Java Code Examples for org.springframework.vault.support.SslConfiguration

The following examples show how to use org.springframework.vault.support.SslConfiguration. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
@Test
public void configureSslUsesKeyStoreAndTrustStoreIfBothProvided() throws Exception {
    KeyVaultConfig keyVaultConfig = mock(KeyVaultConfig.class);
    EnvironmentVariableProvider envProvider = mock(EnvironmentVariableProvider.class);

    Path path = Files.createTempFile(UUID.randomUUID().toString(), ".tmp");
    path.toFile().deleteOnExit();

    when(keyVaultConfig.hasProperty("tlsKeyStorePath","tlsTrustStorePath")).thenReturn(true);

    when(keyVaultConfig.getProperty("tlsKeyStorePath")).thenReturn(Optional.of(path.toString()));
    when(keyVaultConfig.getProperty("tlsTrustStorePath")).thenReturn(Optional.of(path.toString()));

    SslConfiguration result = util.configureSsl(keyVaultConfig, envProvider);

    assertThat(result.getKeyStoreConfiguration().isPresent()).isTrue();
    assertThat(result.getTrustStoreConfiguration().isPresent()).isTrue();
}
 
Example 2
@Test
public void configureSslUsesTrustStoreOnlyIfProvided() throws Exception {
    KeyVaultConfig keyVaultConfig = mock(KeyVaultConfig.class);
    EnvironmentVariableProvider envProvider = mock(EnvironmentVariableProvider.class);

    Path path = Files.createTempFile(UUID.randomUUID().toString(), ".tmp");
    path.toFile().deleteOnExit();

    when(keyVaultConfig.hasProperty("tlsTrustStorePath")).thenReturn(true);
    when(keyVaultConfig.hasProperty("tlsKeyStorePath")).thenReturn(false);

    when(keyVaultConfig.getProperty("tlsKeyStorePath")).thenReturn(Optional.empty());
    when(keyVaultConfig.getProperty("tlsTrustStorePath")).thenReturn(Optional.of(path.toString()));

    SslConfiguration result = util.configureSsl(keyVaultConfig, envProvider);

    assertThat(result.getKeyStoreConfiguration().isPresent()).isFalse();
    assertThat(result.getTrustStoreConfiguration().isPresent()).isTrue();
}
 
Example 3
Source Project: spring-vault   Source File: ClientHttpConnectorFactory.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Create a {@link ClientHttpConnector} for the given {@link ClientOptions} and
 * {@link SslConfiguration}.
 * @param options must not be {@literal null}
 * @param sslConfiguration must not be {@literal null}
 * @return a new {@link ClientHttpConnector}.
 */
public static ClientHttpConnector create(ClientOptions options, SslConfiguration sslConfiguration) {

	Assert.notNull(options, "ClientOptions must not be null");
	Assert.notNull(sslConfiguration, "SslConfiguration must not be null");

	if (REACTOR_NETTY_PRESENT) {
		return ReactorNetty.usingReactorNetty(options, sslConfiguration);
	}

	if (JETTY_PRESENT) {
		return JettyClient.usingJetty(options, sslConfiguration);
	}

	throw new IllegalStateException("No supported Reactive Http Client library available (Reactor Netty, Jetty)");
}
 
Example 4
Source Project: spring-vault   Source File: ClientHttpConnectorFactory.java    License: Apache License 2.0 6 votes vote down vote up
private static void configureSsl(SslConfiguration sslConfiguration, SslContextBuilder sslContextBuilder) {

		try {

			if (sslConfiguration.getTrustStoreConfiguration().isPresent()) {
				sslContextBuilder
						.trustManager(createTrustManagerFactory(sslConfiguration.getTrustStoreConfiguration()));
			}

			if (sslConfiguration.getKeyStoreConfiguration().isPresent()) {
				sslContextBuilder.keyManager(createKeyManagerFactory(sslConfiguration.getKeyStoreConfiguration(),
						sslConfiguration.getKeyConfiguration()));
			}
		}
		catch (GeneralSecurityException | IOException e) {
			throw new IllegalStateException(e);
		}
	}
 
