Merge branch '2.1.x'

Author: wilkinsona

spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/jetty/SslServerCustomizer.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2018 the original author or authors.
+ * Copyright 2012-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -190,9 +190,9 @@ private void configureSslKeyStore(SslContextFactory factory, Ssl ssl) {
 			URL url = ResourceUtils.getURL(ssl.getKeyStore());
 			factory.setKeyStoreResource(Resource.newResource(url));
 		}
-		catch (IOException ex) {
+		catch (Exception ex) {
 			throw new WebServerException(
-					"Could not find key store '" + ssl.getKeyStore() + "'", ex);
+					"Could not load key store '" + ssl.getKeyStore() + "'", ex);
 		}
 		if (ssl.getKeyStoreType() != null) {
 			factory.setKeyStoreType(ssl.getKeyStoreType());

spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/netty/SslServerCustomizer.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2018 the original author or authors.
+ * Copyright 2012-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -31,13 +31,15 @@
 import org.springframework.boot.web.server.Http2;
 import org.springframework.boot.web.server.Ssl;
 import org.springframework.boot.web.server.SslStoreProvider;
+import org.springframework.boot.web.server.WebServerException;
 import org.springframework.util.ResourceUtils;
 
 /**
  * {@link NettyServerCustomizer} that configures SSL for the given Reactor Netty server
  * instance.
  *
  * @author Brian Clozel
+ * @author Raheela Aslam
  */
 public class SslServerCustomizer implements NettyServerCustomizer {
 
@@ -135,21 +137,42 @@ private KeyStore getTrustStore(Ssl ssl, SslStoreProvider sslStoreProvider)
 		if (sslStoreProvider != null) {
 			return sslStoreProvider.getTrustStore();
 		}
-		return loadKeyStore(ssl.getTrustStoreType(), ssl.getTrustStoreProvider(),
+		return loadTrustStore(ssl.getTrustStoreType(), ssl.getTrustStoreProvider(),
 				ssl.getTrustStore(), ssl.getTrustStorePassword());
 	}
 
 	private KeyStore loadKeyStore(String type, String provider, String resource,
 			String password) throws Exception {
-		type = (type != null) ? type : "JKS";
+
+		return loadStore(type, provider, resource, password);
+	}
+
+	private KeyStore loadTrustStore(String type, String provider, String resource,
+			String password) throws Exception {
 		if (resource == null) {
 			return null;
 		}
+		else {
+			return loadStore(type, provider, resource, password);
+		}
+	}
+
+	private KeyStore loadStore(String type, String provider, String resource,
+			String password) throws Exception {
+		type = (type != null) ? type : "JKS";
 		KeyStore store = (provider != null) ? KeyStore.getInstance(type, provider)
 				: KeyStore.getInstance(type);
-		URL url = ResourceUtils.getURL(resource);
-		store.load(url.openStream(), (password != null) ? password.toCharArray() : null);
-		return store;
+		try {
+			URL url = ResourceUtils.getURL(resource);
+			store.load(url.openStream(),
+					(password != null) ? password.toCharArray() : null);
+			return store;
+		}
+		catch (Exception ex) {
+			throw new WebServerException("Could not load key store '" + resource + "'",
+					ex);
+		}
+
 	}
 
 }

spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizer.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2018 the original author or authors.
+ * Copyright 2012-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -132,9 +132,9 @@ private void configureSslKeyStore(AbstractHttp11JsseProtocol<?> protocol, Ssl ss
 		try {
 			protocol.setKeystoreFile(ResourceUtils.getURL(ssl.getKeyStore()).toString());
 		}
-		catch (FileNotFoundException ex) {
-			throw new WebServerException("Could not load key store: " + ex.getMessage(),
-					ex);
+		catch (Exception ex) {
+			throw new WebServerException(
+					"Could not load key store '" + ssl.getKeyStore() + "'", ex);
 		}
 		if (ssl.getKeyStoreType() != null) {
 			protocol.setKeystoreType(ssl.getKeyStoreType());

spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/undertow/SslBuilderCustomizer.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2018 the original author or authors.
+ * Copyright 2012-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -41,12 +41,14 @@
 
 import org.springframework.boot.web.server.Ssl;
 import org.springframework.boot.web.server.SslStoreProvider;
+import org.springframework.boot.web.server.WebServerException;
 import org.springframework.util.ResourceUtils;
 
