Fix for Bug#114705 (Bug#36539680), Contribution: make trustStorePassw…

…ord be null if this.trustStoreSettings.keyStorePassword is null. Change-Id: Id90322a5ede3fd710ed68ba8210ee13d45408dfb
mysql · Sep 13, 2024 · 5530fb9 · 5530fb9
1 parent c3c536a
commit 5530fb9
Show file tree

Hide file tree

Showing 3 changed files with 97 additions and 2 deletions.
diff --git a/CHANGES b/CHANGES
@@ -3,6 +3,9 @@
 
 Version 9.1.0
 
+  - Fix for Bug#114705 (Bug#36539680), Contribution: make trustStorePassword be null if this.trustStoreSettings.keyStorePassword is null.
+    Thanks to Jesper Blomquist for his contribution.
+
   - Fix for Bug#84117 (Bug#25247468), includeThreadNamesAsStatementComment ignored when using prepared statement.
     Thanks to Yyjun Yyjun for his contribution.
 

diff --git a/src/main/core-impl/java/com/mysql/cj/protocol/ExportControlled.java b/src/main/core-impl/java/com/mysql/cj/protocol/ExportControlled.java
@@ -538,7 +538,7 @@ public SSLContext build() {
                 if (this.verifyServerCertificate) {
                     KeyStore trustKeyStore = null;
                     if (!StringUtils.isNullOrEmpty(this.trustStoreSettings.keyStoreUrl) && !StringUtils.isNullOrEmpty(this.trustStoreSettings.keyStoreType)) {
-                        char[] trustStorePassword = this.trustStoreSettings.keyStorePassword == null ? new char[0]
+                        char[] trustStorePassword = this.trustStoreSettings.keyStorePassword == null ? null
                                 : this.trustStoreSettings.keyStorePassword.toCharArray();
                         trustStoreIS = new URL(this.trustStoreSettings.keyStoreUrl).openStream();
                         trustKeyStore = StringUtils.isNullOrEmpty(this.keyStoreProvider) ? KeyStore.getInstance(this.trustStoreSettings.keyStoreType)

diff --git a/src/test/java/testsuite/regression/ConnectionRegressionTest.java b/src/test/java/testsuite/regression/ConnectionRegressionTest.java
@@ -12091,7 +12091,7 @@ private void testBug23143279RunTest(String lbStrategy) throws Exception {
     }
 
     /**
-     * Tests fix for Bug#114989 (36612566), Setting null value in setClientInfo throws an NPE.
+     * Tests fix for Bug#114989 (Bug#36612566), Setting null value in setClientInfo throws an NPE.
      *
      * @throws Exception
      */
@@ -12176,4 +12176,96 @@ void testBug114989() throws Exception {
         }
     }
 
+    /**
+     * Tests fix for Bug#114705 (Bug#36539680), Contribution: make trustStorePassword be null if this.trustStoreSettings.keyStorePassword is null.
+     *
+     * @throws Exception
+     */
+    @Test
+    void testBug114705() throws Exception {
+        assumeTrue(supportsTestCertificates(this.stmt),
+                "This test requires the server configured with SSL certificates from ConnectorJ/src/test/config/ssl-test-certs");
+
+        final String user = "testBug114705";
+        final String password = "testBug114705";
+
+        createUser("'" + user + "'@'%'", "IDENTIFIED BY '" + password + "' REQUIRE X509");
+        this.stmt.execute("GRANT SELECT ON *.* TO '" + user + "'@'%'");
+
+        final Properties props = new Properties();
+        props.setProperty(PropertyKey.USER.getKeyName(), user);
+        props.setProperty(PropertyKey.PASSWORD.getKeyName(), password);
+
+        /*
+         * sslMode REQUIRED + keyStore settings (password is required in Java keystores).
+         */
+        props.setProperty(PropertyKey.sslMode.getKeyName(), SslMode.REQUIRED.name());
+        props.setProperty(PropertyKey.fallbackToSystemKeyStore.getKeyName(), "true");
+
+        // Configuration via System properties.
+        try {
+            System.setProperty("javax.net.ssl.keyStore", "src/test/config/ssl-test-certs/client-keystore");
+            System.setProperty("javax.net.ssl.keyStoreType", "JKS");
+            System.clearProperty("javax.net.ssl.keyStorePassword");
+            assertThrows(SQLException.class, () -> getConnectionWithProps(props));
+
+            System.setProperty("javax.net.ssl.keyStorePassword", "password");
+            try (Connection testConn = getConnectionWithProps(props)) {
+                Statement testStmt = testConn.createStatement();
+                this.rs = testStmt.executeQuery("SELECT CURRENT_USER()");
+                assertTrue(this.rs.next());
+                assertEquals(user, this.rs.getString(1).split("@")[0]);
+            }
+        } finally {
+            System.clearProperty("javax.net.ssl.keyStore");
+            System.clearProperty("javax.net.ssl.keyStoreType");
+            System.clearProperty("javax.net.ssl.keyStorePassword");
+        }
+
+        // Configuration via connection properties.
+        props.setProperty(PropertyKey.clientCertificateKeyStoreUrl.getKeyName(), "file:src/test/config/ssl-test-certs/client-keystore");
+        props.setProperty(PropertyKey.clientCertificateKeyStoreType.getKeyName(), "JKS");
+        assertThrows(SQLException.class, () -> getConnectionWithProps(props));
+
+        props.setProperty(PropertyKey.clientCertificateKeyStorePassword.getKeyName(), "password");
+        try (Connection testConn = getConnectionWithProps(props)) {
+            Statement testStmt = testConn.createStatement();
+            this.rs = testStmt.executeQuery("SELECT CURRENT_USER()");
+            assertTrue(this.rs.next());
+            assertEquals(user, this.rs.getString(1).split("@")[0]);
+        }
+
+        /*
+         * sslMode VERIFY_CA + trustStore settings (password not required to read from a Java truststore)
+         */
+        props.setProperty(PropertyKey.sslMode.getKeyName(), SslMode.VERIFY_CA.name());
+        props.setProperty(PropertyKey.fallbackToSystemTrustStore.getKeyName(), "true");
+
+        // Configuration via System properties.
+        try {
+            System.setProperty("javax.net.ssl.trustStore", "src/test/config/ssl-test-certs/ca-truststore");
+            System.setProperty("javax.net.ssl.trustStoreType", "JKS");
+            System.clearProperty("javax.net.ssl.trustStorePassword");
+            try (Connection testConn = getConnectionWithProps(props)) {
+                Statement testStmt = testConn.createStatement();
+                this.rs = testStmt.executeQuery("SELECT CURRENT_USER()");
+                assertTrue(this.rs.next());
+                assertEquals(user, this.rs.getString(1).split("@")[0]);
+            }
+        } finally {
+            System.clearProperty("javax.net.ssl.trustStore");
+            System.clearProperty("javax.net.ssl.trustStoreType");
+        }
+
+        // Configuration via connection properties.
+        props.setProperty(PropertyKey.trustCertificateKeyStoreUrl.getKeyName(), "file:src/test/config/ssl-test-certs/ca-truststore");
+        props.setProperty(PropertyKey.trustCertificateKeyStoreType.getKeyName(), "JKS");
+        try (Connection testConn = getConnectionWithProps(props)) {
+            Statement testStmt = testConn.createStatement();
+            this.rs = testStmt.executeQuery("SELECT CURRENT_USER()");
+            assertTrue(this.rs.next());
+            assertEquals(user, this.rs.getString(1).split("@")[0]);
+        }
+    }
+
 }