Merge pull request #10251 from martingreber:add-keystoretype

* pr/10251:
  Polish "Added keystore type and truststore type to rabbit properties"
  Added keystore type and truststore type to rabbit properties

Author: snicoll

spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/amqp/RabbitAutoConfiguration.java

@@ -113,8 +113,10 @@ public CachingConnectionFactory rabbitConnectionFactory(RabbitProperties config)
 				if (ssl.getAlgorithm() != null) {
 					factory.setSslAlgorithm(ssl.getAlgorithm());
 				}
+				factory.setKeyStoreType(ssl.getKeyStoreType());
 				factory.setKeyStore(ssl.getKeyStore());
 				factory.setKeyStorePassphrase(ssl.getKeyStorePassword());
+				factory.setTrustStoreType(ssl.getTrustStoreType());
 				factory.setTrustStore(ssl.getTrustStore());
 				factory.setTrustStorePassphrase(ssl.getTrustStorePassword());
 			}

spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/amqp/RabbitProperties.java

@@ -314,6 +314,11 @@ public static class Ssl {
 		 */
 		private String keyStore;
 
+		/**
+		 * Key store type.
+		 */
+		private String keyStoreType = "PKCS12";
+
 		/**
 		 * Password used to access the key store.
 		 */
@@ -324,6 +329,11 @@ public static class Ssl {
 		 */
 		private String trustStore;
 
+		/**
+		 * Trust store type.
+		 */
+		private String trustStoreType = "JKS";
+
 		/**
 		 * Password used to access the trust store.
 		 */
@@ -351,6 +361,14 @@ public void setKeyStore(String keyStore) {
 			this.keyStore = keyStore;
 		}
 
+		public String getKeyStoreType() {
+			return this.keyStoreType;
+		}
+
+		public void setKeyStoreType(String keyStoreType) {
+			this.keyStoreType = keyStoreType;
+		}
+
 		public String getKeyStorePassword() {
 			return this.keyStorePassword;
 		}
@@ -367,6 +385,14 @@ public void setTrustStore(String trustStore) {
 			this.trustStore = trustStore;
 		}
 
+		public String getTrustStoreType() {
+			return this.trustStoreType;
+		}
+
+		public void setTrustStoreType(String trustStoreType) {
+			this.trustStoreType = trustStoreType;
+		}
+
 		public String getTrustStorePassword() {
 			return this.trustStorePassword;
 		}

spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/amqp/RabbitAutoConfigurationTests.java

@@ -16,6 +16,8 @@
 
 package org.springframework.boot.autoconfigure.amqp;
 
+import java.security.NoSuchAlgorithmException;
+
 import javax.net.SocketFactory;
 import javax.net.ssl.SSLSocketFactory;
 
@@ -540,21 +542,80 @@ public void enableSsl() {
 
 	@Test
 	// Make sure that we at least attempt to load the store
-	public void enableSslWithExtraConfig() {
-		this.contextRunner.withUserConfiguration(TestConfiguration.class)
+	public void enableSslWithNonExistingKeystoreShouldFail() {
+		this.contextRunner
+				.withUserConfiguration(TestConfiguration.class)
 				.withPropertyValues("spring.rabbitmq.ssl.enabled:true",
 						"spring.rabbitmq.ssl.keyStore=foo",
-						"spring.rabbitmq.ssl.keyStorePassword=secret",
+						"spring.rabbitmq.ssl.keyStorePassword=secret")
+				.run(context -> {
+					assertThat(context).hasFailed();
+					assertThat(context).getFailure().hasMessageContaining("foo");
+					assertThat(context).getFailure().hasMessageContaining("does not exist");
+				});
+	}
+
+	@Test
+	// Make sure that we at least attempt to load the store
+	public void enableSslWithNonExistingTrustStoreShouldFail() {
+		this.contextRunner
+				.withUserConfiguration(TestConfiguration.class)
+				.withPropertyValues(
+						"spring.rabbitmq.ssl.enabled:true",
 						"spring.rabbitmq.ssl.trustStore=bar",
 						"spring.rabbitmq.ssl.trustStorePassword=secret")
 				.run((context) -> {
 					assertThat(context).hasFailed();
-					assertThat(context).getFailure().hasMessageContaining("foo");
-					assertThat(context).getFailure()
-							.hasMessageContaining("does not exist");
+					assertThat(context).getFailure().hasMessageContaining("bar");
+					assertThat(context).getFailure().hasMessageContaining("does not exist");
 				});
 	}
 
