Use a long password on generated in-memory KeyStore

Nicolas-Duboc-IBM · vietj · commit aaa87aa6fb66 · 2023-10-16T22:40:51.000+02:00
diff --git a/src/main/java/io/vertx/core/net/impl/KeyStoreHelper.java b/src/main/java/io/vertx/core/net/impl/KeyStoreHelper.java
@@ -65,7 +65,7 @@
 public class KeyStoreHelper {
 
   // Dummy password for encrypting pem based stores in memory
-  public static final String DUMMY_PASSWORD = "dummy";
+  public static final String DUMMY_PASSWORD = "dummdummydummydummydummydummydummy";  // at least 32 characters for compat with FIPS mode
   private static final String DUMMY_CERT_ALIAS = "cert-";
 
   private static final Pattern BEGIN_PATTERN = Pattern.compile("-----BEGIN ([A-Z ]+)-----");
@@ -163,10 +163,10 @@ public static KeyManagerFactory toKeyManagerFactory(X509KeyManager mgr) throws E
     String keyStoreType = KeyStore.getDefaultType();
     KeyStore ks = KeyStore.getInstance(keyStoreType);
     ks.load(null, null);
-    ks.setKeyEntry("key", mgr.getPrivateKey(null), new char[0], mgr.getCertificateChain(null));
+    ks.setKeyEntry("key", mgr.getPrivateKey(null), DUMMY_PASSWORD.toCharArray(), mgr.getCertificateChain(null));
     String keyAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
     KeyManagerFactory kmf = KeyManagerFactory.getInstance(keyAlgorithm);
-    kmf.init(ks, new char[0]);
+    kmf.init(ks, DUMMY_PASSWORD.toCharArray());
     return kmf;
   }
 
diff --git a/src/test/java/io/vertx/core/net/KeyStoreHelperTest.java b/src/test/java/io/vertx/core/net/KeyStoreHelperTest.java
@@ -89,9 +89,9 @@ private void assertKeyType(KeyStore store, Class<?> expectedKeyType) throws KeyS
     assertTrue(store.size() > 0);
     for (Enumeration<String> e = store.aliases(); e.hasMoreElements(); ) {
       String alias = e.nextElement();
-      // "dummy" is the password set by KeyStoreHelper when importing the
+      // "dummdummydummydummydummydummydummy" is the password set by KeyStoreHelper when importing the
       // keys into the internal key store
-      assertThat(store.getKey(alias, "dummy".toCharArray()), instanceOf(expectedKeyType));
+      assertThat(store.getKey(alias, "dummdummydummydummydummydummydummy".toCharArray()), instanceOf(expectedKeyType));
       assertThat(store.getCertificate(alias), instanceOf(X509Certificate.class));
     }
   }

Original file line number	Diff line number	Diff line change
`@@ -89,9 +89,9 @@ private void assertKeyType(KeyStore store, Class<?> expectedKeyType) throws KeyS`
`89`	`89`	`assertTrue(store.size() > 0);`
`90`	`90`	`for (Enumeration<String> e = store.aliases(); e.hasMoreElements(); ) {`
`91`	`91`	`String alias = e.nextElement();`
`92`		`- // "dummy" is the password set by KeyStoreHelper when importing the`
	`92`	`+ // "dummdummydummydummydummydummydummy" is the password set by KeyStoreHelper when importing the`
`93`	`93`	`// keys into the internal key store`
`94`		`- assertThat(store.getKey(alias, "dummy".toCharArray()), instanceOf(expectedKeyType));`
	`94`	`+ assertThat(store.getKey(alias, "dummdummydummydummydummydummydummy".toCharArray()), instanceOf(expectedKeyType));`
`95`	`95`	`assertThat(store.getCertificate(alias), instanceOf(X509Certificate.class));`
`96`	`96`	`}`
`97`	`97`	`}`