Add BouncyCastle nested jar verification test including on Oracle JDK

Update `spring-boot-loader-tests` with a test that checks verified
BouncyCastle jars can be loaded. Currently the Oracle JDK only supports
verification if the jar is unpacked.

See gh-28837
pull/37745/head
Phillip Webb 1 year ago
parent 79d2208908
commit 6c24ea01f1

@ -18,6 +18,8 @@ dependencies {
app project(path: ":spring-boot-project:spring-boot-dependencies", configuration: "mavenRepository") app project(path: ":spring-boot-project:spring-boot-dependencies", configuration: "mavenRepository")
app project(path: ":spring-boot-project:spring-boot-tools:spring-boot-gradle-plugin", configuration: "mavenRepository") app project(path: ":spring-boot-project:spring-boot-tools:spring-boot-gradle-plugin", configuration: "mavenRepository")
app project(path: ":spring-boot-project:spring-boot-starters:spring-boot-starter-web", configuration: "mavenRepository") app project(path: ":spring-boot-project:spring-boot-starters:spring-boot-starter-web", configuration: "mavenRepository")
app project(path: ":spring-boot-project:spring-boot-starters:spring-boot-starter", configuration: "mavenRepository")
app("org.bouncycastle:bcprov-jdk18on:1.76")
intTestImplementation(enforcedPlatform(project(":spring-boot-project:spring-boot-parent"))) intTestImplementation(enforcedPlatform(project(":spring-boot-project:spring-boot-parent")))
intTestImplementation(project(":spring-boot-project:spring-boot-tools:spring-boot-test-support")) intTestImplementation(project(":spring-boot-project:spring-boot-tools:spring-boot-test-support"))
@ -43,6 +45,18 @@ task buildApp(type: GradleBuild) {
tasks = ["build"] tasks = ["build"]
} }
task syncSignedJarAppSource(type: org.springframework.boot.build.SyncAppSource) {
sourceDirectory = file("spring-boot-loader-tests-signed-jar")
destinationDirectory = file("${buildDir}/spring-boot-loader-tests-signed-jar")
}
task buildSignedJarApp(type: GradleBuild) {
dependsOn syncSignedJarAppSource, syncMavenRepository
dir = "${buildDir}/spring-boot-loader-tests-signed-jar"
startParameter.buildCacheEnabled = false
tasks = ["build"]
}
task downloadJdk(type: Download) { task downloadJdk(type: Download) {
def destFolder = new File(rootProject.buildDir, "downloads/jdk/oracle") def destFolder = new File(rootProject.buildDir, "downloads/jdk/oracle")
destFolder.mkdirs() destFolder.mkdirs()
@ -64,5 +78,5 @@ processIntTestResources {
} }
intTest { intTest {
dependsOn buildApp dependsOn buildApp, buildSignedJarApp
} }

@ -0,0 +1,30 @@
import org.springframework.boot.gradle.tasks.bundling.BootJar
plugins {
id "java"
id "org.springframework.boot"
}
apply plugin: "io.spring.dependency-management"
repositories {
maven { url "file:${rootDir}/../int-test-maven-repository"}
mavenCentral()
maven { url "https://repo.spring.io/snapshot" }
maven { url "https://repo.spring.io/milestone" }
}
dependencies {
implementation("org.springframework.boot:spring-boot-starter")
implementation("org.bouncycastle:bcprov-jdk18on:1.76")
}
tasks.register("bootJarUnpack", BootJar.class) {
mainClass = "org.springframework.boot.loaderapp.LoaderSignedJarTestApplication"
classpath = bootJar.classpath
requiresUnpack '**/bcprov-jdk18on-*.jar'
archiveClassifier.set("unpack")
targetJavaVersion = targetCompatibility
}
build.dependsOn bootJarUnpack

@ -0,0 +1,15 @@
pluginManagement {
repositories {
maven { url "file:${rootDir}/../int-test-maven-repository"}
mavenCentral()
maven { url "https://repo.spring.io/snapshot" }
maven { url "https://repo.spring.io/milestone" }
}
resolutionStrategy {
eachPlugin {
if (requested.id.id == "org.springframework.boot") {
useModule "org.springframework.boot:spring-boot-gradle-plugin:${requested.version}"
}
}
}
}

