Polish
This commit is contained in:
parent
1939d23de3
commit
bc6fc33498
|
@ -44,6 +44,7 @@ import org.springframework.util.Assert;
|
||||||
import org.springframework.util.ClassUtils;
|
import org.springframework.util.ClassUtils;
|
||||||
import org.springframework.util.ObjectUtils;
|
import org.springframework.util.ObjectUtils;
|
||||||
import org.springframework.util.ResourceUtils;
|
import org.springframework.util.ResourceUtils;
|
||||||
|
import org.springframework.util.StringUtils;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* {@link JettyServerCustomizer} that configures SSL on the given Jetty server instance.
|
* {@link JettyServerCustomizer} that configures SSL on the given Jetty server instance.
|
||||||
|
@ -224,10 +225,8 @@ class SslServerCustomizer implements JettyServerCustomizer {
|
||||||
String keystoreType = (ssl.getKeyStoreType() != null) ? ssl.getKeyStoreType() : "JKS";
|
String keystoreType = (ssl.getKeyStoreType() != null) ? ssl.getKeyStoreType() : "JKS";
|
||||||
String keystoreLocation = ssl.getKeyStore();
|
String keystoreLocation = ssl.getKeyStore();
|
||||||
if (keystoreType.equalsIgnoreCase("PKCS11")) {
|
if (keystoreType.equalsIgnoreCase("PKCS11")) {
|
||||||
if (keystoreLocation != null && !keystoreLocation.isEmpty()) {
|
Assert.state(!StringUtils.hasText(keystoreLocation),
|
||||||
throw new IllegalArgumentException("Input keystore location is not valid for keystore type 'PKCS11': '"
|
() -> "Keystore location '" + keystoreLocation + "' must be empty or null for PKCS11 key stores");
|
||||||
+ keystoreLocation + "'. Must be undefined / null.");
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
try {
|
try {
|
||||||
|
@ -240,7 +239,7 @@ class SslServerCustomizer implements JettyServerCustomizer {
|
||||||
}
|
}
|
||||||
factory.setKeyStoreType(keystoreType);
|
factory.setKeyStoreType(keystoreType);
|
||||||
if (ssl.getKeyStoreProvider() != null) {
|
if (ssl.getKeyStoreProvider() != null) {
|
||||||
factory.setKeyStoreProvider(ssl.getKeyStoreProvider());
|
factory.setKeyStoreProvider(this.ssl.getKeyStoreProvider());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -48,7 +48,9 @@ import org.springframework.boot.web.server.Ssl;
|
||||||
import org.springframework.boot.web.server.SslConfigurationValidator;
|
import org.springframework.boot.web.server.SslConfigurationValidator;
|
||||||
import org.springframework.boot.web.server.SslStoreProvider;
|
import org.springframework.boot.web.server.SslStoreProvider;
|
||||||
import org.springframework.boot.web.server.WebServerException;
|
import org.springframework.boot.web.server.WebServerException;
|
||||||
|
import org.springframework.util.Assert;
|
||||||
import org.springframework.util.ResourceUtils;
|
import org.springframework.util.ResourceUtils;
|
||||||
|
import org.springframework.util.StringUtils;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* {@link NettyServerCustomizer} that configures SSL for the given Reactor Netty server
|
* {@link NettyServerCustomizer} that configures SSL for the given Reactor Netty server
|
||||||
|
@ -169,25 +171,26 @@ public class SslServerCustomizer implements NettyServerCustomizer {
|
||||||
return loadStore(type, provider, resource, password);
|
return loadStore(type, provider, resource, password);
|
||||||
}
|
}
|
||||||
|
|
||||||
private KeyStore loadStore(String type, String provider, String resource, String password) throws Exception {
|
private KeyStore loadStore(String keystoreType, String provider, String keystoreLocation, String password)
|
||||||
type = (type != null) ? type : "JKS";
|
throws Exception {
|
||||||
KeyStore store = (provider != null) ? KeyStore.getInstance(type, provider) : KeyStore.getInstance(type);
|
keystoreType = (keystoreType != null) ? keystoreType : "JKS";
|
||||||
if (type.equalsIgnoreCase("PKCS11")) {
|
char[] passwordChars = (password != null) ? password.toCharArray() : null;
|
||||||
if (resource != null && !resource.isEmpty()) {
|
KeyStore store = (provider != null) ? KeyStore.getInstance(keystoreType, provider)
|
||||||
throw new IllegalArgumentException("Input keystore location is not valid for keystore type 'PKCS11': '"
|
: KeyStore.getInstance(keystoreType);
|
||||||
+ resource + "'. Must be undefined / null.");
|
if (keystoreType.equalsIgnoreCase("PKCS11")) {
|
||||||
}
|
Assert.state(!StringUtils.hasText(keystoreLocation),
|
||||||
store.load(null, (password != null) ? password.toCharArray() : null);
|
() -> "Keystore location '" + keystoreLocation + "' must be empty or null for PKCS11 key stores");
|
||||||
|
store.load(null, passwordChars);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
try {
|
try {
|
||||||
URL url = ResourceUtils.getURL(resource);
|
URL url = ResourceUtils.getURL(keystoreLocation);
|
||||||
try (InputStream stream = url.openStream()) {
|
try (InputStream stream = url.openStream()) {
|
||||||
store.load(stream, (password != null) ? password.toCharArray() : null);
|
store.load(stream, passwordChars);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
catch (Exception ex) {
|
catch (Exception ex) {
|
||||||
