Simplify usage of custom ssl configuration #805
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR is a followup of the following earlier PR #673 Although that pull request didn't get merged, the code changes has been comitted to the main branch by the main developer, see here for the specific commit: b0df981
Context
With the earlier commit it is now possible to programatically configure the ssl configuration of tomcat instead of using properties and delegating to tomcat to construct the ssl configuration. This opens the possibility of reloading the ssl configuration or other customizations as shown also here: sslcontext-kickstart
Problem statement
Boilerplate code is needed by the end-user to provide a custom ssl configuration. Tomcat takes a custom SSLContext, the full name is
org.apache.tomcat.util.net.SSLContext
while the end-user hasjavax.net.ssl.SSLContext
. So the end-user is required to create an implementation oforg.apache.tomcat.util.net.SSLContext
which acts as a wrapper. This sslcontext needs to be passed toSSLHostConfigCertificate
to further configure the server.Solution
Provide a helper class which acts as a wrapper to reduce the boilerplate code. The utility interface is able to provide a method to wrap the required objects, in this case
javax.net.ssl.SSLContext
, KeyManager, TrustManager in aorg.apache.tomcat.util.net.SSLContext
Example usage
Below is an example usage with Spring Boot and Tomcat
In the past I created the same PR, but I assumed it would not get merged and therefor I gave up and closed the PR. But I still think it is useful and decided the recreate the PR to give it another shot. Looking forward to your feedback and decision for this PR.