+	@Test
+	public void enableSslWithInvalidKeystoreTypeShouldFail() throws Exception {
+		this.contextRunner
+				.withUserConfiguration(TestConfiguration.class)
+				.withPropertyValues(
+						"spring.rabbitmq.ssl.enabled:true",
+						"spring.rabbitmq.ssl.keyStore=foo",
+						"spring.rabbitmq.ssl.keyStoreType=fooType")
+				.run(context -> {
+					assertThat(context).hasFailed();
+					assertThat(context).getFailure().hasMessageContaining("fooType");
+					assertThat(context).getFailure().hasRootCauseInstanceOf(NoSuchAlgorithmException.class);
+				});
+	}
+
+	@Test
+	public void enableSslWithInvalidTrustStoreTypeShouldFail() throws Exception {
+		this.contextRunner
+				.withUserConfiguration(TestConfiguration.class)
+				.withPropertyValues(
+						"spring.rabbitmq.ssl.enabled:true",
+						"spring.rabbitmq.ssl.trustStore=bar",
+						"spring.rabbitmq.ssl.trustStoreType=barType")
+				.run(context -> {
+					assertThat(context).hasFailed();
+					assertThat(context).getFailure().hasMessageContaining("barType");
+					assertThat(context).getFailure().hasRootCauseInstanceOf(NoSuchAlgorithmException.class);
+				});
+	}
+
+	@Test
+	public void enableSslWithKeystoreTypeAndTrustStoreTypeShouldWork() throws Exception {
+		this.contextRunner
+				.withUserConfiguration(TestConfiguration.class)
+				.withPropertyValues(
+						"spring.rabbitmq.ssl.enabled:true",
+						"spring.rabbitmq.ssl.keyStore=/org/springframework/boot/autoconfigure/amqp/test.jks",
+						"spring.rabbitmq.ssl.keyStoreType=jks",
+						"spring.rabbitmq.ssl.keyStorePassword=secret",
+						"spring.rabbitmq.ssl.trustStore=/org/springframework/boot/autoconfigure/amqp/test.jks",
+						"spring.rabbitmq.ssl.trustStoreType=jks",
+						"spring.rabbitmq.ssl.trustStorePassword=secret")
+				.run(context -> assertThat(context).hasNotFailed());
+	}
+
 	private com.rabbitmq.client.ConnectionFactory getTargetConnectionFactory(
 			AssertableApplicationContext context) {
 		CachingConnectionFactory connectionFactory = context

spring-boot-autoconfigure/src/test/resources/org/springframework/boot/autoconfigure/amqp/test.jks

@@ -1052,8 +1052,10 @@ content into your application; rather pick only the properties that you need.
 	spring.rabbitmq.ssl.enabled=false # Enable SSL support.
 	spring.rabbitmq.ssl.key-store= # Path to the key store that holds the SSL certificate.
 	spring.rabbitmq.ssl.key-store-password= # Password used to access the key store.
+	spring.rabbitmq.ssl.key-store-type=PKCS12 # Key store type.
 	spring.rabbitmq.ssl.trust-store= # Trust store that holds SSL certificates.
 	spring.rabbitmq.ssl.trust-store-password= # Password used to access the trust store.
+	spring.rabbitmq.ssl.trust-store-type=JKS # Trust store type.
 	spring.rabbitmq.ssl.algorithm= # SSL algorithm to use. By default configure by the rabbit client library.
 	spring.rabbitmq.template.mandatory=false # Enable mandatory messages.
 	spring.rabbitmq.template.receive-timeout=0 # Timeout for `receive()` methods.