diff options
author | Julien HENRY <julien.henry@sonarsource.com> | 2024-09-27 13:59:34 +0200 |
---|---|---|
committer | sonartech <sonartech@sonarsource.com> | 2024-09-27 20:02:47 +0000 |
commit | 39a11ef5242225da28c51d97e08a06faf2b87dc1 (patch) | |
tree | 063ff3a030042fd195da12b0b7100e28c069a2da /sonar-scanner-engine | |
parent | 398832085b6ae80129414e4127d21133158a065a (diff) | |
download | sonarqube-39a11ef5242225da28c51d97e08a06faf2b87dc1.tar.gz sonarqube-39a11ef5242225da28c51d97e08a06faf2b87dc1.zip |
SONAR-23013 Fix the usage of Bouncycastle
* BC is a multi-release JAR, so the flag has to be preserved in the scanner engine shaded jar
* Not sure it was needed, but I decided to not install BC as a Security Provider, and only use it to load the pkcs12 certificate
Diffstat (limited to 'sonar-scanner-engine')
-rw-r--r-- | sonar-scanner-engine/src/main/java/org/sonar/scanner/http/ScannerWsClientProvider.java | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/sonar-scanner-engine/src/main/java/org/sonar/scanner/http/ScannerWsClientProvider.java b/sonar-scanner-engine/src/main/java/org/sonar/scanner/http/ScannerWsClientProvider.java index 4b42c6a6d12..09265c58ce7 100644 --- a/sonar-scanner-engine/src/main/java/org/sonar/scanner/http/ScannerWsClientProvider.java +++ b/sonar-scanner-engine/src/main/java/org/sonar/scanner/http/ScannerWsClientProvider.java @@ -19,16 +19,17 @@ */ package org.sonar.scanner.http; +import java.io.InputStream; import java.net.InetSocketAddress; import java.net.Proxy; import java.nio.file.Files; import java.nio.file.Path; +import java.nio.file.StandardOpenOption; import java.security.KeyStore; -import java.security.Security; import java.time.Duration; import java.time.format.DateTimeParseException; import nl.altindag.ssl.SSLFactory; -import nl.altindag.ssl.util.KeyStoreUtils; +import nl.altindag.ssl.exception.GenericKeyStoreException; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.sonar.api.CoreProperties; import org.sonar.api.notifications.AnalysisWarnings; @@ -148,15 +149,23 @@ public class ScannerWsClientProvider { } var trustStoreConfig = sslConfig.getTrustStore(); if (trustStoreConfig != null && Files.exists(trustStoreConfig.getPath())) { - Security.addProvider(new BouncyCastleProvider()); - KeyStore trustStore = KeyStoreUtils.loadKeyStore( + KeyStore trustStore = loadKeyStore( trustStoreConfig.getPath(), trustStoreConfig.getKeyStorePassword().toCharArray(), - trustStoreConfig.getKeyStoreType(), - BouncyCastleProvider.PROVIDER_NAME); + trustStoreConfig.getKeyStoreType()); sslFactoryBuilder.withTrustMaterial(trustStore); } return sslFactoryBuilder.build(); } + public static KeyStore loadKeyStore(Path keystorePath, char[] keystorePassword, String keystoreType) { + try (InputStream keystoreInputStream = Files.newInputStream(keystorePath, StandardOpenOption.READ)) { + KeyStore keystore = KeyStore.getInstance(keystoreType, new BouncyCastleProvider()); + keystore.load(keystoreInputStream, keystorePassword); + return keystore; + } catch (Exception e) { + throw new GenericKeyStoreException(e); + } + } + } |