From 6ec0cf286ec1f3ec2e68f7be7491a84357c6b6df Mon Sep 17 00:00:00 2001
From: Gong Yi <topikachu@163.com>
Date: Mon, 9 Nov 2020 13:25:10 +0800
Subject: [PATCH] Add configuration option to configure RabbitConnectionFactory
 key store and trust store algorithm

Add keyStoreAlgorithm and trustStoreAlgorithm to RabbitProperties and adopt at Rabbit AutoConfig.
---
 .../amqp/RabbitAutoConfiguration.java         |  2 ++
 .../autoconfigure/amqp/RabbitProperties.java  | 28 +++++++++++++++++
 .../amqp/RabbitAutoConfigurationTests.java    | 30 +++++++++++++++++++
 3 files changed, 60 insertions(+)

diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/amqp/RabbitAutoConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/amqp/RabbitAutoConfiguration.java
index 16c8079bf5db..91ee1e6acf37 100644
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/amqp/RabbitAutoConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/amqp/RabbitAutoConfiguration.java
@@ -140,9 +140,11 @@ private RabbitConnectionFactoryBean getRabbitConnectionFactoryBean(RabbitPropert
 				map.from(ssl::getKeyStoreType).to(factory::setKeyStoreType);
 				map.from(ssl::getKeyStore).to(factory::setKeyStore);
 				map.from(ssl::getKeyStorePassword).to(factory::setKeyStorePassphrase);
+				map.from(ssl::getKeyStoreAlgorithm).whenNonNull().to(factory::setKeyStoreAlgorithm);
 				map.from(ssl::getTrustStoreType).to(factory::setTrustStoreType);
 				map.from(ssl::getTrustStore).to(factory::setTrustStore);
 				map.from(ssl::getTrustStorePassword).to(factory::setTrustStorePassphrase);
+				map.from(ssl::getTrustStoreAlgorithm).whenNonNull().to(factory::setTrustStoreAlgorithm);
 				map.from(ssl::isValidateServerCertificate)
 						.to((validate) -> factory.setSkipServerCertificateValidation(!validate));
 				map.from(ssl::getVerifyHostname).to(factory::setEnableHostnameVerification);
diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/amqp/RabbitProperties.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/amqp/RabbitProperties.java
index 7511b3724015..0a1f3ee57dd5 100644
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/amqp/RabbitProperties.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/amqp/RabbitProperties.java
@@ -363,6 +363,8 @@ public Template getTemplate() {
 
 	public class Ssl {
 
+		private static final String SUN_X509 = "SunX509";
+
 		/**
 		 * Whether to enable SSL support. Determined automatically if an address is
 		 * provided with the protocol (amqp:// vs. amqps://).
@@ -384,6 +386,11 @@ public class Ssl {
 		 */
 		private String keyStorePassword;
 
+		/**
+		 * Key store algorithm.
+		 */
+		private String keyStoreAlgorithm = SUN_X509;
+
 		/**
 		 * Trust store that holds SSL certificates.
 		 */
@@ -399,6 +406,11 @@ public class Ssl {
 		 */
 		private String trustStorePassword;
 
+		/**
+		 * Trust store algorithm.
+		 */
+		private String trustStoreAlgorithm = SUN_X509;
+
 		/**
 		 * SSL algorithm to use. By default, configured by the Rabbit client library.
 		 */
@@ -462,6 +474,14 @@ public void setKeyStorePassword(String keyStorePassword) {
 			this.keyStorePassword = keyStorePassword;
 		}
 
+		public String getKeyStoreAlgorithm() {
+			return this.keyStoreAlgorithm;
+		}
+
+		public void setKeyStoreAlgorithm(String keyStoreAlgorithm) {
+			this.keyStoreAlgorithm = keyStoreAlgorithm;
+		}
+
 		public String getTrustStore() {
 			return this.trustStore;
 		}
@@ -486,6 +506,14 @@ public void setTrustStorePassword(String trustStorePassword) {
 			this.trustStorePassword = trustStorePassword;
 		}
 
+		public String getTrustStoreAlgorithm() {
+			return this.trustStoreAlgorithm;
+		}
+
+		public void setTrustStoreAlgorithm(String trustStoreAlgorithm) {
+			this.trustStoreAlgorithm = trustStoreAlgorithm;
+		}
+
 		public String getAlgorithm() {
 			return this.algorithm;
 		}
diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/amqp/RabbitAutoConfigurationTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/amqp/RabbitAutoConfigurationTests.java
index ee9ef6416c61..5e5e1cf11bd0 100644
--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/amqp/RabbitAutoConfigurationTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/amqp/RabbitAutoConfigurationTests.java
@@ -738,6 +738,36 @@ void enableSslWithValidateServerCertificateDefault() throws Exception {
 				});
 	}
 
+	@Test
+	void enableSslWithValidStoreAlgorithmShouldWork() throws Exception {
+		this.contextRunner.withUserConfiguration(TestConfiguration.class)
+				.withPropertyValues("spring.rabbitmq.ssl.enabled:true",
+						"spring.rabbitmq.ssl.keyStore=/org/springframework/boot/autoconfigure/amqp/test.jks",
+						"spring.rabbitmq.ssl.keyStoreType=jks", "spring.rabbitmq.ssl.keyStorePassword=secret",
+						"spring.rabbitmq.ssl.keyStoreAlgorithm=PKIX",
+						"spring.rabbitmq.ssl.trustStore=/org/springframework/boot/autoconfigure/amqp/test.jks",
+						"spring.rabbitmq.ssl.trustStoreType=jks", "spring.rabbitmq.ssl.trustStorePassword=secret",
+						"spring.rabbitmq.ssl.trustStoreAlgorithm=PKIX")
+				.run((context) -> assertThat(context).hasNotFailed());
+	}
+
+	@Test
+	void enableSslWithInvalidStoreAlgorithmShouldFail() throws Exception {
+		this.contextRunner.withUserConfiguration(TestConfiguration.class)
+				.withPropertyValues("spring.rabbitmq.ssl.enabled:true",
+						"spring.rabbitmq.ssl.keyStore=/org/springframework/boot/autoconfigure/amqp/test.jks",
+						"spring.rabbitmq.ssl.keyStoreType=jks", "spring.rabbitmq.ssl.keyStorePassword=secret",
+						"spring.rabbitmq.ssl.keyStoreAlgorithm=foo",
+						"spring.rabbitmq.ssl.trustStore=/org/springframework/boot/autoconfigure/amqp/test.jks",
+						"spring.rabbitmq.ssl.trustStoreType=jks", "spring.rabbitmq.ssl.trustStorePassword=secret",
+						"spring.rabbitmq.ssl.trustStoreAlgorithm=foo")
+				.run((context) -> {
+					assertThat(context).hasFailed();
+					assertThat(context).getFailure().hasMessageContaining("foo");
+					assertThat(context).getFailure().hasRootCauseInstanceOf(NoSuchAlgorithmException.class);
+				});
+	}
+
 	@Test
 	void whenACredentialsProviderIsAvailableThenConnectionFactoryIsConfiguredToUseIt() throws Exception {
 		this.contextRunner.withUserConfiguration(CredentialsProviderConfiguration.class)