Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TrustStore File not closed #1237

Closed
ghuetbred opened this issue Aug 5, 2020 · 0 comments · Fixed by #1238
Closed

TrustStore File not closed #1237

ghuetbred opened this issue Aug 5, 2020 · 0 comments · Fixed by #1238
Assignees
@garyrussell
Labels
backport:1.7.x (obsolete) backport:2.1.x (obsolete) backport:2.2.x (obsolete) type: bug

Comments

@ghuetbred
Copy link

Hello,

I have detected a bug on the classe org.springframework.amqp.rabbit.connection.RabbitConnectionFactoryBean of spring-rabbit-2.2.3.RELEASE (but this issue is still visible on the master in github) : when a TrustStore path is given to RabbitConnectionFactoryBean, it opens an InputStream to read its content, but never closes it (KeyStore.load doesn't close it either...). The consequence is that the file is locked and cannot be deleted.

Indeed at the lines configureKeyManagers():759 and configureTrustManagers():782, you can see:

		Resource resource = this.trustStoreResource != null ? this.trustStoreResource
				: this.resolver.getResource(trustStoreName);
		KeyStore tks = KeyStore.getInstance(storeType);
		tks.load(resource.getInputStream(), trustPassphrase);

Best regards,

NB: Here is a unit test class that shows the bug:

package my.package;

import org.junit.Assert;
import org.junit.Test;
import org.springframework.amqp.rabbit.connection.RabbitConnectionFactoryBean;

import javax.net.ssl.TrustManager;
import java.io.IOException;
import java.io.OutputStream;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;

public class TrustStoreFileLockedTest {

    @Test
    public void testTrustStoreFileLock() throws Exception {
        Path jksPath = Path.of("test.jks");
        Files.deleteIfExists(jksPath);

        // creation of a valid keystore
        KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
        ks.load(null);
        try (OutputStream outputStream = Files.newOutputStream(jksPath)) {
            ks.store(outputStream, "pass".toCharArray());
        }

        RabbitConnectionFactoryBean2 bean = new RabbitConnectionFactoryBean2();
        bean.setTrustStore("file:./test.jks");
        bean.setPassword("pass");

        // RabbitConnectionFactoryBean loads the keystore, but doesn't close the InputStream...
        bean.configureTrustManagers();

        // the file cannot be deleted because it is still opened.
        Files.delete(jksPath);
        Assert.assertFalse(Files.exists(jksPath));
    }


    private class RabbitConnectionFactoryBean2 extends RabbitConnectionFactoryBean {
        @Override
        public TrustManager[] configureTrustManagers() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException {
            return super.configureTrustManagers();
        }
    }
}
@garyrussell garyrussell self-assigned this Aug 5, 2020
garyrussell added a commit to garyrussell/spring-amqp that referenced this issue Aug 5, 2020
@garyrussell
spring-projectsGH-1237: RCFB Close key/trust store input streams
1be3032 
Resolves spring-projects#1237

**cherry-pick to 2.2.x, 2.1.x, 1.7.x**
@garyrussell garyrussell mentioned this issue Aug 5, 2020
Merged
artembilan pushed a commit that referenced this issue Aug 5, 2020
@garyrussell @artembilan
GH-1237: RCFB Close key/trust store input streams
165b838 
Resolves #1237

**cherry-pick to 2.2.x, 2.1.x, 1.7.x**
artembilan pushed a commit that referenced this issue Aug 5, 2020
@garyrussell @artembilan
GH-1237: RCFB Close key/trust store input streams
6b01c9a 
Resolves #1237

**cherry-pick to 2.2.x, 2.1.x, 1.7.x**

(cherry picked from commit 165b838)
artembilan pushed a commit that referenced this issue Aug 5, 2020
@garyrussell @artembilan
GH-1237: RCFB Close key/trust store input streams
a9a23ca 
Resolves #1237

**cherry-pick to 2.2.x, 2.1.x, 1.7.x**

(cherry picked from commit 165b838)
artembilan pushed a commit that referenced this issue Aug 5, 2020
@garyrussell @artembilan
GH-1237: RCFB Close key/trust store input streams
efcba3a 
Resolves #1237

**cherry-pick to 2.2.x, 2.1.x, 1.7.x**

(cherry picked from commit 165b838)

# Conflicts:
#	spring-rabbit/src/main/java/org/springframework/amqp/rabbit/connection/RabbitConnectionFactoryBean.java
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@garyrussell garyrussell

Labels
backport:1.7.x (obsolete) backport:2.1.x (obsolete) backport:2.2.x (obsolete) type: bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

GH-1237: RCFB Close key/trust store input streams garyrussell/spring-amqp
2 participants
@garyrussell @ghuetbred