throw new WebServerException("Could not load key store '" + resource + "'", ex);
|
throw new WebServerException("Could not load key store '" + keystoreLocation + "'", ex);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return store;
|
return store;
|
||||||
|
|
|
@ -143,10 +143,8 @@ class SslConnectorCustomizer implements TomcatConnectorCustomizer {
|
||||||
String keystoreType = (ssl.getKeyStoreType() != null) ? ssl.getKeyStoreType() : "JKS";
|
String keystoreType = (ssl.getKeyStoreType() != null) ? ssl.getKeyStoreType() : "JKS";
|
||||||
String keystoreLocation = ssl.getKeyStore();
|
String keystoreLocation = ssl.getKeyStore();
|
||||||
if (keystoreType.equalsIgnoreCase("PKCS11")) {
|
if (keystoreType.equalsIgnoreCase("PKCS11")) {
|
||||||
if (keystoreLocation != null && !keystoreLocation.isEmpty()) {
|
Assert.state(!StringUtils.hasText(keystoreLocation),
|
||||||
throw new IllegalArgumentException("Input keystore location is not valid for keystore type 'PKCS11': '"
|
() -> "Keystore location '" + keystoreLocation + "' must be empty or null for PKCS11 key stores");
|
||||||
+ keystoreLocation + "'. Must be undefined / null.");
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
try {
|
try {
|
||||||
|
|
|
@ -17,8 +17,6 @@
|
||||||
package org.springframework.boot.web.embedded.jetty;
|
package org.springframework.boot.web.embedded.jetty;
|
||||||
|
|
||||||
import java.net.InetSocketAddress;
|
import java.net.InetSocketAddress;
|
||||||
import java.security.Provider;
|
|
||||||
import java.security.Security;
|
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
|
@ -29,20 +27,19 @@ import org.eclipse.jetty.server.HttpConnectionFactory;
|
||||||
import org.eclipse.jetty.server.Server;
|
import org.eclipse.jetty.server.Server;
|
||||||
import org.eclipse.jetty.server.SslConnectionFactory;
|
import org.eclipse.jetty.server.SslConnectionFactory;
|
||||||
import org.eclipse.jetty.util.ssl.SslContextFactory;
|
import org.eclipse.jetty.util.ssl.SslContextFactory;
|
||||||
import org.junit.jupiter.api.AfterAll;
|
|
||||||
import org.junit.jupiter.api.BeforeAll;
|
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
import org.junit.jupiter.api.condition.OS;
|
import org.junit.jupiter.api.condition.OS;
|
||||||
|
|
||||||
import org.springframework.boot.testsupport.junit.DisabledOnOs;
|
import org.springframework.boot.testsupport.junit.DisabledOnOs;
|
||||||
import org.springframework.boot.web.embedded.netty.MockPkcs11SecurityProvider;
|
import org.springframework.boot.web.embedded.test.MockPkcs11Security;
|
||||||
|
import org.springframework.boot.web.embedded.test.MockPkcs11SecurityProvider;
|
||||||
import org.springframework.boot.web.server.Http2;
|
import org.springframework.boot.web.server.Http2;
|
||||||
import org.springframework.boot.web.server.Ssl;
|
import org.springframework.boot.web.server.Ssl;
|
||||||
import org.springframework.boot.web.server.WebServerException;
|
import org.springframework.boot.web.server.WebServerException;
|
||||||
|
|
||||||
import static org.assertj.core.api.Assertions.assertThat;
|
import static org.assertj.core.api.Assertions.assertThat;
|
||||||
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
|
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
|
||||||
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
|
import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
|
||||||
import static org.assertj.core.api.Assertions.assertThatNoException;
|
import static org.assertj.core.api.Assertions.assertThatNoException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -51,25 +48,9 @@ import static org.assertj.core.api.Assertions.assertThatNoException;
|
||||||
* @author Andy Wilkinson
|
* @author Andy Wilkinson
|
||||||
* @author Cyril Dangerville
|
* @author Cyril Dangerville
|
||||||
*/
|
*/
|
||||||
|
@MockPkcs11Security
|
||||||
class SslServerCustomizerTests {
|
class SslServerCustomizerTests {
|
||||||
|
|
||||||
private static final Provider PKCS11_PROVIDER = new MockPkcs11SecurityProvider();
|
|
||||||
|
|
||||||
@BeforeAll
|
|
||||||
static void beforeAllTests() {
|
|
||||||
/*
|
|
||||||
* Add the mock Java security provider for PKCS#11-related unit tests.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
Security.addProvider(PKCS11_PROVIDER);
|
|
||||||
}
|
|
||||||
|
|
||||||
@AfterAll
|
|
||||||
static void afterAllTests() {
|
|
||||||
// Remove the provider previously added in setup()
|
|
||||||
Security.removeProvider(PKCS11_PROVIDER.getName());
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@SuppressWarnings("rawtypes")
|
@SuppressWarnings("rawtypes")
|
||||||
void whenHttp2IsNotEnabledServerConnectorHasSslAndHttpConnectionFactories() {
|
void whenHttp2IsNotEnabledServerConnectorHasSslAndHttpConnectionFactories() {
|
||||||
|
@ -107,11 +88,8 @@ class SslServerCustomizerTests {
|
||||||
assertThat(((ALPNServerConnectionFactory) factories.get(1)).getDefaultProtocol()).isNull();
|
assertThat(((ALPNServerConnectionFactory) factories.get(1)).getDefaultProtocol()).isNull();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Null/undefined keystore is invalid unless keystore type is PKCS11.
