Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Sign in / Register
Toggle navigation
S
spring-boot
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
DEMO
spring-boot
Commits
06f37f42
Commit
06f37f42
authored
Nov 05, 2020
by
Andy Wilkinson
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch '2.3.x'
Closes gh-24053
parents
cb24df14
2ffb81f0
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
34 additions
and
3 deletions
+34
-3
SslConnectorCustomizer.java
...work/boot/web/embedded/tomcat/SslConnectorCustomizer.java
+7
-3
SslConnectorCustomizerTests.java
...boot/web/embedded/tomcat/SslConnectorCustomizerTests.java
+21
-0
AbstractReactiveWebServerFactoryTests.java
...eactive/server/AbstractReactiveWebServerFactoryTests.java
+6
-0
No files found.
spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizer.java
View file @
06f37f42
/*
/*
* Copyright 2012-20
19
the original author or authors.
* Copyright 2012-20
20
the original author or authors.
*
*
* Licensed under the Apache License, Version 2.0 (the "License");
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* you may not use this file except in compliance with the License.
...
@@ -69,8 +69,12 @@ class SslConnectorCustomizer implements TomcatConnectorCustomizer {
...
@@ -69,8 +69,12 @@ class SslConnectorCustomizer implements TomcatConnectorCustomizer {
protocol
.
setSSLEnabled
(
true
);
protocol
.
setSSLEnabled
(
true
);
protocol
.
setSslProtocol
(
ssl
.
getProtocol
());
protocol
.
setSslProtocol
(
ssl
.
getProtocol
());
configureSslClientAuth
(
protocol
,
ssl
);
configureSslClientAuth
(
protocol
,
ssl
);
protocol
.
setKeystorePass
(
ssl
.
getKeyStorePassword
());
if
(
ssl
.
getKeyStorePassword
()
!=
null
)
{
protocol
.
setKeyPass
(
ssl
.
getKeyPassword
());
protocol
.
setKeystorePass
(
ssl
.
getKeyStorePassword
());
}
if
(
ssl
.
getKeyPassword
()
!=
null
)
{
protocol
.
setKeyPass
(
ssl
.
getKeyPassword
());
}
protocol
.
setKeyAlias
(
ssl
.
getKeyAlias
());
protocol
.
setKeyAlias
(
ssl
.
getKeyAlias
());
String
ciphers
=
StringUtils
.
arrayToCommaDelimitedString
(
ssl
.
getCiphers
());
String
ciphers
=
StringUtils
.
arrayToCommaDelimitedString
(
ssl
.
getCiphers
());
if
(
StringUtils
.
hasText
(
ciphers
))
{
if
(
StringUtils
.
hasText
(
ciphers
))
{
...
...
spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizerTests.java
View file @
06f37f42
...
@@ -28,6 +28,7 @@ import org.apache.catalina.LifecycleState;
...
@@ -28,6 +28,7 @@ import org.apache.catalina.LifecycleState;
import
org.apache.catalina.connector.Connector
;
import
org.apache.catalina.connector.Connector
;
import
org.apache.catalina.startup.Tomcat
;
import
org.apache.catalina.startup.Tomcat
;
import
org.apache.catalina.webresources.TomcatURLStreamHandlerFactory
;
import
org.apache.catalina.webresources.TomcatURLStreamHandlerFactory
;
import
org.apache.coyote.http11.Http11NioProtocol
;
import
org.apache.tomcat.util.net.SSLHostConfig
;
import
org.apache.tomcat.util.net.SSLHostConfig
;
import
org.junit.jupiter.api.AfterEach
;
import
org.junit.jupiter.api.AfterEach
;
import
org.junit.jupiter.api.BeforeEach
;
import
org.junit.jupiter.api.BeforeEach
;
...
@@ -185,6 +186,26 @@ class SslConnectorCustomizerTests {
...
