From e2d84fa462cb0c010e3426ecffdd2a3ca47465f9 Mon Sep 17 00:00:00 2001 From: Moritz Halbritter Date: Mon, 11 Sep 2023 12:01:18 +0200 Subject: [PATCH] Make SslStoreBundle implementations immutable Closes gh-37222 --- .../ssl/PropertiesSslBundleTests.java | 58 ++++++++++-------- .../ssl/SslAutoConfigurationTests.java | 47 +++++++++----- .../boot/autoconfigure/ssl/ed25519-cert.pem | 13 ++++ .../boot/autoconfigure/ssl/ed25519-key.pem | 3 + .../boot/autoconfigure/ssl/keystore.jks | Bin 0 -> 32 bytes .../boot/autoconfigure/ssl/keystore.pkcs12 | Bin 0 -> 103 bytes .../boot/autoconfigure/ssl/rsa-cert.pem | 23 +++++++ .../boot/autoconfigure/ssl/rsa-key.pem | 28 +++++++++ .../boot/ssl/jks/JksSslStoreBundle.java | 12 ++-- .../boot/ssl/pem/PemSslStoreBundle.java | 23 +++---- .../boot/ssl/jks/JksSslStoreBundleTests.java | 34 +++++----- .../tomcat/SslConnectorCustomizerTests.java | 17 +++-- .../web/server/WebServerSslBundleTests.java | 13 ++-- 13 files changed, 185 insertions(+), 86 deletions(-) create mode 100644 spring-boot-project/spring-boot-autoconfigure/src/test/resources/org/springframework/boot/autoconfigure/ssl/ed25519-cert.pem create mode 100644 spring-boot-project/spring-boot-autoconfigure/src/test/resources/org/springframework/boot/autoconfigure/ssl/ed25519-key.pem create mode 100644 spring-boot-project/spring-boot-autoconfigure/src/test/resources/org/springframework/boot/autoconfigure/ssl/keystore.jks create mode 100644 spring-boot-project/spring-boot-autoconfigure/src/test/resources/org/springframework/boot/autoconfigure/ssl/keystore.pkcs12 create mode 100644 spring-boot-project/spring-boot-autoconfigure/src/test/resources/org/springframework/boot/autoconfigure/ssl/rsa-cert.pem create mode 100644 spring-boot-project/spring-boot-autoconfigure/src/test/resources/org/springframework/boot/autoconfigure/ssl/rsa-key.pem diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/ssl/PropertiesSslBundleTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/ssl/PropertiesSslBundleTests.java index 43c00ac56b..1b74532831 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/ssl/PropertiesSslBundleTests.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/ssl/PropertiesSslBundleTests.java @@ -16,6 +16,9 @@ package org.springframework.boot.autoconfigure.ssl; +import java.security.Key; +import java.security.KeyStore; +import java.security.cert.Certificate; import java.util.Set; import org.junit.jupiter.api.Test; @@ -28,36 +31,42 @@ import static org.assertj.core.api.Assertions.assertThat; * Tests for {@link PropertiesSslBundle}. * * @author Scott Frederick + * @author Moritz Halbritter */ class PropertiesSslBundleTests { @Test - void pemPropertiesAreMappedToSslBundle() { + void pemPropertiesAreMappedToSslBundle() throws Exception { PemSslBundleProperties properties = new PemSslBundleProperties(); properties.getKey().setAlias("alias"); properties.getKey().setPassword("secret"); properties.getOptions().setCiphers(Set.of("cipher1", "cipher2", "cipher3")); properties.getOptions().setEnabledProtocols(Set.of("protocol1", "protocol2")); - properties.getKeystore().setCertificate("cert1.pem"); - properties.getKeystore().setPrivateKey("key1.pem"); - properties.getKeystore().setPrivateKeyPassword("keysecret1"); + properties.getKeystore().setCertificate("classpath:org/springframework/boot/autoconfigure/ssl/rsa-cert.pem"); + properties.getKeystore().setPrivateKey("classpath:org/springframework/boot/autoconfigure/ssl/rsa-key.pem"); + properties.getKeystore().setPrivateKeyPassword(null); properties.getKeystore().setType("PKCS12"); - properties.getTruststore().setCertificate("cert2.pem"); - properties.getTruststore().setPrivateKey("key2.pem"); - properties.getTruststore().setPrivateKeyPassword("keysecret2"); - properties.getTruststore().setType("JKS"); + properties.getTruststore() + .setCertificate("classpath:org/springframework/boot/autoconfigure/ssl/ed25519-cert.pem"); + properties.getTruststore() + .setPrivateKey("classpath:org/springframework/boot/autoconfigure/ssl/ed25519-key.pem"); + properties.getTruststore().setPrivateKeyPassword("secret"); + properties.getTruststore().setType("PKCS12"); SslBundle