cameleer/cameleer-server
1
0
Fork 0
Code Issues 41 Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(http): tighten SslContextBuilder throws clause, classpath test fixture, system trust-all test

Browse Source 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
2026-04-19 15:59:06 +02:00
parent 262ee91684
commit 4922748599
2 changed files with 19 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
cameleer-server-app/src/main/java/com/cameleer/server/app/http/SslContextBuilder.java
View File

@@ -10,7 +10,11 @@ import javax.net.ssl.X509TrustManager;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
@@ -19,7 +23,9 @@ import java.util.List;
public class SslContextBuilder {
public SSLContext build(OutboundHttpProperties systemProps, OutboundHttpRequestContext ctx) throws Exception {
public SSLContext build(OutboundHttpProperties systemProps, OutboundHttpRequestContext ctx)
throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException,
CertificateException, IOException {
SSLContext sslContext = SSLContext.getInstance("TLS");
if (systemProps.trustAll() || ctx.trustMode() == com.cameleer.server.core.http.TrustMode.TRUST_ALL) {
@@ -28,6 +34,7 @@ public class SslContextBuilder {
}
List<X509Certificate> extraCerts = new ArrayList<>();
// System-level extras are always merged; per-request paths apply only in TRUST_PATHS mode.
List<String> paths = new ArrayList<>(systemProps.trustedCaPemPaths());
if (ctx.trustMode() == com.cameleer.server.core.http.TrustMode.TRUST_PATHS) {
paths.addAll(ctx.trustedCaPemPaths());

12
cameleer-server-app/src/test/java/com/cameleer/server/app/http/SslContextBuilderTest.java
View File

@@ -35,7 +35,7 @@ class SslContextBuilderTest {
@Test
void trustPathsLoadsPemFile() throws Exception {
Path pem = Path.of("src/test/resources/test-ca.pem");
Path pem = Path.of(getClass().getClassLoader().getResource("test-ca.pem").toURI());
assertThat(pem).exists();
SSLContext ctx = builder.build(systemProps,
new OutboundHttpRequestContext(TrustMode.TRUST_PATHS, List.of(pem.toString()), null, null));
@@ -49,4 +49,14 @@ class SslContextBuilderTest {
.isInstanceOf(IllegalArgumentException.class)
.hasMessageContaining("CA file not found");
}
@Test
void systemTrustAllShortCircuitsEvenWithSystemDefaultContext() throws Exception {
OutboundHttpProperties trustAllProps = new OutboundHttpProperties(
true, List.of(), Duration.ofMillis(2000), Duration.ofMillis(5000),
null, null, null);
SSLContext ctx = builder.build(trustAllProps, OutboundHttpRequestContext.systemDefault());
assertThat(ctx).isNotNull();
assertThat(ctx.getProtocol()).isEqualTo("TLS");
}
}