Merge branch '2.3.x'

Closes gh-24053
pull/24076/head
Andy Wilkinson 4 years ago
commit 06f37f4295

@ -1,5 +1,5 @@
/* /*
* Copyright 2012-2019 the original author or authors. * Copyright 2012-2020 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -69,8 +69,12 @@ class SslConnectorCustomizer implements TomcatConnectorCustomizer {
protocol.setSSLEnabled(true); protocol.setSSLEnabled(true);
protocol.setSslProtocol(ssl.getProtocol()); protocol.setSslProtocol(ssl.getProtocol());
configureSslClientAuth(protocol, ssl); configureSslClientAuth(protocol, ssl);
if (ssl.getKeyStorePassword() != null) {
protocol.setKeystorePass(ssl.getKeyStorePassword()); protocol.setKeystorePass(ssl.getKeyStorePassword());
}
if (ssl.getKeyPassword() != null) {
protocol.setKeyPass(ssl.getKeyPassword()); protocol.setKeyPass(ssl.getKeyPassword());
}
protocol.setKeyAlias(ssl.getKeyAlias()); protocol.setKeyAlias(ssl.getKeyAlias());
String ciphers = StringUtils.arrayToCommaDelimitedString(ssl.getCiphers()); String ciphers = StringUtils.arrayToCommaDelimitedString(ssl.getCiphers());
if (StringUtils.hasText(ciphers)) { if (StringUtils.hasText(ciphers)) {

@ -28,6 +28,7 @@ import org.apache.catalina.LifecycleState;
import org.apache.catalina.connector.Connector; import org.apache.catalina.connector.Connector;
import org.apache.catalina.startup.Tomcat; import org.apache.catalina.startup.Tomcat;
import org.apache.catalina.webresources.TomcatURLStreamHandlerFactory; import org.apache.catalina.webresources.TomcatURLStreamHandlerFactory;
import org.apache.coyote.http11.Http11NioProtocol;
import org.apache.tomcat.util.net.SSLHostConfig; import org.apache.tomcat.util.net.SSLHostConfig;
import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.BeforeEach;
@ -185,6 +186,26 @@ class SslConnectorCustomizerTests {
.withMessageContaining("Could not load key store 'null'"); .withMessageContaining("Could not load key store 'null'");
} }
@Test
void keyStorePasswordIsNotSetWhenNull() {
Http11NioProtocol protocol = (Http11NioProtocol) this.tomcat.getConnector().getProtocolHandler();
protocol.setKeystorePass("password");
Ssl ssl = new Ssl();
ssl.setKeyStore("src/test/resources/test.jks");
new SslConnectorCustomizer(ssl, null).customize(this.tomcat.getConnector());
assertThat(protocol.getKeystorePass()).isEqualTo("password");
}
@Test
void keyPasswordIsNotSetWhenNull() {
Http11NioProtocol protocol = (Http11NioProtocol) this.tomcat.getConnector().getProtocolHandler();
protocol.setKeyPass("password");
Ssl ssl = new Ssl();
ssl.setKeyStore("src/test/resources/test.jks");
new SslConnectorCustomizer(ssl, null).customize(this.tomcat.getConnector());
assertThat(protocol.getKeyPass()).isEqualTo("password");
}
private KeyStore loadStore() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException { private KeyStore loadStore() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
KeyStore keyStore = KeyStore.getInstance("JKS"); KeyStore keyStore = KeyStore.getInstance("JKS");
Resource resource = new ClassPathResource("test.jks"); Resource resource = new ClassPathResource("test.jks");

