mirror of
https://github.com/spring-projects/spring-boot.git
synced 2024-09-03 04:26:12 +08:00
Allow SSL to be used with Tomcat's Http11Nio2Protocol
Fixes gh-41007
This commit is contained in:
parent
217c2c862b
commit
fe536bf075
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2012-2023 the original author or authors.
|
* Copyright 2012-2024 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@ -20,7 +20,6 @@ import org.apache.catalina.connector.Connector;
|
|||||||
import org.apache.commons.logging.Log;
|
import org.apache.commons.logging.Log;
|
||||||
import org.apache.coyote.ProtocolHandler;
|
import org.apache.coyote.ProtocolHandler;
|
||||||
import org.apache.coyote.http11.AbstractHttp11JsseProtocol;
|
import org.apache.coyote.http11.AbstractHttp11JsseProtocol;
|
||||||
import org.apache.coyote.http11.Http11NioProtocol;
|
|
||||||
import org.apache.tomcat.util.net.SSLHostConfig;
|
import org.apache.tomcat.util.net.SSLHostConfig;
|
||||||
import org.apache.tomcat.util.net.SSLHostConfigCertificate;
|
import org.apache.tomcat.util.net.SSLHostConfigCertificate;
|
||||||
import org.apache.tomcat.util.net.SSLHostConfigCertificate.Type;
|
import org.apache.tomcat.util.net.SSLHostConfigCertificate.Type;
|
||||||
@ -104,7 +103,7 @@ class SslConnectorCustomizer {
|
|||||||
String ciphers = StringUtils.arrayToCommaDelimitedString(options.getCiphers());
|
String ciphers = StringUtils.arrayToCommaDelimitedString(options.getCiphers());
|
||||||
sslHostConfig.setCiphers(ciphers);
|
sslHostConfig.setCiphers(ciphers);
|
||||||
}
|
}
|
||||||
configureSslStoreProvider(protocol, sslHostConfig, certificate, stores);
|
configureSslStores(sslHostConfig, certificate, stores);
|
||||||
configureEnabledProtocols(sslHostConfig, options);
|
configureEnabledProtocols(sslHostConfig, options);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -119,10 +118,8 @@ class SslConnectorCustomizer {
|
|||||||
config.setCertificateVerification(ClientAuth.map(this.clientAuth, "none", "optional", "required"));
|
config.setCertificateVerification(ClientAuth.map(this.clientAuth, "none", "optional", "required"));
|
||||||
}
|
}
|
||||||
|
|
||||||
private void configureSslStoreProvider(AbstractHttp11JsseProtocol<?> protocol, SSLHostConfig sslHostConfig,
|
private void configureSslStores(SSLHostConfig sslHostConfig, SSLHostConfigCertificate certificate,
|
||||||
SSLHostConfigCertificate certificate, SslStoreBundle stores) {
|
SslStoreBundle stores) {
|
||||||
Assert.isInstanceOf(Http11NioProtocol.class, protocol,
|
|
||||||
"SslStoreProvider can only be used with Http11NioProtocol");
|
|
||||||
try {
|
try {
|
||||||
if (stores.getKeyStore() != null) {
|
if (stores.getKeyStore() != null) {
|
||||||
certificate.setCertificateKeystore(stores.getKeyStore());
|
certificate.setCertificateKeystore(stores.getKeyStore());
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2012-2023 the original author or authors.
|
* Copyright 2012-2024 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@ -60,6 +60,7 @@ import org.apache.catalina.util.CharsetMapper;
|
|||||||
import org.apache.catalina.valves.RemoteIpValve;
|
import org.apache.catalina.valves.RemoteIpValve;
|
||||||
import org.apache.coyote.ProtocolHandler;
|
import org.apache.coyote.ProtocolHandler;
|
||||||
import org.apache.coyote.http11.AbstractHttp11Protocol;
|
import org.apache.coyote.http11.AbstractHttp11Protocol;
|
||||||
|
import org.apache.coyote.http11.Http11Nio2Protocol;
|
||||||
import org.apache.hc.client5.http.HttpHostConnectException;
|
import org.apache.hc.client5.http.HttpHostConnectException;
|
||||||
import org.apache.hc.client5.http.classic.HttpClient;
|
import org.apache.hc.client5.http.classic.HttpClient;
|
||||||
import org.apache.hc.client5.http.impl.classic.HttpClients;
|
import org.apache.hc.client5.http.impl.classic.HttpClients;
|
||||||
@ -682,6 +683,20 @@ class TomcatServletWebServerFactoryTests extends AbstractServletWebServerFactory
|
|||||||
assertThat(verifier.getLastPrincipal()).isEqualTo("CN=2");
|
assertThat(verifier.getLastPrincipal()).isEqualTo("CN=2");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
void sslWithHttp11Nio2Protocol() throws Exception {
|
||||||
|
TomcatServletWebServerFactory factory = getFactory();
|
||||||
|
addTestTxtFile(factory);
|
||||||
|
factory.setProtocol(Http11Nio2Protocol.class.getName());
|
||||||
|
factory.setSsl(getSsl(null, "password", "src/test/resources/test.jks"));
|
||||||
|
this.webServer = factory.getWebServer();
|
||||||
|
this.webServer.start();
|
||||||
|
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
|
||||||
|
new SSLContextBuilder().loadTrustMaterial(null, new TrustSelfSignedStrategy()).build());
|
||||||
|
HttpComponentsClientHttpRequestFactory requestFactory = createHttpComponentsRequestFactory(socketFactory);
|
||||||
|
assertThat(getResponse(getLocalUrl("https", "/test.txt"), requestFactory)).isEqualTo("test");
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected JspServlet getJspServlet() throws ServletException {
|
protected JspServlet getJspServlet() throws ServletException {
|
||||||
Tomcat tomcat = ((TomcatWebServer) this.webServer).getTomcat();
|
Tomcat tomcat = ((TomcatWebServer) this.webServer).getTomcat();
|
||||||
|
Loading…
Reference in New Issue
Block a user