I am facing an issue while packaging the spring boot application as jar with secrets externalized with application properties.
It is unable to find the keystore/mykeystore.jks and truststore/mytruststore.jks files from the classpath resources in pod deployment.
here is my application properties file which holds the trust store and key store paths.
spring:
db2:
datasource:
driver-class-name: com.ibm.db2.jcc.DB2Driver
jdbcUrl: ${jdbc_url}
testWhileIdle: true
validationQuery: SELECT 1
keyStore: classpath:keystore/mykeystore.jks
keyStorePassword: keystorepass
keyStoreType: JKS
trustStore: classpath:truststore/mytruststore.jks
trustStorePassword: truststorepass
Here is my config property bean--
@Component
@ConfigurationProperties(prefix = "spring.db2.datasource")
@Data
@Slf4j
public class SSLConfigProperties {
private String keyStore;
private String keyStorePassword;
private String keyStoreType;
private String trustStore;
private String trustStorePassword;
}
Here is SSLConfig bean: this bean will be loaded during the application startup.
@Slf4j
@RequiredArgsConstructor
public class SSLConfig {
private final ResourceLoader resourceLoader;
private final SSLConfigProperties sslConfigProperties;
@PostConstruct
private void loadKeyStoreAndTrustStore() throws Exception {
try {
Resource trustStoreResource = resourceLoader.getResource(sslConfigProperties.getTrustStore());
//Java 9 approach - not working in local and pod deployment
//String trustStoreData = new String(trustStoreResource.getInputStream().readAllBytes(), StandardCharsets.UTF_8);
//Byte array approach - not working in local and pod deployment
//byte[] tdataArr = FileCopyUtils.copyToByteArray(trustStoreResource.getInputStream());
//String trustStoreData = new String(tdataArr, StandardCharsets.UTF_8);
//Path approach - working in local and pod deployment
String trustStoreData = trustStoreResource.getFile().getAbsolutePath();
log.info("trustStoreResource:: {}", trustStoreResource.getFile().getAbsolutePath());
System.setProperty("javax.net.ssl.trustStore", trustStoreData);
//System.setProperty("javax.net.ssl.trustStore", trustStoreResource.getFile().getAbsolutePath());
System.setProperty("javax.net.ssl.trustStorePassword", sslConfigProperties.getTrustStorePassword());
Resource keyStoreResource = resourceLoader.getResource(sslConfigProperties.getKeyStore());
//Java 9 approach-- not working in local and pod deployment
//String keyStoreData = new String(trustStoreResource.getInputStream().readAllBytes(), StandardCharsets.UTF_8);
//Byte array approach - not working in local and pod deployment
//byte[] kDataArr = FileCopyUtils.copyToByteArray(trustStoreResource.getInputStream());
//String keyStoreData = new String(kDataArr, StandardCharsets.UTF_8);
//Path approach - working in local but not working deployed environment
String keyStoreData = keyStoreResource.getFile().getAbsolutePath();
log.info("keyStoreResource:: {}", keyStoreResource.getFile().getAbsolutePath());
System.setProperty("javax.net.ssl.keyStoreType", sslConfigProperties.getKeyStoreType());
//System.setProperty("javax.net.ssl.keyStore", keyStoreResource.getFile().getAbsolutePath());
System.setProperty("javax.net.ssl.keyStore", keyStoreData);
System.setProperty("javax.net.ssl.keyStorePassword", sslConfigProperties.getKeyStorePassword());
}catch (Exception ex) {
log.info("Error while loading trust and keystore files into System properties.. ",ex);
}
}
}
Could you please help how to set the keystore and truststore values in System properties. ?