@ -131,6 +131,7 @@ public abstract class AbstractReactiveWebServerFactoryTests {
Ssl ssl = new Ssl(); Ssl ssl = new Ssl();
ssl.setKeyStore(keyStore); ssl.setKeyStore(keyStore);
ssl.setKeyPassword(keyPassword); ssl.setKeyPassword(keyPassword);
ssl.setKeyStorePassword("secret");
factory.setSsl(ssl); factory.setSsl(ssl);
this.webServer = factory.getWebServer(new EchoHandler()); this.webServer = factory.getWebServer(new EchoHandler());
this.webServer.start(); this.webServer.start();
@ -149,6 +150,7 @@ public abstract class AbstractReactiveWebServerFactoryTests {
AbstractReactiveWebServerFactory factory = getFactory(); AbstractReactiveWebServerFactory factory = getFactory();
Ssl ssl = new Ssl(); Ssl ssl = new Ssl();
ssl.setKeyStore(keyStore); ssl.setKeyStore(keyStore);
ssl.setKeyStorePassword("secret");
ssl.setKeyPassword(keyPassword); ssl.setKeyPassword(keyPassword);
ssl.setKeyAlias("test-alias"); ssl.setKeyAlias("test-alias");
factory.setSsl(ssl); factory.setSsl(ssl);
@ -196,6 +198,7 @@ public abstract class AbstractReactiveWebServerFactoryTests {
ssl.setClientAuth(Ssl.ClientAuth.WANT); ssl.setClientAuth(Ssl.ClientAuth.WANT);
ssl.setKeyStore("classpath:test.jks"); ssl.setKeyStore("classpath:test.jks");
ssl.setKeyPassword("password"); ssl.setKeyPassword("password");
ssl.setKeyStorePassword("secret");
ssl.setTrustStore("classpath:test.jks"); ssl.setTrustStore("classpath:test.jks");
testClientAuthSuccess(ssl, buildTrustAllSslWithClientKeyConnector()); testClientAuthSuccess(ssl, buildTrustAllSslWithClientKeyConnector());
} }
@ -207,6 +210,7 @@ public abstract class AbstractReactiveWebServerFactoryTests {
ssl.setKeyStore("classpath:test.jks"); ssl.setKeyStore("classpath:test.jks");
ssl.setKeyPassword("password"); ssl.setKeyPassword("password");
ssl.setTrustStore("classpath:test.jks"); ssl.setTrustStore("classpath:test.jks");
ssl.setKeyStorePassword("secret");
testClientAuthSuccess(ssl, buildTrustAllSslConnector()); testClientAuthSuccess(ssl, buildTrustAllSslConnector());
} }
@ -240,6 +244,7 @@ public abstract class AbstractReactiveWebServerFactoryTests {
Ssl ssl = new Ssl(); Ssl ssl = new Ssl();
ssl.setClientAuth(Ssl.ClientAuth.NEED); ssl.setClientAuth(Ssl.ClientAuth.NEED);
ssl.setKeyStore("classpath:test.jks"); ssl.setKeyStore("classpath:test.jks");
ssl.setKeyStorePassword("secret");
ssl.setKeyPassword("password"); ssl.setKeyPassword("password");
ssl.setTrustStore("classpath:test.jks"); ssl.setTrustStore("classpath:test.jks");
testClientAuthSuccess(ssl, buildTrustAllSslWithClientKeyConnector()); testClientAuthSuccess(ssl, buildTrustAllSslWithClientKeyConnector());
@ -250,6 +255,7 @@ public abstract class AbstractReactiveWebServerFactoryTests {
Ssl ssl = new Ssl(); Ssl ssl = new Ssl();
ssl.setClientAuth(Ssl.ClientAuth.NEED); ssl.setClientAuth(Ssl.ClientAuth.NEED);
ssl.setKeyStore("classpath:test.jks"); ssl.setKeyStore("classpath:test.jks");
ssl.setKeyStorePassword("secret");
ssl.setKeyPassword("password"); ssl.setKeyPassword("password");
ssl.setTrustStore("classpath:test.jks"); ssl.setTrustStore("classpath:test.jks");
testClientAuthFailure(ssl, buildTrustAllSslConnector()); testClientAuthFailure(ssl, buildTrustAllSslConnector());

Loading…
Cancel
Save