diff --git a/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizer.java b/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizer.java index 75601111c1d..bbf29699a8f 100644 --- a/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizer.java +++ b/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizer.java @@ -1,5 +1,5 @@ /* - * Copyright 2012-2023 the original author or authors. + * Copyright 2012-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,7 +20,6 @@ import org.apache.catalina.connector.Connector; import org.apache.commons.logging.Log; import org.apache.coyote.ProtocolHandler; import org.apache.coyote.http11.AbstractHttp11JsseProtocol; -import org.apache.coyote.http11.Http11NioProtocol; import org.apache.tomcat.util.net.SSLHostConfig; import org.apache.tomcat.util.net.SSLHostConfigCertificate; import org.apache.tomcat.util.net.SSLHostConfigCertificate.Type; @@ -104,7 +103,7 @@ class SslConnectorCustomizer { String ciphers = StringUtils.arrayToCommaDelimitedString(options.getCiphers()); sslHostConfig.setCiphers(ciphers); } - configureSslStoreProvider(protocol, sslHostConfig, certificate, stores); + configureSslStores(sslHostConfig, certificate, stores); configureEnabledProtocols(sslHostConfig, options); } @@ -119,10 +118,8 @@ class SslConnectorCustomizer { config.setCertificateVerification(ClientAuth.map(this.clientAuth, "none", "optional", "required")); } - private void configureSslStoreProvider(AbstractHttp11JsseProtocol protocol, SSLHostConfig sslHostConfig, - SSLHostConfigCertificate certificate, SslStoreBundle stores) { - Assert.isInstanceOf(Http11NioProtocol.class, protocol, - "SslStoreProvider can only be used with Http11NioProtocol"); + private void configureSslStores(SSLHostConfig sslHostConfig, SSLHostConfigCertificate certificate, + SslStoreBundle stores) { try { if (stores.getKeyStore() != null) { certificate.setCertificateKeystore(stores.getKeyStore()); diff --git a/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/tomcat/TomcatServletWebServerFactoryTests.java b/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/tomcat/TomcatServletWebServerFactoryTests.java index 67eb768b9d3..c3236a95174 100644 --- a/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/tomcat/TomcatServletWebServerFactoryTests.java +++ b/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/tomcat/TomcatServletWebServerFactoryTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2012-2023 the original author or authors. + * Copyright 2012-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -60,6 +60,7 @@ import org.apache.catalina.util.CharsetMapper; import org.apache.catalina.valves.RemoteIpValve; import org.apache.coyote.ProtocolHandler; import org.apache.coyote.http11.AbstractHttp11Protocol; +import org.apache.coyote.http11.Http11Nio2Protocol; import org.apache.hc.client5.http.HttpHostConnectException; import org.apache.hc.client5.http.classic.HttpClient; import org.apache.hc.client5.http.impl.classic.HttpClients; @@ -682,6 +683,20 @@ class TomcatServletWebServerFactoryTests extends AbstractServletWebServerFactory assertThat(verifier.getLastPrincipal()).isEqualTo("CN=2"); } + @Test + void sslWithHttp11Nio2Protocol() throws Exception { + TomcatServletWebServerFactory factory = getFactory(); + addTestTxtFile(factory); + factory.setProtocol(Http11Nio2Protocol.class.getName()); + factory.setSsl(getSsl(null, "password", "src/test/resources/test.jks")); + this.webServer = factory.getWebServer(); + this.webServer.start(); + SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory( + new SSLContextBuilder().loadTrustMaterial(null, new TrustSelfSignedStrategy()).build()); + HttpComponentsClientHttpRequestFactory requestFactory = createHttpComponentsRequestFactory(socketFactory); + assertThat(getResponse(getLocalUrl("https", "/test.txt"), requestFactory)).isEqualTo("test"); + } + @Override protected JspServlet getJspServlet() throws ServletException { Tomcat tomcat = ((TomcatWebServer) this.webServer).getTomcat();