In my team's code base, we have upgraded to Spring Boot 3.2 and we would like to create multiple TLS configurations with the use of SSL Bundles. We must keep backward compatibility, though, so we have to allow people to configure SSL in the legacy way, by using javax.net.ssl.*, and server.ssl.* entries in application.properties files.
In looking at the Spring Boot 3 documentation, the new style of configuration makes it easy to create SSL bundles. However, I have done a decent amount of searching and, either I am not using the right terms, or this concept is a little bit too new at the moment, but I cannot find a way to bridge the gap (programmatically) between the legacy configuration, and the new SSL bundles.
I would like to know if I can do something like creating a @Configuration class with some manual programmatic conversion to SSL bundles. There is, of course, the SslBundle interface, and I can create implementations of that, but I am not entirely sure if that is the right approach. Is there something that I have missed (e.g., in the spring boot docs)? Have any of you already figured out a good migration strategy?
For anyone who happens to search for the same thing, the solution was relatively straightforward, and easier than I had expected. Doing something like this is really all that you need:
SslStoreBundle sslStoreBundle = SslStoreBundle.of(keystore, keystorePassword, trustStore);
SslBundleKey sslBundleKey = SslBundleKey.of(keystorePassword, keyAlias);
SslOptions sslOptions = SslOptions.of(ciphers, protocols);
SslManagerBundle sslManagerBundle = SslManagerBundle.from(sslStoreBundle, sslBundleKey);
SslBundle sslBundle = SslBundle.of(sslStoreBundle, sslBundleKey, sslOptions, protocol, sslManagerBundle);
sslBundleRegistry.registerBundle("ssl-bundle-name", sslBundle);
If anyone has something better, please post here, too.