Example 5
Source Project: spring-vault   Source File: ClientHttpConnectorFactory.java    License: Apache License 2.0 6 votes vote down vote up
static ClientHttpConnector usingReactorNetty(ClientOptions options, SslConfiguration sslConfiguration) {
	HttpClient client = HttpClient.create();

	if (hasSslConfiguration(sslConfiguration)) {

		SslContextBuilder sslContextBuilder = SslContextBuilder.forClient();
		configureSsl(sslConfiguration, sslContextBuilder);

		client = client.secure(builder -> {
			builder.sslContext(sslContextBuilder);
		});
	}

	client = client.tcpConfiguration(it -> it.option(ChannelOption.CONNECT_TIMEOUT_MILLIS,
			Math.toIntExact(options.getConnectionTimeout().toMillis())));

	return new ReactorClientHttpConnector(client);
}
 
Example 6
private KeyStoreConfiguration getKeyStoreConfiguration(String resourceProperty, String passwordProperty,
		String keystoreTypeProperty) {

	Resource keyStore = getResource(resourceProperty);
	String keyStorePassword = getProperty(passwordProperty);
	String keystoreType = getProperty(keystoreTypeProperty, SslConfiguration.PEM_KEYSTORE_TYPE);

	if (keyStore == null) {
		return KeyStoreConfiguration.unconfigured();
	}

	if (StringUtils.hasText(keyStorePassword)) {
		return KeyStoreConfiguration.of(keyStore, keyStorePassword.toCharArray(), keystoreType);
	}

	return KeyStoreConfiguration.of(keyStore).withStoreType(keystoreType);
}
 
Example 7
@Test
void httpComponentsClientUsingPemShouldWork() throws Exception {

	File caCertificate = new File(Settings.findWorkDir(), "ca/certs/ca.cert.pem");
	SslConfiguration sslConfiguration = SslConfiguration.forTrustStore(SslConfiguration.KeyStoreConfiguration
			.of(new FileSystemResource(caCertificate)).withStoreType(SslConfiguration.PEM_KEYSTORE_TYPE));

	ClientHttpRequestFactory factory = HttpComponents.usingHttpComponents(new ClientOptions(), sslConfiguration);
	RestTemplate template = new RestTemplate(factory);

	String response = request(template);

	assertThat(factory).isInstanceOf(HttpComponentsClientHttpRequestFactory.class);
	assertThat(response).isNotNull().contains("initialized");

	((DisposableBean) factory).destroy();
}
 
Example 8
@Test
void shouldConfigureSsl() {

	Map<String, Object> map = new HashMap<String, Object>();
	map.put("vault.ssl.key-store", "classpath:certificate.json");
	map.put("vault.ssl.trust-store", "classpath:certificate.json");

	MapPropertySource propertySource = new MapPropertySource("shouldConfigureSsl", map);
	this.configurableEnvironment.getPropertySources().addFirst(propertySource);

	SslConfiguration sslConfiguration = this.configuration.sslConfiguration();

	assertThat(sslConfiguration.getKeyStore()).isInstanceOf(ClassPathResource.class);
	assertThat(sslConfiguration.getKeyStorePassword()).isEqualTo("key store password");

	assertThat(sslConfiguration.getTrustStore()).isInstanceOf(ClassPathResource.class);
	assertThat(sslConfiguration.getTrustStorePassword()).isEqualTo("trust store password");

	this.configurableEnvironment.getPropertySources().remove(propertySource.getName());
}
 
Example 9
Source Project: spring-vault   Source File: VaultInitializer.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Create a new {@link VaultInitializer} with the given {@link SslConfiguration} and
 * {@link VaultEndpoint}.
 * @param sslConfiguration must not be {@literal null}.
 * @param vaultEndpoint must not be {@literal null}.
 */
public VaultInitializer(SslConfiguration sslConfiguration, VaultEndpoint vaultEndpoint) {

	Assert.notNull(sslConfiguration, "SslConfiguration must not be null");
	Assert.notNull(vaultEndpoint, "VaultEndpoint must not be null");

	RestTemplate restTemplate = TestRestTemplateFactory.create(sslConfiguration);
	WebClient webClient = TestWebClientFactory.create(sslConfiguration);

