root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions 19 Packages Projects Releases Wiki Activity

Allow SSL to be used with Tomcat's Http11Nio2Protocol 

Fixes gh-41007
This commit is contained in:
Andy Wilkinson 2024-06-07 12:46:19 +01:00
parent 217c2c862b
commit fe536bf075
2 changed files with 20 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizer.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2012-2023 the original author or authors. * Copyright 2012-2024 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -20,7 +20,6 @@ import org.apache.catalina.connector.Connector;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.coyote.ProtocolHandler; import org.apache.coyote.ProtocolHandler;
import org.apache.coyote.http11.AbstractHttp11JsseProtocol; import org.apache.coyote.http11.AbstractHttp11JsseProtocol;
import org.apache.coyote.http11.Http11NioProtocol;
import org.apache.tomcat.util.net.SSLHostConfig; import org.apache.tomcat.util.net.SSLHostConfig;
import org.apache.tomcat.util.net.SSLHostConfigCertificate; import org.apache.tomcat.util.net.SSLHostConfigCertificate;
import org.apache.tomcat.util.net.SSLHostConfigCertificate.Type; import org.apache.tomcat.util.net.SSLHostConfigCertificate.Type;
@ -104,7 +103,7 @@ class SslConnectorCustomizer {
String ciphers = StringUtils.arrayToCommaDelimitedString(options.getCiphers()); String ciphers = StringUtils.arrayToCommaDelimitedString(options.getCiphers());
sslHostConfig.setCiphers(ciphers); sslHostConfig.setCiphers(ciphers);
} }
configureSslStoreProvider(protocol, sslHostConfig, certificate, stores); configureSslStores(sslHostConfig, certificate, stores);
configureEnabledProtocols(sslHostConfig, options); configureEnabledProtocols(sslHostConfig, options);
} }
@ -119,10 +118,8 @@ class SslConnectorCustomizer {
config.setCertificateVerification(ClientAuth.map(this.clientAuth, "none", "optional", "required")); config.setCertificateVerification(ClientAuth.map(this.clientAuth, "none", "optional", "required"));
} }
private void configureSslStoreProvider(AbstractHttp11JsseProtocol<?> protocol, SSLHostConfig sslHostConfig, private void configureSslStores(SSLHostConfig sslHostConfig, SSLHostConfigCertificate certificate,
SSLHostConfigCertificate certificate, SslStoreBundle stores) { SslStoreBundle stores) {
Assert.isInstanceOf(Http11NioProtocol.class, protocol,
"SslStoreProvider can only be used with Http11NioProtocol");
try { try {
if (stores.getKeyStore() != null) { if (stores.getKeyStore() != null) {
certificate.setCertificateKeystore(stores.getKeyStore()); certificate.setCertificateKeystore(stores.getKeyStore());

17
spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/tomcat/TomcatServletWebServerFactoryTests.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2012-2023 the original author or authors. * Copyright 2012-2024 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -60,6 +60,7 @@ import org.apache.catalina.util.CharsetMapper;
import org.apache.catalina.valves.RemoteIpValve; import org.apache.catalina.valves.RemoteIpValve;
import org.apache.coyote.ProtocolHandler; import org.apache.coyote.ProtocolHandler;
import org.apache.coyote.http11.AbstractHttp11Protocol; import org.apache.coyote.http11.AbstractHttp11Protocol;
import org.apache.coyote.http11.Http11Nio2Protocol;
import org.apache.hc.client5.http.HttpHostConnectException; import org.apache.hc.client5.http.HttpHostConnectException;
import org.apache.hc.client5.http.classic.HttpClient; import org.apache.hc.client5.http.classic.HttpClient;
import org.apache.hc.client5.http.impl.classic.HttpClients; import org.apache.hc.client5.http.impl.classic.HttpClients;
@ -682,6 +683,20 @@ class TomcatServletWebServerFactoryTests extends AbstractServletWebServerFactory
assertThat(verifier.getLastPrincipal()).isEqualTo("CN=2"); assertThat(verifier.getLastPrincipal()).isEqualTo("CN=2");
} }
@Test
void sslWithHttp11Nio2Protocol() throws Exception {
TomcatServletWebServerFactory factory = getFactory();
addTestTxtFile(factory);
factory.setProtocol(Http11Nio2Protocol.class.getName());
factory.setSsl(getSsl(null, "password", "src/test/resources/test.jks"));
this.webServer = factory.getWebServer();
this.webServer.start();
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
new SSLContextBuilder().loadTrustMaterial(null, new TrustSelfSignedStrategy()).build());
HttpComponentsClientHttpRequestFactory requestFactory = createHttpComponentsRequestFactory(socketFactory);
assertThat(getResponse(getLocalUrl("https", "/test.txt"), requestFactory)).isEqualTo("test");
}
@Override @Override
protected JspServlet getJspServlet() throws ServletException { protected JspServlet getJspServlet() throws ServletException {
Tomcat tomcat = ((TomcatWebServer) this.webServer).getTomcat(); Tomcat tomcat = ((TomcatWebServer) this.webServer).getTomcat();