forked from spring-projects/spring-boot
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add SslInfoContributor and SslHealthIndicator
- Loading branch information
1 parent
1669268
commit 1c6695d
Showing
13 changed files
with
561 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
53 changes: 53 additions & 0 deletions
53
...springframework/boot/actuate/autoconfigure/ssl/SslHealthContributorAutoConfiguration.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,53 @@ | ||
| /* | ||
| * Copyright 2012-2024 the original author or authors. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * https://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package org.springframework.boot.actuate.autoconfigure.ssl; | ||
|
|
||
| import org.springframework.boot.actuate.autoconfigure.health.ConditionalOnEnabledHealthIndicator; | ||
| import org.springframework.boot.actuate.autoconfigure.health.HealthContributorAutoConfiguration; | ||
| import org.springframework.boot.actuate.ssl.SslHealthIndicator; | ||
| import org.springframework.boot.autoconfigure.AutoConfiguration; | ||
| import org.springframework.boot.autoconfigure.EnableAutoConfiguration; | ||
| import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; | ||
| import org.springframework.boot.context.properties.EnableConfigurationProperties; | ||
| import org.springframework.boot.info.SslInfo; | ||
| import org.springframework.boot.ssl.SslBundles; | ||
| import org.springframework.context.annotation.Bean; | ||
|
|
||
| /** | ||
| * {@link EnableAutoConfiguration Auto-configuration} for {@link SslHealthIndicator}. | ||
| * | ||
| * @author Jonatan Ivanov | ||
| * @since 3.4.0 | ||
| */ | ||
| @AutoConfiguration(before = HealthContributorAutoConfiguration.class) | ||
| @ConditionalOnEnabledHealthIndicator("ssl") | ||
| @EnableConfigurationProperties(SslHealthIndicatorProperties.class) | ||
| public class SslHealthContributorAutoConfiguration { | ||
|
|
||
| @Bean | ||
| @ConditionalOnMissingBean(name = "sslHealthIndicator") | ||
| public SslHealthIndicator sslHealthIndicator(SslInfo sslInfo) { | ||
| return new SslHealthIndicator(sslInfo); | ||
| } | ||
|
|
||
| @Bean | ||
| @ConditionalOnMissingBean | ||
| public SslInfo sslInfo(SslBundles sslBundles, SslHealthIndicatorProperties sslHealthIndicatorProperties) { | ||
| return new SslInfo(sslBundles, sslHealthIndicatorProperties.getCertificateValidityWarningThreshold()); | ||
| } | ||
|
|
||
| } |
47 changes: 47 additions & 0 deletions
47
...java/org/springframework/boot/actuate/autoconfigure/ssl/SslHealthIndicatorProperties.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| /* | ||
| * Copyright 2012-2024 the original author or authors. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * https://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package org.springframework.boot.actuate.autoconfigure.ssl; | ||
|
|
||
| import java.time.Duration; | ||
|
|
||
| import org.springframework.boot.actuate.ssl.SslHealthIndicator; | ||
| import org.springframework.boot.context.properties.ConfigurationProperties; | ||
|
|
||
| /** | ||
| * External configuration properties for {@link SslHealthIndicator}. | ||
| * | ||
| * @author Jonatan Ivanov | ||
| * @since 3.4.0 | ||
| */ | ||
| @ConfigurationProperties(prefix = "management.health.ssl") | ||
| public class SslHealthIndicatorProperties { | ||
|
|
||
| /** | ||
| * If the certificate will be invalid within the time span defined by this threshold, | ||
| * it should trigger a warning. | ||
| */ | ||
| private Duration certificateValidityWarningThreshold = Duration.ofDays(14); | ||
|
|
||
| public Duration getCertificateValidityWarningThreshold() { | ||
| return this.certificateValidityWarningThreshold; | ||
| } | ||
|
|
||
| public void setCertificateValidityWarningThreshold(Duration certificateValidityWarningThreshold) { | ||
| this.certificateValidityWarningThreshold = certificateValidityWarningThreshold; | ||
| } | ||
|
|
||
| } |
20 changes: 20 additions & 0 deletions
20
...figure/src/main/java/org/springframework/boot/actuate/autoconfigure/ssl/package-info.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| /* | ||
| * Copyright 2012-2024 the original author or authors. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * https://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| /** | ||
| * Auto-configuration for actuator ssl concerns. | ||
| */ | ||
| package org.springframework.boot.actuate.autoconfigure.ssl; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
41 changes: 41 additions & 0 deletions
41
