PemSslStoreBundle Class — spring-boot Architecture

Source Code

core/spring-boot/src/main/java/org/springframework/boot/ssl/pem/PemSslStoreBundle.java lines 45–150

public class PemSslStoreBundle implements SslStoreBundle {

	private static final String DEFAULT_ALIAS = "ssl";

	private final SingletonSupplier<KeyStore> keyStore;

	private final SingletonSupplier<KeyStore> trustStore;

	/**
	 * Create a new {@link PemSslStoreBundle} instance.
	 * @param keyStoreDetails the key store details
	 * @param trustStoreDetails the trust store details
	 */
	public PemSslStoreBundle(@Nullable PemSslStoreDetails keyStoreDetails,
			@Nullable PemSslStoreDetails trustStoreDetails) {
		this(PemSslStore.load(keyStoreDetails), PemSslStore.load(trustStoreDetails));
	}

	/**
	 * Create a new {@link PemSslStoreBundle} instance.
	 * @param pemKeyStore the PEM key store
	 * @param pemTrustStore the PEM trust store
	 * @since 3.2.0
	 */
	public PemSslStoreBundle(@Nullable PemSslStore pemKeyStore, @Nullable PemSslStore pemTrustStore) {
		this.keyStore = SingletonSupplier.of(() -> createKeyStore("key", pemKeyStore));
		this.trustStore = SingletonSupplier.of(() -> createKeyStore("trust", pemTrustStore));
	}

	@Override
	public @Nullable KeyStore getKeyStore() {
		return this.keyStore.get();
	}

	@Override
	public @Nullable String getKeyStorePassword() {
		return null;
	}

	@Override
	public @Nullable KeyStore getTrustStore() {
		return this.trustStore.get();
	}

	private static @Nullable KeyStore createKeyStore(String name, @Nullable PemSslStore pemSslStore) {
		if (pemSslStore == null) {
			return null;
		}
		try {
			List<X509Certificate> certificates = pemSslStore.certificates();
			Assert.state(!ObjectUtils.isEmpty(certificates), "Certificates must not be empty");
			String alias = getAlias(pemSslStore);
			KeyStore store = createKeyStore(pemSslStore.type());
			PrivateKey privateKey = pemSslStore.privateKey();
			if (privateKey != null) {
				addPrivateKey(store, privateKey, alias, pemSslStore.password(), certificates);
			}
			else {
				addCertificates(store, certificates, alias);
			}
			return store;
		}
		catch (Exception ex) {
			throw new IllegalStateException("Unable to create %s store: %s".formatted(name, ex.getMessage()), ex);
		}
	}

	private static String getAlias(PemSslStore pemSslStore) {
		String alias = pemSslStore.alias();
		return (alias != null) ? alias : DEFAULT_ALIAS;
	}

	private static KeyStore createKeyStore(@Nullable String type)
			throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
		KeyStore store = KeyStore.getInstance(StringUtils.hasText(type) ? type : KeyStore.getDefaultType());
		store.load(null);
		return store;
	}

	private static void addPrivateKey(KeyStore keyStore, PrivateKey privateKey, String alias,
			@Nullable String keyPassword, List<X509Certificate> certificateChain) throws KeyStoreException {
		keyStore.setKeyEntry(alias, privateKey, (keyPassword != null) ? keyPassword.toCharArray() : null,
				certificateChain.toArray(X509Certificate[]::new));
	}

	private static void addCertificates(KeyStore keyStore, List<X509Certificate> certificates, String alias)
			throws KeyStoreException {
		for (int index = 0; index < certificates.size(); index++) {
			String entryAlias = alias + ((certificates.size() == 1) ? "" : "-" + index);
			X509Certificate certificate = certificates.get(index);
			keyStore.setCertificateEntry(entryAlias, certificate);
		}
	}

	@Override
	public String toString() {
		ToStringCreator creator = new ToStringCreator(this);
		KeyStore keyStore = this.keyStore.get();
		KeyStore trustStore = this.trustStore.get();
		creator.append("keyStore.type", (keyStore != null) ? keyStore.getType() : "none");
		creator.append("keyStorePassword", null);
		creator.append("trustStore.type", (trustStore != null) ? trustStore.getType() : "none");
		return creator.toString();
	}

}