aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJulien HENRY <julien.henry@sonarsource.com>2024-09-27 13:59:34 +0200
committersonartech <sonartech@sonarsource.com>2024-09-27 20:02:47 +0000
commit39a11ef5242225da28c51d97e08a06faf2b87dc1 (patch)
tree063ff3a030042fd195da12b0b7100e28c069a2da
parent398832085b6ae80129414e4127d21133158a065a (diff)
downloadsonarqube-39a11ef5242225da28c51d97e08a06faf2b87dc1.tar.gz
sonarqube-39a11ef5242225da28c51d97e08a06faf2b87dc1.zip
SONAR-23013 Fix the usage of Bouncycastle
* BC is a multi-release JAR, so the flag has to be preserved in the scanner engine shaded jar * Not sure it was needed, but I decided to not install BC as a Security Provider, and only use it to load the pkcs12 certificate
-rw-r--r--sonar-scanner-engine-shaded/build.gradle4
-rw-r--r--sonar-scanner-engine/src/main/java/org/sonar/scanner/http/ScannerWsClientProvider.java21
2 files changed, 18 insertions, 7 deletions
diff --git a/sonar-scanner-engine-shaded/build.gradle b/sonar-scanner-engine-shaded/build.gradle
index dcb53b4294d..2db00131ab4 100644
--- a/sonar-scanner-engine-shaded/build.gradle
+++ b/sonar-scanner-engine-shaded/build.gradle
@@ -13,7 +13,9 @@ dependencies {
jar {
manifest {
attributes(
- 'Main-Class' : "org.sonar.scanner.bootstrap.ScannerMain"
+ 'Main-Class' : "org.sonar.scanner.bootstrap.ScannerMain",
+ // BouncyCastle library is a multi-release jar
+ 'Multi-Release' : 'true'
)
}
}
diff --git a/sonar-scanner-engine/src/main/java/org/sonar/scanner/http/ScannerWsClientProvider.java b/sonar-scanner-engine/src/main/java/org/sonar/scanner/http/ScannerWsClientProvider.java
index 4b42c6a6d12..09265c58ce7 100644
--- a/sonar-scanner-engine/src/main/java/org/sonar/scanner/http/ScannerWsClientProvider.java
+++ b/sonar-scanner-engine/src/main/java/org/sonar/scanner/http/ScannerWsClientProvider.java
@@ -19,16 +19,17 @@
*/
package org.sonar.scanner.http;
+import java.io.InputStream;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.nio.file.Files;
import java.nio.file.Path;
+import java.nio.file.StandardOpenOption;
import java.security.KeyStore;
-import java.security.Security;
import java.time.Duration;
import java.time.format.DateTimeParseException;
import nl.altindag.ssl.SSLFactory;
-import nl.altindag.ssl.util.KeyStoreUtils;
+import nl.altindag.ssl.exception.GenericKeyStoreException;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.sonar.api.CoreProperties;
import org.sonar.api.notifications.AnalysisWarnings;
@@ -148,15 +149,23 @@ public class ScannerWsClientProvider {
}
var trustStoreConfig = sslConfig.getTrustStore();
if (trustStoreConfig != null && Files.exists(trustStoreConfig.getPath())) {
- Security.addProvider(new BouncyCastleProvider());
- KeyStore trustStore = KeyStoreUtils.loadKeyStore(
+ KeyStore trustStore = loadKeyStore(
trustStoreConfig.getPath(),
trustStoreConfig.getKeyStorePassword().toCharArray(),
- trustStoreConfig.getKeyStoreType(),
- BouncyCastleProvider.PROVIDER_NAME);
+ trustStoreConfig.getKeyStoreType());
sslFactoryBuilder.withTrustMaterial(trustStore);
}
return sslFactoryBuilder.build();
}
+ public static KeyStore loadKeyStore(Path keystorePath, char[] keystorePassword, String keystoreType) {
+ try (InputStream keystoreInputStream = Files.newInputStream(keystorePath, StandardOpenOption.READ)) {
+ KeyStore keystore = KeyStore.getInstance(keystoreType, new BouncyCastleProvider());
+ keystore.load(keystoreInputStream, keystorePassword);
+ return keystore;
+ } catch (Exception e) {
+ throw new GenericKeyStoreException(e);
+ }
+ }
+
}