|
|
||||||
*/
|
|
||||||
@Test
|
@Test
|
||||||
void configureSslWhenSslIsEnabledWithNoKeyStoreAndNotPkcs11ThrowsWebServerException() {
|
void configureSslWhenSslIsEnabledWithNoKeyStoreAndNotPkcs11ThrowsException() {
|
||||||
Ssl ssl = new Ssl();
|
Ssl ssl = new Ssl();
|
||||||
SslServerCustomizer customizer = new SslServerCustomizer(null, ssl, null, null);
|
SslServerCustomizer customizer = new SslServerCustomizer(null, ssl, null, null);
|
||||||
assertThatExceptionOfType(Exception.class)
|
assertThatExceptionOfType(Exception.class)
|
||||||
|
@ -122,30 +100,26 @@ class SslServerCustomizerTests {
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* No keystore path should be defined if keystore type is PKCS#11.
|
|
||||||
*/
|
|
||||||
@Test
|
@Test
|
||||||
void configureSslWhenSslIsEnabledWithPkcs11AndKeyStoreThrowsIllegalArgumentException() {
|
void configureSslWhenSslIsEnabledWithPkcs11AndKeyStoreThrowsException() {
|
||||||
Ssl ssl = new Ssl();
|
Ssl ssl = new Ssl();
|
||||||
ssl.setKeyStoreType("PKCS11");
|
ssl.setKeyStoreType("PKCS11");
|
||||||
ssl.setKeyStoreProvider(PKCS11_PROVIDER.getName());
|
ssl.setKeyStoreProvider(MockPkcs11SecurityProvider.NAME);
|
||||||
ssl.setKeyStore("src/test/resources/test.jks");
|
ssl.setKeyStore("src/test/resources/test.jks");
|
||||||
ssl.setKeyPassword("password");
|
ssl.setKeyPassword("password");
|
||||||
SslServerCustomizer customizer = new SslServerCustomizer(null, ssl, null, null);
|
SslServerCustomizer customizer = new SslServerCustomizer(null, ssl, null, null);
|
||||||
assertThatIllegalArgumentException()
|
assertThatIllegalStateException()
|
||||||
.isThrownBy(() -> customizer.configureSsl(new SslContextFactory.Server(), ssl, null))
|
.isThrownBy(() -> customizer.configureSsl(new SslContextFactory.Server(), ssl, null))
|
||||||
.withMessageContaining("Input keystore location is not valid for keystore type 'PKCS11'");
|
.withMessageContaining("must be empty or null for PKCS11 key stores");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
void customizeWhenSslIsEnabledWithPkcs11AndKeyStoreProvider() {
|
void customizeWhenSslIsEnabledWithPkcs11AndKeyStoreProvider() {
|
||||||
Ssl ssl = new Ssl();
|
Ssl ssl = new Ssl();
|
||||||
ssl.setKeyStoreType("PKCS11");
|
ssl.setKeyStoreType("PKCS11");
|
||||||
ssl.setKeyStoreProvider(PKCS11_PROVIDER.getName());
|
ssl.setKeyStoreProvider(MockPkcs11SecurityProvider.NAME);
|
||||||
ssl.setKeyStorePassword("1234");
|
ssl.setKeyStorePassword("1234");
|
||||||
SslServerCustomizer customizer = new SslServerCustomizer(null, ssl, null, null);
|
SslServerCustomizer customizer = new SslServerCustomizer(null, ssl, null, null);
|
||||||
// Loading the KeyManagerFactory should be successful
|
|
||||||
assertThatNoException().isThrownBy(() -> customizer.configureSsl(new SslContextFactory.Server(), ssl, null));
|
assertThatNoException().isThrownBy(() -> customizer.configureSsl(new SslContextFactory.Server(), ssl, null));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,48 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright 2012-2022 the original author or authors.
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* https://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package org.springframework.boot.web.embedded.netty;
|
|
||||||
|
|
||||||
import java.security.KeyStoreSpi;
|
|
||||||
import java.security.Provider;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Mock PKCS#11 Security Provider for testing purposes only (e.g. SslServerCustomizerTests
|
|
||||||
* class)
|
|
||||||
*
|
|
||||||
* @author Cyril Dangerville
|
|
||||||
*/
|
|
||||||
public class MockPkcs11SecurityProvider extends Provider {
|
|
||||||
|
|
||||||
private static final String DEFAULT_PROVIDER_NAME = "Mock-PKCS11";
|
|
||||||
|
|
||||||
private static final double VERSION = 0.1;
|
|
||||||
|
|
||||||
private static final String DESCRIPTION = "Mock PKCS11 Provider";
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Create Security Provider named {@value #DEFAULT_PROVIDER_NAME}, version
|
|
||||||
* {@value #VERSION} and providing PKCS11 KeyStores with {@link MockKeyStoreSpi} as
|
|
||||||
* {@link KeyStoreSpi} implementation.
