From 49227485990827db1e8440b27b592740a815e90b Mon Sep 17 00:00:00 2001 From: hsiegeln <37154749+hsiegeln@users.noreply.github.com> Date: Sun, 19 Apr 2026 15:59:06 +0200 Subject: [PATCH] refactor(http): tighten SslContextBuilder throws clause, classpath test fixture, system trust-all test Co-Authored-By: Claude Opus 4.7 (1M context) --- .../cameleer/server/app/http/SslContextBuilder.java | 9 ++++++++- .../server/app/http/SslContextBuilderTest.java | 12 +++++++++++- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/cameleer-server-app/src/main/java/com/cameleer/server/app/http/SslContextBuilder.java b/cameleer-server-app/src/main/java/com/cameleer/server/app/http/SslContextBuilder.java index 3f47ed7e..9207a609 100644 --- a/cameleer-server-app/src/main/java/com/cameleer/server/app/http/SslContextBuilder.java +++ b/cameleer-server-app/src/main/java/com/cameleer/server/app/http/SslContextBuilder.java @@ -10,7 +10,11 @@ import javax.net.ssl.X509TrustManager; import java.io.IOException; import java.nio.file.Files; import java.nio.file.Path; +import java.security.KeyManagementException; import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.util.ArrayList; @@ -19,7 +23,9 @@ import java.util.List; public class SslContextBuilder { - public SSLContext build(OutboundHttpProperties systemProps, OutboundHttpRequestContext ctx) throws Exception { + public SSLContext build(OutboundHttpProperties systemProps, OutboundHttpRequestContext ctx) + throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException, + CertificateException, IOException { SSLContext sslContext = SSLContext.getInstance("TLS"); if (systemProps.trustAll() || ctx.trustMode() == com.cameleer.server.core.http.TrustMode.TRUST_ALL) { @@ -28,6 +34,7 @@ public class SslContextBuilder { } List extraCerts = new ArrayList<>(); + // System-level extras are always merged; per-request paths apply only in TRUST_PATHS mode. List paths = new ArrayList<>(systemProps.trustedCaPemPaths()); if (ctx.trustMode() == com.cameleer.server.core.http.TrustMode.TRUST_PATHS) { paths.addAll(ctx.trustedCaPemPaths()); diff --git a/cameleer-server-app/src/test/java/com/cameleer/server/app/http/SslContextBuilderTest.java b/cameleer-server-app/src/test/java/com/cameleer/server/app/http/SslContextBuilderTest.java index 1bed80b2..75693225 100644 --- a/cameleer-server-app/src/test/java/com/cameleer/server/app/http/SslContextBuilderTest.java +++ b/cameleer-server-app/src/test/java/com/cameleer/server/app/http/SslContextBuilderTest.java @@ -35,7 +35,7 @@ class SslContextBuilderTest { @Test void trustPathsLoadsPemFile() throws Exception { - Path pem = Path.of("src/test/resources/test-ca.pem"); + Path pem = Path.of(getClass().getClassLoader().getResource("test-ca.pem").toURI()); assertThat(pem).exists(); SSLContext ctx = builder.build(systemProps, new OutboundHttpRequestContext(TrustMode.TRUST_PATHS, List.of(pem.toString()), null, null)); @@ -49,4 +49,14 @@ class SslContextBuilderTest { .isInstanceOf(IllegalArgumentException.class) .hasMessageContaining("CA file not found"); } + + @Test + void systemTrustAllShortCircuitsEvenWithSystemDefaultContext() throws Exception { + OutboundHttpProperties trustAllProps = new OutboundHttpProperties( + true, List.of(), Duration.ofMillis(2000), Duration.ofMillis(5000), + null, null, null); + SSLContext ctx = builder.build(trustAllProps, OutboundHttpRequestContext.systemDefault()); + assertThat(ctx).isNotNull(); + assertThat(ctx.getProtocol()).isEqualTo("TLS"); + } }