	VaultTemplate vaultTemplate = new VaultTemplate(TestRestTemplateFactory.TEST_VAULT_ENDPOINT,
			restTemplate.getRequestFactory(), new PreparingSessionManager());

	this.token = Settings.token();

	this.prepareVault = new PrepareVault(webClient, TestRestTemplateFactory.create(sslConfiguration),
			vaultTemplate);
	this.vaultEndpoint = vaultEndpoint;
}
 
Example 10
Source Project: spring-cloud-vault   Source File: VaultRule.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Create a new {@link VaultRule} with the given {@link SslConfiguration} and
 * {@link VaultEndpoint}.
 * @param sslConfiguration must not be {@literal null}.
 * @param vaultEndpoint must not be {@literal null}.
 */
public VaultRule(SslConfiguration sslConfiguration, VaultEndpoint vaultEndpoint) {

	Assert.notNull(sslConfiguration, "SslConfiguration must not be null");
	Assert.notNull(vaultEndpoint, "VaultEndpoint must not be null");

	ClientHttpRequestFactory requestFactory = TestRestTemplateFactory
			.create(sslConfiguration).getRequestFactory();

	VaultTemplate vaultTemplate = new VaultTemplate(vaultEndpoint, requestFactory,
			new PreparingSessionManager());

	this.token = Settings.token();
	this.prepareVault = new PrepareVault(vaultTemplate);
	this.vaultEndpoint = vaultEndpoint;
}
 
Example 11
@Override
public SslConfiguration sslConfiguration() {
	if (vaultProperties.isSkipSslValidation()) {
		log.warn("The '" + VAULT_PROPERTIES_PREFIX + "skipSslValidation' property "
				+ "is not supported by this Vault environment repository implementation. "
				+ "Use the '" + VAULT_PROPERTIES_PREFIX
				+ "ssl` properties to provide "
				+ "custom keyStore and trustStore material instead.");
	}

	VaultEnvironmentProperties.Ssl ssl = vaultProperties.getSsl();

	SslConfiguration.KeyStoreConfiguration keyStoreConfiguration = getKeyStoreConfiguration(
			ssl.getKeyStore(), ssl.getKeyStorePassword());

	SslConfiguration.KeyStoreConfiguration trustStoreConfiguration = getKeyStoreConfiguration(
			ssl.getTrustStore(), ssl.getTrustStorePassword());

	return new SslConfiguration(keyStoreConfiguration, trustStoreConfiguration);
}
 
Example 12
@Test
public void customSslConfiguration() {
	VaultEnvironmentProperties properties = new VaultEnvironmentProperties();
	properties.getSsl().setKeyStore(new ClassPathResource("ssl-test.jks"));
	properties.getSsl().setKeyStorePassword("password");
	properties.getSsl().setTrustStore(new ClassPathResource("ssl-test.jks"));
	properties.getSsl().setTrustStorePassword("password");

	SpringVaultClientConfiguration configuration = getConfiguration(properties);
	SslConfiguration sslConfiguration = configuration.sslConfiguration();

	KeyStoreConfiguration keyStoreConfiguration = sslConfiguration
			.getKeyStoreConfiguration();
	KeyStoreConfiguration trustStoreConfiguration = sslConfiguration
			.getTrustStoreConfiguration();
	assertThat(keyStoreConfiguration.isPresent()).isTrue();
	assertThat(new String(keyStoreConfiguration.getStorePassword()))
			.isEqualTo("password");
	assertThat(trustStoreConfiguration.isPresent()).isTrue();
	assertThat(new String(trustStoreConfiguration.getStorePassword()))
			.isEqualTo("password");
}
 
Example 13
@Test
public void configureSslUsesNoKeyStoresIfNoneProvided() {
    KeyVaultConfig keyVaultConfig = mock(KeyVaultConfig.class);
    EnvironmentVariableProvider envProvider = mock(EnvironmentVariableProvider.class);

    when(keyVaultConfig.getProperty("tlsKeyStorePath")).thenReturn(Optional.empty());
    when(keyVaultConfig.getProperty("tlsTrustStorePath")).thenReturn(Optional.empty());

    SslConfiguration result = util.configureSsl(keyVaultConfig, envProvider);

    assertThat(result.getKeyStoreConfiguration().isPresent()).isFalse();
    assertThat(result.getTrustStoreConfiguration().isPresent()).isFalse();
}
 
