SEC-559: Throw an initialization exception if configured truststore file doesn't exist.

core/src/main/java/org/acegisecurity/providers/cas/ticketvalidator/AbstractTicketValidator.java

@@ -16,15 +16,16 @@
 package org.acegisecurity.providers.cas.ticketvalidator;
 
 import org.acegisecurity.providers.cas.TicketValidator;
-
 import org.acegisecurity.ui.cas.ServiceProperties;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import org.springframework.beans.factory.InitializingBean;
-
 import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
+
+import java.io.File;
 
 
 /**
@@ -50,9 +51,11 @@ public abstract class AbstractTicketValidator implements TicketValidator, Initia
         Assert.hasLength(casValidate, "A casValidate URL must be set");
         Assert.notNull(serviceProperties, "serviceProperties must be specified");
 
-        if ((trustStore != null) && (!"".equals(trustStore))) {
+        if (StringUtils.hasLength(trustStore)) {
-            if (logger.isDebugEnabled()) {
+            logger.info("Setting system property 'javax.net.ssl.trustStore' to value [" + trustStore + "]");
-                logger.debug("Setting system property 'javax.net.ssl.trustStore'" + " to value [" + trustStore + "]");
+
+            if (! (new File(trustStore)).exists()) {
+                throw new IllegalArgumentException("Parameter 'trustStore' file does not exist at " + trustStore);
             }
 
             System.setProperty("javax.net.ssl.trustStore", trustStore);

core/src/test/java/org/acegisecurity/providers/cas/ticketvalidator/AbstractTicketValidatorTests.java

@@ -23,6 +23,8 @@ import org.acegisecurity.BadCredentialsException;
 import org.acegisecurity.providers.cas.TicketResponse;
 
 import org.acegisecurity.ui.cas.ServiceProperties;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.ClassPathResource;
 
 import java.util.Vector;
 
@@ -37,7 +39,6 @@ public class AbstractTicketValidatorTests extends TestCase {
     //~ Constructors ===================================================================================================
 
     public AbstractTicketValidatorTests() {
-        super();
     }
 
     public AbstractTicketValidatorTests(String arg0) {
@@ -46,14 +47,6 @@ public class AbstractTicketValidatorTests extends TestCase {
 
     //~ Methods ========================================================================================================
 
-    public static void main(String[] args) {
-        junit.textui.TestRunner.run(AbstractTicketValidatorTests.class);
-    }
-
-    public final void setUp() throws Exception {
-        super.setUp();
-    }
-
     public void testDetectsMissingCasValidate() throws Exception {
         AbstractTicketValidator tv = new MockAbstractTicketValidator();
         tv.setServiceProperties(new ServiceProperties());
@@ -92,21 +85,21 @@ public class AbstractTicketValidatorTests extends TestCase {
         assertEquals("/some/file/cacerts", tv.getTrustStore());
     }
 
-    public void testSystemPropertySetDuringAfterPropertiesSet()
+    public void testTrustStoreSystemPropertySetDuringAfterPropertiesSet() throws Exception {
-        throws Exception {
         AbstractTicketValidator tv = new MockAbstractTicketValidator();
         tv.setCasValidate("https://company.com/cas/proxyvalidate");
-        assertEquals("https://company.com/cas/proxyvalidate", tv.getCasValidate());
-
         tv.setServiceProperties(new ServiceProperties());
-        assertTrue(tv.getServiceProperties() != null);
 
-        tv.setTrustStore("/some/file/cacerts");
+        // We need an existing file to use as the truststore property
-        assertEquals("/some/file/cacerts", tv.getTrustStore());
+        Resource r = new ClassPathResource("log4j.properties");
+        String filename = r.getFile().getAbsolutePath();
+
+        tv.setTrustStore(filename);
+        assertEquals(filename, tv.getTrustStore());
 
         String before = System.getProperty("javax.net.ssl.trustStore");
         tv.afterPropertiesSet();
-        assertEquals("/some/file/cacerts", System.getProperty("javax.net.ssl.trustStore"));
+        assertEquals(filename, System.getProperty("javax.net.ssl.trustStore"));
 
         if (before == null) {
             System.setProperty("javax.net.ssl.trustStore", "");
@@ -115,6 +108,20 @@ public class AbstractTicketValidatorTests extends TestCase {
         }
     }
 
+    public void testMissingTrustStoreFileCausesException() throws Exception {
+        AbstractTicketValidator tv = new MockAbstractTicketValidator();
+        tv.setServiceProperties(new ServiceProperties());
+        tv.setCasValidate("https://company.com/cas/proxyvalidate");
+        tv.setTrustStore("/non/existent/file");
+
+        try {
+            tv.afterPropertiesSet();
+
+            fail("Expected exception with non-existent truststore");
+        } catch (IllegalArgumentException expected) {
+        }
+    }
+
     //~ Inner Classes ==================================================================================================
 
     private class MockAbstractTicketValidator extends AbstractTicketValidator {
@@ -125,7 +132,6 @@ public class AbstractTicketValidatorTests extends TestCase {
         }
 
         private MockAbstractTicketValidator() {
-            super();
         }
 
         public TicketResponse confirmTicketValid(String serviceTicket)