From 727dd12852290f48840a8aeac91c37823112bdc7 Mon Sep 17 00:00:00 2001 From: Johnny Lim Date: Tue, 3 May 2016 22:31:13 +0900 Subject: [PATCH 1/2] Fix customization of Jetty's SSL trust store See gh-5852 --- .../embedded/jetty/JettyEmbeddedServletContainerFactory.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spring-boot/src/main/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactory.java b/spring-boot/src/main/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactory.java index 1467107439..5024b1b71a 100644 --- a/spring-boot/src/main/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactory.java +++ b/spring-boot/src/main/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactory.java @@ -259,7 +259,7 @@ public class JettyEmbeddedServletContainerFactory if (getSslStoreProvider() != null) { try { factory.setKeyStore(getSslStoreProvider().getKeyStore()); - factory.setTrustStore(getSslStoreProvider().getKeyStore()); + factory.setTrustStore(getSslStoreProvider().getTrustStore()); } catch (Exception ex) { throw new IllegalStateException("Unable to set SSL store", ex); From fb9a61cd85683da41c4eba7d0d83daa4ec3486df Mon Sep 17 00:00:00 2001 From: Stephane Nicoll Date: Wed, 4 May 2016 09:58:52 +0200 Subject: [PATCH 2/2] Polish "Fix customization of Jetty's SSL trust store" Closes gh-5852 --- ...tEmbeddedServletContainerFactoryTests.java | 52 ++++++++----------- 1 file changed, 23 insertions(+), 29 deletions(-) diff --git a/spring-boot/src/test/java/org/springframework/boot/context/embedded/AbstractEmbeddedServletContainerFactoryTests.java b/spring-boot/src/test/java/org/springframework/boot/context/embedded/AbstractEmbeddedServletContainerFactoryTests.java index a91d2828fc..befd2b2ee3 100644 --- a/spring-boot/src/test/java/org/springframework/boot/context/embedded/AbstractEmbeddedServletContainerFactoryTests.java +++ b/spring-boot/src/test/java/org/springframework/boot/context/embedded/AbstractEmbeddedServletContainerFactoryTests.java @@ -93,9 +93,11 @@ import org.springframework.util.concurrent.ListenableFuture; import static org.assertj.core.api.Assertions.assertThat; import static org.junit.Assert.fail; +import static org.mockito.BDDMockito.given; import static org.mockito.Matchers.anyObject; import static org.mockito.Mockito.inOrder; import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.verify; /** * Base for testing classes that extends {@link AbstractEmbeddedServletContainerFactory}. @@ -536,7 +538,10 @@ public abstract class AbstractEmbeddedServletContainerFactoryTests { ssl.setClientAuth(ClientAuth.NEED); ssl.setKeyPassword("password"); factory.setSsl(ssl); - factory.setSslStoreProvider(new CustomSslStoreProvider()); + SslStoreProvider sslStoreProvider = mock(SslStoreProvider.class); + given(sslStoreProvider.getKeyStore()).willReturn(loadStore()); + given(sslStoreProvider.getTrustStore()).willReturn(loadStore()); + factory.setSslStoreProvider(sslStoreProvider); this.container = factory.getEmbeddedServletContainer(); this.container.start(); KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); @@ -552,6 +557,8 @@ public abstract class AbstractEmbeddedServletContainerFactoryTests { httpClient); assertThat(getResponse(getLocalUrl("https", "/test.txt"), requestFactory)) .isEqualTo("test"); + verify(sslStoreProvider).getKeyStore(); + verify(sslStoreProvider).getTrustStore(); } @Test @@ -1044,6 +1051,21 @@ public abstract class AbstractEmbeddedServletContainerFactoryTests { } } + private KeyStore loadStore() throws KeyStoreException, IOException, + NoSuchAlgorithmException, CertificateException { + KeyStore keyStore = KeyStore.getInstance("JKS"); + Resource resource = new ClassPathResource("test.jks"); + InputStream inputStream = resource.getInputStream(); + try { + keyStore.load(inputStream, "secret".toCharArray()); + return keyStore; + } + finally { + inputStream.close(); + } + } + + private class TestGzipInputStreamFactory implements InputStreamFactory { private final AtomicBoolean requested = new AtomicBoolean(false); @@ -1091,32 +1113,4 @@ public abstract class AbstractEmbeddedServletContainerFactoryTests { } - public static class CustomSslStoreProvider implements SslStoreProvider { - - @Override - public KeyStore getKeyStore() throws Exception { - return loadStore(); - } - - @Override - public KeyStore getTrustStore() throws Exception { - return loadStore(); - } - - private KeyStore loadStore() throws KeyStoreException, IOException, - NoSuchAlgorithmException, CertificateException { - KeyStore keyStore = KeyStore.getInstance("JKS"); - Resource resource = new ClassPathResource("test.jks"); - InputStream inputStream = resource.getInputStream(); - try { - keyStore.load(inputStream, "secret".toCharArray()); - return keyStore; - } - finally { - inputStream.close(); - } - } - - } - }