Merge branch '2.1.x'

Closes gh-18083

Merge branch '2.1.x'
Closes gh-18083
6017f2f5 · Andy Wilkinson · ad9e8219 · ee89e0ef · 6017f2f5 · 6017f2f5
Commit 6017f2f5 authored Sep 01, 2019 by Andy Wilkinson
5 changed files
--- a/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/jetty/SslServerCustomizer.java
+++ b/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/jetty/SslServerCustomizer.java
@@ -69,6 +69,7 @@ class SslServerCustomizer implements JettyServerCustomizer {
 	@Override
 	public void customize(Server server) {
 		SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
+		sslContextFactory.setEndpointIdentificationAlgorithm(null);
 		configureSsl(sslContextFactory, this.ssl, this.sslStoreProvider);
 		ServerConnector connector = createConnector(server, sslContextFactory, this.address);
 		server.setConnectors(new Connector[] { connector });

--- a/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/reactive/server/AbstractReactiveWebServerFactoryTests.java
+++ b/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/reactive/server/AbstractReactiveWebServerFactoryTests.java
@@ -21,15 +21,11 @@ import java.io.FileInputStream;
 import java.net.InetSocketAddress;
 import java.nio.charset.StandardCharsets;
 import java.security.KeyStore;
-import java.security.PrivateKey;
-import java.security.cert.X509Certificate;
 import java.time.Duration;
 import java.util.Arrays;
-import javax.net.ssl.KeyManager;
 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLException;
-import javax.net.ssl.X509KeyManager;
 import io.netty.channel.ChannelHandlerContext;
 import io.netty.channel.ChannelInboundHandlerAdapter;
@@ -165,22 +161,11 @@ public abstract class AbstractReactiveWebServerFactoryTests {
 		KeyManagerFactory clientKeyManagerFactory = KeyManagerFactory
 				.getInstance(KeyManagerFactory.getDefaultAlgorithm());
 		clientKeyManagerFactory.init(clientKeyStore, "password".toCharArray());
-		for (KeyManager keyManager : clientKeyManagerFactory.getKeyManagers()) {
+		SslContextBuilder builder = SslContextBuilder.forClient().sslProvider(SslProvider.JDK)
-			if (keyManager instanceof X509KeyManager) {
+				.trustManager(InsecureTrustManagerFactory.INSTANCE).keyManager(clientKeyManagerFactory);
-				X509KeyManager x509KeyManager = (X509KeyManager) keyManager;
+		HttpClient client = HttpClient.create().wiretap(true)
-				PrivateKey privateKey = x509KeyManager.getPrivateKey("spring-boot");
+				.secure((sslContextSpec) -> sslContextSpec.sslContext(builder));
-				if (privateKey != null) {
+		return new ReactorClientHttpConnector(client);
-					X509Certificate[] certificateChain = x509KeyManager.getCertificateChain("spring-boot");
-					SslContextBuilder builder = SslContextBuilder.forClient().sslProvider(SslProvider.JDK)
-							.trustManager(InsecureTrustManagerFactory.INSTANCE)
-							.keyManager(privateKey, certificateChain);
-					HttpClient client = HttpClient.create().wiretap(true)
-							.secure((sslContextSpec) -> sslContextSpec.sslContext(builder));
-					return new ReactorClientHttpConnector(client);
-				}
-			}
-		}
-		throw new IllegalStateException("Key with alias 'spring-boot' not found");
 	}
 	protected void testClientAuthSuccess(Ssl sslConfiguration, ReactorClientHttpConnector clientConnector) {

--- a/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/servlet/server/AbstractServletWebServerFactoryTests.java
+++ b/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/servlet/server/AbstractServletWebServerFactoryTests.java
@@ -397,7 +397,7 @@ public abstract class AbstractServletWebServerFactoryTests {
 				new ExampleServlet(true, false), "/hello");
 		this.webServer = factory.getWebServer(registration);
 		this.webServer.start();
-		TrustStrategy trustStrategy = new SerialNumberValidatingTrustSelfSignedStrategy("5c7ae101");
+		TrustStrategy trustStrategy = new SerialNumberValidatingTrustSelfSignedStrategy("3a3aaec8");
 		SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, trustStrategy).build();
 		HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(new SSLConnectionSocketFactory(sslContext))
 				.build();
@@ -459,7 +459,7 @@ public abstract class AbstractServletWebServerFactoryTests {
 		keyStore.load(new FileInputStream(new File("src/test/resources/test.p12")), "secret".toCharArray());
 		SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
 				new SSLContextBuilder().loadTrustMaterial(null, new TrustSelfSignedStrategy())
-						.loadKeyMaterial(keyStore, "secret".toCharArray(), (aliases, socket) -> "spring-boot").build());
+						.loadKeyMaterial(keyStore, "secret".toCharArray()).build());
 		HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory).build();
 		HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
 		assertThat(getResponse(getLocalUrl("https", "/test.txt"), requestFactory)).isEqualTo("test");
@@ -474,9 +474,9 @@ public abstract class AbstractServletWebServerFactoryTests {
 		this.webServer.start();
 		KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
 		keyStore.load(new FileInputStream(new File("src/test/resources/test.jks")), "secret".toCharArray());
-		SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(new SSLContextBuilder()
+		SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
-				.loadTrustMaterial(null, new TrustSelfSignedStrategy())
+				new SSLContextBuilder().loadTrustMaterial(null, new TrustSelfSignedStrategy())
-				.loadKeyMaterial(keyStore, "password".toCharArray(), (aliases, socket) -> "spring-boot").build());
+						.loadKeyMaterial(keyStore, "password".toCharArray()).build());
 		HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory).build();
 		HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
 		assertThat(getResponse(getLocalUrl("https", "/test.txt"), requestFactory)).isEqualTo("test");
@@ -545,9 +545,9 @@ public abstract class AbstractServletWebServerFactoryTests {
 		this.webServer.start();
 		KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
 		keyStore.load(new FileInputStream(new File("src/test/resources/test.jks")), "secret".toCharArray());
-		SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(new SSLContextBuilder()
+		SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
-				.loadTrustMaterial(null, new TrustSelfSignedStrategy())
+				new SSLContextBuilder().loadTrustMaterial(null, new TrustSelfSignedStrategy())
-				.loadKeyMaterial(keyStore, "password".toCharArray(), (aliases, socket) -> "spring-boot").build());
+						.loadKeyMaterial(keyStore, "password".toCharArray()).build());
 		HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory).build();
 		HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
 		assertThat(getResponse(getLocalUrl("https", "/test.txt"), requestFactory)).isEqualTo("test");

--- a/spring-boot-project/spring-boot/src/test/resources/test.jks
+++ b/spring-boot-project/spring-boot/src/test/resources/test.jks
--- a/spring-boot-project/spring-boot/src/test/resources/test.p12
+++ b/spring-boot-project/spring-boot/src/test/resources/test.p12