|
|
||||||
*/
|
|
||||||
public MockPkcs11SecurityProvider() {
|
|
||||||
super(DEFAULT_PROVIDER_NAME, VERSION, DESCRIPTION);
|
|
||||||
|
|
||||||
putService(new Service(this, "KeyStore", "PKCS11",
|
|
||||||
"org.springframework.boot.web.embedded.netty.MockKeyStoreSpi", null, null));
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
|
@ -17,13 +17,11 @@
|
||||||
package org.springframework.boot.web.embedded.netty;
|
package org.springframework.boot.web.embedded.netty;
|
||||||
|
|
||||||
import java.security.NoSuchProviderException;
|
import java.security.NoSuchProviderException;
|
||||||
import java.security.Provider;
|
|
||||||
import java.security.Security;
|
|
||||||
|
|
||||||
import org.junit.jupiter.api.AfterAll;
|
|
||||||
import org.junit.jupiter.api.BeforeAll;
|
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
|
|
||||||
|
import org.springframework.boot.web.embedded.test.MockPkcs11Security;
|
||||||
|
import org.springframework.boot.web.embedded.test.MockPkcs11SecurityProvider;
|
||||||
import org.springframework.boot.web.server.Ssl;
|
import org.springframework.boot.web.server.Ssl;
|
||||||
import org.springframework.boot.web.server.WebServerException;
|
import org.springframework.boot.web.server.WebServerException;
|
||||||
|
|
||||||
|
@ -38,29 +36,9 @@ import static org.assertj.core.api.Assertions.assertThatNoException;
|
||||||
* @author Cyril Dangerville
|
* @author Cyril Dangerville
|
||||||
*/
|
*/
|
||||||
@SuppressWarnings("deprecation")
|
@SuppressWarnings("deprecation")
|
||||||
|
@MockPkcs11Security
|
||||||
class SslServerCustomizerTests {
|
class SslServerCustomizerTests {
|
||||||
|
|
||||||
private static final Provider PKCS11_PROVIDER = new MockPkcs11SecurityProvider();
|
|
||||||
|
|
||||||
@BeforeAll
|
|
||||||
static void setup() {
|
|
||||||
/*
|
|
||||||
* Add the mock Java security provider for PKCS#11-related unit tests.
|
|
||||||
*
|
|
||||||
* For an integration test with an actual PKCS#11 library - SoftHSM - properly
|
|
||||||
* installed and configured on the system (inside a container), used via Java
|
|
||||||
* built-in SunPKCS11 provider, see the 'spring-boot-smoke-test-webflux-ssl'
|
|
||||||
* project in 'spring-boot-tests/spring-boot-smoke-tests' folder.
|
|
||||||
*/
|
|
||||||
Security.addProvider(PKCS11_PROVIDER);
|
|
||||||
}
|
|
||||||
|
|
||||||
@AfterAll
|
|
||||||
static void shutdown() {
|
|
||||||
// Remove the provider previously added in setup()
|
|
||||||
Security.removeProvider(PKCS11_PROVIDER.getName());
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
void keyStoreProviderIsUsedWhenCreatingKeyStore() {
|
void keyStoreProviderIsUsedWhenCreatingKeyStore() {
|
||||||
Ssl ssl = new Ssl();
|
Ssl ssl = new Ssl();
|
||||||
|
@ -85,41 +63,34 @@ class SslServerCustomizerTests {
|
||||||
.withMessageContaining("com.example.TrustStoreProvider");
|
.withMessageContaining("com.example.TrustStoreProvider");
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Null/undefined keystore is not valid unless keystore type is PKCS11.
|
|
||||||
*/
|
|
||||||
@Test
|
@Test
|
||||||
void getKeyManagerFactoryWhenSslIsEnabledWithNoKeyStoreAndNotPkcs11ThrowsWebServerException() {
|
void getKeyManagerFactoryWhenSslIsEnabledWithNoKeyStoreAndNotPkcs11ThrowsException() {
|
||||||
Ssl ssl = new Ssl();
|
Ssl ssl = new Ssl();
|
||||||
SslServerCustomizer customizer = new SslServerCustomizer(ssl, null, null);
|
SslServerCustomizer customizer = new SslServerCustomizer(ssl, null, null);
|
||||||
assertThatIllegalStateException().isThrownBy(() -> customizer.getKeyManagerFactory(ssl, null))
|
assertThatIllegalStateException().isThrownBy(() -> customizer.getKeyManagerFactory(ssl, null))
|
||||||
.withCauseInstanceOf(WebServerException.class).withMessageContaining("Could not load key store 'null'");
|
.withCauseInstanceOf(WebServerException.class).withMessageContaining("Could not load key store 'null'");
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* No keystore path should be defined if keystore type is PKCS#11.
|
|
||||||
*/
|
|
||||||
@Test
|
@Test
|
||||||
void getKeyManagerFactoryWhenSslIsEnabledWithPkcs11AndKeyStoreThrowsIllegalArgumentException() {
|
void getKeyManagerFactoryWhenSslIsEnabledWithPkcs11AndKeyStoreThrowsException() {
|
||||||
Ssl ssl = new Ssl();
|
Ssl ssl = new Ssl();
|
||||||
ssl.setKeyStoreType("PKCS11");
|
ssl.setKeyStoreType("PKCS11");
|
||||||
ssl.setKeyStoreProvider(PKCS11_PROVIDER.getName());
|
ssl.setKeyStoreProvider(MockPkcs11SecurityProvider.NAME);
|
||||||
ssl.setKeyStore("src/test/resources/test.jks");
|
ssl.setKeyStore("src/test/resources/test.jks");
|
||||||
ssl.setKeyPassword("password");
|
ssl.setKeyPassword("password");
|
||||||
SslServerCustomizer customizer = new SslServerCustomizer(ssl, null, null);
|
SslServerCustomizer customizer = new SslServerCustomizer(ssl, null, null);
|
||||||
assertThatIllegalStateException().isThrownBy(() -> customizer.getKeyManagerFactory(ssl, null))
|
assertThatIllegalStateException().isThrownBy(() -> customizer.getKeyManagerFactory(ssl, null))
|
||||||
.withCauseInstanceOf(IllegalArgumentException.class)
|
.withCauseInstanceOf(IllegalStateException.class)
|
||||||
.withMessageContaining("Input keystore location is not valid for keystore type 'PKCS11'");
|
.withMessageContaining("must be empty or null for PKCS11 key stores");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
void getKeyManagerFactoryWhenSslIsEnabledWithPkcs11AndKeyStoreProvider() {
|
void getKeyManagerFactoryWhenSslIsEnabledWithPkcs11AndKeyStoreProvider() {
|
||||||
Ssl ssl = new Ssl();
|
Ssl ssl = new Ssl();
|
||||||
ssl.setKeyStoreType("PKCS11");
|
ssl.setKeyStoreType("PKCS11");
|
||||||
ssl.setKeyStoreProvider(PKCS11_PROVIDER.getName());
|
ssl.setKeyStoreProvider(MockPkcs11SecurityProvider.NAME);
|
||||||
ssl.setKeyStorePassword("1234");
|
ssl.setKeyStorePassword("1234");
|
||||||
SslServerCustomizer customizer = new SslServerCustomizer(ssl, null, null);
|
SslServerCustomizer customizer = new SslServerCustomizer(ssl, null, null);
|
||||||
// Loading the KeyManagerFactory should be successful
|
|
||||||
assertThatNoException().isThrownBy(() -> customizer.getKeyManagerFactory(ssl, null));
|
assertThatNoException().isThrownBy(() -> customizer.getKeyManagerFactory(ssl, null));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
* limitations under the License.
