Mercurial > hg > release > thermostat-0.9
changeset 1094:51540fc0849c
Fix handling of keystores with no password
The previous commit causes some tests in CustomX509TrustManagerTest to
fail that involve keystores that are not password-protected. It appears
these tests were silently ignoring password errors, which were corrected
in the previous commit. The problem is that KeyStore.load expects a null
password if the keystore is not password-protected, and we were
supplying the empty string. This commit changes all instances where we
pass the empty string to KeyStore.load. This also replaces empty.keystore
used in tests. The keystore we have now actually has an entry, this new
keystore is in fact empty.
Reviewed-by: jerboaa
Review-thread: http://icedtea.classpath.org/pipermail/thermostat/2013-May/006582.html
author | Elliott Baron <ebaron@redhat.com> |
---|---|
date | Fri, 17 May 2013 14:08:07 -0400 |
parents | c2982ec31c62 |
children | 8b19c4771db1 |
files | common/core/src/main/java/com/redhat/thermostat/common/internal/KeyStoreProvider.java common/core/src/main/java/com/redhat/thermostat/common/ssl/SSLConfiguration.java common/core/src/test/java/com/redhat/thermostat/common/internal/CustomX509TrustManagerTest.java common/core/src/test/java/com/redhat/thermostat/common/ssl/SSLConfigurationTest.java common/core/src/test/resources/empty.keystore |
diffstat | 5 files changed, 12 insertions(+), 11 deletions(-) [+] |
line wrap: on
line diff
--- a/common/core/src/main/java/com/redhat/thermostat/common/internal/KeyStoreProvider.java Fri May 17 14:06:04 2013 -0400 +++ b/common/core/src/main/java/com/redhat/thermostat/common/internal/KeyStoreProvider.java Fri May 17 14:08:07 2013 -0400 @@ -55,7 +55,12 @@ try (InputStream is = new FileInputStream(trustStoreFile)) { KeyStore trustStore = KeyStore.getInstance(KeyStore .getDefaultType()); - trustStore.load(is, keyStorePassword.toCharArray()); + if (keyStorePassword == null) { + trustStore.load(is, null); + } + else { + trustStore.load(is, keyStorePassword.toCharArray()); + } return trustStore; } catch (IOException | CertificateException | NoSuchAlgorithmException | KeyStoreException e) {
--- a/common/core/src/main/java/com/redhat/thermostat/common/ssl/SSLConfiguration.java Fri May 17 14:06:04 2013 -0400 +++ b/common/core/src/main/java/com/redhat/thermostat/common/ssl/SSLConfiguration.java Fri May 17 14:08:07 2013 -0400 @@ -81,21 +81,17 @@ /** * * @return The keystore file as specified in $THERMOSTAT_HOME/etc/ssl.properties - * if any. The empty string otherwise. + * if any, null otherwise. */ public static String getKeyStorePassword() { try { loadClientProperties(); } catch (InvalidConfigurationException e) { // Thermostat home not set? Do something reasonable - return ""; + return null; } String pwd = clientProps.getProperty(KEYSTORE_FILE_PWD_KEY); - if (pwd == null) { - return ""; - } else { - return pwd; - } + return pwd; } /**
--- a/common/core/src/test/java/com/redhat/thermostat/common/internal/CustomX509TrustManagerTest.java Fri May 17 14:06:04 2013 -0400 +++ b/common/core/src/test/java/com/redhat/thermostat/common/internal/CustomX509TrustManagerTest.java Fri May 17 14:08:07 2013 -0400 @@ -93,7 +93,7 @@ File emptyKeyStore = new File(this.getClass() .getResource("/empty.keystore").getFile()); X509TrustManager tm = new CustomX509TrustManager(null, emptyKeyStore, - ""); + null); assertEquals(0, tm.getAcceptedIssuers().length); try { tm.checkClientTrusted(null, null); @@ -113,7 +113,7 @@ public void testLoadEmptyTrustStoreForOurDefaultAsUsual() throws Exception { File emptyKeyStore = new File(this.getClass() .getResource("/empty.keystore").getFile()); - X509TrustManager tm = new CustomX509TrustManager(emptyKeyStore, ""); + X509TrustManager tm = new CustomX509TrustManager(emptyKeyStore, null); // Default list should not be empty assertTrue(tm.getAcceptedIssuers().length > 0); try {
--- a/common/core/src/test/java/com/redhat/thermostat/common/ssl/SSLConfigurationTest.java Fri May 17 14:06:04 2013 -0400 +++ b/common/core/src/test/java/com/redhat/thermostat/common/ssl/SSLConfigurationTest.java Fri May 17 14:08:07 2013 -0400 @@ -63,7 +63,7 @@ File clientProps = new File("i/am/not/there/file.txt"); SSLConfiguration.initClientProperties(clientProps); assertTrue(SSLConfiguration.getKeystoreFile() == null); - assertEquals("", SSLConfiguration.getKeyStorePassword()); + assertEquals(null, SSLConfiguration.getKeyStorePassword()); } @Test