Merge pull request #19399 from bono007

* gh-19205:
  Polish "Add SSL support to RSocketServer"
  Add SSL support to RSocketServer

Closes gh-19399

Author: bclozel

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/rsocket/RSocketProperties.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2019 the original author or authors.
+ * Copyright 2012-2020 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,12 +19,15 @@
 import java.net.InetAddress;
 
 import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.boot.context.properties.NestedConfigurationProperty;
 import org.springframework.boot.rsocket.server.RSocketServer;
+import org.springframework.boot.web.server.Ssl;
 
 /**
  * {@link ConfigurationProperties properties} for RSocket support.
  *
  * @author Brian Clozel
+ * @author Chris Bono
  * @since 2.2.0
  */
 @ConfigurationProperties("spring.rsocket")
@@ -59,6 +62,9 @@ public static class Server {
 		 */
 		private String mappingPath;
 
+		@NestedConfigurationProperty
+		private Ssl ssl;
+
 		public Integer getPort() {
 			return this.port;
 		}
@@ -91,6 +97,14 @@ public void setMappingPath(String mappingPath) {
 			this.mappingPath = mappingPath;
 		}
 
+		public Ssl getSsl() {
+			return this.ssl;
+		}
+
+		public void setSsl(Ssl ssl) {
+			this.ssl = ssl;
+		}
+
 	}
 
 }

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/rsocket/RSocketServerAutoConfiguration.java

@@ -97,6 +97,7 @@ RSocketServerFactory rSocketServerFactory(RSocketProperties properties, ReactorR
 			PropertyMapper map = PropertyMapper.get().alwaysApplyingWhenNonNull();
 			map.from(properties.getServer().getAddress()).to(factory::setAddress);
 			map.from(properties.getServer().getPort()).to(factory::setPort);
+			map.from(properties.getServer().getSsl()).to(factory::setSsl);
 			factory.setRSocketServerCustomizers(customizers.orderedStream().collect(Collectors.toList()));
 			return factory;
 		}

spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/rsocket/RSocketServerAutoConfigurationTests.java

@@ -91,6 +91,18 @@ void shouldSetLocalServerPortWhenRSocketServerPortIsSet() {
 				});
 	}
 
+	@Test
+	void shouldUseSslWhenRocketServerSslIsConfigured() {
+		reactiveWebContextRunner()
+				.withPropertyValues("spring.rsocket.server.ssl.keyStore=classpath:rsocket/test.jks",
+						"spring.rsocket.server.ssl.keyPassword=password", "spring.rsocket.server.port=0")
+				.run((context) -> assertThat(context).hasSingleBean(RSocketServerFactory.class)
+						.hasSingleBean(RSocketServerBootstrap.class).hasSingleBean(RSocketServerCustomizer.class)
+						.getBean(RSocketServerFactory.class)
+						.hasFieldOrPropertyWithValue("ssl.keyStore", "classpath:rsocket/test.jks")
+						.hasFieldOrPropertyWithValue("ssl.keyPassword", "password"));
+	}
+
 	@Test
 	void shouldUseCustomServerBootstrap() {
 		contextRunner().withUserConfiguration(CustomServerBootstrapConfig.class).run((context) -> assertThat(context)

spring-boot-project/spring-boot-autoconfigure/src/test/resources/rsocket/test.jks

@@ -37,6 +37,9 @@
 import org.springframework.boot.rsocket.server.RSocketServer;
 import org.springframework.boot.rsocket.server.RSocketServerCustomizer;
 import org.springframework.boot.rsocket.server.RSocketServerFactory;
+import org.springframework.boot.web.embedded.netty.SslServerCustomizer;
+import org.springframework.boot.web.server.Ssl;
+import org.springframework.boot.web.server.SslStoreProvider;
 import org.springframework.http.client.reactive.ReactorResourceFactory;
 import org.springframework.util.Assert;
 
@@ -45,6 +48,7 @@
  * by Netty.
  *
  * @author Brian Clozel
+ * @author Chris Bono
  * @since 2.2.0
  */
 public class NettyRSocketServerFactory implements RSocketServerFactory, ConfigurableRSocketServerFactory {
@@ -61,6 +65,10 @@ public class NettyRSocketServerFactory implements RSocketServerFactory, Configur
 
 	private List<RSocketServerCustomizer> rSocketServerCustomizers = new ArrayList<>();
 
