Ssl bundles not working because of wrong condition (#3641)

* Add test for ssl bundle configuration

* Fix support of ssl bundles

---------

Co-authored-by: Dimitar Popov <[email protected]>

spring-cloud-gateway-server/src/main/java/org/springframework/cloud/gateway/config/AbstractSslConfigurer.java

@@ -67,10 +67,7 @@ protected HttpClientProperties.Ssl getSslProperties() {
 	}
 
 	protected SslBundle getBundle() {
-		if (ssl.getSslBundle() == null || ssl.getSslBundle().length() > 0) {
-			return null;
-		}
-		if (bundles.getBundleNames().contains(ssl.getSslBundle())) {
+		if (ssl.getSslBundle() != null && ssl.getSslBundle().length() > 0 && bundles.getBundleNames().contains(ssl.getSslBundle())) {
 			return bundles.getBundle(ssl.getSslBundle());
 		}
 		return null;

spring-cloud-gateway-server/src/test/java/org/springframework/cloud/gateway/test/ssl/ClientCertAuthSSLBundleTests.java

@@ -0,0 +1,33 @@
+package org.springframework.cloud.gateway.test.ssl;
+
+import io.netty.handler.ssl.SslContextBuilder;
+import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
+import org.junit.jupiter.api.BeforeEach;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.ssl.SslBundles;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.http.client.reactive.ReactorClientHttpConnector;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.context.ActiveProfiles;
+import reactor.netty.http.client.HttpClient;
+
+import static org.springframework.boot.test.context.SpringBootTest.WebEnvironment.RANDOM_PORT;
+
+@SpringBootTest(webEnvironment = RANDOM_PORT)
+@DirtiesContext
+@ActiveProfiles("client-auth-ssl-bundle")
+public class ClientCertAuthSSLBundleTests extends SingleCertSSLTests {
+	@Autowired
+	private SslBundles sslBundles;
+
+	@BeforeEach
+	public void setup() throws Exception {
+		final var sslBundle = sslBundles.getBundle("scg-keystore-with-different-key-password");
+		final var sslContext = SslContextBuilder.forClient()
+				.trustManager(InsecureTrustManagerFactory.INSTANCE)
+				.keyManager(sslBundle.getManagers().getKeyManagerFactory())
+				.build();
+		HttpClient httpClient = HttpClient.create().secure(ssl -> ssl.sslContext(sslContext));
+		setup(new ReactorClientHttpConnector(httpClient), "https://localhost:" + port);
+	}
+}

spring-cloud-gateway-server/src/test/resources/application-client-auth-ssl-bundle.yml

@@ -0,0 +1,43 @@
+test:
+  uri: lb:https://testservice
+
+server:
+  ssl:
+    enabled: true
+    key-alias: scg
+    key-store-password: scg1234
+    key-password: keyscg1234
+    key-store: classpath:scg-keystore-with-different-key-password.jks
+    trust-store: classpath:scg-truststore.jks
+    trust-store-password: scg1234
+    trust-store-type: JKS
+    key-store-type: JKS
+    client-auth: Need
+spring:
+  cloud:
+    gateway:
+      httpclient:
+        ssl:
+          ssl-bundle: scg-keystore-with-different-key-password
+          trustedX509Certificates:
+          - src/test/resources/single-cert-for-different-key-password.pem
+      default-filters:
+      - PrefixPath=/httpbin
+      routes:
+      - id: default_path_to_httpbin
+        uri: ${test.uri}
+        order: 10000
+        predicates:
+        - name: Path
+          args:
+            pattern: /**
+  ssl:
+    bundle:
+      jks:
+        scg-keystore-with-different-key-password:
+          key:
+            password: keyscg1234
+          keystore:
+            type: JKS
+            location: classpath:scg-keystore-with-different-key-password.jks
+            password: scg1234