sslBundle = PropertiesSslBundle.get(properties); assertThat(sslBundle.getKey().getAlias()).isEqualTo("alias"); assertThat(sslBundle.getKey().getPassword()).isEqualTo("secret"); assertThat(sslBundle.getOptions().getCiphers()).containsExactlyInAnyOrder("cipher1", "cipher2", "cipher3"); assertThat(sslBundle.getOptions().getEnabledProtocols()).containsExactlyInAnyOrder("protocol1", "protocol2"); assertThat(sslBundle.getStores()).isNotNull(); - assertThat(sslBundle.getStores()).extracting("keyStoreDetails") - .extracting("certificate", "privateKey", "privateKeyPassword", "type") - .containsExactly("cert1.pem", "key1.pem", "keysecret1", "PKCS12"); - assertThat(sslBundle.getStores()).extracting("trustStoreDetails") - .extracting("certificate", "privateKey", "privateKeyPassword", "type") - .containsExactly("cert2.pem", "key2.pem", "keysecret2", "JKS"); + Certificate certificate = sslBundle.getStores().getKeyStore().getCertificate("alias"); + assertThat(certificate).isNotNull(); + assertThat(certificate.getType()).isEqualTo("X.509"); + Key key = sslBundle.getStores().getKeyStore().getKey("alias", null); + assertThat(key).isNotNull(); + assertThat(key.getAlgorithm()).isEqualTo("RSA"); + certificate = sslBundle.getStores().getTrustStore().getCertificate("alias"); + assertThat(certificate).isNotNull(); + assertThat(certificate.getType()).isEqualTo("X.509"); } @Test @@ -67,14 +76,14 @@ class PropertiesSslBundleTests { properties.getKey().setPassword("secret"); properties.getOptions().setCiphers(Set.of("cipher1", "cipher2", "cipher3")); properties.getOptions().setEnabledProtocols(Set.of("protocol1", "protocol2")); - properties.getKeystore().setLocation("cert1.p12"); - properties.getKeystore().setPassword("secret1"); - properties.getKeystore().setProvider("provider1"); + properties.getKeystore().setPassword("secret"); + properties.getKeystore().setProvider("SUN"); properties.getKeystore().setType("JKS"); - properties.getTruststore().setLocation("cert2.jks"); - properties.getTruststore().setPassword("secret2"); - properties.getTruststore().setProvider("provider2"); + properties.getKeystore().setLocation("classpath:org/springframework/boot/autoconfigure/ssl/keystore.jks"); + properties.getTruststore().setPassword("secret"); + properties.getTruststore().setProvider("SUN"); properties.getTruststore().setType("PKCS12"); + properties.getTruststore().setLocation("classpath:org/springframework/boot/autoconfigure/ssl/keystore.pkcs12"); SslBundle sslBundle = PropertiesSslBundle.get(properties); assertThat(sslBundle.getKey().getAlias()).isEqualTo("alias"); assertThat(sslBundle.getKey().getPassword()).isEqualTo("secret"); @@ -83,10 +92,11 @@ class PropertiesSslBundleTests { assertThat(sslBundle.getStores()).isNotNull(); assertThat(sslBundle.getStores()).extracting("keyStoreDetails") .extracting("location", "password", "provider", "type") - .containsExactly("cert1.p12", "secret1", "provider1", "JKS"); - assertThat(sslBundle.getStores()).extracting("trustStoreDetails") - .extracting("location", "password", "provider", "type") - .containsExactly("cert2.jks", "secret2", "provider2", "PKCS12"); + .containsExactly("classpath:org/springframework/boot/autoconfigure/ssl/keystore.jks", "secret", "SUN", + "JKS"); + KeyStore