From 2224945fbd7940a85f6145f9b9ee7868b27e7bec Mon Sep 17 00:00:00 2001
From: Michael Folz <folz@med.uni-frankfurt.de>
Date: Tue, 11 Jul 2023 13:34:51 +0200
Subject: [PATCH] Hotfix 3.1.2

- Declare FileInputStream in DSFFhirSecurityContextProvider in try-with-resources statement so that it is automatically closed afterward
---
 CHANGELOG.md                                             | 5 +++++
 pom.xml                                                  | 2 +-
 .../query/broker/dsf/DSFFhirSecurityContextProvider.java | 9 +++++----
 3 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a27d7ad6..30b21080 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
+## [3.1.2] - 2023-07-11
+
+### Security
+- Fix potential input resource leak ([#155](https://github.com/medizininformatik-initiative/feasibility-backend/issues/155))
+
 ## [3.1.1] - 2023-05-24
 
 ### Fixed
diff --git a/pom.xml b/pom.xml
index 4808db26..f0ad114d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -11,7 +11,7 @@
 
   <groupId>de.medizininformatik-initiative</groupId>
   <artifactId>FeasibilityGuiBackend</artifactId>
-  <version>3.1.1</version>
+  <version>3.1.2</version>
 
   <name>FeasibilityGuiBackend</name>
   <description>Backend of the Feasibility GUI</description>
diff --git a/src/main/java/de/numcodex/feasibility_gui_backend/query/broker/dsf/DSFFhirSecurityContextProvider.java b/src/main/java/de/numcodex/feasibility_gui_backend/query/broker/dsf/DSFFhirSecurityContextProvider.java
index 7dbfbf9b..5fa0de0a 100644
--- a/src/main/java/de/numcodex/feasibility_gui_backend/query/broker/dsf/DSFFhirSecurityContextProvider.java
+++ b/src/main/java/de/numcodex/feasibility_gui_backend/query/broker/dsf/DSFFhirSecurityContextProvider.java
@@ -40,11 +40,12 @@ public FhirSecurityContext provideSecurityContext() throws FhirSecurityContextPr
             if (!Files.isReadable(Paths.get(certificateFile))) {
                 throw new IOException("Certificate file '" + certificateFile + "' not readable");
             }
-            FileInputStream inStream = new FileInputStream(certificateFile);
-            CertificateFactory cf = CertificateFactory.getInstance("X.509");
-            Certificate cert = cf.generateCertificate(inStream);
+            try (FileInputStream inStream = new FileInputStream(certificateFile)) {
+                CertificateFactory cf = CertificateFactory.getInstance("X.509");
+                Certificate cert = cf.generateCertificate(inStream);
 
-            localTrustStore.setCertificateEntry("zars", cert);
+                localTrustStore.setCertificateEntry("zars", cert);
+            }
 
             return new FhirSecurityContext(localKeyStore, localTrustStore, keyStorePassword);
         } catch (Exception e) {