Provide centralized configuration of SSL properties

Closes gh-34814

Author: scottfrederick

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/resources/META-INF/additional-spring-configuration-metadata.json

@@ -2064,6 +2064,10 @@
         "level": "error"
       }
     },
+    {
+      "name": "management.server.ssl.bundle",
+      "description": "The name of a configured SSL bundle."
+    },
     {
       "name": "management.server.ssl.certificate",
       "description": "Path to a PEM-encoded SSL certificate file."

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/rsocket/RSocketServerAutoConfiguration.java

@@ -37,6 +37,7 @@
 import org.springframework.boot.rsocket.netty.NettyRSocketServerFactory;
 import org.springframework.boot.rsocket.server.RSocketServerCustomizer;
 import org.springframework.boot.rsocket.server.RSocketServerFactory;
+import org.springframework.boot.ssl.SslBundles;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Conditional;
 import org.springframework.context.annotation.Configuration;
@@ -54,6 +55,7 @@
  * server port is configured, a new standalone RSocket server is created.
  *
  * @author Brian Clozel
+ * @author Scott Frederick
  * @since 2.2.0
  */
 @AutoConfiguration(after = RSocketStrategiesAutoConfiguration.class)
@@ -85,7 +87,7 @@ static class EmbeddedServerConfiguration {
 		@Bean
 		@ConditionalOnMissingBean
 		RSocketServerFactory rSocketServerFactory(RSocketProperties properties, ReactorResourceFactory resourceFactory,
-				ObjectProvider<RSocketServerCustomizer> customizers) {
+				ObjectProvider<RSocketServerCustomizer> customizers, ObjectProvider<SslBundles> sslBundles) {
 			NettyRSocketServerFactory factory = new NettyRSocketServerFactory();
 			factory.setResourceFactory(resourceFactory);
 			factory.setTransport(properties.getServer().getTransport());
@@ -94,6 +96,7 @@ RSocketServerFactory rSocketServerFactory(RSocketProperties properties, ReactorR
 			map.from(properties.getServer().getPort()).to(factory::setPort);
 			map.from(properties.getServer().getFragmentSize()).to(factory::setFragmentSize);
 			map.from(properties.getServer().getSsl()).to(factory::setSsl);
+			factory.setSslBundles(sslBundles.getIfAvailable());
 			factory.setRSocketServerCustomizers(customizers.orderedStream().toList());
 			return factory;
 		}

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/ssl/JksSslBundleProperties.java

@@ -0,0 +1,108 @@
+/*
+ * Copyright 2012-2023 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.boot.autoconfigure.ssl;
+
+import org.springframework.boot.ssl.jks.JksSslStoreBundle;
+
+/**
+ * {@link SslBundleProperties} for Java keystores.
+ *
+ * @author Scott Frederick
+ * @author Phillip Webb
+ * @since 3.1.0
+ * @see JksSslStoreBundle
+ */
+public class JksSslBundleProperties extends SslBundleProperties {
+
+	/**
+	 * Keystore properties.
+	 */
+	private final Store keystore = new Store();
+
+	/**
+	 * Truststore properties.
+	 */
+	private final Store truststore = new Store();
+
+	public Store getKeystore() {
+		return this.keystore;
+	}
+
+	public Store getTruststore() {
+		return this.truststore;
+	}
+
+	/**
+	 * Store properties.
+	 */
+	public static class Store {
+
+		/**
+		 * Type of the store to create, e.g. JKS.
+		 */
+		private String type;
+
+		/**
+		 * Provider for the store.
+		 */
+		private String provider;
+
+		/**
+		 * Location of the resource containing the store content.
+		 */
+		private String location;
+
+		/**
+		 * Password used to access the store.
+		 */
+		private String password;
+
+		public String getType() {
+			return this.type;
+		}
+
+		public void setType(String type) {
+			this.type = type;
+		}
+
+		public String getProvider() {
+			return this.provider;
+		}
+
+		public void setProvider(String provider) {
+			this.provider = provider;
+		}
+
+		public String getLocation() {
+			return this.location;
+		}
+
+		public void setLocation(String location) {
+			this.location = location;
+		}
+
+		public String getPassword() {
+			return this.password;
+		}
+
+		public void setPassword(String password) {
+			this.password = password;
+		}
+
+	}
+
+}

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/ssl/PemSslBundleProperties.java

@@ -0,0 +1,95 @@
+/*
+ * Copyright 2012-2023 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.boot.autoconfigure.ssl;
+
+import org.springframework.boot.ssl.pem.PemSslStoreBundle;
+
+/**
+ * {@link SslBundleProperties} for PEM-encoded certificates and private keys.
+ *
+ * @author Scott Frederick
+ * @author Phillip Webb
+ * @since 3.1.0
+ * @see PemSslStoreBundle
+ */
+public class PemSslBundleProperties extends SslBundleProperties {
+
+	/**
+	 * Keystore properties.
+	 */
+	private Store keystore = new Store();
+
+	/**
+	 * Truststore properties.
+	 */
+	private Store truststore = new Store();
+
+	public Store getKeystore() {
+		return this.keystore;
+	}
+
+	public Store getTruststore() {
+		return this.truststore;
+	}
+
+	/**
+	 * Store properties.
+	 */
+	public static class Store {
+
+		/**
+		 * Type of the store to create, e.g. JKS.
+		 */
+		String type;
+
+		/**
+		 * Location or content of the certificate in PEM format.
+		 */
+		String certificate;
+
+		/**
+		 * Location or content of the private key in PEM format.
+		 */
+		String privateKey;
+
+		public String getType() {
+			return this.type;
+		}
+
+		public void setType(String type) {
+			this.type = type;
+		}
+
+		public String getCertificate() {
+			return this.certificate;
+		}
+
+		public void setCertificate(String certificate) {
+			this.certificate = certificate;
+		}
+
+		public String getPrivateKey() {
+			return this.privateKey;
+		}
+
+		public void setPrivateKey(String privateKey) {
+			this.privateKey = privateKey;
+		}
+
+	}
+
+}