trustStore = sslBundle.getStores().getTrustStore(); + assertThat(trustStore.getType()).isEqualTo("PKCS12"); + assertThat(trustStore.getProvider().getName()).isEqualTo("SUN"); } } diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/ssl/SslAutoConfigurationTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/ssl/SslAutoConfigurationTests.java index 5717fedfbd..06cbc41282 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/ssl/SslAutoConfigurationTests.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/ssl/SslAutoConfigurationTests.java @@ -38,6 +38,7 @@ import static org.assertj.core.api.Assertions.assertThat; * * @author Scott Frederick * @author Phillip Webb + * @author Moritz Halbritter */ class SslAutoConfigurationTests { @@ -54,18 +55,28 @@ class SslAutoConfigurationTests { List propertyValues = new ArrayList<>(); propertyValues.add("spring.ssl.bundle.pem.first.key.alias=alias1"); propertyValues.add("spring.ssl.bundle.pem.first.key.password=secret1"); - propertyValues.add("spring.ssl.bundle.pem.first.keystore.certificate=cert1.pem"); - propertyValues.add("spring.ssl.bundle.pem.first.keystore.private-key=key1.pem"); - propertyValues.add("spring.ssl.bundle.pem.first.keystore.type=JKS"); + propertyValues.add( + "spring.ssl.bundle.pem.first.keystore.certificate=classpath:org/springframework/boot/autoconfigure/ssl/rsa-cert.pem"); + propertyValues.add( + "spring.ssl.bundle.pem.first.keystore.private-key=classpath:org/springframework/boot/autoconfigure/ssl/rsa-key.pem"); + propertyValues.add("spring.ssl.bundle.pem.first.keystore.type=PKCS12"); propertyValues.add("spring.ssl.bundle.pem.first.truststore.type=PKCS12"); + propertyValues.add( + "spring.ssl.bundle.pem.first.truststore.certificate=classpath:org/springframework/boot/autoconfigure/ssl/rsa-cert.pem"); + propertyValues.add( + "spring.ssl.bundle.pem.first.truststore.private-key=classpath:org/springframework/boot/autoconfigure/ssl/rsa-key.pem"); propertyValues.add("spring.ssl.bundle.pem.second.key.alias=alias2"); propertyValues.add("spring.ssl.bundle.pem.second.key.password=secret2"); - propertyValues.add("spring.ssl.bundle.pem.second.keystore.certificate=cert2.pem"); - propertyValues.add("spring.ssl.bundle.pem.second.keystore.private-key=key2.pem"); + propertyValues.add( + "spring.ssl.bundle.pem.second.keystore.certificate=classpath:org/springframework/boot/autoconfigure/ssl/ed25519-cert.pem"); + propertyValues.add( + "spring.ssl.bundle.pem.second.keystore.private-key=classpath:org/springframework/boot/autoconfigure/ssl/ed25519-key.pem"); propertyValues.add("spring.ssl.bundle.pem.second.keystore.type=PKCS12"); - propertyValues.add("spring.ssl.bundle.pem.second.truststore.certificate=ca.pem"); - propertyValues.add("spring.ssl.bundle.pem.second.truststore.private-key=ca-key.pem"); - propertyValues.add("spring.ssl.bundle.pem.second.truststore.type=JKS"); + propertyValues.add( + "spring.ssl.bundle.pem.second.truststore.certificate=classpath:org/springframework/boot/autoconfigure/ssl/ed25519-cert.pem"); + propertyValues.add( + "spring.ssl.bundle.pem.second.truststore.private-key=classpath:org/springframework/boot/autoconfigure/ssl/ed25519-key.pem"); + propertyValues.add("spring.ssl.bundle.pem.second.truststore.type=PKCS12"); this.contextRunner.withPropertyValues(propertyValues.toArray(String[]::new)).run((context) -> { assertThat(context).hasSingleBean(SslBundles.class); SslBundles bundles = context.getBean(SslBundles.class); @@ -75,16 +86,16 @@ class SslAutoConfigurationTests { assertThat(first.getManagers()).isNotNull(); assertThat(first.getKey().getAlias()).isEqualTo("alias1"); assertThat(first.getKey().getPassword()).isEqualTo("secret1"); - assertThat(first.getStores()).extracting("keyStoreDetails").extracting("type").isEqualTo("JKS"); - assertThat(first.getStores()).extracting("trustStoreDetails").extracting("type").isEqualTo("PKCS12"); + assertThat(first.getStores().getKeyStore().getType()).isEqualTo("PKCS12"); + assertThat(first.getStores().getTrustStore().getType()).isEqualTo("PKCS12"); SslBundle second = bundles.getBundle("second"); assertThat(second).isNotNull(); assertThat(second.getStores()).isNotNull(); assertThat(second.getManagers()).isNotNull(); assertThat(second.getKey().getAlias()).isEqualTo("alias2"); assertThat(second.getKey().getPassword()).isEqualTo("secret2"); - assertThat(second.getStores()).extracting("keyStoreDetails").extracting("type").isEqualTo("PKCS12"); - assertThat(second.getStores()).extracting("trustStoreDetails").extracting("type").isEqualTo("JKS"); + assertThat(second.getStores().getKeyStore().getType()).isEqualTo("PKCS12"); + assertThat(second.getStores().getTrustStore().getType()).isEqualTo("PKCS12"); }); } @@ -93,7 +104,13 @@ class SslAutoConfigurationTests { List propertyValues = new ArrayList<>(); propertyValues.add("custom.ssl.key.alias=alias1"); propertyValues.add("custom.ssl.key.password=secret1"); - propertyValues.add("custom.ssl.keystore.type=JKS"); + propertyValues + .add("custom.ssl.keystore.certificate=classpath:org/springframework/boot/autoconfigure/ssl/rsa-cert.pem"); + propertyValues.add( + "custom.ssl.keystore.keystore.private-key=classpath:org/springframework/boot/autoconfigure/ssl/rsa-key.pem"); + propertyValues + .add("custom.ssl.truststore.certificate=classpath:org/springframework/boot/autoconfigure/ssl/rsa-cert.pem"); + propertyValues.add("custom.ssl.keystore.type=PKCS12"); propertyValues.add("custom.ssl.truststore.type=PKCS12"); this.contextRunner.withUserConfiguration(CustomSslBundleConfiguration.class) .withPropertyValues(propertyValues.toArray(String[]::new)) @@ -106,8 +123,8 @@ class SslAutoConfigurationTests { assertThat(first.getManagers()).isNotNull(); assertThat(first.getKey().getAlias()).isEqualTo("alias1"); assertThat(first.getKey().getPassword()).isEqualTo("secret1"); - assertThat(first.getStores()).extracting("keyStoreDetails").extracting("type").isEqualTo("JKS"); - assertThat(first.getStores()).extracting("trustStoreDetails").extracting("type").isEqualTo("PKCS12"); + assertThat(first.getStores().getKeyStore().getType()).isEqualTo("PKCS12"); + assertThat(first.getStores().getTrustStore().getType()).isEqualTo("PKCS12"); }); } diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/resources/org/springframework/boot/autoconfigure/ssl/ed25519-cert.pem b/spring-boot-project/spring-boot-autoconfigure/src/test/resources/org/springframework/boot/autoconfigure/ssl/ed25519-cert.pem new file mode 100644 index 0000000000..9f566cecee --- /dev/null +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/resources/org/springframework/boot/autoconfigure/ssl/ed25519-cert.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIICCzCCAb2gAwIBAgIUZbDi7G5czH+Yi0k2EMWxdf00XagwBQYDK2VwMHsxCzAJ +BgNVBAYTAlhYMRIwEAYDVQQIDAlTdGF0ZU5hbWUxETAPBgNVBAcMCENpdHlOYW1l +MRQwEgYDVQQKDAtDb21wYW55TmFtZTEbMBkGA1UECwwSQ29tcGFueVNlY3Rpb25O +YW1lMRIwEAYDVQQDDAlsb2NhbGhvc3QwHhcNMjMwOTExMTIxNDMwWhcNMzMwOTA4 +MTIxNDMwWjB7MQswCQYDVQQGEwJYWDESMBAGA1UECAwJU3RhdGVOYW1lMREwDwYD +VQQHDAhDaXR5TmFtZTEUMBIGA1UECgwLQ29tcGFueU5hbWUxGzAZBgNVBAsMEkNv +bXBhbnlTZWN0aW9uTmFtZTESMBAGA1UEAwwJbG9jYWxob3N0MCowBQYDK2VwAyEA +Q/DDA4BSgZ+Hx0DUxtIRjVjN+OcxXVURwAWc3Gt9GUyjUzBRMB0GA1UdDgQWBBSv +EdpoaBMBoxgO96GFbf03k07DSTAfBgNVHSMEGDAWgBSvEdpoaBMBoxgO96GFbf03 +k07DSTAPBgNVHRMBAf8EBTADAQH/MAUGAytlcANBAHMXDkGd57d4F4cRk/8UjhxD +7OtRBZfdfznSvlhJIMNfH5q0zbC2eO3hWCB3Hrn/vIeswGP8Ov4AJ6eXeX44BQM= +-----END CERTIFICATE----- diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/resources/org/springframework/boot/autoconfigure/ssl/ed25519-key.pem b/spring-boot-project/spring-boot-autoconfigure/src/test/resources/org/springframework/boot/autoconfigure/ssl/ed25519-key.pem new file mode 100644 index 0000000000..b32bf9e973 --- /dev/null +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/resources/org/springframework/boot/autoconfigure/ssl/ed25519-key.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIC29RnMVTcyqXEAIO1b/6p7RdbM6TiqvnztVQ4IxYxUh +-----END PRIVATE KEY----- diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/resources/org/springframework/boot/autoconfigure/ssl/keystore.jks b/spring-boot-project/spring-boot-autoconfigure/src/test/resources/org/springframework/boot/autoconfigure/ssl/keystore.jks new file mode 100644 index 0000000000000000000000000000000000000000..4e5e1399aee491f1765c8ff8a833c7c1103380ae GIT binary patch literal 32 mcmezO_TO6u1_mY|W@tFi`n=R{PU>QDACY&KEuvWkKVksZ3=H4^ literal 0 HcmV?d00001 diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/resources/org/springframework/boot/autoconfigure/ssl/keystore.pkcs12 b/spring-boot-project/spring-boot-autoconfigure/src/test/resources/org/springframework/boot/autoconfigure/ssl/keystore.pkcs12 new file mode 100644 index 0000000000000000000000000000000000000000..8c9a6ffa62f44dc739e0849bacce4b3bd6b2f2a6 GIT binary patch literal 103 zcmV-t0GR(UWdZ>MFcAg`Duzgg_YDCD0iXl~0x$qDO)xPq4F(BdhDZTr0|WvA1povf zvJZ7z`bbPmL!}G_MScP$r~?xi3ALqBRfwXz2zS1)1QaQ|@ehK>n61?5=jVJYDi7ZE JuxSDUClLO2A6) { + JksSslStoreDetails keyStoreDetails = new JksSslStoreDetails("PKCS11", null, "test.jks", null); + JksSslStoreDetails trustStoreDetails = null; + new JksSslStoreBundle(keyStoreDetails, trustStoreDetails); + }) .withMessageContaining( "Unable to create key store: Location is 'test.jks', but must be empty or null for PKCS11 hardware key stores"); } @@ -102,22 +104,22 @@ class JksSslStoreBundleTests { @Test void whenHasKeyStoreProvider() { - JksSslStoreDetails keyStoreDetails = new JksSslStoreDetails(null, "com.example.KeyStoreProvider", - "classpath:test.jks", "secret"); - JksSslStoreDetails trustStoreDetails = null; - JksSslStoreBundle bundle = new JksSslStoreBundle(keyStoreDetails, trustStoreDetails); - assertThatIllegalStateException().isThrownBy(bundle::getKeyStore) - .withMessageContaining("com.example.KeyStoreProvider"); + assertThatIllegalStateException().isThrownBy(() -> { + JksSslStoreDetails keyStoreDetails = new JksSslStoreDetails(null, "com.example.KeyStoreProvider", + "classpath:test.jks", "secret"); + JksSslStoreDetails trustStoreDetails = null; + new JksSslStoreBundle(keyStoreDetails, trustStoreDetails); + }).withMessageContaining("com.example.KeyStoreProvider"); } @Test void whenHasTrustStoreProvider() { - JksSslStoreDetails keyStoreDetails = null; - JksSslStoreDetails trustStoreDetails = new JksSslStoreDetails(null, "com.example.KeyStoreProvider", - "classpath:test.jks", "secret"); - JksSslStoreBundle bundle = new JksSslStoreBundle(keyStoreDetails, trustStoreDetails); - assertThatIllegalStateException().isThrownBy(bundle::getTrustStore) - .withMessageContaining("com.example.KeyStoreProvider"); + assertThatIllegalStateException().isThrownBy(() -> { + JksSslStoreDetails keyStoreDetails = null; + JksSslStoreDetails trustStoreDetails = new JksSslStoreDetails(null, "com.example.KeyStoreProvider", + "classpath:test.jks", "secret"); + new