Merge pull request #1164 from micronaut-projects/certificate-refactor

Support client certificate refresh from certificate service

Author: n0tl3ss

buildSrc/src/main/groovy/io.micronaut.build.internal.oraclecloud-base.gradle

@@ -13,7 +13,7 @@ dependencies {
     testRuntimeOnly libs.junit.jupiter
     testAnnotationProcessor mn.micronaut.inject.java
     testRuntimeOnly mnSerde.micronaut.serde.jackson
-    testImplementation(mnTest.junit.platform.launcher)  
+    testImplementation(mnTest.junit.platform.launcher)
 }
 
 tasks.withType(JavaCompile).configureEach {

gradle/libs.versions.toml

@@ -1,5 +1,5 @@
 [versions]
-micronaut = "4.9.12"
+micronaut = "4.10.0"
 micronaut-platform = "4.9.1"
 micronaut-docs = "2.0.0"
 fn = '1.0.209'
@@ -13,16 +13,15 @@ groovy = "4.0.28"
 spock = "2.3-groovy-4.0"
 oci = "3.72.1"
 oracle-database-security = "21.17.0.0"
-bcpkixjdk15to18 = "1.80"
 protobuf = '0.9.5'
-netty-http3 = "0.0.29.Final"
 
 managed-apache-http-core5 = "5.3.4"
 micronaut-gradle-plugin = "4.5.4"
 micronaut-groovy = "4.7.0"
 micronaut-kotlin = "4.7.0"
 micronaut-kubernetes = "7.1.1"
 micronaut-micrometer = "5.12.0"
+micronaut-security = "4.13.1"
 micronaut-reactor = "3.8.0"
 micronaut-rxjava2 = "2.8.0"
 micronaut-serde = "2.15.1"
@@ -50,6 +49,7 @@ micronaut-groovy = { module = "io.micronaut.groovy:micronaut-groovy-bom", versio
 micronaut-kotlin = { module = "io.micronaut.kotlin:micronaut-kotlin-bom", version.ref = "micronaut-kotlin" }
 micronaut-kubernetes = { module = "io.micronaut.kubernetes:micronaut-kubernetes-bom", version.ref = "micronaut-kubernetes" }
 micronaut-micrometer = { module = "io.micronaut.micrometer:micronaut-micrometer-bom", version.ref = "micronaut-micrometer" }
+micronaut-security = { module = "io.micronaut.security:micronaut-security-bom", version.ref = "micronaut-security" }
 micronaut-reactor = { module = "io.micronaut.reactor:micronaut-reactor-bom", version.ref = "micronaut-reactor" }
 micronaut-rxjava2 = { module = "io.micronaut.rxjava2:micronaut-rxjava2-bom", version.ref = "micronaut-rxjava2" }
 micronaut-serde = { module = "io.micronaut.serde:micronaut-serde-bom", version.ref = "micronaut-serde" }
@@ -89,9 +89,7 @@ oracle-jdbc-bom = { module = "com.oracle.database.jdbc:ojdbc-bom" }
 oracle-security-cert = { module = "com.oracle.database.security:osdt_cert", version.ref = "oracle-database-security" }
 oracle-security-core = { module = "com.oracle.database.security:osdt_core", version.ref = "oracle-database-security" }
 oracle-xml-xdb = { module = 'com.oracle.database.xml:xdb' }
-netty-incubator-codec-http3 = { module = "io.netty.incubator:netty-incubator-codec-http3", version.ref = "netty-http3" }
 apache-http-core5 = { module = 'org.apache.httpcomponents.core5:httpcore5', version.ref = 'managed-apache-http-core5' }
-bcpkixjdk15to18 = { module = "org.bouncycastle:bcpkix-jdk15to18", version.ref = "bcpkixjdk15to18"}
 
 #plugins
 kotlin-gradle-plugin = { module = 'org.jetbrains.kotlin:kotlin-gradle-plugin', version.ref = 'kotlin' }

oraclecloud-certificates/build.gradle

@@ -7,10 +7,13 @@ dependencies {
     implementation mn.micronaut.http.server.netty
     implementation mn.micronaut.inject.java
     implementation mn.micronaut.retry
-    implementation(libs.bcpkixjdk15to18)
-    compileOnly libs.netty.incubator.codec.http3
+    implementation mnReactor.micronaut.reactor
+    compileOnly(mn.micronaut.http.client)
 
