Update X509 sample to Spring 6

This commit is contained in:
Marcus Da Coregio
2023-03-31 11:20:48 -03:00
parent f99e0e4ff0
commit f2835b0df0
4 changed files with 49 additions and 23 deletions

View File

@@ -1,11 +1,11 @@
plugins {
id "java"
// id "nebula.integtest" version "8.2.0"
id "org.gretty" version "3.0.6"
id "nebula.integtest" version "8.2.0"
id "org.gretty" version "4.0.1"
id "war"
}
//apply from: "gradle/gretty.gradle"
apply from: "gradle/gretty.gradle"
repositories {
mavenCentral()
@@ -14,14 +14,17 @@ repositories {
}
dependencies {
implementation platform("org.springframework:spring-framework-bom:5.3.0")
implementation platform("org.springframework.security:spring-security-bom:5.5.0-SNAPSHOT")
implementation platform("org.springframework:spring-framework-bom:6.0.7")
implementation platform("org.springframework.security:spring-security-bom:6.0.2")
implementation platform("org.junit:junit-bom:5.7.0")
implementation "org.springframework.security:spring-security-config"
implementation "org.springframework.security:spring-security-web"
implementation "org.springframework:spring-webmvc"
implementation "org.apache.httpcomponents:httpclient:4.5.13"
implementation "org.apache.httpcomponents.client5:httpclient5:5.2.1"
providedCompile "jakarta.servlet:jakarta.servlet-api:6.0.0"
providedCompile "org.glassfish.web:jakarta.servlet.jsp.jstl:2.0.0"
testImplementation "org.assertj:assertj-core:3.18.0"
testImplementation "org.springframework:spring-test"

View File

@@ -3,6 +3,9 @@ gretty {
contextPath = "/"
fileLogEnabled = false
integrationTestTask = 'integrationTest'
httpsEnabled = true
sslKeyStorePath = 'certs/server.p12'
sslKeyStorePassword = 'password'
}
Task prepareAppServerForIntegrationTests = project.tasks.create('prepareAppServerForIntegrationTests') {

View File

@@ -20,10 +20,17 @@ import java.security.KeyStore;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLHandshakeException;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContexts;
import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
import org.apache.hc.client5.http.impl.classic.HttpClients;
import org.apache.hc.client5.http.impl.io.BasicHttpClientConnectionManager;
import org.apache.hc.client5.http.socket.ConnectionSocketFactory;
import org.apache.hc.client5.http.socket.PlainConnectionSocketFactory;
import org.apache.hc.client5.http.ssl.HttpsSupport;
import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory;
import org.apache.hc.client5.http.ssl.TrustAllStrategy;
import org.apache.hc.core5.http.config.Registry;
import org.apache.hc.core5.http.config.RegistryBuilder;
import org.apache.hc.core5.ssl.SSLContexts;
import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.Test;
@@ -41,38 +48,51 @@ import static org.assertj.core.api.Assertions.assertThatCode;
*
* @author Michael Simons
*/
@Disabled
// @Disabled
public class X509Tests {
@Test
void notCertificateThenSslHandshakeException() {
RestTemplate rest = new RestTemplate();
assertThatCode(() -> rest.getForEntity("https://localhost:8443/", String.class))
assertThatCode(() -> rest.getForEntity(getServerUrl(), String.class))
.hasCauseInstanceOf(SSLHandshakeException.class);
}
@Test
@Disabled("Figure out how to make certs work")
void certificateThenStatusOk() throws Exception {
ClassPathResource serverKeystore = new ClassPathResource("/certs/server.p12");
ClassPathResource serverKeystore = new ClassPathResource("certs/server.p12");
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(serverKeystore.getInputStream(), "password".toCharArray());
// @formatter:off
SSLContext sslContext = SSLContexts.custom()
.loadKeyMaterial(keyStore, "password".toCharArray(), (aliases, socket) -> "client")
.loadTrustMaterial(keyStore, null)
.loadTrustMaterial(keyStore, new TrustAllStrategy())
.build();
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext,
new String[]{"TLSv1.2", "TLSv1.1"},
null,
SSLConnectionSocketFactory.getDefaultHostnameVerifier());
HttpsSupport.getDefaultHostnameVerifier());
final Registry<ConnectionSocketFactory> socketFactoryRegistry =
RegistryBuilder.<ConnectionSocketFactory> create()
.register("https", socketFactory)
.register("http", new PlainConnectionSocketFactory())
.build();
final BasicHttpClientConnectionManager connectionManager = new BasicHttpClientConnectionManager(socketFactoryRegistry);
// @formatter:on
CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory).build();
ClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
RestTemplate rest = new RestTemplate(requestFactory);
ResponseEntity<String> responseEntity = rest.getForEntity("https://localhost:8443/me", String.class);
assertThat(responseEntity).extracting((result) -> result.getStatusCode().is2xxSuccessful()).isEqualTo(true);
try (CloseableHttpClient httpClient = HttpClients.custom().setConnectionManager(connectionManager).build()) {
ClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
RestTemplate rest = new RestTemplate(requestFactory);
ResponseEntity<String> responseEntity = rest.getForEntity(getServerUrl() + "/me", String.class);
assertThat(responseEntity).extracting((result) -> result.getStatusCode().is2xxSuccessful()).isEqualTo(true);
}
}
private String getServerUrl() {
return "https://localhost:" + System.getProperty("app.httpsPort");
}
}

View File

@@ -16,7 +16,7 @@
package example;
import javax.servlet.Filter;
import jakarta.servlet.Filter;
import org.springframework.web.filter.HiddenHttpMethodFilter;
import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;