|
* limitations under the License.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
package org.springframework.boot.web.embedded.netty;
|
package org.springframework.boot.web.embedded.test;
|
||||||
|
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
import java.io.OutputStream;
|
import java.io.OutputStream;
|
||||||
|
@ -31,7 +31,7 @@ import java.util.HashMap;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Mock Security Provider for testing purposes only (e.g. SslServerCustomizerTests class)
|
* Mock Security Provider for testing purposes.
|
||||||
*
|
*
|
||||||
* @author Cyril Dangerville
|
* @author Cyril Dangerville
|
||||||
*/
|
*/
|
||||||
|
@ -45,7 +45,7 @@ public class MockKeyStoreSpi extends KeyStoreSpi {
|
||||||
KEYGEN.initialize(2048);
|
KEYGEN.initialize(2048);
|
||||||
}
|
}
|
||||||
catch (NoSuchAlgorithmException ex) {
|
catch (NoSuchAlgorithmException ex) {
|
||||||
throw new RuntimeException(ex);
|
throw new IllegalStateException(ex);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -99,8 +99,6 @@ public class MockKeyStoreSpi extends KeyStoreSpi {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean engineContainsAlias(String alias) {
|
public boolean engineContainsAlias(String alias) {
|
||||||
// contains any required alias, for testing purposes
|
|
||||||
// Add alias to aliases list on the fly
|
|
||||||
this.aliases.put(alias, KEYGEN.generateKeyPair());
|
this.aliases.put(alias, KEYGEN.generateKeyPair());
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
@ -112,7 +110,6 @@ public class MockKeyStoreSpi extends KeyStoreSpi {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean engineIsKeyEntry(String alias) {
|
public boolean engineIsKeyEntry(String alias) {
|
||||||
// Handle all keystore entries as key entries
|
|
||||||
return this.aliases.containsKey(alias);
|
return this.aliases.containsKey(alias);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -133,7 +130,6 @@ public class MockKeyStoreSpi extends KeyStoreSpi {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void engineLoad(InputStream stream, char[] password) {
|
public void engineLoad(InputStream stream, char[] password) {
|
||||||
// Nothing to do, this is a mock keystore implementation, for testing only.
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
|
@ -0,0 +1,34 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2012-2022 the original author or authors.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* https://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.springframework.boot.web.embedded.test;
|
||||||
|
|
||||||
|
import java.lang.annotation.Retention;
|
||||||
|
import java.lang.annotation.RetentionPolicy;
|
||||||
|
|
||||||
|
import org.junit.jupiter.api.extension.ExtendWith;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* JUnit {@link ExtendWith @ExtendWith} annotation to support
|
||||||
|
* {@link MockPkcs11SecurityProvider}.
|
||||||
|
*
|
||||||
|
* @author Phillip Webb
|
||||||
|
*/
|
||||||
|
@ExtendWith(MockPkcs11SecurityProviderExtension.class)
|
||||||
|
@Retention(RetentionPolicy.RUNTIME)
|
||||||
|
public @interface MockPkcs11Security {
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,40 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2012-2022 the original author or authors.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* https://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.springframework.boot.web.embedded.test;
|
||||||
|
|
||||||
|
import java.security.Provider;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Mock PKCS#11 Security Provider for testing purposes.
|
||||||
|
*
|
||||||
|
* @author Cyril Dangerville
|
||||||
|
*/
|
||||||
|
public class MockPkcs11SecurityProvider extends Provider {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The name of the mock provider.
|
||||||
|
*/
|
||||||
|
public static final String NAME = "Mock-PKCS11";
|
||||||
|
|
||||||
|
static final MockPkcs11SecurityProvider INSTANCE = new MockPkcs11SecurityProvider();
|
||||||
|
|
||||||
|
MockPkcs11SecurityProvider() {
|
||||||
|
super(NAME, 0.1, "Mock PKCS11 Provider");
|
||||||
|
putService(new Service(this, "KeyStore", "PKCS11", MockKeyStoreSpi.class.getName(), null, null));
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,44 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2012-2022 the original author or authors.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* https://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.springframework.boot.web.embedded.test;
|
||||||
|
|
||||||
|
import java.security.Security;
|
||||||
|
|
||||||
|
import org.junit.jupiter.api.extension.AfterAllCallback;
|
||||||
|
import org.junit.jupiter.api.extension.BeforeAllCallback;
|
||||||
|
import org.junit.jupiter.api.extension.Extension;
|
||||||
|
import org.junit.jupiter.api.extension.ExtensionContext;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* {@link Extension} to support {@link MockPkcs11SecurityProvider}.
