Update `SslOptions` so that `null` is used for default values rather
than empty sets. Most libraries use `null` to indicate defaults so
aligning our class makes things easier.
See gh-34814
Update Tomcat, Jetty, Undertow and Netty servers so that an SslBundle
is used to apply SSL configuration. Existing `Ssl` properties are
internally adapted to an `SslBundle` using the `WebServerSslBundle`
class. Additionally, if `Ssl.getBundle()` returns a non-null value the
the `SslBundles` bean will be used to find a registered bundle by name.
See gh-34814
Add auto-configuration for SSL bundles including new configuration
properties that can be used to define a bundle.
SSL bundle properties are provided under the `spring.ssl.bundle` key.
Currently `jks` and `pem` variants are support. Both are configured
as a `Map` where the bundle name is the key.
A typical example would be:
spring:
ssl:
bundle:
pem:
mybundle
key:
password: secret
keystore:
certificate: classpath:mycert.pem
private-key: classpath:mykey.pem
A `SslBundleRegistrar` interface is also provided to allow programmatic
contributions to the auto-configured `SslBundleRegistry`.
See gh-34814
Add classes to support SSL bundles which can be used to apply SSL
settings in a centralized way. An `SslBundle` can be registered with
an `SslBundleRegistry` and obtained from an `SslBundles` instance. The
`DefaultSslBundleRegistry` provides a default in-memory implementation.
Different client libraries often configure SSL in slightly different
ways. To accommodate this, the `SslBundle` provides a layered approach
of obtaining SSL information:
- `getStores` provides access to the key store and trust stores
as well as any required key store password.
- `getManagers` provides access to the `KeyManagerFactory`,
`TrustManagerFactory` as well as the `KeyManger` and
`TrustManager` arrays that they create.
- `createSslContext` provides a convenient way to obtain a new
`SSLContext` instance.
In addition, the `SslBundle` also provides details about the key being
used, the protocol to use and any options that should be applied to the
SSL engine.
See gh-34814
Prior to this commit, a failure to load a ConnectionDetailsFactory
caused startup to fail. This causes problems when some of a
factory's required classes were not available, for examle when using
spring-boot-docker-compose without Actuator.
Fixes gh-35100
This commit deprecates OAuth2ClientPropertiesRegistrationAdapter as
it wasn't really an adapter because it provides a static utility
method rather than adapting one contract to another. A replacement,
OAuth2ClientPropertiesMapper, is introduced that maps the OAuth2
client properties to the required types.
Closes gh-34714
This commit adds the following properties under
spring.security.oauth2.authorizationserver.client.[registration-id]:
* endpoint.device-authorization-uri
* endpoint.device-verification-uri
* token.device-code-time-to-live
See gh-34957
Phillip Webb
Scott Frederick
Andy Wilkinson
Madhura Bhave
Stephane Nicoll
Taeik Lim
Jonatan Ivanov
Claudio Nave
Martin BENDA
Steve Riesenberg