@@ -185,6 +186,26 @@ class SslConnectorCustomizerTests {
.
withMessageContaining
(
"Could not load key store 'null'"
);
.
withMessageContaining
(
"Could not load key store 'null'"
);
}
}
@Test
void
keyStorePasswordIsNotSetWhenNull
()
{
Http11NioProtocol
protocol
=
(
Http11NioProtocol
)
this
.
tomcat
.
getConnector
().
getProtocolHandler
();
protocol
.
setKeystorePass
(
"password"
);
Ssl
ssl
=
new
Ssl
();
ssl
.
setKeyStore
(
"src/test/resources/test.jks"
);
new
SslConnectorCustomizer
(
ssl
,
null
).
customize
(
this
.
tomcat
.
getConnector
());
assertThat
(
protocol
.
getKeystorePass
()).
isEqualTo
(
"password"
);
}
@Test
void
keyPasswordIsNotSetWhenNull
()
{
Http11NioProtocol
protocol
=
(
Http11NioProtocol
)
this
.
tomcat
.
getConnector
().
getProtocolHandler
();
protocol
.
setKeyPass
(
"password"
);
Ssl
ssl
=
new
Ssl
();
ssl
.
setKeyStore
(
"src/test/resources/test.jks"
);
new
SslConnectorCustomizer
(
ssl
,
null
).
customize
(
this
.
tomcat
.
getConnector
());
assertThat
(
protocol
.
getKeyPass
()).
isEqualTo
(
"password"
);
}
private
KeyStore
loadStore
()
throws
KeyStoreException
,
IOException
,
NoSuchAlgorithmException
,
CertificateException
{
private
KeyStore
loadStore
()
throws
KeyStoreException
,
IOException
,
NoSuchAlgorithmException
,
CertificateException
{
KeyStore
keyStore
=
KeyStore
.
getInstance
(
"JKS"
);
KeyStore
keyStore
=
KeyStore
.
getInstance
(
"JKS"
);
Resource
resource
=
new
ClassPathResource
(
"test.jks"
);
Resource
resource
=
new
ClassPathResource
(
"test.jks"
);
...
...
spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/reactive/server/AbstractReactiveWebServerFactoryTests.java
View file @
06f37f42
...
@@ -131,6 +131,7 @@ public abstract class AbstractReactiveWebServerFactoryTests {
...
@@ -131,6 +131,7 @@ public abstract class AbstractReactiveWebServerFactoryTests {
Ssl
ssl
=
new
Ssl
();
Ssl
ssl
=
new
Ssl
();
ssl
.
setKeyStore
(
keyStore
);
ssl
.
setKeyStore
(
keyStore
);
ssl
.
setKeyPassword
(
keyPassword
);
ssl
.
setKeyPassword
(
keyPassword
);
ssl
.
setKeyStorePassword
(
"secret"
);
factory
.
setSsl
(
ssl
);
factory
.
setSsl
(
ssl
);
this
.
webServer
=
factory
.
getWebServer
(
new
EchoHandler
());
this
.
webServer
=
factory
.
getWebServer
(
new
EchoHandler
());
this
.
webServer
.
start
();
this
.
webServer
.
start
();
...
@@ -149,6 +150,7 @@ public abstract class AbstractReactiveWebServerFactoryTests {
...
@@ -149,6 +150,7 @@ public abstract class AbstractReactiveWebServerFactoryTests {
AbstractReactiveWebServerFactory
factory
=
getFactory
();
AbstractReactiveWebServerFactory
factory
=
getFactory
();
Ssl
ssl
=
new
Ssl
();
Ssl
ssl
=
new
Ssl
();
ssl
.
setKeyStore
(
keyStore
);
ssl
.
setKeyStore
(
keyStore
);
ssl
.
setKeyStorePassword
(
"secret"
);
ssl
.
setKeyPassword
(
keyPassword
);
ssl
.
setKeyPassword
(
keyPassword
);
ssl
.
setKeyAlias
(
"test-alias"
);
ssl
.
setKeyAlias
(
"test-alias"
);
factory
.
setSsl
(
ssl
);
factory
.
setSsl
(
ssl
);
...
@@ -196,6 +198,7 @@ public abstract class AbstractReactiveWebServerFactoryTests {
...
@@ -196,6 +198,7 @@ public abstract class AbstractReactiveWebServerFactoryTests {
ssl
.
setClientAuth
(
Ssl
.
ClientAuth
.
WANT
);
ssl
.
setClientAuth
(
Ssl
.
ClientAuth
.
WANT
);
ssl
.
setKeyStore
(
"classpath:test.jks"
);
ssl
.
setKeyStore
(
"classpath:test.jks"
);
ssl
.
setKeyPassword
(
"password"
);
ssl
.
setKeyPassword
(
"password"
);
ssl
.
setKeyStorePassword
(
"secret"
);
ssl
.
setTrustStore
(
"classpath:test.jks"
);
ssl
.
setTrustStore
(
"classpath:test.jks"
);
testClientAuthSuccess
(
ssl
,
buildTrustAllSslWithClientKeyConnector
());
testClientAuthSuccess
(
ssl
,
buildTrustAllSslWithClientKeyConnector
());
}
}
...
@@ -207,6 +210,7 @@ public abstract class AbstractReactiveWebServerFactoryTests {
...
@@ -207,6 +210,7 @@ public abstract class AbstractReactiveWebServerFactoryTests {
ssl
.
setKeyStore
(
"classpath:test.jks"
);
ssl
.
setKeyStore
(
"classpath:test.jks"
);
ssl
.
setKeyPassword
(
"password"
);
ssl
.
setKeyPassword
(
"password"
);
ssl
.
setTrustStore
(
"classpath:test.jks"
);
ssl
.
setTrustStore
(
"classpath:test.jks"
);
ssl
.
setKeyStorePassword
(
"secret"
);
testClientAuthSuccess
(
ssl
,
buildTrustAllSslConnector
());
testClientAuthSuccess
(
ssl
,
buildTrustAllSslConnector
());
}
}
...
@@ -240,6 +244,7 @@ public abstract class AbstractReactiveWebServerFactoryTests {
...
@@ -240,6 +244,7 @@ public abstract class AbstractReactiveWebServerFactoryTests {
Ssl
ssl
=
new
Ssl
();
Ssl
ssl
=
new
Ssl
();
ssl
.
setClientAuth
(
Ssl
.
ClientAuth
.
NEED
);
ssl
.
setClientAuth
(
Ssl
.
ClientAuth
.
NEED
);
ssl
.
setKeyStore
(
"classpath:test.jks"
);
ssl
.
setKeyStore
(
"classpath:test.jks"
);
ssl
.
setKeyStorePassword
(
"secret"
);
ssl
.
setKeyPassword
(
"password"
);
ssl
.
setKeyPassword
(
"password"
);
ssl
.
setTrustStore
(
"classpath:test.jks"
);
ssl
.
setTrustStore
(
"classpath:test.jks"
);
testClientAuthSuccess
(
ssl
,
buildTrustAllSslWithClientKeyConnector
());
testClientAuthSuccess
(
ssl
,
buildTrustAllSslWithClientKeyConnector
());
...
@@ -250,6 +255,7 @@ public abstract class AbstractReactiveWebServerFactoryTests {
...
@@ -250,6 +255,7 @@ public abstract class AbstractReactiveWebServerFactoryTests {
Ssl
ssl
=
new
Ssl
();
Ssl
ssl
=
new
Ssl
();
ssl
.
setClientAuth
(
Ssl
.
ClientAuth
.
NEED
);
ssl
.
setClientAuth
(
Ssl
.
ClientAuth
.
NEED
);
ssl
.
setKeyStore
(
"classpath:test.jks"
);
ssl
.
setKeyStore
(
"classpath:test.jks"
);
ssl
.
setKeyStorePassword
(
"secret"
);
ssl
.
setKeyPassword
(
"password"
);
ssl
.
setKeyPassword
(
"password"
);
ssl
.
setTrustStore
(
"classpath:test.jks"
);
ssl
.
setTrustStore
(
"classpath:test.jks"
);
testClientAuthFailure
(
ssl
,
buildTrustAllSslConnector
());
testClientAuthFailure
(
ssl
,
buildTrustAllSslConnector
());
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
