Merge pull request #1140 from cloudfoundry/boot-2-5

Changes to SSLContext setup to handle deprecations in reactor-netty &…

Author: pivotal-david-osullivan

.gitignore

@@ -8,3 +8,4 @@ bin/
 .classpath
 .settings/
 .factorypath
+.gradle

README.md

@@ -15,7 +15,7 @@ The `cf-java-client` project is a Java language binding for interacting with a C
 * `cloudfoundry-operations` – An API and implementation that corresponds to the [Cloud Foundry CLI][c] operations.  This project builds on the `cloudfoundry-client` and therefore has a single implementation.
 
 ## Versions
-The Cloud Foundry Java Client has two active versions. The `5.x` line uses Spring Boot `2.4.x` just to manage its dependencies, while the `4.x` line uses Spring Boot `2.3.x`.
+The Cloud Foundry Java Client has two active versions. The `5.x` line is compatible with Spring Boot `2.4.x - 2.6.x` just to manage its dependencies, while the `4.x` line uses Spring Boot `2.3.x`.
 
 ## Dependencies
 Most projects will need two dependencies; the Operations API and an implementation of the Client API.  For Maven, the dependencies would be defined like this:
@@ -25,12 +25,12 @@ Most projects will need two dependencies; the Operations API and an implementati
     <dependency>
         <groupId>org.cloudfoundry</groupId>
         <artifactId>cloudfoundry-client-reactor</artifactId>
-        <version>5.0.0.RELEASE</version>
+        <version>latest.RELEASE</version>
     </dependency>
     <dependency>
         <groupId>org.cloudfoundry</groupId>
         <artifactId>cloudfoundry-operations</artifactId>
-        <version>5.0.0.RELEASE</version>
+        <version>latest.RELEASE</version>
     </dependency>
     ...
 </dependencies>
@@ -56,8 +56,8 @@ For Gradle, the dependencies would be defined like this:
 
 ```groovy
 dependencies {
-    compile 'org.cloudfoundry:cloudfoundry-client-reactor:5.0.0.RELEASE'
-    compile 'org.cloudfoundry:cloudfoundry-operations:5.0.0.RELEASE'
+    compile 'org.cloudfoundry:cloudfoundry-client-reactor:<latest>.RELEASE'
+    compile 'org.cloudfoundry:cloudfoundry-operations:<latest>.RELEASE'
     ...
 }
 ```

cloudfoundry-client-reactor/src/main/java/org/cloudfoundry/reactor/_DefaultConnectionContext.java

@@ -43,6 +43,7 @@
 import javax.management.JMException;
 import javax.management.MalformedObjectNameException;
 import javax.management.ObjectName;
+import javax.net.ssl.SSLException;
 import javax.net.ssl.TrustManagerFactory;
 import java.lang.management.ManagementFactory;
 import java.time.Duration;
@@ -283,12 +284,16 @@ private HttpClient configureProxy(HttpClient client) {
             .orElse(client);
     }
 
-    private void configureSsl(SslProvider.SslContextSpec ssl) {
-        SslProvider.Builder builder = ssl.sslContext(createSslContextBuilder()).defaultConfiguration(DefaultConfigurationType.TCP);
+    private void configureSsl(SslProvider.SslContextSpec ssl){
+        try{
+            SslProvider.Builder builder = ssl.sslContext(createSslContextBuilder().build());
 
-        getSslCloseNotifyReadTimeout().ifPresent(builder::closeNotifyReadTimeout);
-        getSslHandshakeTimeout().ifPresent(builder::handshakeTimeout);
-        getSslCloseNotifyFlushTimeout().ifPresent(builder::closeNotifyFlushTimeout);
+            getSslCloseNotifyReadTimeout().ifPresent(builder::closeNotifyReadTimeout);
+            getSslHandshakeTimeout().ifPresent(builder::handshakeTimeout);
+            getSslCloseNotifyFlushTimeout().ifPresent(builder::closeNotifyFlushTimeout);
+        } catch (SSLException e) {
+            this.logger.error("Unable to configure SSL", e);
+        }
     }
 
     private HttpClient createHttpClient() {

cloudfoundry-client-reactor/src/main/java/org/cloudfoundry/reactor/util/DefaultSslCertificateTruster.java

@@ -20,13 +20,15 @@
 import org.cloudfoundry.reactor.ProxyConfiguration;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import reactor.core.Exceptions;
 import reactor.core.publisher.Mono;
 import reactor.netty.resources.LoopResources;
 import reactor.netty.tcp.SslProvider.SslContextSpec;
 import reactor.netty.tcp.TcpClient;
 import reactor.util.function.Tuple2;
 import reactor.util.function.Tuples;
 
+import javax.net.ssl.SSLException;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
 import javax.net.ssl.X509TrustManager;
@@ -120,7 +122,11 @@ private static KeyStore addToTrustStore(X509Certificate[] untrustedCertificates,
     }
 
     private static void configureSsl(SslContextSpec sslContextSpec, CertificateCollectingTrustManager collector) {
-        sslContextSpec.sslContext(SslContextBuilder.forClient().trustManager(new StaticTrustManagerFactory(collector)));
+        try {
+           sslContextSpec.sslContext(SslContextBuilder.forClient().trustManager(new StaticTrustManagerFactory(collector)).build());
+        } catch (SSLException e) {
+            throw Exceptions.propagate(e);
+        }
     }
 
     private static TcpClient getTcpClient(Optional<ProxyConfiguration> proxyConfiguration, LoopResources threadPool, CertificateCollectingTrustManager collector, String host, int port) {