|
||||||
|
*
|
||||||
|
* @author Phillip Webb
|
||||||
|
* @see MockPkcs11Security
|
||||||
|
*/
|
||||||
|
class MockPkcs11SecurityProviderExtension implements BeforeAllCallback, AfterAllCallback {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void beforeAll(ExtensionContext context) throws Exception {
|
||||||
|
Security.addProvider(MockPkcs11SecurityProvider.INSTANCE);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void afterAll(ExtensionContext context) throws Exception {
|
||||||
|
Security.removeProvider(MockPkcs11SecurityProvider.NAME);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -21,8 +21,6 @@ import java.io.InputStream;
|
||||||
import java.security.KeyStore;
|
import java.security.KeyStore;
|
||||||
import java.security.KeyStoreException;
|
import java.security.KeyStoreException;
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.security.Provider;
|
|
||||||
import java.security.Security;
|
|
||||||
import java.security.cert.CertificateException;
|
import java.security.cert.CertificateException;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
|
@ -31,9 +29,7 @@ import org.apache.catalina.connector.Connector;
|
||||||
import org.apache.catalina.startup.Tomcat;
|
import org.apache.catalina.startup.Tomcat;
|
||||||
import org.apache.tomcat.util.net.SSLHostConfig;
|
import org.apache.tomcat.util.net.SSLHostConfig;
|
||||||
import org.apache.tomcat.util.net.SSLHostConfigCertificate;
|
import org.apache.tomcat.util.net.SSLHostConfigCertificate;
|
||||||
import org.junit.jupiter.api.AfterAll;
|
|
||||||
import org.junit.jupiter.api.AfterEach;
|
import org.junit.jupiter.api.AfterEach;
|
||||||
import org.junit.jupiter.api.BeforeAll;
|
|
||||||
import org.junit.jupiter.api.BeforeEach;
|
import org.junit.jupiter.api.BeforeEach;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
import org.junit.jupiter.api.extension.ExtendWith;
|
import org.junit.jupiter.api.extension.ExtendWith;
|
||||||
|
@ -41,7 +37,8 @@ import org.junit.jupiter.api.extension.ExtendWith;
|
||||||
import org.springframework.boot.testsupport.system.CapturedOutput;
|
import org.springframework.boot.testsupport.system.CapturedOutput;
|
||||||
import org.springframework.boot.testsupport.system.OutputCaptureExtension;
|
import org.springframework.boot.testsupport.system.OutputCaptureExtension;
|
||||||
import org.springframework.boot.testsupport.web.servlet.DirtiesUrlFactories;
|
import org.springframework.boot.testsupport.web.servlet.DirtiesUrlFactories;
|
||||||
import org.springframework.boot.web.embedded.netty.MockPkcs11SecurityProvider;
|
import org.springframework.boot.web.embedded.test.MockPkcs11Security;
|
||||||
|
import org.springframework.boot.web.embedded.test.MockPkcs11SecurityProvider;
|
||||||
import org.springframework.boot.web.server.Ssl;
|
import org.springframework.boot.web.server.Ssl;
|
||||||
import org.springframework.boot.web.server.SslStoreProvider;
|
import org.springframework.boot.web.server.SslStoreProvider;
|
||||||
import org.springframework.boot.web.server.WebServerException;
|
import org.springframework.boot.web.server.WebServerException;
|
||||||
|
@ -50,7 +47,7 @@ import org.springframework.core.io.Resource;
|
||||||
|
|
||||||
import static org.assertj.core.api.Assertions.assertThat;
|
import static org.assertj.core.api.Assertions.assertThat;
|
||||||
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
|
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
|
||||||
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
|
import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
|
||||||
import static org.assertj.core.api.Assertions.assertThatNoException;
|
import static org.assertj.core.api.Assertions.assertThatNoException;
|
||||||
import static org.mockito.BDDMockito.given;
|
import static org.mockito.BDDMockito.given;
|
||||||
import static org.mockito.Mockito.mock;
|
import static org.mockito.Mockito.mock;
|
||||||
|
@ -65,29 +62,13 @@ import static org.mockito.Mockito.mock;
|
||||||
*/
|
*/
|
||||||
@ExtendWith(OutputCaptureExtension.class)
|
@ExtendWith(OutputCaptureExtension.class)
|
||||||
@DirtiesUrlFactories
|
@DirtiesUrlFactories
|
||||||
|
@MockPkcs11Security
|
||||||
class SslConnectorCustomizerTests {
|
class SslConnectorCustomizerTests {
|
||||||
|
|
||||||
private static final Provider PKCS11_PROVIDER = new MockPkcs11SecurityProvider();
|
|
||||||
|
|
||||||
private Tomcat tomcat;
|
private Tomcat tomcat;
|
||||||
|
|
||||||
private Connector connector;
|
private Connector connector;
|
||||||
|
|
||||||
@BeforeAll
|
|
||||||
static void beforeAllTests() {
|
|
||||||
/*
|
|
||||||
* Add the mock Java security provider for PKCS#11-related unit tests.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
Security.addProvider(PKCS11_PROVIDER);
|
|
||||||
}
|
|
||||||
|
|
||||||
@AfterAll
|
|
||||||
static void afterAllTests() {
|
|
||||||
// Remove the provider previously added in setup()
|
|
||||||
Security.removeProvider(PKCS11_PROVIDER.getName());
|
|
||||||
}
|
|
||||||
|
|
||||||
@BeforeEach
|
@BeforeEach
|
||||||
void setup() {
|
void setup() {
|
||||||
this.tomcat = new Tomcat();
|
this.tomcat = new Tomcat();
|
||||||
|
@ -201,39 +182,32 @@ class SslConnectorCustomizerTests {
|
||||||
assertThat(output).doesNotContain("Password verification failed");
|
assertThat(output).doesNotContain("Password verification failed");
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Null/undefined keystore is invalid unless keystore type is PKCS11.
