root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions 12 Packages Projects Releases Wiki Activity

Merge branch '2.2.x' into 2.3.x 

Closes gh-24052
This commit is contained in:
Andy Wilkinson 2020-11-05 11:35:37 +00:00
parent e447be6df7 2425dcd200
commit 2ffb81f0d9
3 changed files with 34 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizer.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2012-2019 the original author or authors. * Copyright 2012-2020 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -69,8 +69,12 @@ class SslConnectorCustomizer implements TomcatConnectorCustomizer {
protocol.setSSLEnabled(true); protocol.setSSLEnabled(true);
protocol.setSslProtocol(ssl.getProtocol()); protocol.setSslProtocol(ssl.getProtocol());
configureSslClientAuth(protocol, ssl); configureSslClientAuth(protocol, ssl);
protocol.setKeystorePass(ssl.getKeyStorePassword()); if (ssl.getKeyStorePassword() != null) {
protocol.setKeyPass(ssl.getKeyPassword()); protocol.setKeystorePass(ssl.getKeyStorePassword());
}
if (ssl.getKeyPassword() != null) {
protocol.setKeyPass(ssl.getKeyPassword());
}
protocol.setKeyAlias(ssl.getKeyAlias()); protocol.setKeyAlias(ssl.getKeyAlias());
String ciphers = StringUtils.arrayToCommaDelimitedString(ssl.getCiphers()); String ciphers = StringUtils.arrayToCommaDelimitedString(ssl.getCiphers());
if (StringUtils.hasText(ciphers)) { if (StringUtils.hasText(ciphers)) {

21
spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizerTests.java
View File

@ -28,6 +28,7 @@ import org.apache.catalina.LifecycleState;
import org.apache.catalina.connector.Connector; import org.apache.catalina.connector.Connector;
import org.apache.catalina.startup.Tomcat; import org.apache.catalina.startup.Tomcat;
import org.apache.catalina.webresources.TomcatURLStreamHandlerFactory; import org.apache.catalina.webresources.TomcatURLStreamHandlerFactory;
import org.apache.coyote.http11.Http11NioProtocol;
import org.apache.tomcat.util.net.SSLHostConfig; import org.apache.tomcat.util.net.SSLHostConfig;
import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.BeforeEach;
@ -185,6 +186,26 @@ class SslConnectorCustomizerTests {
.withMessageContaining("Could not load key store 'null'"); .withMessageContaining("Could not load key store 'null'");
} }
@Test
void keyStorePasswordIsNotSetWhenNull() {
Http11NioProtocol protocol = (Http11NioProtocol) this.tomcat.getConnector().getProtocolHandler();
protocol.setKeystorePass("password");
Ssl ssl = new Ssl();
ssl.setKeyStore("src/test/resources/test.jks");
new SslConnectorCustomizer(ssl, null).customize(this.tomcat.getConnector());
assertThat(protocol.getKeystorePass()).isEqualTo("password");
}
@Test
void keyPasswordIsNotSetWhenNull() {
Http11NioProtocol protocol = (Http11NioProtocol) this.tomcat.getConnector().getProtocolHandler();
protocol.setKeyPass("password");
Ssl ssl = new Ssl();
ssl.setKeyStore("src/test/resources/test.jks");
new SslConnectorCustomizer(ssl, null).customize(this.tomcat.getConnector());
assertThat(protocol.getKeyPass()).isEqualTo("password");
}
private KeyStore loadStore() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException { private KeyStore loadStore() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
KeyStore keyStore = KeyStore.getInstance("JKS"); KeyStore keyStore = KeyStore.getInstance("JKS");
Resource resource = new ClassPathResource("test.jks"); Resource resource = new ClassPathResource("test.jks");

6
spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/reactive/server/AbstractReactiveWebServerFactoryTests.java
View File