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/ssl/PropertiesSslBundle.java

@@ -0,0 +1,131 @@
+/*
+ * Copyright 2012-2023 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.boot.autoconfigure.ssl;
+
+import org.springframework.boot.autoconfigure.ssl.SslBundleProperties.Key;
+import org.springframework.boot.ssl.SslBundle;
+import org.springframework.boot.ssl.SslBundleKey;
+import org.springframework.boot.ssl.SslManagerBundle;
+import org.springframework.boot.ssl.SslOptions;
+import org.springframework.boot.ssl.SslStoreBundle;
+import org.springframework.boot.ssl.jks.JksSslStoreBundle;
+import org.springframework.boot.ssl.jks.JksSslStoreDetails;
+import org.springframework.boot.ssl.pem.PemSslStoreBundle;
+import org.springframework.boot.ssl.pem.PemSslStoreDetails;
+
+/**
+ * {@link SslBundle} backed by {@link JksSslBundleProperties} or
+ * {@link PemSslBundleProperties}.
+ *
+ * @author Scott Frederick
+ * @author Phillip Webb
+ * @since 3.1.0
+ */
+public final class PropertiesSslBundle implements SslBundle {
+
+	private final SslStoreBundle stores;
+
+	private final SslBundleKey key;
+
+	private final SslOptions options;
+
+	private final String protocol;
+
+	private final SslManagerBundle managers;
+
+	private PropertiesSslBundle(SslStoreBundle stores, SslBundleProperties properties) {
+		this.stores = stores;
+		this.key = asSslKeyReference(properties.getKey());
+		this.options = asSslOptions(properties.getOptions());
+		this.protocol = properties.getProtocol();
+		this.managers = SslManagerBundle.from(this.stores, this.key);
+	}
+
+	private static SslBundleKey asSslKeyReference(Key key) {
+		return (key != null) ? SslBundleKey.of(key.getPassword(), key.getAlias()) : SslBundleKey.NONE;
+	}
+
+	private static SslOptions asSslOptions(SslBundleProperties.Options properties) {
+		return (properties != null) ? SslOptions.of(properties.getCiphers(), properties.getEnabledProtocols())
+				: SslOptions.NONE;
+	}
+
+	@Override
+	public SslStoreBundle getStores() {
+		return this.stores;
+	}
+
+	@Override
+	public SslBundleKey getKey() {
+		return this.key;
+	}
+
+	@Override
+	public SslOptions getOptions() {
+		return this.options;
+	}
+
+	@Override
+	public String getProtocol() {
+		return this.protocol;
+	}
+
+	@Override
+	public SslManagerBundle getManagers() {
+		return this.managers;
+	}
+
+	/**
+	 * Get an {@link SslBundle} for the given {@link PemSslBundleProperties}.
+	 * @param properties the source properties
+	 * @return an {@link SslBundle} instance
+	 */
+	public static SslBundle get(PemSslBundleProperties properties) {
+		return new PropertiesSslBundle(asSslStoreBundle(properties), properties);
+	}
+
+	/**
+	 * Get an {@link SslBundle} for the given {@link JksSslBundleProperties}.
+	 * @param properties the source properties
+	 * @return an {@link SslBundle} instance
+	 */
+	public static SslBundle get(JksSslBundleProperties properties) {
+		return new PropertiesSslBundle(asSslStoreBundle(properties), properties);
+	}
+
+	private static SslStoreBundle asSslStoreBundle(PemSslBundleProperties properties) {
+		PemSslStoreDetails keyStoreDetails = asStoreDetails(properties.getKeystore());
+		PemSslStoreDetails trustStoreDetails = asStoreDetails(properties.getTruststore());
+		return new PemSslStoreBundle(keyStoreDetails, trustStoreDetails, properties.getKey().getAlias());
+	}
+
+	private static PemSslStoreDetails asStoreDetails(PemSslBundleProperties.Store properties) {
+		return new PemSslStoreDetails(properties.getType(), properties.getCertificate(), properties.getPrivateKey());
+	}
+
+	private static SslStoreBundle asSslStoreBundle(JksSslBundleProperties properties) {
+		JksSslStoreDetails keyStoreDetails = asStoreDetails(properties.getKeystore());
+		JksSslStoreDetails trustStoreDetails = asStoreDetails(properties.getTruststore());
+		return new JksSslStoreBundle(keyStoreDetails, trustStoreDetails);
+	}
+
+	private static JksSslStoreDetails asStoreDetails(JksSslBundleProperties.Store properties) {
+		return new JksSslStoreDetails(properties.getType(), properties.getProvider(), properties.getLocation(),
+				properties.getPassword());
+	}
+
+}