|
|
||||||
*/
|
|
||||||
@Test
|
@Test
|
||||||
void customizeWhenSslIsEnabledWithNoKeyStoreAndNotPkcs11ThrowsWebServerException() {
|
void customizeWhenSslIsEnabledWithNoKeyStoreAndNotPkcs11ThrowsException() {
|
||||||
assertThatExceptionOfType(WebServerException.class)
|
assertThatExceptionOfType(WebServerException.class)
|
||||||
.isThrownBy(() -> new SslConnectorCustomizer(new Ssl(), null).customize(this.tomcat.getConnector()))
|
.isThrownBy(() -> new SslConnectorCustomizer(new Ssl(), null).customize(this.tomcat.getConnector()))
|
||||||
.withMessageContaining("Could not load key store 'null'");
|
.withMessageContaining("Could not load key store 'null'");
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* No keystore path should be defined if keystore type is PKCS#11.
|
|
||||||
*/
|
|
||||||
@Test
|
@Test
|
||||||
void customizeWhenSslIsEnabledWithPkcs11AndKeyStoreThrowsIllegalArgumentException() {
|
void customizeWhenSslIsEnabledWithPkcs11AndKeyStoreThrowsException() {
|
||||||
Ssl ssl = new Ssl();
|
Ssl ssl = new Ssl();
|
||||||
ssl.setKeyStoreType("PKCS11");
|
ssl.setKeyStoreType("PKCS11");
|
||||||
ssl.setKeyStoreProvider(PKCS11_PROVIDER.getName());
|
ssl.setKeyStoreProvider(MockPkcs11SecurityProvider.NAME);
|
||||||
ssl.setKeyStore("src/test/resources/test.jks");
|
ssl.setKeyStore("src/test/resources/test.jks");
|
||||||
ssl.setKeyPassword("password");
|
ssl.setKeyPassword("password");
|
||||||
SslConnectorCustomizer customizer = new SslConnectorCustomizer(ssl, null);
|
SslConnectorCustomizer customizer = new SslConnectorCustomizer(ssl, null);
|
||||||
assertThatIllegalArgumentException().isThrownBy(() -> customizer.customize(this.tomcat.getConnector()))
|
assertThatIllegalStateException().isThrownBy(() -> customizer.customize(this.tomcat.getConnector()))
|
||||||
.withMessageContaining("Input keystore location is not valid for keystore type 'PKCS11'");
|
.withMessageContaining("must be empty or null for PKCS11 key stores");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
void customizeWhenSslIsEnabledWithPkcs11AndKeyStoreProvider() {
|
void customizeWhenSslIsEnabledWithPkcs11AndKeyStoreProvider() {
|
||||||
Ssl ssl = new Ssl();
|
Ssl ssl = new Ssl();
|
||||||
ssl.setKeyStoreType("PKCS11");
|
ssl.setKeyStoreType("PKCS11");
|
||||||
ssl.setKeyStoreProvider(PKCS11_PROVIDER.getName());
|
ssl.setKeyStoreProvider(MockPkcs11SecurityProvider.NAME);
|
||||||
ssl.setKeyStorePassword("1234");
|
ssl.setKeyStorePassword("1234");
|
||||||
SslConnectorCustomizer customizer = new SslConnectorCustomizer(ssl, null);
|
SslConnectorCustomizer customizer = new SslConnectorCustomizer(ssl, null);
|
||||||
// Loading the KeyManagerFactory should be successful
|
|
||||||
assertThatNoException().isThrownBy(() -> customizer.customize(this.tomcat.getConnector()));
|
assertThatNoException().isThrownBy(() -> customizer.customize(this.tomcat.getConnector()));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -18,16 +18,13 @@ package org.springframework.boot.web.embedded.undertow;
|
||||||
|
|
||||||
import java.net.InetAddress;
|
import java.net.InetAddress;
|
||||||
import java.security.NoSuchProviderException;
|
import java.security.NoSuchProviderException;
|
||||||
import java.security.Provider;
|
|
||||||
import java.security.Security;
|
|
||||||
|
|
||||||
import javax.net.ssl.KeyManager;
|
import javax.net.ssl.KeyManager;
|
||||||
|
|
||||||
import org.junit.jupiter.api.AfterAll;
|
|
||||||
import org.junit.jupiter.api.BeforeAll;
|
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
|
|
||||||
import org.springframework.boot.web.embedded.netty.MockPkcs11SecurityProvider;
|
import org.springframework.boot.web.embedded.test.MockPkcs11Security;
|
||||||
|
import org.springframework.boot.web.embedded.test.MockPkcs11SecurityProvider;
|
||||||
import org.springframework.boot.web.server.Ssl;
|
import org.springframework.boot.web.server.Ssl;
|
||||||
import org.springframework.boot.web.server.WebServerException;
|
import org.springframework.boot.web.server.WebServerException;
|
||||||
import org.springframework.test.util.ReflectionTestUtils;
|
import org.springframework.test.util.ReflectionTestUtils;
|
||||||
|
@ -43,25 +40,9 @@ import static org.assertj.core.api.Assertions.assertThatNoException;
|
||||||
* @author Raheela Aslam
|
* @author Raheela Aslam
|
||||||
* @author Cyril Dangerville
|
* @author Cyril Dangerville
|
||||||
*/
|
*/
|
||||||
|
@MockPkcs11Security
|
||||||
class SslBuilderCustomizerTests {
|
class SslBuilderCustomizerTests {
|
||||||
|
|
||||||
private static final Provider PKCS11_PROVIDER = new MockPkcs11SecurityProvider();
|
|
||||||
|
|
||||||
@BeforeAll
|
|
||||||
static void beforeAllTests() {
|
|
||||||
/*
|
|
||||||
* Add the mock Java security provider for PKCS#11-related unit tests.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
Security.addProvider(PKCS11_PROVIDER);
|
|
||||||
}
|
|
||||||
|
|
||||||
@AfterAll
|
|
||||||
static void afterAllTests() {
|
|
||||||
// Remove the provider previously added in setup()
|
|
||||||
Security.removeProvider(PKCS11_PROVIDER.getName());
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
void getKeyManagersWhenAliasIsNullShouldNotDecorate() throws Exception {
|
void getKeyManagersWhenAliasIsNullShouldNotDecorate() throws Exception {
|
||||||
Ssl ssl = new Ssl();
|
Ssl ssl = new Ssl();
|
||||||
|
@ -100,11 +81,8 @@ class SslBuilderCustomizerTests {
|
||||||
.withMessageContaining("com.example.TrustStoreProvider");
|
.withMessageContaining("com.example.TrustStoreProvider");
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Null/undefined keystore is invalid unless keystore type is PKCS11.
