Skip to content

Commit ac91f14

Browse files
committed
Polish "Verify ssl key alias on server startup"
See gh-19202
1 parent e351605 commit ac91f14

File tree

9 files changed

+31
-32
lines changed

9 files changed

+31
-32
lines changed

spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/jetty/SslServerCustomizer.java

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright 2012-2019 the original author or authors.
2+
* Copyright 2012-2020 the original author or authors.
33
*
44
* Licensed under the Apache License, Version 2.0 (the "License");
55
* you may not use this file except in compliance with the License.
@@ -37,8 +37,8 @@
3737

3838
import org.springframework.boot.web.server.Http2;
3939
import org.springframework.boot.web.server.Ssl;
40+
import org.springframework.boot.web.server.SslConfigurationValidator;
4041
import org.springframework.boot.web.server.SslStoreProvider;
41-
import org.springframework.boot.web.server.SslUtils;
4242
import org.springframework.boot.web.server.WebServerException;
4343
import org.springframework.util.Assert;
4444
import org.springframework.util.ClassUtils;
@@ -50,6 +50,7 @@
5050
*
5151
* @author Brian Clozel
5252
* @author Olivier Lamy
53+
* @author Chris Bono
5354
*/
5455
class SslServerCustomizer implements JettyServerCustomizer {
5556

@@ -245,7 +246,7 @@ static class SslValidatingServerConnector extends ServerConnector {
245246
@Override
246247
protected void doStart() throws Exception {
247248
super.doStart();
248-
SslUtils.assertStoreContainsAlias(this.sslContextFactory.getKeyStore(), this.keyAlias);
249+
SslConfigurationValidator.validateKeyAlias(this.sslContextFactory.getKeyStore(), this.keyAlias);
249250
}
250251

251252
}

spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/netty/SslServerCustomizer.java

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright 2012-2019 the original author or authors.
2+
* Copyright 2012-2020 the original author or authors.
33
*
44
* Licensed under the Apache License, Version 2.0 (the "License");
55
* you may not use this file except in compliance with the License.
@@ -43,8 +43,8 @@
4343

4444
import org.springframework.boot.web.server.Http2;
4545
import org.springframework.boot.web.server.Ssl;
46+
import org.springframework.boot.web.server.SslConfigurationValidator;
4647
import org.springframework.boot.web.server.SslStoreProvider;
47-
import org.springframework.boot.web.server.SslUtils;
4848
import org.springframework.boot.web.server.WebServerException;
4949
import org.springframework.util.ResourceUtils;
5050

@@ -107,8 +107,7 @@ else if (this.ssl.getClientAuth() == Ssl.ClientAuth.WANT) {
107107
protected KeyManagerFactory getKeyManagerFactory(Ssl ssl, SslStoreProvider sslStoreProvider) {
108108
try {
109109
KeyStore keyStore = getKeyStore(ssl, sslStoreProvider);
110-
SslUtils.assertStoreContainsAlias(keyStore, ssl.getKeyAlias());
111-
110+
SslConfigurationValidator.validateKeyAlias(keyStore, ssl.getKeyAlias());
112111
KeyManagerFactory keyManagerFactory = (ssl.getKeyAlias() == null)
113112
? KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm())
114113
: new ConfigurableAliasKeyManagerFactory(ssl.getKeyAlias(),

spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/undertow/SslBuilderCustomizer.java

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright 2012-2019 the original author or authors.
2+
* Copyright 2012-2020 the original author or authors.
33
*
44
* Licensed under the Apache License, Version 2.0 (the "License");
55
* you may not use this file except in compliance with the License.
@@ -40,8 +40,8 @@
4040
import org.xnio.SslClientAuthMode;
4141

4242
import org.springframework.boot.web.server.Ssl;
43+
import org.springframework.boot.web.server.SslConfigurationValidator;
4344
import org.springframework.boot.web.server.SslStoreProvider;
44-
import org.springframework.boot.web.server.SslUtils;
4545
import org.springframework.boot.web.server.WebServerException;
4646
import org.springframework.util.ResourceUtils;
4747

@@ -108,8 +108,7 @@ private SslClientAuthMode getSslClientAuthMode(Ssl ssl) {
108108
private KeyManager[] getKeyManagers(Ssl ssl, SslStoreProvider sslStoreProvider) {
109109
try {
110110
KeyStore keyStore = getKeyStore(ssl, sslStoreProvider);
111-
SslUtils.assertStoreContainsAlias(keyStore, ssl.getKeyAlias());
112-
111+
SslConfigurationValidator.validateKeyAlias(keyStore, ssl.getKeyAlias());
113112
KeyManagerFactory keyManagerFactory = KeyManagerFactory
114113
.getInstance(KeyManagerFactory.getDefaultAlgorithm());
115114
char[] keyPassword = (ssl.getKeyPassword() != null) ? ssl.getKeyPassword().toCharArray() : null;

spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/server/SslUtils.java renamed to spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/server/SslConfigurationValidator.java

