Uploaded image for project: 'MariaDB Connector/J'
  1. MariaDB Connector/J
  2. CONJ-488

Use java.net.URL to read keyStore and trustStore again

Details

    • Task
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 1.5.5, 1.5.6, 1.5.7, 1.5.8, 1.5.9, 1.6.0, 2.0.1
    • 1.6.1, 2.0.2
    • Other
    • None

    Description

      When using the connection parameters trustStore and keyStore until Version 1.5.4, it was possible to specifiy values in java.net.URL-syntax. To read the files via InputStream, org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol and org.mariadb.jdbc.internal.protocol.tls.MariaDbX509TrustManager used code like this:

      inStream = new URL(keyStoreUrl).openStream();

      Since Version 1.5.5, the constructor java.io.FileInputStream(String) is used to create the java.io.InputStream, the consequence being that trustStore and keyStore have to point to a file in the file system. Before version 1.5.5 it was possible to point to a file in a jar for example, because the URL's protocol would be used.

      Do you see any chance to support a behaviour similar to the older versions? An interesting use case for this might be, that you could build a module for data access, which encapsulated functionality to build a project specific connection string, say for a number of different databases. This module would also include JKS stores and would be distributed as a jar.

      In general, I think it should not be necessary to keep resources as plain files in the file system.

      Attachments

        Activity

          Ascending order - Click to sort in descending order
          thebitmuncher@gmail.com Chris added a comment -

          Is there a way to specify keystore and truststore resources using the classpath like the serverSslCert option allows? This would allow applications to be more portable, to use bundled resources rather than files on the filesystem for key/trust stores.

          thebitmuncher@gmail.com Chris added a comment - Is there a way to specify keystore and truststore resources using the classpath like the serverSslCert option allows? This would allow applications to be more portable, to use bundled resources rather than files on the filesystem for key/trust stores.
          marc.budde Marc Budde added a comment - - edited

          @Chris Not sure if I understand you correctly, but probably this Issue solved what you are looking for. As far as I can tell, newer Versions, still up to 2.6.0, support a URL format for keyStore and trustStore. The idea behind this issue was exactly what you say, namely to use bundled resources. But since you are asking, I suspect you encountered a problem - have you tried to use a URL?

          marc.budde Marc Budde added a comment - - edited @Chris Not sure if I understand you correctly, but probably this Issue solved what you are looking for. As far as I can tell, newer Versions, still up to 2.6.0, support a URL format for keyStore and trustStore. The idea behind this issue was exactly what you say, namely to use bundled resources. But since you are asking, I suspect you encountered a problem - have you tried to use a URL?
          thebitmuncher@gmail.com Chris added a comment -

          Thanks Mark my mistake. I had been trying to specify the url as "classpath:myKeystore.ks" but I have it working now with this:

          String clientKsUrl = getClass().getClassLoader().getResource("client.ks").toString();
          		 
           
          		 
          String clientTsUrl = getClass().getClassLoader().getResource("client.ts").toString();
          		 
           
          		 
          String sCon = "jdbc:mariadb://localhost:3306/mysql?" 
          		+ "user=demo"
          		 
          		+ "&password=mypass" 
          		+ "&useSSL=true"
          		 
          		+ "&trustStore=" + clientTsUrl
          		 
          		+ "&trustStorePassword=pwd" 
          		+ "&keyStore=" + clientKsUrl
          		 
          		+ "&keyStorePassword=pwd";
          		 
          		
          MariaDbDataSource ds = new MariaDbDataSource(sCon);

          thebitmuncher@gmail.com Chris added a comment - Thanks Mark my mistake. I had been trying to specify the url as "classpath:myKeystore.ks" but I have it working now with this: String clientKsUrl = getClass().getClassLoader().getResource( "client.ks" ).toString();   String clientTsUrl = getClass().getClassLoader().getResource( "client.ts" ).toString();   String sCon = "jdbc:mariadb://localhost:3306/mysql?" + "user=demo" + "&password=mypass" + "&useSSL=true" + "&trustStore=" + clientTsUrl + "&trustStorePassword=pwd" + "&keyStore=" + clientKsUrl + "&keyStorePassword=pwd" ; MariaDbDataSource ds = new MariaDbDataSource(sCon);

          People

            diego dupin Diego Dupin
            marc.budde Marc Budde
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.