Example 14
@Test
public void createClientHttpRequestFactory() {
    ClientOptions clientOptions = mock(ClientOptions.class);
    SslConfiguration sslConfiguration = mock(SslConfiguration.class);

    SslConfiguration.KeyStoreConfiguration keyStoreConfiguration = mock(SslConfiguration.KeyStoreConfiguration.class);
    when(sslConfiguration.getKeyStoreConfiguration()).thenReturn(keyStoreConfiguration);
    when(sslConfiguration.getTrustStoreConfiguration()).thenReturn(keyStoreConfiguration);

    when(clientOptions.getConnectionTimeout()).thenReturn(Duration.ZERO);
    when(clientOptions.getReadTimeout()).thenReturn(Duration.ZERO);

    ClientHttpRequestFactory result = util.createClientHttpRequestFactory(clientOptions, sslConfiguration);

    assertThat(result).isInstanceOf(OkHttp3ClientHttpRequestFactory.class);
}
 
Example 15
/**
 * Create a {@link ClientHttpRequestFactory} for the given {@link ClientOptions} and
 * {@link SslConfiguration}.
 * @param options must not be {@literal null}
 * @param sslConfiguration must not be {@literal null}
 * @return a new {@link ClientHttpRequestFactory}. Lifecycle beans must be initialized
 * after obtaining.
 */
public static ClientHttpRequestFactory create(ClientOptions options, SslConfiguration sslConfiguration) {

	Assert.notNull(options, "ClientOptions must not be null");
	Assert.notNull(sslConfiguration, "SslConfiguration must not be null");

	try {

		if (HTTP_COMPONENTS_PRESENT) {
			return HttpComponents.usingHttpComponents(options, sslConfiguration);
		}

		if (OKHTTP3_PRESENT) {
			return OkHttp3.usingOkHttp3(options, sslConfiguration);
		}

		if (NETTY_PRESENT) {
			return Netty.usingNetty(options, sslConfiguration);
		}
	}
	catch (GeneralSecurityException | IOException e) {
		throw new IllegalStateException(e);
	}

	if (hasSslConfiguration(sslConfiguration)) {
		logger.warn("VaultProperties has SSL configured but the SSL configuration "
				+ "must be applied outside the Vault Client to use the JDK HTTP client");
	}

	return new SimpleClientHttpRequestFactory();
}
 
Example 16
private static SSLContext getSSLContext(SslConfiguration sslConfiguration, TrustManager[] trustManagers)
		throws GeneralSecurityException, IOException {

	KeyConfiguration keyConfiguration = sslConfiguration.getKeyConfiguration();
	KeyManager[] keyManagers = sslConfiguration.getKeyStoreConfiguration().isPresent()
			? createKeyManagerFactory(sslConfiguration.getKeyStoreConfiguration(), keyConfiguration)
					.getKeyManagers()
			: null;

	SSLContext sslContext = SSLContext.getInstance("TLS");
	sslContext.init(keyManagers, trustManagers, null);

	return sslContext;
}
 
Example 17
@Nullable
private static TrustManager[] getTrustManagers(SslConfiguration sslConfiguration)
		throws GeneralSecurityException, IOException {

	return sslConfiguration.getTrustStoreConfiguration().isPresent()
			? createTrustManagerFactory(sslConfiguration.getTrustStoreConfiguration()).getTrustManagers() : null;
}
 
Example 18
private static String getKeyStoreType(KeyStoreConfiguration keyStoreConfiguration) {

		if (StringUtils.hasText(keyStoreConfiguration.getStoreType())
				&& !SslConfiguration.PEM_KEYSTORE_TYPE.equalsIgnoreCase(keyStoreConfiguration.getStoreType())) {
			return keyStoreConfiguration.getStoreType();
		}

		return KeyStore.getDefaultType();
	}
 
Example 19
private static void loadKeyStore(KeyStoreConfiguration keyStoreConfiguration, KeyStore keyStore)
		throws IOException, GeneralSecurityException {

	if (logger.isDebugEnabled()) {
		logger.debug(String.format("Loading keystore from %s", keyStoreConfiguration.getResource()));
	}

