Add SslHealthIndicatorProperties

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/info/InfoContributorAutoConfiguration.java

@@ -16,8 +16,7 @@
 
 package org.springframework.boot.actuate.autoconfigure.info;
 
-import java.time.Duration;
-
+import org.springframework.boot.actuate.autoconfigure.ssl.SslHealthIndicatorProperties;
 import org.springframework.boot.actuate.info.BuildInfoContributor;
 import org.springframework.boot.actuate.info.EnvironmentInfoContributor;
 import org.springframework.boot.actuate.info.GitInfoContributor;
@@ -51,7 +50,7 @@
  * @since 2.0.0
  */
 @AutoConfiguration(after = ProjectInfoAutoConfiguration.class)
-@EnableConfigurationProperties(InfoContributorProperties.class)
+@EnableConfigurationProperties({ InfoContributorProperties.class, SslHealthIndicatorProperties.class })
 public class InfoContributorAutoConfiguration {
 
 	/**
@@ -115,9 +114,8 @@ public SslInfoContributor sslInfoContributor(SslInfo sslInfo) {
 	@Bean
 	@ConditionalOnMissingBean
 	@ConditionalOnEnabledInfoContributor(value = "ssl", fallback = InfoContributorFallback.DISABLE)
-	public SslInfo sslInfo(SslBundles sslBundles) {
-		// TODO: Get the certificateValidityThreshold from a property
-		return new SslInfo(sslBundles, Duration.ofDays(7));
+	public SslInfo sslInfo(SslBundles sslBundles, SslHealthIndicatorProperties sslHealthIndicatorProperties) {
+		return new SslInfo(sslBundles, sslHealthIndicatorProperties.getCertificateValidityWarningThreshold());
 	}
 
 }

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/ssl/SslHealthContributorAutoConfiguration.java

@@ -16,14 +16,13 @@
 
 package org.springframework.boot.actuate.autoconfigure.ssl;
 
-import java.time.Duration;
-
 import org.springframework.boot.actuate.autoconfigure.health.ConditionalOnEnabledHealthIndicator;
 import org.springframework.boot.actuate.autoconfigure.health.HealthContributorAutoConfiguration;
 import org.springframework.boot.actuate.ssl.SslHealthIndicator;
 import org.springframework.boot.autoconfigure.AutoConfiguration;
 import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.boot.info.SslInfo;
 import org.springframework.boot.ssl.SslBundles;
 import org.springframework.context.annotation.Bean;
@@ -36,6 +35,7 @@
  */
 @AutoConfiguration(before = HealthContributorAutoConfiguration.class)
 @ConditionalOnEnabledHealthIndicator("ssl")
+@EnableConfigurationProperties(SslHealthIndicatorProperties.class)
 public class SslHealthContributorAutoConfiguration {
 
 	@Bean
@@ -46,11 +46,8 @@ public SslHealthIndicator sslHealthIndicator(SslInfo sslInfo) {
 
 	@Bean
 	@ConditionalOnMissingBean
-	public SslInfo sslInfo(SslBundles sslBundles) {
-		// TODO: Get the certificateValidityThreshold from a property
-		// TODO: This is the same as the one in InfoContributorAutoConfiguration,
-		// should we keep just one?
-		return new SslInfo(sslBundles, Duration.ofDays(7));
+	public SslInfo sslInfo(SslBundles sslBundles, SslHealthIndicatorProperties sslHealthIndicatorProperties) {
+		return new SslInfo(sslBundles, sslHealthIndicatorProperties.getCertificateValidityWarningThreshold());
 	}
 
 }

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/ssl/SslHealthIndicatorProperties.java

@@ -0,0 +1,47 @@
+/*
+ * Copyright 2012-2024 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.boot.actuate.autoconfigure.ssl;
+
+import java.time.Duration;
+
+import org.springframework.boot.actuate.ssl.SslHealthIndicator;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+
+/**
+ * External configuration properties for {@link SslHealthIndicator}.
+ *
+ * @author Jonatan Ivanov
+ * @since 3.4.0
+ */
+@ConfigurationProperties(prefix = "management.health.ssl")
+public class SslHealthIndicatorProperties {
+
+	/**
+	 * If the certificate will be invalid within the time span defined by this threshold,
+	 * it should trigger a warning.
+	 */
+	private Duration certificateValidityWarningThreshold = Duration.ofDays(14);
+
+	public Duration getCertificateValidityWarningThreshold() {
+		return this.certificateValidityWarningThreshold;
+	}
+
+	public void setCertificateValidityWarningThreshold(Duration certificateValidityWarningThreshold) {
+		this.certificateValidityWarningThreshold = certificateValidityWarningThreshold;
+	}
+
+}

spring-boot-project/spring-boot/src/main/java/org/springframework/boot/info/SslInfo.java

@@ -47,15 +47,16 @@ public class SslInfo {
 
 	private final List<Bundle> bundles;
 
-	private final Duration certificateValidityThreshold;
+	private final Duration certificateValidityWarningThreshold;
 
-	public SslInfo(SslBundles sslBundles, Duration certificateValidityThreshold) {
+	public SslInfo(SslBundles sslBundles, Duration certificateValidityWarningThreshold) {
+		System.out.println(certificateValidityWarningThreshold);
 		List<Bundle> bundles = new ArrayList<>();
 		for (Entry<String, SslBundle> entry : sslBundles.getBundles().entrySet()) {
 			bundles.add(new Bundle(entry.getKey(), entry.getValue()));
 		}
 		this.bundles = Collections.unmodifiableList(bundles);
-		this.certificateValidityThreshold = certificateValidityThreshold;
+		this.certificateValidityWarningThreshold = certificateValidityWarningThreshold;
 	}
 
 	public List<Bundle> getBundles() {
@@ -171,9 +172,9 @@ public Validity getValidity() {
 			try {
 				if (this.certificate != null) {
 					this.certificate.checkValidity();
-					if (isCloseToBeExpired(this.certificate, SslInfo.this.certificateValidityThreshold)) {
+					if (isCloseToBeExpired(this.certificate, SslInfo.this.certificateValidityWarningThreshold)) {
 						return new Validity(WILL_EXPIRE_SOON, "Certificate will expire within threshold (%s) at %s"
-							.formatted(SslInfo.this.certificateValidityThreshold, this.getValidityEnds()));
+							.formatted(SslInfo.this.certificateValidityWarningThreshold, this.getValidityEnds()));
 					}
 					else {
 						return new Validity(VALID, null);

spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-tomcat-ssl/src/main/resources/application.properties

@@ -1,7 +1,4 @@
 server.port=8443
-#server.ssl.key-store=classpath:sample.jks
-#server.ssl.key-store-password=secret
-#server.ssl.key-password=password
 
 management.endpoints.web.exposure.include=*
 management.endpoint.health.show-details=always
@@ -12,3 +9,6 @@ spring.ssl.bundle.jks.ssldemo.keystore.location=classpath:sample.jks
 spring.ssl.bundle.jks.ssldemo.keystore.password=secret
 spring.ssl.bundle.jks.ssldemo.keystore.type=JKS
 spring.ssl.bundle.jks.ssldemo.key.password=password
+
+#management.health.ssl.enabled=true
+management.health.ssl.certificate-validity-warning-threshold=7d