Skip to content

Support to PKCS12 keystores through encryption.keyStore.type property #954

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
bberto wants to merge 5 commits into from
Closed

Support to PKCS12 keystores through encryption.keyStore.type property #954

bberto wants to merge 5 commits into from

Conversation

@bberto
Copy link
Contributor

@bberto bberto commented May 19, 2021

fixes gh-953

ryanjbaxter
ryanjbaxter requested changes May 25, 2021
View reviewed changes
...g-cloud-context/src/main/java/org/springframework/cloud/bootstrap/encrypt/KeyProperties.java Outdated
* The KeyStore type (key store file extension used as default).
*/
private String type = "jks";
private String type;
Copy link
Contributor

@ryanjbaxter ryanjbaxter May 25, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why did you remove the default value?

Copy link
Contributor Author

@bberto bberto May 26, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Currently this property is not used in TextEncryptorUtils.createTextEncryptor and the default behaviour is to infer the keystore type from the file extension.

Removing the default value this behaviour is preserved, avoiding a breaking change for who is using, for example, encryption.key-store.location=classpath:test.jceks with no encryption.key-store.type set.

However, while writing this comment, I noticed a default value is expected here:
https://github.com/spring-cloud/spring-cloud-config/blob/e645c802157caa88a8ed50ecb9067335f0c7522f/spring-cloud-config-server/src/main/java/org/springframework/cloud/config/server/config/EncryptionAutoConfiguration.java#L104

What do you suggest?

Copy link
Contributor

@ryanjbaxter ryanjbaxter May 26, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you enable your added code below only if it is not the default value?

Copy link
Contributor Author

@bberto bberto May 27, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's better to rollback to default value. The current behaviour (infer type from extension) is not documented anywhere and the error in case of keystore type mismatch is pretty clear.

@bberto bberto marked this pull request as draft May 27, 2021 06:34
@bberto bberto closed this May 27, 2021
@bberto
Copy link
Contributor Author

bberto commented May 27, 2021

Sorry, I made a mess with this PR. I opened a new one:
#963

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ryanjbaxter ryanjbaxter ryanjbaxter requested changes

Assignees

No one assigned

Labels

waiting-for-triage

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Property type is ignored when loading encryption keystore

3 participants

@bberto @ryanjbaxter @spring-cloud-issues