ssl/SSLConfiguration.java	Fri May 17 14:06:04 2013 -0400
+++ b/common/core/src/main/java/com/redhat/thermostat/common/ssl/SSLConfiguration.java	Fri May 17 14:08:07 2013 -0400
@@ -81,21 +81,17 @@
     /**
      * 
      * @return The keystore file as specified in $THERMOSTAT_HOME/etc/ssl.properties
-     *         if any. The empty string otherwise.
+     *         if any, null otherwise.
      */
     public static String getKeyStorePassword() {
         try {
             loadClientProperties();
         } catch (InvalidConfigurationException e) {
             // Thermostat home not set? Do something reasonable
-            return "";
+            return null;
         }
         String pwd = clientProps.getProperty(KEYSTORE_FILE_PWD_KEY);
-        if (pwd == null) {
-            return "";
-        } else {
-            return pwd;
-        }
+        return pwd;
     }
     
     /**
diff -r c2982ec31c62 -r 51540fc0849c common/core/src/test/java/com/redhat/thermostat/common/internal/CustomX509TrustManagerTest.java
--- a/common/core/src/test/java/com/redhat/thermostat/common/internal/CustomX509TrustManagerTest.java	Fri May 17 14:06:04 2013 -0400
+++ b/common/core/src/test/java/com/redhat/thermostat/common/internal/CustomX509TrustManagerTest.java	Fri May 17 14:08:07 2013 -0400
@@ -93,7 +93,7 @@
         File emptyKeyStore = new File(this.getClass()
                 .getResource("/empty.keystore").getFile());
         X509TrustManager tm = new CustomX509TrustManager(null, emptyKeyStore,
-                "");
+                null);
         assertEquals(0, tm.getAcceptedIssuers().length);
         try {
             tm.checkClientTrusted(null, null);
@@ -113,7 +113,7 @@
     public void testLoadEmptyTrustStoreForOurDefaultAsUsual() throws Exception {
         File emptyKeyStore = new File(this.getClass()
                 .getResource("/empty.keystore").getFile());
-        X509TrustManager tm = new CustomX509TrustManager(emptyKeyStore, "");
+        X509TrustManager tm = new CustomX509TrustManager(emptyKeyStore, null);
         // Default list should not be empty
         assertTrue(tm.getAcceptedIssuers().length > 0);
         try {
diff -r c2982ec31c62 -r 51540fc0849c common/core/src/test/java/com/redhat/thermostat/common/ssl/SSLConfigurationTest.java
--- a/common/core/src/test/java/com/redhat/thermostat/common/ssl/SSLConfigurationTest.java	Fri May 17 14:06:04 2013 -0400
+++ b/common/core/src/test/java/com/redhat/thermostat/common/ssl/SSLConfigurationTest.java	Fri May 17 14:08:07 2013 -0400
@@ -63,7 +63,7 @@
         File clientProps = new File("i/am/not/there/file.txt");
         SSLConfiguration.initClientProperties(clientProps);
         assertTrue(SSLConfiguration.getKeystoreFile() == null);
-        assertEquals("", SSLConfiguration.getKeyStorePassword());
+        assertEquals(null, SSLConfiguration.getKeyStorePassword());
     }
     
     @Test
diff -r c2982ec31c62 -r 51540fc0849c common/core/src/test/resources/empty.keystore
Binary file common/core/src/test/resources/empty.keystore has changed