+	private Ssl ssl;
+
+	private SslStoreProvider sslStoreProvider;
+
 	@Override
 	public void setPort(int port) {
 		this.port = port;
@@ -76,6 +84,16 @@ public void setTransport(RSocketServer.Transport transport) {
 		this.transport = transport;
 	}
 
+	@Override
+	public void setSsl(Ssl ssl) {
+		this.ssl = ssl;
+	}
+
+	@Override
+	public void setSslStoreProvider(SslStoreProvider sslStoreProvider) {
+		this.sslStoreProvider = sslStoreProvider;
+	}
+
 	/**
 	 * Set the {@link ReactorResourceFactory} to get the shared resources from.
 	 * @param resourceFactory the server resources
@@ -133,21 +151,27 @@ private ServerTransport<CloseableChannel> createTransport() {
 	}
 
 	private ServerTransport<CloseableChannel> createWebSocketTransport() {
+		HttpServer httpServer = HttpServer.create();
 		if (this.resourceFactory != null) {
-			HttpServer httpServer = HttpServer.create().runOn(this.resourceFactory.getLoopResources())
-					.bindAddress(this::getListenAddress);
-			return WebsocketServerTransport.create(httpServer);
+			httpServer = httpServer.runOn(this.resourceFactory.getLoopResources());
+		}
+		if (this.ssl != null && this.ssl.isEnabled()) {
+			SslServerCustomizer sslServerCustomizer = new SslServerCustomizer(this.ssl, null, this.sslStoreProvider);
+			httpServer = sslServerCustomizer.apply(httpServer);
 		}
-		return WebsocketServerTransport.create(getListenAddress());
+		return WebsocketServerTransport.create(httpServer.bindAddress(this::getListenAddress));
 	}
 
 	private ServerTransport<CloseableChannel> createTcpTransport() {
+		TcpServer tcpServer = TcpServer.create();
 		if (this.resourceFactory != null) {
-			TcpServer tcpServer = TcpServer.create().runOn(this.resourceFactory.getLoopResources())
-					.bindAddress(this::getListenAddress);
-			return TcpServerTransport.create(tcpServer);
+			tcpServer = tcpServer.runOn(this.resourceFactory.getLoopResources());
 		}
-		return TcpServerTransport.create(getListenAddress());
+		if (this.ssl != null && this.ssl.isEnabled()) {
+			TcpSslServerCustomizer sslServerCustomizer = new TcpSslServerCustomizer(this.ssl, this.sslStoreProvider);
+			tcpServer = sslServerCustomizer.apply(tcpServer);
+		}
+		return TcpServerTransport.create(tcpServer.bindAddress(this::getListenAddress));
 	}
 
 	private InetSocketAddress getListenAddress() {
@@ -157,4 +181,21 @@ private InetSocketAddress getListenAddress() {
 		return new InetSocketAddress(this.port);
 	}
 
+	private static final class TcpSslServerCustomizer extends SslServerCustomizer {
+
+		private TcpSslServerCustomizer(Ssl ssl, SslStoreProvider sslStoreProvider) {
+			super(ssl, null, sslStoreProvider);
+		}
+
+		private TcpServer apply(TcpServer server) {
+			try {
+				return server.secure((contextSpec) -> contextSpec.sslContext(getContextBuilder()));
+			}
+			catch (Exception ex) {
+				throw new IllegalStateException(ex);
+			}
+		}
+
+	}
+
 }

spring-boot-project/spring-boot/src/main/java/org/springframework/boot/rsocket/netty/NettyRSocketServerFactory.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2019 the original author or authors.
+ * Copyright 2012-2020 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,6 +18,9 @@
 
 import java.net.InetAddress;
 
+import org.springframework.boot.web.server.Ssl;
+import org.springframework.boot.web.server.SslStoreProvider;
+
 /**
  * A configurable {@link RSocketServerFactory}.
  *
@@ -45,4 +48,16 @@ public interface ConfigurableRSocketServerFactory {
 	 */
 	void setTransport(RSocketServer.Transport transport);
 
+	/**
+	 * Sets the SSL configuration that will be applied to the server's default connector.
+	 * @param ssl the SSL configuration
+	 */
+	void setSsl(Ssl ssl);
+
+	/**
+	 * Sets a provider that will be used to obtain SSL stores.
+	 * @param sslStoreProvider the SSL store provider
+	 */
+	void setSslStoreProvider(SslStoreProvider sslStoreProvider);
+
 }