Apply key property to the keystore and not to the truststore

Update `PropertiesSslBundle` so that key properties are now
only applied to the keystore and not the truststore.

Closes gh-38125

Author: philwebb

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/ssl/PropertiesSslBundle.java

@@ -112,14 +112,18 @@ public static SslBundle get(JksSslBundleProperties properties) {
 	}
 
 	private static SslStoreBundle asSslStoreBundle(PemSslBundleProperties properties) {
-		PemSslStore keyStore = asPemSslStore(properties.getKeystore(), properties.getKey().getAlias());
-		PemSslStore trustStore = asPemSslStore(properties.getTruststore(), properties.getKey().getAlias());
+		PemSslStore keyStore = asPemSslStore(properties.getKeystore());
+		if (keyStore != null) {
+			keyStore = keyStore.withAlias(properties.getKey().getAlias())
+				.withPassword(properties.getKey().getPassword());
+		}
+		PemSslStore trustStore = asPemSslStore(properties.getTruststore());
 		return new PemSslStoreBundle(keyStore, trustStore);
 	}
 
-	private static PemSslStore asPemSslStore(PemSslBundleProperties.Store properties, String alias) {
+	private static PemSslStore asPemSslStore(PemSslBundleProperties.Store properties) {
 		try {
-			PemSslStoreDetails details = asStoreDetails(properties, alias);
+			PemSslStoreDetails details = asStoreDetails(properties);
 			PemSslStore pemSslStore = PemSslStore.load(details);
 			if (properties.isVerifyKeys()) {
 				CertificateMatcher certificateMatcher = new CertificateMatcher(pemSslStore.privateKey());
@@ -133,9 +137,9 @@ private static PemSslStore asPemSslStore(PemSslBundleProperties.Store properties
 		}
 	}
 
-	private static PemSslStoreDetails asStoreDetails(PemSslBundleProperties.Store properties, String alias) {
-		return new PemSslStoreDetails(properties.getType(), alias, null, properties.getCertificate(),
-				properties.getPrivateKey(), properties.getPrivateKeyPassword());
+	private static PemSslStoreDetails asStoreDetails(PemSslBundleProperties.Store properties) {
+		return new PemSslStoreDetails(properties.getType(), properties.getCertificate(), properties.getPrivateKey(),
+				properties.getPrivateKeyPassword());
 	}
 
 	private static SslStoreBundle asSslStoreBundle(JksSslBundleProperties properties) {

spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/ssl/PropertiesSslBundleTests.java

@@ -66,10 +66,10 @@ void pemPropertiesAreMappedToSslBundle() throws Exception {
 		Certificate certificate = sslBundle.getStores().getKeyStore().getCertificate("alias");
 		assertThat(certificate).isNotNull();
 		assertThat(certificate.getType()).isEqualTo("X.509");
-		Key key = sslBundle.getStores().getKeyStore().getKey("alias", null);
+		Key key = sslBundle.getStores().getKeyStore().getKey("alias", "secret".toCharArray());
 		assertThat(key).isNotNull();
 		assertThat(key.getAlgorithm()).isEqualTo("RSA");
-		certificate = sslBundle.getStores().getTrustStore().getCertificate("alias");
+		certificate = sslBundle.getStores().getTrustStore().getCertificate("ssl");
 		assertThat(certificate).isNotNull();
 		assertThat(certificate.getType()).isEqualTo("X.509");
 	}

spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/server/WebServerSslBundle.java

@@ -65,8 +65,7 @@ private static SslStoreBundle createPemStoreBundle(Ssl ssl) {
 				ssl.getCertificatePrivateKey())
 			.withAlias(ssl.getKeyAlias());
 		PemSslStoreDetails trustStoreDetails = new PemSslStoreDetails(ssl.getTrustStoreType(),
-				ssl.getTrustCertificate(), ssl.getTrustCertificatePrivateKey())
-			.withAlias(ssl.getKeyAlias());
+				ssl.getTrustCertificate(), ssl.getTrustCertificatePrivateKey());
 		return new PemSslStoreBundle(keyStoreDetails, trustStoreDetails);
 	}