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright 2012-2019 the original author or authors.
2+
* Copyright 2012-2020 the original author or authors.
33
*
44
* Licensed under the Apache License, Version 2.0 (the "License");
55
* you may not use this file except in compliance with the License.
@@ -26,14 +26,14 @@
2626
* Provides utilities around SSL.
2727
*
2828
* @author Chris Bono
29-
* @since 2.1.x
29+
* @since 2.1.13
3030
*/
31-
public final class SslUtils {
31+
public final class SslConfigurationValidator {
3232

33-
private SslUtils() {
33+
private SslConfigurationValidator() {
3434
}
3535

36-
public static void assertStoreContainsAlias(KeyStore keyStore, String keyAlias) {
36+
public static void validateKeyAlias(KeyStore keyStore, String keyAlias) {
3737
if (!StringUtils.isEmpty(keyAlias)) {
3838
try {
3939
Assert.state(keyStore.containsAlias(keyAlias),

spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/netty/NettyReactiveWebServerFactoryTests.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright 2012-2019 the original author or authors.
2+
* Copyright 2012-2020 the original author or authors.
33
*
44
* Licensed under the Apache License, Version 2.0 (the "License");
55
* you may not use this file except in compliance with the License.

spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/tomcat/TomcatServletWebServerFactoryTests.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright 2012-2019 the original author or authors.
2+
* Copyright 2012-2020 the original author or authors.
33
*
44
* Licensed under the Apache License, Version 2.0 (the "License");
55
* you may not use this file except in compliance with the License.

spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/reactive/server/AbstractReactiveWebServerFactoryTests.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright 2012-2019 the original author or authors.
2+
* Copyright 2012-2020 the original author or authors.
33
*
44
* Licensed under the Apache License, Version 2.0 (the "License");
55
* you may not use this file except in compliance with the License.

spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/server/SslUtilsTest.java renamed to spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/server/SslConfigurationValidatorTest.java

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -27,12 +27,12 @@
2727
import static org.assertj.core.api.Assertions.assertThatThrownBy;
2828

2929
/**
30-
* Tests for {@link SslUtils}.
30+
* Tests for {@link SslConfigurationValidator}.
3131
*
3232
* @author Chris Bono
3333
*/
3434

35-
public class SslUtilsTest {
35+
public class SslConfigurationValidatorTest {
3636

3737
private static final String VALID_ALIAS = "test-alias";
3838

@@ -47,31 +47,31 @@ public void loadKeystore() throws Exception {
4747
}
4848

4949
@Test
50-
public void assertStoreContainsAliasPassesWhenAliasFound() throws KeyStoreException {
51-
SslUtils.assertStoreContainsAlias(this.keyStore, VALID_ALIAS);
50+
public void validateKeyAliasWhenAliasFoundShouldNotFail() {
51+
SslConfigurationValidator.validateKeyAlias(this.keyStore, VALID_ALIAS);
5252
}
5353

5454
@Test
55-
public void assertStoreContainsAliasPassesWhenNullAlias() throws KeyStoreException {
56-
SslUtils.assertStoreContainsAlias(this.keyStore, null);
55+
public void validateKeyAliasWhenNullAliasShouldNotFail() {
56+
SslConfigurationValidator.validateKeyAlias(this.keyStore, null);
5757
}
5858

5959
@Test
60-
public void assertStoreContainsAliasPassesWhenEmptyAlias() throws KeyStoreException {
61-
SslUtils.assertStoreContainsAlias(this.keyStore, "");
60+
public void validateKeyAliasWhenEmptyAliasShouldNotFail() {
61+
SslConfigurationValidator.validateKeyAlias(this.keyStore, "");
6262
}
6363

6464
@Test
65-
public void assertStoreContainsAliasFailsWhenAliasNotFound() throws KeyStoreException {
66-
assertThatThrownBy(() -> SslUtils.assertStoreContainsAlias(this.keyStore, INVALID_ALIAS))
65+
public void validateKeyAliasWhenAliasNotFoundShouldThrowException() {
66+
assertThatThrownBy(() -> SslConfigurationValidator.validateKeyAlias(this.keyStore, INVALID_ALIAS))
6767
.isInstanceOf(IllegalStateException.class)
6868
.hasMessage("Keystore does not contain specified alias '" + INVALID_ALIAS + "'");
6969
}
7070

7171
@Test
72-
public void assertStoreContainsAliasFailsWhenKeyStoreThrowsExceptionOnContains() throws KeyStoreException {
72+
public void validateKeyAliasWhenKeyStoreThrowsExceptionOnContains() throws KeyStoreException {
7373
KeyStore uninitializedKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());
74-
assertThatThrownBy(() -> SslUtils.assertStoreContainsAlias(uninitializedKeyStore, "alias"))
74+
assertThatThrownBy(() -> SslConfigurationValidator.validateKeyAlias(uninitializedKeyStore, "alias"))
7575
.isInstanceOf(IllegalStateException.class)
7676
.hasMessage("Could not determine if keystore contains alias 'alias'");
7777
}

spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/servlet/server/AbstractServletWebServerFactoryTests.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright 2012-2019 the original author or authors.
2+
* Copyright 2012-2020 the original author or authors.
33
*
44
* Licensed under the Apache License, Version 2.0 (the "License");
55
* you may not use this file except in compliance with the License.

0 commit comments

Comments
 (0)