 /**
  * {@link UndertowBuilderCustomizer} that configures SSL on the given builder instance.
  *
  * @author Brian Clozel
+ * @author Raheela Aslam
  */
 class SslBuilderCustomizer implements UndertowBuilderCustomizer {
 
@@ -166,21 +168,40 @@ private KeyStore getTrustStore(Ssl ssl, SslStoreProvider sslStoreProvider)
 		if (sslStoreProvider != null) {
 			return sslStoreProvider.getTrustStore();
 		}
-		return loadKeyStore(ssl.getTrustStoreType(), ssl.getTrustStoreProvider(),
+		return loadTrustStore(ssl.getTrustStoreType(), ssl.getTrustStoreProvider(),
 				ssl.getTrustStore(), ssl.getTrustStorePassword());
 	}
 
 	private KeyStore loadKeyStore(String type, String provider, String resource,
 			String password) throws Exception {
-		type = (type != null) ? type : "JKS";
+		return loadStore(type, provider, resource, password);
+	}
+
+	private KeyStore loadTrustStore(String type, String provider, String resource,
+			String password) throws Exception {
 		if (resource == null) {
 			return null;
 		}
+		else {
+			return loadStore(type, provider, resource, password);
+		}
+	}
+
+	private KeyStore loadStore(String type, String provider, String resource,
+			String password) throws Exception {
+		type = (type != null) ? type : "JKS";
 		KeyStore store = (provider != null) ? KeyStore.getInstance(type, provider)
 				: KeyStore.getInstance(type);
-		URL url = ResourceUtils.getURL(resource);
-		store.load(url.openStream(), (password != null) ? password.toCharArray() : null);
-		return store;
+		try {
+			URL url = ResourceUtils.getURL(resource);
+			store.load(url.openStream(),
+					(password != null) ? password.toCharArray() : null);
+			return store;
+		}
+		catch (Exception ex) {
+			throw new WebServerException("Could not load key store '" + resource + "'",
+					ex);
+		}
 	}
 
 	/**

spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/jetty/SslServerCustomizerTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2018 the original author or authors.
+ * Copyright 2012-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -26,10 +26,12 @@
 import org.eclipse.jetty.server.HttpConnectionFactory;
 import org.eclipse.jetty.server.Server;
 import org.eclipse.jetty.server.SslConnectionFactory;
+import org.eclipse.jetty.util.ssl.SslContextFactory;
 import org.junit.Test;
 
 import org.springframework.boot.web.server.Http2;
 import org.springframework.boot.web.server.Ssl;
+import org.springframework.boot.web.server.WebServerException;
 
 import static org.assertj.core.api.Assertions.assertThat;
 
@@ -78,6 +80,20 @@ public void alpnConnectionFactoryHasNullDefaultProtocolToAllowNegotiationToHttp1
 				.isNull();
 	}
 
+	@Test
+	public void configureSslWhenSslIsEnabledWithNoKeyStoreThrowsWebServerException()
+			throws Exception {
+		Ssl ssl = new Ssl();
+		SslServerCustomizer customizer = new SslServerCustomizer(null, ssl, null, null);
+		try {
+			customizer.configureSsl(new SslContextFactory(), ssl, null);
+		}
+		catch (Exception ex) {
+			assertThat(ex).isInstanceOf(WebServerException.class);
+			assertThat(ex).hasMessageContaining("Could not load key store 'null'");
+		}
+	}
+
 	private Server createCustomizedServer() {
 		return createCustomizedServer(new Http2());
 	}

spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/netty/SslServerCustomizerTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2018 the original author or authors.
+ * Copyright 2012-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,6 +21,7 @@
 import org.junit.Test;
 
 import org.springframework.boot.web.server.Ssl;
+import org.springframework.boot.web.server.WebServerException;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.junit.Assert.fail;
@@ -29,6 +30,7 @@
  * Tests for {@link SslServerCustomizer}.
  *
  * @author Andy Wilkinson
+ * @author Raheela Aslam
  */
 public class SslServerCustomizerTests {
 
@@ -68,4 +70,20 @@ public void trustStoreProviderIsUsedWhenCreatingTrustStore() throws Exception {
 		}
 	}
 
