From effdc8f359e94ec39fd034788f978054cad57e76 Mon Sep 17 00:00:00 2001
From: Andy Wilkinson <awilkinson@pivotal.io>
Date: Thu, 5 Dec 2019 12:10:31 +0000
Subject: [PATCH] Polish "Honour SSL key alias when using Netty"

See gh-19197
---
 .../web/embedded/netty/SslServerCustomizer.java   | 15 ++++++++-------
 .../netty/NettyReactiveWebServerFactoryTests.java |  5 +++--
 2 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/netty/SslServerCustomizer.java b/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/netty/SslServerCustomizer.java
index 2208a82a80..f86f4e7918 100644
--- a/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/netty/SslServerCustomizer.java
+++ b/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/netty/SslServerCustomizer.java
@@ -55,6 +55,7 @@ import org.springframework.util.ResourceUtils;
  *
  * @author Brian Clozel
  * @author Raheela Aslam
+ * @author Chris Bono
  * @since 2.0.0
  */
 public class SslServerCustomizer implements NettyServerCustomizer {
@@ -185,9 +186,9 @@ public class SslServerCustomizer implements NettyServerCustomizer {
 	 * {@link ConfigurableAliasKeyManager}. The actual SPI has to be wrapped as well due
 	 * to the fact that {@link KeyManagerFactory#getKeyManagers()} is final.
 	 */
-	private static class ConfigurableAliasKeyManagerFactory extends KeyManagerFactory {
+	private static final class ConfigurableAliasKeyManagerFactory extends KeyManagerFactory {
 
-		static final ConfigurableAliasKeyManagerFactory instance(String alias, String algorithm)
+		private static ConfigurableAliasKeyManagerFactory instance(String alias, String algorithm)
 				throws NoSuchAlgorithmException {
 			KeyManagerFactory originalFactory = KeyManagerFactory.getInstance(algorithm);
 			ConfigurableAliasKeyManagerFactorySpi spi = new ConfigurableAliasKeyManagerFactorySpi(originalFactory,
@@ -195,20 +196,20 @@ public class SslServerCustomizer implements NettyServerCustomizer {
 			return new ConfigurableAliasKeyManagerFactory(spi, originalFactory.getProvider(), algorithm);
 		}
 
-		ConfigurableAliasKeyManagerFactory(ConfigurableAliasKeyManagerFactorySpi spi, Provider provider,
+		private ConfigurableAliasKeyManagerFactory(ConfigurableAliasKeyManagerFactorySpi spi, Provider provider,
 				String algorithm) {
 			super(spi, provider, algorithm);
 		}
 
 	}
 
-	private static class ConfigurableAliasKeyManagerFactorySpi extends KeyManagerFactorySpi {
+	private static final class ConfigurableAliasKeyManagerFactorySpi extends KeyManagerFactorySpi {
 
 		private KeyManagerFactory originalFactory;
 
 		private String alias;
 
-		ConfigurableAliasKeyManagerFactorySpi(KeyManagerFactory originalFactory, String alias) {
+		private ConfigurableAliasKeyManagerFactorySpi(KeyManagerFactory originalFactory, String alias) {
 			this.originalFactory = originalFactory;
 			this.alias = alias;
 		}
@@ -238,13 +239,13 @@ public class SslServerCustomizer implements NettyServerCustomizer {
 
 	}
 
-	private static class ConfigurableAliasKeyManager extends X509ExtendedKeyManager {
+	private static final class ConfigurableAliasKeyManager extends X509ExtendedKeyManager {
 
 		private final X509ExtendedKeyManager keyManager;
 
 		private final String alias;
 
-		ConfigurableAliasKeyManager(X509ExtendedKeyManager keyManager, String alias) {
+		private ConfigurableAliasKeyManager(X509ExtendedKeyManager keyManager, String alias) {
 			this.keyManager = keyManager;
 			this.alias = alias;
 		}
diff --git a/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/netty/NettyReactiveWebServerFactoryTests.java b/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/netty/NettyReactiveWebServerFactoryTests.java
index 88ca62b6bd..2c6743adf3 100644
--- a/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/netty/NettyReactiveWebServerFactoryTests.java
+++ b/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/netty/NettyReactiveWebServerFactoryTests.java
@@ -47,6 +47,7 @@ import static org.mockito.Mockito.mock;
  * Tests for {@link NettyReactiveWebServerFactory}.
  *
  * @author Brian Clozel
+ * @author Chris Bono
  */
 public class NettyReactiveWebServerFactoryTests extends AbstractReactiveWebServerFactoryTests {
 
@@ -94,14 +95,14 @@ public class NettyReactiveWebServerFactoryTests extends AbstractReactiveWebServe
 	}
 
 	@Test
-	public void testSslWithValidAlias() {
+	public void whenSslIsConfiguredWithAValidAliasARequestSucceeds() {
 		Mono<String> result = testSslWithAlias("test-alias");
 		StepVerifier.setDefaultTimeout(Duration.ofSeconds(30));
 		StepVerifier.create(result).expectNext("Hello World").verifyComplete();
 	}
 
 	@Test
-	public void testSslWithInvalidAlias() {
+	public void whenSslIsConfiguredWithAnInvalidAliasTheSslHandshakeFails() {
 		Mono<String> result = testSslWithAlias("test-alias-bad");
 		StepVerifier.setDefaultTimeout(Duration.ofSeconds(30));
 		StepVerifier.create(result).expectErrorMatches((throwable) -> throwable instanceof SSLHandshakeException