Merge branch '2.2.x' into 2.3.x

Closes gh-24052
pull/24095/head
Andy Wilkinson 4 years ago
commit 2ffb81f0d9

@ -1,5 +1,5 @@
/*
* Copyright 2012-2019 the original author or authors.
* Copyright 2012-2020 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -69,8 +69,12 @@ class SslConnectorCustomizer implements TomcatConnectorCustomizer {
protocol.setSSLEnabled(true);
protocol.setSslProtocol(ssl.getProtocol());
configureSslClientAuth(protocol, ssl);
protocol.setKeystorePass(ssl.getKeyStorePassword());
protocol.setKeyPass(ssl.getKeyPassword());
if (ssl.getKeyStorePassword() != null) {
protocol.setKeystorePass(ssl.getKeyStorePassword());
}
if (ssl.getKeyPassword() != null) {
protocol.setKeyPass(ssl.getKeyPassword());
}
protocol.setKeyAlias(ssl.getKeyAlias());
String ciphers = StringUtils.arrayToCommaDelimitedString(ssl.getCiphers());
if (StringUtils.hasText(ciphers)) {

@ -28,6 +28,7 @@ import org.apache.catalina.LifecycleState;
import org.apache.catalina.connector.Connector;
import org.apache.catalina.startup.Tomcat;
import org.apache.catalina.webresources.TomcatURLStreamHandlerFactory;
import org.apache.coyote.http11.Http11NioProtocol;
import org.apache.tomcat.util.net.SSLHostConfig;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
@ -185,6 +186,26 @@ class SslConnectorCustomizerTests {
.withMessageContaining("Could not load key store 'null'");
}
@Test
void keyStorePasswordIsNotSetWhenNull() {
Http11NioProtocol protocol = (Http11NioProtocol) this.tomcat.getConnector().getProtocolHandler();
protocol.setKeystorePass("password");
Ssl ssl = new Ssl();
ssl.setKeyStore("src/test/resources/test.jks");
new SslConnectorCustomizer(ssl, null).customize(this.tomcat.getConnector());
assertThat(protocol.getKeystorePass()).isEqualTo("password");
}
@Test
void keyPasswordIsNotSetWhenNull() {
Http11NioProtocol protocol = (Http11NioProtocol) this.tomcat.getConnector().getProtocolHandler();
protocol.setKeyPass("password");
Ssl ssl = new Ssl();
ssl.setKeyStore("src/test/resources/test.jks");
new SslConnectorCustomizer(ssl, null).customize(this.tomcat.getConnector());
assertThat(protocol.getKeyPass()).isEqualTo("password");
}
private KeyStore loadStore() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
KeyStore keyStore = KeyStore.getInstance("JKS");
Resource resource = new ClassPathResource("test.jks");

@ -131,6 +131,7 @@ public abstract class AbstractReactiveWebServerFactoryTests {
Ssl ssl = new Ssl();
ssl.setKeyStore(keyStore);
ssl.setKeyPassword(keyPassword);
ssl.setKeyStorePassword("secret");
factory.setSsl(ssl);
this.webServer = factory.getWebServer(new EchoHandler());
this.webServer.start();
@ -150,6 +151,7 @@ public abstract class AbstractReactiveWebServerFactoryTests {
AbstractReactiveWebServerFactory factory = getFactory();
Ssl ssl = new Ssl();
ssl.setKeyStore(keyStore);
ssl.setKeyStorePassword("secret");
ssl.setKeyPassword(keyPassword);
ssl.setKeyAlias("test-alias");
factory.setSsl(ssl);
@ -198,6 +200,7 @@ public abstract class AbstractReactiveWebServerFactoryTests {
ssl.setClientAuth(Ssl.ClientAuth.WANT);
ssl.setKeyStore("classpath:test.jks");
ssl.setKeyPassword("password");
ssl.setKeyStorePassword("secret");
ssl.setTrustStore("classpath:test.jks");
testClientAuthSuccess(ssl, buildTrustAllSslWithClientKeyConnector());
}
@ -209,6 +212,7 @@ public abstract class AbstractReactiveWebServerFactoryTests {
ssl.setKeyStore("classpath:test.jks");
ssl.setKeyPassword("password");
ssl.setTrustStore("classpath:test.jks");
ssl.setKeyStorePassword("secret");
testClientAuthSuccess(ssl, buildTrustAllSslConnector());
}
@ -243,6 +247,7 @@ public abstract class AbstractReactiveWebServerFactoryTests {
Ssl ssl = new Ssl();
ssl.setClientAuth(Ssl.ClientAuth.NEED);
ssl.setKeyStore("classpath:test.jks");
ssl.setKeyStorePassword("secret");
ssl.setKeyPassword("password");
ssl.setTrustStore("classpath:test.jks");
testClientAuthSuccess(ssl, buildTrustAllSslWithClientKeyConnector());
@ -253,6 +258,7 @@ public abstract class AbstractReactiveWebServerFactoryTests {
Ssl ssl = new Ssl();
ssl.setClientAuth(Ssl.ClientAuth.NEED);
ssl.setKeyStore("classpath:test.jks");
ssl.setKeyStorePassword("secret");
ssl.setKeyPassword("password");
ssl.setTrustStore("classpath:test.jks");
testClientAuthFailure(ssl, buildTrustAllSslConnector());

Loading…
Cancel
Save