+	@Test
+	public void getKeyManagerFactoryWhenSslIsEnabledWithNoKeyStoreThrowsWebServerException()
+			throws Exception {
+		Ssl ssl = new Ssl();
+		SslServerCustomizer customizer = new SslServerCustomizer(ssl, null, null);
+		try {
+			customizer.getKeyManagerFactory(ssl, null);
+			fail();
+		}
+		catch (IllegalStateException ex) {
+			Throwable cause = ex.getCause();
+			assertThat(cause).isInstanceOf(WebServerException.class);
+			assertThat(cause).hasMessageContaining("Could not load key store 'null'");
+		}
+	}
+
 }

spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizerTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2018 the original author or authors.
+ * Copyright 2012-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -37,11 +37,13 @@
 import org.springframework.boot.testsupport.rule.OutputCapture;
 import org.springframework.boot.web.server.Ssl;
 import org.springframework.boot.web.server.SslStoreProvider;
+import org.springframework.boot.web.server.WebServerException;
 import org.springframework.core.io.ClassPathResource;
 import org.springframework.core.io.Resource;
 import org.springframework.test.util.ReflectionTestUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.Assert.fail;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 
@@ -189,6 +191,19 @@ public void customizeWhenSslStoreProviderPresentShouldIgnorePasswordFromSsl()
 		assertThat(this.output.toString()).doesNotContain("Password verification failed");
 	}
 
+	@Test
+	public void customizeWhenSslIsEnabledWithNoKeyStoreThrowsWebServerException() {
+		try {
+			new SslConnectorCustomizer(new Ssl(), null)
+					.customize(this.tomcat.getConnector());
+			fail();
+		}
+		catch (Exception ex) {
+			assertThat(ex).isInstanceOf(WebServerException.class);
+			assertThat(ex).hasMessageContaining("Could not load key store 'null'");
+		}
+	}
+
 	private KeyStore loadStore() throws KeyStoreException, IOException,
 			NoSuchAlgorithmException, CertificateException {
 		KeyStore keyStore = KeyStore.getInstance("JKS");

spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/undertow/SslBuilderCustomizerTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2018 the original author or authors.
+ * Copyright 2012-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -24,6 +24,7 @@
 import org.junit.Test;
 
 import org.springframework.boot.web.server.Ssl;
+import org.springframework.boot.web.server.WebServerException;
 import org.springframework.test.util.ReflectionTestUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -33,6 +34,7 @@
  * Tests for {@link SslBuilderCustomizer}
  *
  * @author Brian Clozel
+ * @author Raheela Aslam
  */
 public class SslBuilderCustomizerTests {
 
@@ -88,4 +90,21 @@ public void trustStoreProviderIsUsedWhenCreatingTrustStore() throws Exception {
 		}
 	}
 
+	@Test
+	public void getKeyManagersWhenSslIsEnabledWithNoKeyStoreThrowsWebServerException()
+			throws Exception {
+		Ssl ssl = new Ssl();
+		SslBuilderCustomizer customizer = new SslBuilderCustomizer(8080,
+				InetAddress.getLocalHost(), ssl, null);
+		try {
+			ReflectionTestUtils.invokeMethod(customizer, "getKeyManagers", ssl, null);
+			fail();
+		}
+		catch (IllegalStateException ex) {
+			Throwable cause = ex.getCause();
+			assertThat(cause).isInstanceOf(WebServerException.class);
+			assertThat(cause).hasMessageContaining("Could not load key store 'null'");
+		}
+	}
+
 }

spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/reactive/server/AbstractReactiveWebServerFactoryTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2018 the original author or authors.
+ * Copyright 2012-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -62,6 +62,7 @@
 import org.springframework.web.reactive.function.client.WebClient;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
 /**
  * Base for testing classes that extends {@link AbstractReactiveWebServerFactory}.
@@ -291,6 +292,12 @@ public void noCompressionForUserAgent() {
 		assertResponseIsNotCompressed(response);
 	}
 
+	@Test
+	public void whenSslIsEnabledAndNoKeyStoreIsConfiguredThenServerFailsToStart() {
+		assertThatThrownBy(() -> testBasicSslWithKeyStore(null, null))
+				.hasMessageContaining("Could not load key store 'null'");
+	}
+
 	protected WebClient prepareCompressionTest() {
 		Compression compression = new Compression();
 		compression.setEnabled(true);