Add encrypt.keyStore.secret property
So that the keystore and the key can have independent secrets (the "secret" is the key, and the "password" is the store). Fixes gh-98
This commit is contained in:
@@ -287,8 +287,9 @@ your `application.yml` for the Config Server:
|
||||
encrypt:
|
||||
keyStore:
|
||||
location: classpath:/server.jks
|
||||
alias: mytestkey
|
||||
password: letmein
|
||||
alias: mytestkey
|
||||
secret: changeme
|
||||
----
|
||||
|
||||
=== Embedding the Config Server
|
||||
|
||||
@@ -40,7 +40,7 @@ import org.springframework.util.StringUtils;
|
||||
*
|
||||
*/
|
||||
@Configuration
|
||||
@ConditionalOnClass({TextEncryptor.class, RsaSecretEncryptor.class})
|
||||
@ConditionalOnClass({ TextEncryptor.class, RsaSecretEncryptor.class })
|
||||
@EnableConfigurationProperties(KeyProperties.class)
|
||||
public class EncryptionBootstrapConfiguration {
|
||||
|
||||
@@ -65,8 +65,8 @@ public class EncryptionBootstrapConfiguration {
|
||||
if (keyStore.getLocation() != null && keyStore.getLocation().exists()) {
|
||||
return new RsaSecretEncryptor(
|
||||
new KeyStoreKeyFactory(keyStore.getLocation(), keyStore
|
||||
.getPassword().toCharArray()).getKeyPair(keyStore
|
||||
.getAlias()));
|
||||
.getPassword().toCharArray()).getKeyPair(
|
||||
keyStore.getAlias(), keyStore.getSecret().toCharArray()));
|
||||
}
|
||||
return new EncryptorFactory().create(key.getKey());
|
||||
}
|
||||
@@ -94,7 +94,8 @@ public class EncryptionBootstrapConfiguration {
|
||||
if (encryptor == null) {
|
||||
encryptor = new FailsafeTextEncryptor();
|
||||
}
|
||||
EnvironmentDecryptApplicationInitializer listener = new EnvironmentDecryptApplicationInitializer(encryptor);
|
||||
EnvironmentDecryptApplicationInitializer listener = new EnvironmentDecryptApplicationInitializer(
|
||||
encryptor);
|
||||
listener.setFailOnError(key.isFailOnError());
|
||||
return listener;
|
||||
}
|
||||
|
||||
@@ -56,6 +56,7 @@ public class KeyProperties {
|
||||
private Resource location;
|
||||
private String password;
|
||||
private String alias;
|
||||
private String secret;
|
||||
|
||||
public String getAlias() {
|
||||
return alias;
|
||||
@@ -81,5 +82,13 @@ public class KeyProperties {
|
||||
this.password = password;
|
||||
}
|
||||
|
||||
public String getSecret() {
|
||||
return secret==null ? password : secret;
|
||||
}
|
||||
|
||||
public void setSecret(String secret) {
|
||||
this.secret = secret;
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,24 @@
|
||||
package org.springframework.cloud.bootstrap.encrypt;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.springframework.boot.builder.SpringApplicationBuilder;
|
||||
import org.springframework.context.ConfigurableApplicationContext;
|
||||
import org.springframework.security.crypto.encrypt.TextEncryptor;
|
||||
|
||||
public class EncryptionBootstrapConfigurationTests {
|
||||
|
||||
@Test
|
||||
public void rsaKeyStore() {
|
||||
ConfigurableApplicationContext context = new SpringApplicationBuilder(
|
||||
EncryptionBootstrapConfiguration.class).web(false).properties(
|
||||
"encrypt.keyStore.location:classpath:/server.jks",
|
||||
"encrypt.keyStore.password:letmein",
|
||||
"encrypt.keyStore.alias:mytestkey", "encrypt.keyStore.secret:changeme")
|
||||
.run();
|
||||
TextEncryptor encryptor = context.getBean(TextEncryptor.class);
|
||||
assertEquals("foo", encryptor.decrypt(encryptor.encrypt("foo")));
|
||||
}
|
||||
|
||||
}
|
||||
BIN
spring-cloud-config-client/src/test/resources/server.jks
Normal file
BIN
spring-cloud-config-client/src/test/resources/server.jks
Normal file
Binary file not shown.
Reference in New Issue
Block a user