GitHub-Spring
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Make truststore & keystore optional on SslStoreProvider 

Fixes gh-11395
pull/13066/head
Madhura Bhave 8 years ago
parent
2e836ac74b
commit
c93f7ddff6
2 changed files with 71 additions and 3 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 16
      spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizer.java
  2. 58
      spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizerTests.java

16
spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizer.java
Unescape View File

@ -111,9 +111,19 @@ class SslConnectorCustomizer implements TomcatConnectorCustomizer { @@ -111,9 +111,19 @@ class SslConnectorCustomizer implements TomcatConnectorCustomizer {
.getInstance();
instance.addUserFactory(
new SslStoreProviderUrlStreamHandlerFactory(sslStoreProvider));
protocol.setKeystoreFile(SslStoreProviderUrlStreamHandlerFactory.KEY_STORE_URL);
protocol.setTruststoreFile(
SslStoreProviderUrlStreamHandlerFactory.TRUST_STORE_URL);
try {
if (sslStoreProvider.getKeyStore() != null) {
protocol.setKeystoreFile(SslStoreProviderUrlStreamHandlerFactory.KEY_STORE_URL);
}
if (sslStoreProvider.getTrustStore() != null) {
protocol.setTruststoreFile(
SslStoreProviderUrlStreamHandlerFactory.TRUST_STORE_URL);
}
}
catch (Exception ex) {
throw new WebServerException("Could not load store: " + ex.getMessage(),
ex);
}
}
private void configureSslKeyStore(AbstractHttp11JsseProtocol<?> protocol, Ssl ssl) {

58
spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizerTests.java
Unescape View File

@ -16,6 +16,13 @@ @@ -16,6 +16,13 @@
package org.springframework.boot.web.embedded.tomcat;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import org.apache.catalina.connector.Connector;
import org.apache.catalina.startup.Tomcat;
import org.apache.tomcat.util.net.SSLHostConfig;
@ -24,8 +31,13 @@ import org.junit.Before; @@ -24,8 +31,13 @@ import org.junit.Before;
import org.junit.Test;
import org.springframework.boot.web.server.Ssl;
import org.springframework.boot.web.server.SslStoreProvider;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.Resource;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.BDDMockito.given;
import static org.mockito.Mockito.mock;
/**
* Tests for {@link SslConnectorCustomizer}
@ -101,4 +113,50 @@ public class SslConnectorCustomizerTests { @@ -101,4 +113,50 @@ public class SslConnectorCustomizerTests {
assertThat(sslHostConfig.getEnabledProtocols()).containsExactly("TLSv1.2");
}
@Test
public void customizeWhenSslStoreProviderProvidesOnlyKeyStoreShouldUseDefaultTruststore() throws Exception {
Ssl ssl = new Ssl();
ssl.setKeyPassword("password");
ssl.setTrustStore("src/test/resources/test.jks");
SslStoreProvider sslStoreProvider = mock(SslStoreProvider.class);
given(sslStoreProvider.getKeyStore()).willReturn(loadStore());
SslConnectorCustomizer customizer = new SslConnectorCustomizer(ssl, sslStoreProvider);
Connector connector = this.tomcat.getConnector();
customizer.customize(connector);
this.tomcat.start();
SSLHostConfig sslHostConfig = connector.getProtocolHandler()
.findSslHostConfigs()[0];
SSLHostConfig sslHostConfigWithDefaults = new SSLHostConfig();
assertThat(sslHostConfig.getTruststoreFile()).isEqualTo(sslHostConfigWithDefaults.getTruststoreFile());
assertThat(sslHostConfig.getCertificateKeystoreFile()).isEqualTo(SslStoreProviderUrlStreamHandlerFactory.KEY_STORE_URL);
}
@Test
public void customizeWhenSslStoreProviderProvidesOnlyTrustStoreShouldUseDefaultKeystore() throws Exception {
Ssl ssl = new Ssl();
ssl.setKeyPassword("password");
ssl.setKeyStore("src/test/resources/test.jks");
SslStoreProvider sslStoreProvider = mock(SslStoreProvider.class);
given(sslStoreProvider.getTrustStore()).willReturn(loadStore());
SslConnectorCustomizer customizer = new SslConnectorCustomizer(ssl, sslStoreProvider);
Connector connector = this.tomcat.getConnector();
customizer.customize(connector);
this.tomcat.start();
SSLHostConfig sslHostConfig = connector.getProtocolHandler()
.findSslHostConfigs()[0];
SSLHostConfig sslHostConfigWithDefaults = new SSLHostConfig();
assertThat(sslHostConfig.getTruststoreFile()).isEqualTo(SslStoreProviderUrlStreamHandlerFactory.TRUST_STORE_URL);
assertThat(sslHostConfig.getCertificateKeystoreFile()).contains(sslHostConfigWithDefaults.getCertificateKeystoreFile());
}
private KeyStore loadStore() throws KeyStoreException, IOException,
NoSuchAlgorithmException, CertificateException {
KeyStore keyStore = KeyStore.getInstance("JKS");
Resource resource = new ClassPathResource("test.jks");
try (InputStream inputStream = resource.getInputStream()) {
keyStore.load(inputStream, "secret".toCharArray());
return keyStore;
}
}
}

Write Preview
Loading…
Cancel
Save