@ -131,6 +131,7 @@ public abstract class AbstractReactiveWebServerFactoryTests {
Ssl ssl = new Ssl(); Ssl ssl = new Ssl();
ssl.setKeyStore(keyStore); ssl.setKeyStore(keyStore);
ssl.setKeyPassword(keyPassword); ssl.setKeyPassword(keyPassword);
ssl.setKeyStorePassword("secret");
factory.setSsl(ssl); factory.setSsl(ssl);
this.webServer = factory.getWebServer(new EchoHandler()); this.webServer = factory.getWebServer(new EchoHandler());
this.webServer.start(); this.webServer.start();
@ -150,6 +151,7 @@ public abstract class AbstractReactiveWebServerFactoryTests {
AbstractReactiveWebServerFactory factory = getFactory(); AbstractReactiveWebServerFactory factory = getFactory();
Ssl ssl = new Ssl(); Ssl ssl = new Ssl();
ssl.setKeyStore(keyStore); ssl.setKeyStore(keyStore);
ssl.setKeyStorePassword("secret");
ssl.setKeyPassword(keyPassword); ssl.setKeyPassword(keyPassword);
ssl.setKeyAlias("test-alias"); ssl.setKeyAlias("test-alias");
factory.setSsl(ssl); factory.setSsl(ssl);
@ -198,6 +200,7 @@ public abstract class AbstractReactiveWebServerFactoryTests {
ssl.setClientAuth(Ssl.ClientAuth.WANT); ssl.setClientAuth(Ssl.ClientAuth.WANT);
ssl.setKeyStore("classpath:test.jks"); ssl.setKeyStore("classpath:test.jks");
ssl.setKeyPassword("password"); ssl.setKeyPassword("password");
ssl.setKeyStorePassword("secret");
ssl.setTrustStore("classpath:test.jks"); ssl.setTrustStore("classpath:test.jks");
testClientAuthSuccess(ssl, buildTrustAllSslWithClientKeyConnector()); testClientAuthSuccess(ssl, buildTrustAllSslWithClientKeyConnector());
} }
@ -209,6 +212,7 @@ public abstract class AbstractReactiveWebServerFactoryTests {
ssl.setKeyStore("classpath:test.jks"); ssl.setKeyStore("classpath:test.jks");
ssl.setKeyPassword("password"); ssl.setKeyPassword("password");
ssl.setTrustStore("classpath:test.jks"); ssl.setTrustStore("classpath:test.jks");
ssl.setKeyStorePassword("secret");
testClientAuthSuccess(ssl, buildTrustAllSslConnector()); testClientAuthSuccess(ssl, buildTrustAllSslConnector());
} }
@ -243,6 +247,7 @@ public abstract class AbstractReactiveWebServerFactoryTests {
Ssl ssl = new Ssl(); Ssl ssl = new Ssl();
ssl.setClientAuth(Ssl.ClientAuth.NEED); ssl.setClientAuth(Ssl.ClientAuth.NEED);
ssl.setKeyStore("classpath:test.jks"); ssl.setKeyStore("classpath:test.jks");
ssl.setKeyStorePassword("secret");
ssl.setKeyPassword("password"); ssl.setKeyPassword("password");
ssl.setTrustStore("classpath:test.jks"); ssl.setTrustStore("classpath:test.jks");
testClientAuthSuccess(ssl, buildTrustAllSslWithClientKeyConnector()); testClientAuthSuccess(ssl, buildTrustAllSslWithClientKeyConnector());
@ -253,6 +258,7 @@ public abstract class AbstractReactiveWebServerFactoryTests {
Ssl ssl = new Ssl(); Ssl ssl = new Ssl();
ssl.setClientAuth(Ssl.ClientAuth.NEED); ssl.setClientAuth(Ssl.ClientAuth.NEED);
ssl.setKeyStore("classpath:test.jks"); ssl.setKeyStore("classpath:test.jks");
ssl.setKeyStorePassword("secret");
ssl.setKeyPassword("password"); ssl.setKeyPassword("password");
ssl.setTrustStore("classpath:test.jks"); ssl.setTrustStore("classpath:test.jks");
testClientAuthFailure(ssl, buildTrustAllSslConnector()); testClientAuthFailure(ssl, buildTrustAllSslConnector());