Skip to content

Improve SSL Key-Store load option to include Base64 encode String for certificates #5022

New issue
New issue
Open
Open
Improve SSL Key-Store load option to include Base64 encode String for certificates#5022
Labels
info: good first issueGood for newcomerstype: improvementA minor improvement to an existing feature
@binoysankar

Description

@binoysankar
binoysankar
opened on Mar 1, 2021

Task List

  • Steps to reproduce provided
  • Stacktrace (if present) provided
  • Example that reproduces the problem uploaded to Github
  • Full description of the issue provided (see below)

Steps to Reproduce

I would like to include a "Feature/Improvement" instead of a "Bug" here.
We are using client SSL certificates to access the endpoints and below is the Micronaut configuration which I added in application.yml file

micronaut:
  application:
    name: sample-app
  http:
    client:
      ssl:
        key-store:
          type: PKCS12
          password: password
          path: classpath:624.LocalDev.pfx

This settings works perfectly fine, but my organizational policy doesn't permit to have any certificates in application classpath. We need to use Azure KeyVaults for our usecase. Usually for SpringBoot project we used to convert the certificates (.pfx) to base64 encoded string instead of certificate file directly.

Expected Behaviour

Request you to include a feature for loading the certificate file by having a 3rd option as base64 string. Currently "classpath: and file:" option is present if I am correct. ex: below

micronaut:
  application:
    name: sample-app
  http:
    client:
      ssl:
        key-store:
          type: PKCS12
          password: password
          encodedFile: MIIMCAIBAzCCC8QGCSqGSIb3DQEHAaCCC7UEgguxMI...

Actual Behaviour

Currently the keystore load method uses a URL option as below

 protected KeyStore load(Optional<String> optionalType,
                            String resource,
                            Optional<String> optionalPassword) throws Exception {
        String type = optionalType.orElse("JKS");
        String password = optionalPassword.orElse(null);
        KeyStore store = KeyStore.getInstance(type);

        Optional<URL> url = resourceResolver.getResource(resource);
        if (url.isPresent()) {
            store.load(url.get().openStream(), password == null ? null : password.toCharArray());
            return store;
        } else {
            throw new SslConfigurationException("The resource " + resource + " could not be found");
        }
    }

Template method to load a base64 certificate like below.

 private static KeyStore load(String pfxBase64, char[] storePassword, String storeType) {
        byte[] decodedString = Base64.getDecoder().decode(pfxBase64);

        try (InputStream internalStoreStream = new ByteArrayInputStream(decodedString)) {
            KeyStore store = KeyStore.getInstance(storeType != null ? storeType : KeyStore.getDefaultType());
            store.load(internalStoreStream, storePassword);
            return store;
        } catch (IOException | CertificateException | NoSuchAlgorithmException | KeyStoreException e) {
            throw new SslConfigurationException(ILLEGAL_ARGUMENT_ERROR_COULD_NOT_CREATE_INSTANCE, e);
        }
    }

Environment Information

  • Operating System: All
  • Micronaut Version: 2.3.3
  • JDK Version: JDK 1.8 / 11

Metadata

Assignees

No one assigned

    Labels

    info: good first issueGood for newcomerstype: improvementA minor improvement to an existing feature

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions