diff --git a/spring-boot-project/spring-boot-dependencies/pom.xml b/spring-boot-project/spring-boot-dependencies/pom.xml
index 199fb985a5..884121eb5d 100644
--- a/spring-boot-project/spring-boot-dependencies/pom.xml
+++ b/spring-boot-project/spring-boot-dependencies/pom.xml
@@ -119,7 +119,7 @@
3.0.1
2.28
6.3.1
- 9.4.14.v20181114
+ 9.4.15.v20190215
2.2.0.v201112011158
8.5.35.1
1.0.3
diff --git a/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/reactive/server/AbstractReactiveWebServerFactoryTests.java b/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/reactive/server/AbstractReactiveWebServerFactoryTests.java
index 4e8f3cfa8b..7da6fb735b 100644
--- a/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/reactive/server/AbstractReactiveWebServerFactoryTests.java
+++ b/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/reactive/server/AbstractReactiveWebServerFactoryTests.java
@@ -21,11 +21,15 @@ import java.io.FileInputStream;
import java.net.InetSocketAddress;
import java.nio.charset.StandardCharsets;
import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
import java.time.Duration;
import java.util.Arrays;
+import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLException;
+import javax.net.ssl.X509KeyManager;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInboundHandlerAdapter;
@@ -171,13 +175,24 @@ public abstract class AbstractReactiveWebServerFactoryTests {
KeyManagerFactory clientKeyManagerFactory = KeyManagerFactory
.getInstance(KeyManagerFactory.getDefaultAlgorithm());
clientKeyManagerFactory.init(clientKeyStore, "password".toCharArray());
- SslContextBuilder builder = SslContextBuilder.forClient()
- .sslProvider(SslProvider.JDK)
- .trustManager(InsecureTrustManagerFactory.INSTANCE)
- .keyManager(clientKeyManagerFactory);
- HttpClient client = HttpClient.create().wiretap(true)
- .secure((sslContextSpec) -> sslContextSpec.sslContext(builder));
- return new ReactorClientHttpConnector(client);
+ for (KeyManager keyManager : clientKeyManagerFactory.getKeyManagers()) {
+ if (keyManager instanceof X509KeyManager) {
+ X509KeyManager x509KeyManager = (X509KeyManager) keyManager;
+ PrivateKey privateKey = x509KeyManager.getPrivateKey("spring-boot");
+ if (privateKey != null) {
+ X509Certificate[] certificateChain = x509KeyManager
+ .getCertificateChain("spring-boot");
+ SslContextBuilder builder = SslContextBuilder.forClient()
+ .sslProvider(SslProvider.JDK)
+ .trustManager(InsecureTrustManagerFactory.INSTANCE)
+ .keyManager(privateKey, certificateChain);
+ HttpClient client = HttpClient.create().wiretap(true).secure(
+ (sslContextSpec) -> sslContextSpec.sslContext(builder));
+ return new ReactorClientHttpConnector(client);
+ }
+ }
+ }
+ throw new IllegalStateException("Key with alias 'spring-boot' not found");
}
protected void testClientAuthSuccess(Ssl sslConfiguration,
diff --git a/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/servlet/server/AbstractServletWebServerFactoryTests.java b/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/servlet/server/AbstractServletWebServerFactoryTests.java
index 3f4799e54f..d7612e08dc 100644
--- a/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/servlet/server/AbstractServletWebServerFactoryTests.java
+++ b/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/servlet/server/AbstractServletWebServerFactoryTests.java
@@ -25,6 +25,7 @@ import java.io.PrintWriter;
import java.net.InetSocketAddress;
import java.net.MalformedURLException;
import java.net.ServerSocket;
+import java.net.Socket;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
@@ -74,6 +75,8 @@ import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.protocol.HttpContext;
+import org.apache.http.ssl.PrivateKeyDetails;
+import org.apache.http.ssl.PrivateKeyStrategy;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.TrustStrategy;
import org.apache.jasper.EmbeddedServletOptions;
@@ -423,7 +426,7 @@ public abstract class AbstractServletWebServerFactoryTests {
this.webServer = factory.getWebServer(registration);
this.webServer.start();
TrustStrategy trustStrategy = new SerialNumberValidatingTrustSelfSignedStrategy(
- "3a3aaec8");
+ "5c7ae101");
SSLContext sslContext = new SSLContextBuilder()
.loadTrustMaterial(null, trustStrategy).build();
HttpClient httpClient = HttpClients.custom()
@@ -499,7 +502,18 @@ public abstract class AbstractServletWebServerFactoryTests {
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
new SSLContextBuilder()
.loadTrustMaterial(null, new TrustSelfSignedStrategy())
- .loadKeyMaterial(keyStore, "secret".toCharArray()).build());
+ .loadKeyMaterial(keyStore, "secret".toCharArray(),
+ new PrivateKeyStrategy() {
+
+ @Override
+ public String chooseAlias(
+ Map aliases,
+ Socket socket) {
+ return "spring-boot";
+ }
+
+ })
+ .build());
HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory)
.build();
HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(
@@ -523,7 +537,17 @@ public abstract class AbstractServletWebServerFactoryTests {
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
new SSLContextBuilder()
.loadTrustMaterial(null, new TrustSelfSignedStrategy())
- .loadKeyMaterial(keyStore, "password".toCharArray()).build());
+ .loadKeyMaterial(keyStore, "password".toCharArray(),
+ new PrivateKeyStrategy() {
+
+ @Override
+ public String chooseAlias(
+ Map aliases,
+ Socket socket) {
+ return "spring-boot";
+ }
+ })
+ .build());
HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory)
.build();
HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(
@@ -614,7 +638,17 @@ public abstract class AbstractServletWebServerFactoryTests {
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
new SSLContextBuilder()
.loadTrustMaterial(null, new TrustSelfSignedStrategy())
- .loadKeyMaterial(keyStore, "password".toCharArray()).build());
+ .loadKeyMaterial(keyStore, "password".toCharArray(),
+ new PrivateKeyStrategy() {
+
+ @Override
+ public String chooseAlias(
+ Map aliases,
+ Socket socket) {
+ return "spring-boot";
+ }
+ })
+ .build());
HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory)
.build();
HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(
diff --git a/spring-boot-project/spring-boot/src/test/resources/test.jks b/spring-boot-project/spring-boot/src/test/resources/test.jks
index 0fc3e802f7..f8a5f70596 100644
Binary files a/spring-boot-project/spring-boot/src/test/resources/test.jks and b/spring-boot-project/spring-boot/src/test/resources/test.jks differ
diff --git a/spring-boot-project/spring-boot/src/test/resources/test.p12 b/spring-boot-project/spring-boot/src/test/resources/test.p12
index de3664b9d7..1d6a25829c 100644
Binary files a/spring-boot-project/spring-boot/src/test/resources/test.p12 and b/spring-boot-project/spring-boot/src/test/resources/test.p12 differ