JksSslStoreBundle(keyStoreDetails, trustStoreDetails); + }).withMessageContaining("com.example.KeyStoreProvider"); } private Consumer storeContainingCertAndKey(String keyAlias, String keyPassword) { diff --git a/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizerTests.java b/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizerTests.java index 058d2dd6e5..53b05891a7 100644 --- a/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizerTests.java +++ b/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizerTests.java @@ -67,14 +67,12 @@ class SslConnectorCustomizerTests { private Tomcat tomcat; - private Connector connector; - @BeforeEach void setup() { this.tomcat = new Tomcat(); - this.connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); - this.connector.setPort(0); - this.tomcat.setConnector(this.connector); + Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); + connector.setPort(0); + this.tomcat.setConnector(connector); } @AfterEach @@ -207,10 +205,11 @@ class SslConnectorCustomizerTests { ssl.setKeyStoreProvider(MockPkcs11SecurityProvider.NAME); ssl.setKeyStore("src/test/resources/test.jks"); ssl.setKeyPassword("password"); - SslConnectorCustomizer customizer = new SslConnectorCustomizer(ssl.getClientAuth(), - WebServerSslBundle.get(ssl)); - assertThatIllegalStateException().isThrownBy(() -> customizer.customize(this.tomcat.getConnector())) - .withMessageContaining("must be empty or null for PKCS11 hardware key stores"); + assertThatIllegalStateException().isThrownBy(() -> { + SslConnectorCustomizer customizer = new SslConnectorCustomizer(ssl.getClientAuth(), + WebServerSslBundle.get(ssl)); + customizer.customize(this.tomcat.getConnector()); + }).withMessageContaining("must be empty or null for PKCS11 hardware key stores"); } @Test diff --git a/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/server/WebServerSslBundleTests.java b/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/server/WebServerSslBundleTests.java index 9d6c0a1d6f..c6a22a22fa 100644 --- a/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/server/WebServerSslBundleTests.java +++ b/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/server/WebServerSslBundleTests.java @@ -25,6 +25,8 @@ import org.springframework.boot.ssl.SslBundle; import org.springframework.boot.ssl.SslBundleKey; import org.springframework.boot.ssl.SslOptions; import org.springframework.boot.ssl.SslStoreBundle; +import org.springframework.boot.web.embedded.test.MockPkcs11Security; +import org.springframework.boot.web.embedded.test.MockPkcs11SecurityProvider; import org.springframework.core.io.ClassPathResource; import org.springframework.core.io.Resource; @@ -38,7 +40,9 @@ import static org.mockito.Mockito.mock; * * @author Scott Frederick * @author Phillip Webb + * @author Moritz Halbritter */ +@MockPkcs11Security class WebServerSslBundleTests { @Test @@ -82,14 +86,13 @@ class WebServerSslBundleTests { @Test void whenFromJksPropertiesWithPkcs11StoreType() { Ssl ssl = new Ssl(); - ssl.setKeyStorePassword("secret"); ssl.setKeyStoreType("PKCS11"); + ssl.setKeyStoreProvider(MockPkcs11SecurityProvider.NAME); + ssl.setKeyStore("src/test/resources/test.jks"); ssl.setKeyPassword("password"); ssl.setClientAuth(Ssl.ClientAuth.NONE); - SslBundle bundle = WebServerSslBundle.get(ssl); - assertThat(bundle).isNotNull(); - assertThat(bundle.getStores().getKeyStorePassword()).isEqualTo("secret"); - assertThat(bundle.getKey().getPassword()).isEqualTo("password"); + assertThatIllegalStateException().isThrownBy(() -> WebServerSslBundle.get(ssl)) + .withMessageContaining("must be empty or null for PKCS11 hardware key stores"); } @Test