Introduce `WebClientSsl` interface and auto-configuration to allow a
WebClient builder to have custom SSL configuration applied.
The previous `ClientHttpConnectorConfiguration` has been been changed
to now create `ClientHttpConnectorFactory` instances which can be used
directly or by `AutoConfiguredWebClientSsl`.
Closes gh-18556
Update `SslOptions` so that `null` is used for default values rather
than empty sets. Most libraries use `null` to indicate defaults so
aligning our class makes things easier.
See gh-34814
Update Tomcat, Jetty, Undertow and Netty servers so that an SslBundle
is used to apply SSL configuration. Existing `Ssl` properties are
internally adapted to an `SslBundle` using the `WebServerSslBundle`
class. Additionally, if `Ssl.getBundle()` returns a non-null value the
the `SslBundles` bean will be used to find a registered bundle by name.
See gh-34814
Add auto-configuration for SSL bundles including new configuration
properties that can be used to define a bundle.
SSL bundle properties are provided under the `spring.ssl.bundle` key.
Currently `jks` and `pem` variants are support. Both are configured
as a `Map` where the bundle name is the key.
A typical example would be:
spring:
ssl:
bundle:
pem:
mybundle
key:
password: secret
keystore:
certificate: classpath:mycert.pem
private-key: classpath:mykey.pem
A `SslBundleRegistrar` interface is also provided to allow programmatic
contributions to the auto-configured `SslBundleRegistry`.
See gh-34814
Add classes to support SSL bundles which can be used to apply SSL
settings in a centralized way. An `SslBundle` can be registered with
an `SslBundleRegistry` and obtained from an `SslBundles` instance. The
`DefaultSslBundleRegistry` provides a default in-memory implementation.
Different client libraries often configure SSL in slightly different
ways. To accommodate this, the `SslBundle` provides a layered approach
of obtaining SSL information:
- `getStores` provides access to the key store and trust stores
as well as any required key store password.
- `getManagers` provides access to the `KeyManagerFactory`,
`TrustManagerFactory` as well as the `KeyManger` and
`TrustManager` arrays that they create.
- `createSslContext` provides a convenient way to obtain a new
`SSLContext` instance.
In addition, the `SslBundle` also provides details about the key being
used, the protocol to use and any options that should be applied to the
SSL engine.
See gh-34814
Prior to this commit, a failure to load a ConnectionDetailsFactory
caused startup to fail. This causes problems when some of a
factory's required classes were not available, for examle when using
spring-boot-docker-compose without Actuator.
Fixes gh-35100
Phillip Webb
Scott Frederick
Andy Wilkinson
Stephane Nicoll
Spring Builds
Madhura Bhave