Skip to content

TrustStore File not closed #1237

New issue
New issue
Closed
#1238
Closed
TrustStore File not closed#1237
#1238
Assignees
garyrussell
Labels
backport:1.7.x (obsolete)backport:2.1.x (obsolete)backport:2.2.x (obsolete)type: bug
@ghuetbred

Description

@ghuetbred
ghuetbred
opened on Aug 5, 2020

Hello,

I have detected a bug on the classe org.springframework.amqp.rabbit.connection.RabbitConnectionFactoryBean of spring-rabbit-2.2.3.RELEASE (but this issue is still visible on the master in github) : when a TrustStore path is given to RabbitConnectionFactoryBean, it opens an InputStream to read its content, but never closes it (KeyStore.load doesn't close it either...). The consequence is that the file is locked and cannot be deleted.

Indeed at the lines configureKeyManagers():759 and configureTrustManagers():782, you can see:

		Resource resource = this.trustStoreResource != null ? this.trustStoreResource
				: this.resolver.getResource(trustStoreName);
		KeyStore tks = KeyStore.getInstance(storeType);
		tks.load(resource.getInputStream(), trustPassphrase);

Best regards,

NB: Here is a unit test class that shows the bug:

package my.package;

import org.junit.Assert;
import org.junit.Test;
import org.springframework.amqp.rabbit.connection.RabbitConnectionFactoryBean;

import javax.net.ssl.TrustManager;
import java.io.IOException;
import java.io.OutputStream;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;

public class TrustStoreFileLockedTest {

    @Test
    public void testTrustStoreFileLock() throws Exception {
        Path jksPath = Path.of("test.jks");
        Files.deleteIfExists(jksPath);

        // creation of a valid keystore
        KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
        ks.load(null);
        try (OutputStream outputStream = Files.newOutputStream(jksPath)) {
            ks.store(outputStream, "pass".toCharArray());
        }

        RabbitConnectionFactoryBean2 bean = new RabbitConnectionFactoryBean2();
        bean.setTrustStore("file:./test.jks");
        bean.setPassword("pass");

        // RabbitConnectionFactoryBean loads the keystore, but doesn't close the InputStream...
        bean.configureTrustManagers();

        // the file cannot be deleted because it is still opened.
        Files.delete(jksPath);
        Assert.assertFalse(Files.exists(jksPath));
    }


    private class RabbitConnectionFactoryBean2 extends RabbitConnectionFactoryBean {
        @Override
        public TrustManager[] configureTrustManagers() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException {
            return super.configureTrustManagers();
        }
    }
}

Metadata

Metadata

Assignees

Labels

backport:1.7.x (obsolete)backport:2.1.x (obsolete)backport:2.2.x (obsolete)type: bug

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions