Add encrypt.keyStore.secret property

So that the keystore and the key can have independent secrets
(the "secret" is the key, and the "password" is the store).

Fixes gh-98
This commit is contained in:
Dave Syer
2015-03-09 22:15:41 +00:00
parent 742cb478ba
commit bcef73bc98
5 changed files with 40 additions and 5 deletions

View File

@@ -287,8 +287,9 @@ your `application.yml` for the Config Server:
encrypt:
keyStore:
location: classpath:/server.jks
alias: mytestkey
password: letmein
alias: mytestkey
secret: changeme
----
=== Embedding the Config Server

View File

@@ -40,7 +40,7 @@ import org.springframework.util.StringUtils;
*
*/
@Configuration
@ConditionalOnClass({TextEncryptor.class, RsaSecretEncryptor.class})
@ConditionalOnClass({ TextEncryptor.class, RsaSecretEncryptor.class })
@EnableConfigurationProperties(KeyProperties.class)
public class EncryptionBootstrapConfiguration {
@@ -65,8 +65,8 @@ public class EncryptionBootstrapConfiguration {
if (keyStore.getLocation() != null && keyStore.getLocation().exists()) {
return new RsaSecretEncryptor(
new KeyStoreKeyFactory(keyStore.getLocation(), keyStore
.getPassword().toCharArray()).getKeyPair(keyStore
.getAlias()));
.getPassword().toCharArray()).getKeyPair(
keyStore.getAlias(), keyStore.getSecret().toCharArray()));
}
return new EncryptorFactory().create(key.getKey());
}
@@ -94,7 +94,8 @@ public class EncryptionBootstrapConfiguration {
if (encryptor == null) {
encryptor = new FailsafeTextEncryptor();
}
EnvironmentDecryptApplicationInitializer listener = new EnvironmentDecryptApplicationInitializer(encryptor);
EnvironmentDecryptApplicationInitializer listener = new EnvironmentDecryptApplicationInitializer(
encryptor);
listener.setFailOnError(key.isFailOnError());
return listener;
}

View File

@@ -56,6 +56,7 @@ public class KeyProperties {
private Resource location;
private String password;
private String alias;
private String secret;
public String getAlias() {
return alias;
@@ -81,5 +82,13 @@ public class KeyProperties {
this.password = password;
}
public String getSecret() {
return secret==null ? password : secret;
}
public void setSecret(String secret) {
this.secret = secret;
}
}
}

View File

@@ -0,0 +1,24 @@
package org.springframework.cloud.bootstrap.encrypt;
import static org.junit.Assert.assertEquals;
import org.junit.Test;
import org.springframework.boot.builder.SpringApplicationBuilder;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.security.crypto.encrypt.TextEncryptor;
public class EncryptionBootstrapConfigurationTests {
@Test
public void rsaKeyStore() {
ConfigurableApplicationContext context = new SpringApplicationBuilder(
EncryptionBootstrapConfiguration.class).web(false).properties(
"encrypt.keyStore.location:classpath:/server.jks",
"encrypt.keyStore.password:letmein",
"encrypt.keyStore.alias:mytestkey", "encrypt.keyStore.secret:changeme")
.run();
TextEncryptor encryptor = context.getBean(TextEncryptor.class);
assertEquals("foo", encryptor.decrypt(encryptor.encrypt("foo")));
}
}