...boot-actuator/src/main/java/org/springframework/boot/actuate/info/SslInfoContributor.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,41 @@ | ||
| /* | ||
| * Copyright 2012-2024 the original author or authors. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * https://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package org.springframework.boot.actuate.info; | ||
|
|
||
| import org.springframework.boot.actuate.info.Info.Builder; | ||
| import org.springframework.boot.info.SslInfo; | ||
|
|
||
| /** | ||
| * An {@link InfoContributor} that exposes {@link SslInfo}. | ||
| * | ||
| * @author Jonatan Ivanov | ||
| * @since 3.4.0 | ||
| */ | ||
| public class SslInfoContributor implements InfoContributor { | ||
|
|
||
| private final SslInfo sslInfo; | ||
|
|
||
| public SslInfoContributor(SslInfo sslInfo) { | ||
| this.sslInfo = sslInfo; | ||
| } | ||
|
|
||
| @Override | ||
| public void contribute(Builder builder) { | ||
| builder.withDetail("ssl", this.sslInfo); | ||
| } | ||
|
|
||
| } |
82 changes: 82 additions & 0 deletions
82
...-boot-actuator/src/main/java/org/springframework/boot/actuate/ssl/SslHealthIndicator.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,82 @@ | ||
| /* | ||
| * Copyright 2012-2024 the original author or authors. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * https://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package org.springframework.boot.actuate.ssl; | ||
|
|
||
| import java.util.List; | ||
| import java.util.Set; | ||
| import java.util.stream.Collectors; | ||
|
|
||
| import org.springframework.boot.actuate.health.AbstractHealthIndicator; | ||
| import org.springframework.boot.actuate.health.Health.Builder; | ||
| import org.springframework.boot.actuate.health.HealthIndicator; | ||
| import org.springframework.boot.actuate.health.Status; | ||
| import org.springframework.boot.info.SslInfo; | ||
| import org.springframework.boot.info.SslInfo.CertificateInfo; | ||
| import org.springframework.boot.info.SslInfo.CertificateInfo.Validity; | ||
|
|
||
| /** | ||
| * {@link HealthIndicator} that checks the certificates the application uses and reports | ||
| * {@link Status#OUT_OF_SERVICE} when a certificate is invalid or "WILL_EXPIRE_SOON" if it | ||
| * will expire within the configurable threshold. | ||
| * | ||
| * @author Jonatan Ivanov | ||
| * @since 3.4.0 | ||
| */ | ||
| public class SslHealthIndicator extends AbstractHealthIndicator { | ||
|
|
||
| private static final Status WILL_EXPIRE_SOON_STATUS = new Status(Validity.Status.WILL_EXPIRE_SOON.name(), | ||
| "One of the certificates will expire within the defined threshold."); | ||
|
|
||
| private final SslInfo sslInfo; | ||
|
|
||
| public SslHealthIndicator(SslInfo sslInfo) { | ||
| this.sslInfo = sslInfo; | ||
| } | ||
|
|
||
| @Override | ||
| protected void doHealthCheck(Builder builder) throws Exception { | ||
| List<CertificateInfo> notValidCertificates = this.sslInfo.getBundles() | ||
| .stream() | ||
| .flatMap((bundle) -> bundle.getCertificateChains().stream()) | ||
| .flatMap((certificateChain) -> certificateChain.getCertificates().stream()) | ||
| .filter((certificate) -> certificate.getValidity() != null) | ||
| .filter((certificate) -> certificate.getValidity().getStatus() != Validity.Status.VALID) | ||
| .toList(); | ||
|
|
||
| if (notValidCertificates.isEmpty()) { | ||
| builder.status(Status.UP); | ||
| } | ||
| else { | ||
| Set<Validity.Status> statuses = notValidCertificates.stream() | ||
| .map((certificate) -> certificate.getValidity().getStatus()) | ||
| .collect(Collectors.toUnmodifiableSet()); | ||
| if (statuses.contains(Validity.Status.EXPIRED) || statuses.contains(Validity.Status.NOT_YET_VALID)) { | ||
| builder.status(Status.OUT_OF_SERVICE); | ||
| } | ||
| else if (statuses.contains(Validity.Status.WILL_EXPIRE_SOON)) { | ||
| // TODO: Should we introduce Status.WARNING | ||
| // (returns 200 but indicates that something is not right)? | ||
| builder.status(WILL_EXPIRE_SOON_STATUS); | ||
| } | ||
| else { | ||
| builder.status(Status.OUT_OF_SERVICE); | ||
| } | ||
| builder.withDetail("certificates", notValidCertificates); | ||
| } | ||
| } | ||
|
|
||
| } |
20 changes: 20 additions & 0 deletions
20
...spring-boot-actuator/src/main/java/org/springframework/boot/actuate/ssl/package-info.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| /* | ||
| * Copyright 2012-2024 the original author or authors. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * https://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| /** | ||
| * Actuator support for ssl concerns. | ||
| */ | ||
| package org.springframework.boot.actuate.ssl; |
Oops, something went wrong.