@ -0,0 +1,36 @@
/*
* Copyright 2012-2023 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.boot.loaderapp;
import java.security.Security;
import javax.crypto.Cipher;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class LoaderSignedJarTestApplication {
public static void main(String[] args) throws Exception {
Security.addProvider(new BouncyCastleProvider());
Cipher.getInstance("AES/CBC/PKCS5Padding","BC");
System.out.println("Legion of the Bouncy Castle");
SpringApplication.run(LoaderSignedJarTestApplication.class, args);
}
}

@ -37,6 +37,7 @@ import org.springframework.boot.testsupport.testcontainers.DisabledIfDockerUnava
import org.springframework.util.Assert; import org.springframework.util.Assert;
import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assumptions.assumeThat;
/** /**
* Integration tests loader that supports fat jars. * Integration tests loader that supports fat jars.
@ -52,7 +53,7 @@ class LoaderIntegrationTests {
@ParameterizedTest @ParameterizedTest
@MethodSource("javaRuntimes") @MethodSource("javaRuntimes")
void readUrlsWithoutWarning(JavaRuntime javaRuntime) { void readUrlsWithoutWarning(JavaRuntime javaRuntime) {
try (GenericContainer<?> container = createContainer(javaRuntime)) { try (GenericContainer<?> container = createContainer(javaRuntime, "spring-boot-loader-tests-app", null)) {
container.start(); container.start();
System.out.println(this.output.toUtf8String()); System.out.println(this.output.toUtf8String());
assertThat(this.output.toUtf8String()).contains(">>>>> 287649 BYTES from") assertThat(this.output.toUtf8String()).contains(">>>>> 287649 BYTES from")
@ -62,18 +63,46 @@ class LoaderIntegrationTests {
} }
} }
private GenericContainer<?> createContainer(JavaRuntime javaRuntime) { @ParameterizedTest
@MethodSource("javaRuntimes")
void runSignedJar(JavaRuntime javaRuntime) {
assumeThat(javaRuntime.toString()).isNotEqualTo("Oracle JDK 17"); // gh-28837
try (GenericContainer<?> container = createContainer(javaRuntime, "spring-boot-loader-tests-signed-jar",
null)) {
container.start();
System.out.println(this.output.toUtf8String());
assertThat(this.output.toUtf8String()).contains("Legion of the Bouncy Castle");
}
}
@ParameterizedTest
@MethodSource("javaRuntimes")
void runSignedJarWhenUnpack(JavaRuntime javaRuntime) {
try (GenericContainer<?> container = createContainer(javaRuntime, "spring-boot-loader-tests-signed-jar",
"unpack")) {
container.start();
System.out.println(this.output.toUtf8String());
assertThat(this.output.toUtf8String()).contains("Legion of the Bouncy Castle");
}
}
private GenericContainer<?> createContainer(JavaRuntime javaRuntime, String name, String classifier) {
return javaRuntime.getContainer() return javaRuntime.getContainer()
.withLogConsumer(this.output) .withLogConsumer(this.output)
.withCopyFileToContainer(MountableFile.forHostPath(findApplication().toPath()), "/app.jar") .withCopyFileToContainer(findApplication(name, classifier), "/app.jar")
.withStartupCheckStrategy(new OneShotStartupCheckStrategy().withTimeout(Duration.ofMinutes(5))) .withStartupCheckStrategy(new OneShotStartupCheckStrategy().withTimeout(Duration.ofMinutes(5)))
.withCommand("java", "-jar", "app.jar"); .withCommand("java", "-jar", "app.jar");
} }
private File findApplication() { private MountableFile findApplication(String name, String classifier) {
String name = String.format("build/%1$s/build/libs/%1$s.jar", "spring-boot-loader-tests-app"); return MountableFile.forHostPath(findJarFile(name, classifier).toPath());
File jar = new File(name); }
Assert.state(jar.isFile(), () -> "Could not find " + name + ". Have you built it?");
private File findJarFile(String name, String classifier) {
classifier = (classifier != null) ? "-" + classifier : "";
String path = String.format("build/%1$s/build/libs/%1$s%2$s.jar", name, classifier);
File jar = new File(path);
Assert.state(jar.isFile(), () -> "Could not find " + path + ". Have you built it?");
return jar; return jar;
} }

Loading…
Cancel
Save