	InputStream inputStream = null;
	try {
		inputStream = keyStoreConfiguration.getResource().getInputStream();

		if (SslConfiguration.PEM_KEYSTORE_TYPE.equalsIgnoreCase(keyStoreConfiguration.getStoreType())) {

			keyStore.load(null);
			loadFromPem(keyStore, inputStream);
		}
		else {
			keyStore.load(inputStream, keyStoreConfiguration.getStorePassword());
		}

		if (logger.isDebugEnabled()) {
			logger.debug(String.format("Keystore loaded with %d entries", keyStore.size()));
		}
	}
	finally {
		if (inputStream != null) {
			inputStream.close();
		}
	}
}
 
Example 20
static ClientHttpRequestFactory usingHttpComponents(ClientOptions options, SslConfiguration sslConfiguration)
		throws GeneralSecurityException, IOException {

	HttpClientBuilder httpClientBuilder = HttpClients.custom();

	httpClientBuilder.setRoutePlanner(
			new SystemDefaultRoutePlanner(DefaultSchemePortResolver.INSTANCE, ProxySelector.getDefault()));

	if (hasSslConfiguration(sslConfiguration)) {

		SSLContext sslContext = getSSLContext(sslConfiguration, getTrustManagers(sslConfiguration));
		SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext);
		httpClientBuilder.setSSLSocketFactory(sslSocketFactory);
		httpClientBuilder.setSSLContext(sslContext);
	}

	RequestConfig requestConfig = RequestConfig.custom()
			//
			.setConnectTimeout(Math.toIntExact(options.getConnectionTimeout().toMillis())) //
			.setSocketTimeout(Math.toIntExact(options.getReadTimeout().toMillis())) //
			.setAuthenticationEnabled(true) //
			.build();

	httpClientBuilder.setDefaultRequestConfig(requestConfig);

	// Support redirects
	httpClientBuilder.setRedirectStrategy(new LaxRedirectStrategy());

	return new HttpComponentsClientHttpRequestFactory(httpClientBuilder.build());
}
 
Example 21
static ClientHttpRequestFactory usingNetty(ClientOptions options, SslConfiguration sslConfiguration)
		throws GeneralSecurityException, IOException {

	Netty4ClientHttpRequestFactory requestFactory = new Netty4ClientHttpRequestFactory();

	if (hasSslConfiguration(sslConfiguration)) {

		SslContextBuilder sslContextBuilder = SslContextBuilder //
				.forClient();

		if (sslConfiguration.getTrustStoreConfiguration().isPresent()) {
			sslContextBuilder
					.trustManager(createTrustManagerFactory(sslConfiguration.getTrustStoreConfiguration()));
		}

		if (sslConfiguration.getKeyStoreConfiguration().isPresent()) {
			sslContextBuilder.keyManager(createKeyManagerFactory(sslConfiguration.getKeyStoreConfiguration(),
					sslConfiguration.getKeyConfiguration()));
		}

		requestFactory.setSslContext(sslContextBuilder.sslProvider(SslProvider.JDK).build());
	}

	requestFactory.setConnectTimeout(Math.toIntExact(options.getConnectionTimeout().toMillis()));
	requestFactory.setReadTimeout(Math.toIntExact(options.getReadTimeout().toMillis()));

	return requestFactory;
}
 
Example 22
Source Project: spring-vault   Source File: ClientHttpConnectorFactory.java    License: Apache License 2.0 5 votes vote down vote up
static ClientHttpConnector usingJetty(ClientOptions options, SslConfiguration sslConfiguration) {

			try {
				return new JettyClientHttpConnector(configureClient(getHttpClient(sslConfiguration), options));
			}
			catch (GeneralSecurityException | IOException e) {
				throw new IllegalStateException(e);
			}
		}
 
Example 23
@Override
public SslConfiguration sslConfiguration() {

	KeyStoreConfiguration keyStoreConfiguration = getKeyStoreConfiguration("vault.ssl.key-store",
			"vault.ssl.key-store-password", "vault.ssl.key-store-type");

