SONAR-23013 Support PKCS12 truststore created by openssl

author Julien HENRY <julien.henry@sonarsource.com>

Thu, 12 Sep 2024 08:46:14 +0000 (10:46 +0200)

committer sonartech <sonartech@sonarsource.com>

Tue, 17 Sep 2024 20:02:39 +0000 (20:02 +0000)
author Julien HENRY <julien.henry@sonarsource.com>
Thu, 12 Sep 2024 08:46:14 +0000 (10:46 +0200)
committer sonartech <sonartech@sonarsource.com>
Tue, 17 Sep 2024 20:02:39 +0000 (20:02 +0000)
diff --git a/sonar-scanner-engine/build.gradle b/sonar-scanner-engine/build.gradle

index 4a7d8bc12ea3a1cefcefa4715b4002089636086b..d14a72fa831288f97ef7fad3d040c06de016c9f8 100644 (file)
--- a/sonar-scanner-engine/build.gradle
+++ b/sonar-scanner-engine/build.gradle
@@ -32,6 +32,7 @@ dependencies {
    api 'com.squareup.okhttp3:okhttp'
    api 'com.fasterxml.staxmate:staxmate'
    implementation 'io.github.hakky54:sslcontext-kickstart'
+  implementation 'org.bouncycastle:bcprov-jdk18on'
    api 'javax.annotation:javax.annotation-api'
    api 'org.eclipse.jgit:org.eclipse.jgit'
    api 'org.tmatesoft.svnkit:svnkit'
diff --git a/sonar-scanner-engine/src/main/java/org/sonar/scanner/http/ScannerWsClientProvider.java b/sonar-scanner-engine/src/main/java/org/sonar/scanner/http/ScannerWsClientProvider.java

index 2511daf5d0f24598e8946ed34e3920e4935d9529..4b42c6a6d125dc3caa192b3d6e933df723b34270 100644 (file)
--- a/sonar-scanner-engine/src/main/java/org/sonar/scanner/http/ScannerWsClientProvider.java
+++ b/sonar-scanner-engine/src/main/java/org/sonar/scanner/http/ScannerWsClientProvider.java
@@ -23,9 +23,13 @@ import java.net.InetSocketAddress;
  import java.net.Proxy;
  import java.nio.file.Files;
  import java.nio.file.Path;
+import java.security.KeyStore;
+import java.security.Security;
  import java.time.Duration;
  import java.time.format.DateTimeParseException;
  import nl.altindag.ssl.SSLFactory;
+import nl.altindag.ssl.util.KeyStoreUtils;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
  import org.sonar.api.CoreProperties;
  import org.sonar.api.notifications.AnalysisWarnings;
  import org.sonar.api.utils.System2;
@@ -138,13 +142,19 @@ public class ScannerWsClientProvider {
      if (system2.properties().containsKey("javax.net.ssl.keyStore")) {
        sslFactoryBuilder.withSystemPropertyDerivedIdentityMaterial();
      }
-    var keyStore = sslConfig.getKeyStore();
-    if (keyStore != null && Files.exists(keyStore.getPath())) {
-      sslFactoryBuilder.withIdentityMaterial(keyStore.getPath(), keyStore.getKeyStorePassword().toCharArray(), keyStore.getKeyStoreType());
+    var keyStoreConfig = sslConfig.getKeyStore();
+    if (keyStoreConfig != null && Files.exists(keyStoreConfig.getPath())) {
+      sslFactoryBuilder.withIdentityMaterial(keyStoreConfig.getPath(), keyStoreConfig.getKeyStorePassword().toCharArray(), keyStoreConfig.getKeyStoreType());
      }
-    var trustStore = sslConfig.getTrustStore();
-    if (trustStore != null && Files.exists(trustStore.getPath())) {
-      sslFactoryBuilder.withTrustMaterial(trustStore.getPath(), trustStore.getKeyStorePassword().toCharArray(), trustStore.getKeyStoreType());
+    var trustStoreConfig = sslConfig.getTrustStore();
+    if (trustStoreConfig != null && Files.exists(trustStoreConfig.getPath())) {
+      Security.addProvider(new BouncyCastleProvider());
+      KeyStore trustStore = KeyStoreUtils.loadKeyStore(
+        trustStoreConfig.getPath(),
+        trustStoreConfig.getKeyStorePassword().toCharArray(),
+        trustStoreConfig.getKeyStoreType(),
+        BouncyCastleProvider.PROVIDER_NAME);
+      sslFactoryBuilder.withTrustMaterial(trustStore);
      }
      return sslFactoryBuilder.build();
    }
author	Julien HENRY <julien.henry@sonarsource.com>
	Thu, 12 Sep 2024 08:46:14 +0000 (10:46 +0200)
committer	sonartech <sonartech@sonarsource.com>
	Tue, 17 Sep 2024 20:02:39 +0000 (20:02 +0000)
sonar-scanner-engine/build.gradle		patch \| blob \| history
sonar-scanner-engine/src/main/java/org/sonar/scanner/http/ScannerWsClientProvider.java		patch \| blob \| history