|
|
||||||
*/
|
|
||||||
@Test
|
@Test
|
||||||
void getKeyManagersWhenSslIsEnabledWithNoKeyStoreAndNotPkcs11ThrowsWebServerException() throws Exception {
|
void getKeyManagersWhenSslIsEnabledWithNoKeyStoreAndNotPkcs11ThrowsException() throws Exception {
|
||||||
Ssl ssl = new Ssl();
|
Ssl ssl = new Ssl();
|
||||||
SslBuilderCustomizer customizer = new SslBuilderCustomizer(8080, InetAddress.getLocalHost(), ssl, null);
|
SslBuilderCustomizer customizer = new SslBuilderCustomizer(8080, InetAddress.getLocalHost(), ssl, null);
|
||||||
assertThatIllegalStateException()
|
assertThatIllegalStateException()
|
||||||
|
@ -112,14 +90,11 @@ class SslBuilderCustomizerTests {
|
||||||
.withCauseInstanceOf(WebServerException.class).withMessageContaining("Could not load key store 'null'");
|
.withCauseInstanceOf(WebServerException.class).withMessageContaining("Could not load key store 'null'");
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* No keystore path should be defined if keystore type is PKCS#11.
|
|
||||||
*/
|
|
||||||
@Test
|
@Test
|
||||||
void configureSslWhenSslIsEnabledWithPkcs11AndKeyStoreThrowsIllegalArgumentException() throws Exception {
|
void configureSslWhenSslIsEnabledWithPkcs11AndKeyStoreThrowsException() throws Exception {
|
||||||
Ssl ssl = new Ssl();
|
Ssl ssl = new Ssl();
|
||||||
ssl.setKeyStoreType("PKCS11");
|
ssl.setKeyStoreType("PKCS11");
|
||||||
ssl.setKeyStoreProvider(PKCS11_PROVIDER.getName());
|
ssl.setKeyStoreProvider(MockPkcs11SecurityProvider.NAME);
|
||||||
ssl.setKeyStore("src/test/resources/test.jks");
|
ssl.setKeyStore("src/test/resources/test.jks");
|
||||||
ssl.setKeyPassword("password");
|
ssl.setKeyPassword("password");
|
||||||
SslBuilderCustomizer customizer = new SslBuilderCustomizer(8080, InetAddress.getLocalHost(), ssl, null);
|
SslBuilderCustomizer customizer = new SslBuilderCustomizer(8080, InetAddress.getLocalHost(), ssl, null);
|
||||||
|
@ -133,10 +108,9 @@ class SslBuilderCustomizerTests {
|
||||||
void customizeWhenSslIsEnabledWithPkcs11AndKeyStoreProvider() throws Exception {
|
void customizeWhenSslIsEnabledWithPkcs11AndKeyStoreProvider() throws Exception {
|
||||||
Ssl ssl = new Ssl();
|
Ssl ssl = new Ssl();
|
||||||
ssl.setKeyStoreType("PKCS11");
|
ssl.setKeyStoreType("PKCS11");
|
||||||
ssl.setKeyStoreProvider(PKCS11_PROVIDER.getName());
|
ssl.setKeyStoreProvider(MockPkcs11SecurityProvider.NAME);
|
||||||
ssl.setKeyStorePassword("1234");
|
ssl.setKeyStorePassword("1234");
|
||||||
SslBuilderCustomizer customizer = new SslBuilderCustomizer(8080, InetAddress.getLocalHost(), ssl, null);
|
SslBuilderCustomizer customizer = new SslBuilderCustomizer(8080, InetAddress.getLocalHost(), ssl, null);
|
||||||
// Loading the KeyManagerFactory should be successful
|
|
||||||
assertThatNoException()
|
assertThatNoException()
|
||||||
.isThrownBy(() -> ReflectionTestUtils.invokeMethod(customizer, "getKeyManagers", ssl, null));
|
.isThrownBy(() -> ReflectionTestUtils.invokeMethod(customizer, "getKeyManagers", ssl, null));
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue