[#CONJ-488] Use java.net.URL to read keyStore and trustStore again

[CONJ-488] Use java.net.URL to read keyStore and trustStore again Created: 2017-06-03 Updated: 2020-12-08 Resolved: 2017-06-06
Status:	Closed
Project:	MariaDB Connector/J
Component/s:	Other
Affects Version/s:	1.5.5, 1.5.6, 1.5.7, 1.5.8, 1.5.9, 1.6.0, 2.0.1
Fix Version/s:	1.6.1, 2.0.2

Type:

Task

Priority:

Major

Reporter:

Marc Budde

Assignee:

Diego Dupin

Resolution:

Fixed

Votes:

Labels:

None

Attachments:

storeOptions.png

Description

When using the connection parameters trustStore and keyStore until Version 1.5.4, it was possible to specifiy values in java.net.URL-syntax. To read the files via InputStream, org.mariadb.jdbc.internal.protocol.AbstractConnectProtocol and org.mariadb.jdbc.internal.protocol.tls.MariaDbX509TrustManager used code like this:

inStream = new URL(keyStoreUrl).openStream();

Since Version 1.5.5, the constructor java.io.FileInputStream(String) is used to create the java.io.InputStream, the consequence being that trustStore and keyStore have to point to a file in the file system. Before version 1.5.5 it was possible to point to a file in a jar for example, because the URL's protocol would be used.

Do you see any chance to support a behaviour similar to the older versions? An interesting use case for this might be, that you could build a module for data access, which encapsulated functionality to build a project specific connection string, say for a number of different databases. This module would also include JKS stores and would be distributed as a jar.

In general, I think it should not be necessary to keep resources as plain files in the file system.

Comments

Comment by Chris [ 2020-06-04 ]

Is there a way to specify keystore and truststore resources using the classpath like the serverSslCert option allows? This would allow applications to be more portable, to use bundled resources rather than files on the filesystem for key/trust stores.

Comment by Marc Budde [ 2020-06-05 ]

@Chris Not sure if I understand you correctly, but probably this Issue solved what you are looking for. As far as I can tell, newer Versions, still up to 2.6.0, support a URL format for keyStore and trustStore. The idea behind this issue was exactly what you say, namely to use bundled resources. But since you are asking, I suspect you encountered a problem - have you tried to use a URL?

Comment by Chris [ 2020-06-05 ]

Thanks Mark my mistake. I had been trying to specify the url as "classpath:myKeystore.ks" but I have it working now with this:

String clientKsUrl = getClass().getClassLoader().getResource("client.ks").toString();

String clientTsUrl = getClass().getClassLoader().getResource("client.ts").toString();

String sCon = "jdbc:mariadb://localhost:3306/mysql?"

		+ "user=demo"

		+ "&password=mypass"

		+ "&useSSL=true"

		+ "&trustStore=" + clientTsUrl

		+ "&trustStorePassword=pwd"

		+ "&keyStore=" + clientKsUrl

		+ "&keyStorePassword=pwd";

MariaDbDataSource ds = new MariaDbDataSource(sCon);

Generated at Thu Feb 08 03:16:02 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[CONJ-488] Use java.net.URL to read keyStore and trustStore again Created: 2017-06-03 Updated: 2020-12-08 Resolved: 2017-06-06