	KeyStoreConfiguration trustStoreConfiguration = getKeyStoreConfiguration("vault.ssl.trust-store",
			"vault.ssl.trust-store-password", "vault.ssl.trust-store-type");

	return new SslConfiguration(keyStoreConfiguration, trustStoreConfiguration);
}
 
Example 24
@Test
void shouldSelectKey() {

	ClientHttpRequestFactory clientHttpRequestFactory = ClientHttpRequestFactoryFactory.create(new ClientOptions(),
			prepareCertAuthenticationMethod(SslConfiguration.KeyConfiguration.of("changeit".toCharArray(), "1")));

	RestTemplate restTemplate = VaultClients.createRestTemplate(TestRestTemplateFactory.TEST_VAULT_ENDPOINT,
			clientHttpRequestFactory);
	ClientCertificateAuthentication authentication = new ClientCertificateAuthentication(restTemplate);
	VaultToken login = authentication.login();

	assertThat(login.getToken()).isNotEmpty();
}
 
Example 25
@Test
void shouldSelectInvalidKey() {

	ClientHttpRequestFactory clientHttpRequestFactory = ClientHttpRequestFactoryFactory.create(new ClientOptions(),
			prepareCertAuthenticationMethod(SslConfiguration.KeyConfiguration.of("changeit".toCharArray(), "2")));

	RestTemplate restTemplate = VaultClients.createRestTemplate(TestRestTemplateFactory.TEST_VAULT_ENDPOINT,
			clientHttpRequestFactory);
	ClientCertificateAuthentication authentication = new ClientCertificateAuthentication(restTemplate);

	assertThatExceptionOfType(NestedRuntimeException.class).isThrownBy(authentication::login);
}
 
Example 26
static SslConfiguration prepareCertAuthenticationMethod(SslConfiguration.KeyConfiguration keyConfiguration) {

		SslConfiguration original = createSslConfiguration();

		return new SslConfiguration(KeyStoreConfiguration
				.of(new FileSystemResource(new File(findWorkDir(), "client-cert.jks")), "changeit".toCharArray()),
				keyConfiguration, original.getTrustStoreConfiguration());
	}
 
Example 27
@Test
void shouldSelectKey() {

	WebClient webClient = TestWebClientFactory.create(
			prepareCertAuthenticationMethod(SslConfiguration.KeyConfiguration.of("changeit".toCharArray(), "1")));

	AuthenticationStepsOperator operator = new AuthenticationStepsOperator(
			ClientCertificateAuthentication.createAuthenticationSteps(), webClient);

	operator.getVaultToken() //
			.as(StepVerifier::create) //
			.expectNextCount(1) //
			.verifyComplete();
}
 
Example 28
@Test
void shouldSelectInvalidKey() {

	WebClient webClient = TestWebClientFactory.create(
			prepareCertAuthenticationMethod(SslConfiguration.KeyConfiguration.of("changeit".toCharArray(), "2")));

	AuthenticationStepsOperator operator = new AuthenticationStepsOperator(
			ClientCertificateAuthentication.createAuthenticationSteps(), webClient);

	operator.getVaultToken() //
			.as(StepVerifier::create) //
			.verifyError(VaultLoginException.class);
}
 
Example 29
Source Project: spring-vault   Source File: TestWebClientFactory.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Create a new {@link WebClient} using the {@link SslConfiguration}. See
 * {@link ReactiveVaultClients#createWebClient(VaultEndpoint, ClientHttpConnector)} to
 * create {@link WebClient} for a given {@link ClientHttpConnector}.
 * @param sslConfiguration must not be {@literal null}.
 * @return
 */
public static WebClient create(SslConfiguration sslConfiguration) {

	Assert.notNull(sslConfiguration, "SslConfiguration must not be null!");

	try {
		ClientHttpConnector connector = ClientHttpConnectorFactory.create(new ClientOptions(), sslConfiguration);
		return ReactiveVaultClients.createWebClient(TEST_VAULT_ENDPOINT, connector);
	}
	catch (Exception e) {
		throw new IllegalStateException(e);
	}
}
 
Example 30
Source Project: spring-vault   Source File: Settings.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * @return the vault properties.
 */
public static SslConfiguration createSslConfiguration() {

	File workDir = findWorkDir();

	return SslConfiguration.forTrustStore(new FileSystemResource(new File(workDir, "keystore.jks")),
			"changeit".toCharArray());
}