+    testImplementation(mnSecurity.micronaut.security)
+    testImplementation(mn.micronaut.http.client)
+    testImplementation projects.micronautOraclecloudBmcObjectstorage
     testImplementation mnTest.micronaut.test.spock
-    testImplementation mn.micronaut.http.client
     testImplementation mn.micronaut.inject.groovy
 }
+

oraclecloud-certificates/src/main/java/io/micronaut/oraclecloud/certificates/OracleCloudCertificationsConfiguration.java

@@ -15,32 +15,46 @@
  */
 package io.micronaut.oraclecloud.certificates;
 
+import io.micronaut.context.annotation.BootstrapContextCompatible;
 import io.micronaut.context.annotation.ConfigurationProperties;
+import io.micronaut.context.annotation.Requires;
+import io.micronaut.core.annotation.NonNull;
 import io.micronaut.core.util.Toggleable;
-import io.micronaut.oraclecloud.core.OracleCloudCoreFactory;
+import io.micronaut.oraclecloud.certificates.config.OracleCloudCertificateProperties;
 import jakarta.annotation.Nullable;
+import jakarta.inject.Named;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
-import static io.micronaut.oraclecloud.certificates.OracleCloudCertificationsConfiguration.PREFIX;
+import static io.micronaut.oraclecloud.certificates.config.OracleCloudCertificateProperties.PREFIX;
 
 /**
- * Allows the configuration of the Oracle Cloud certificate process.
+ * Allows the configuration of the default Oracle Cloud certificate to use.
  * @param certificateId ocid of certificate
  * @param versionNumber version number of certificate
  * @param certificateVersionName certificate name
  * @param enabled flag for enabling feature
  */
 @ConfigurationProperties(PREFIX)
-public record OracleCloudCertificationsConfiguration(String certificateId, @Nullable Long versionNumber, @Nullable String certificateVersionName, @Nullable Boolean enabled)  implements Toggleable  {
+@Deprecated(forRemoval = true)
+@Requires(property = OracleCloudCertificationsConfiguration.CERTIFICATE_ID)
+@Named("deprecated")
+@BootstrapContextCompatible
+public record OracleCloudCertificationsConfiguration(
+    @NonNull String certificateId,
+    @Nullable Long versionNumber,
+    @Nullable String certificateVersionName,
+    boolean enabled) implements Toggleable, OracleCloudCertificateProperties {
+    public static final String CERTIFICATE_ID = PREFIX + ".certificate-id";
+    public static final String ENABLED_PROPERTY = PREFIX + ".enabled";
+    private static final Logger LOG = LoggerFactory.getLogger(OracleCloudCertificationsConfiguration.class);
 
-    public static final String PREFIX = OracleCloudCoreFactory.ORACLE_CLOUD + ".certificates";
+    public OracleCloudCertificationsConfiguration {
+        LOG.warn("Configuring server certificate via " + CERTIFICATE_ID + " is deprecated. Use " + OracleCloudCertificateProperties.PREFIX + " namespace instead");
+    }
 
-    /**
-     * If Oracle Cloud certificate background and setup process should be enabled.
-     *
-     * @return True if Oracle Cloud certificate process is enabled.
-     */
     @Override
-    public boolean isEnabled() {
-        return enabled != null && enabled;
+    public @NonNull String getName() {
+        return "deprecated";
     }
 }

oraclecloud-certificates/src/main/java/io/micronaut/oraclecloud/certificates/background/OracleCloudCertificationRefresherTask.java

@@ -18,7 +18,7 @@
 import io.micronaut.context.annotation.Context;
 import io.micronaut.context.annotation.Requires;
 import io.micronaut.core.annotation.Internal;
-import io.micronaut.oraclecloud.certificates.OracleCloudCertificationsConfiguration;
+import io.micronaut.oraclecloud.certificates.config.OracleCloudCertificateProperties;
 import io.micronaut.oraclecloud.certificates.services.OracleCloudCertificateService;
 import io.micronaut.scheduling.annotation.Scheduled;
 import jakarta.inject.Singleton;
@@ -29,9 +29,9 @@
  * Background task to automatically refresh the certificates from an Oracle Cloud Certificate server on a configurable interval.
  */
 @Singleton
-@Requires(property = OracleCloudCertificationsConfiguration.PREFIX + ".enabled", value = "true")
 @Context
 @Internal
+@Requires(bean = OracleCloudCertificateProperties.class)
 public final class OracleCloudCertificationRefresherTask {
 
     private static final Logger LOG = LoggerFactory.getLogger(OracleCloudCertificationRefresherTask.class);
@@ -45,7 +45,6 @@ public final class OracleCloudCertificationRefresherTask {
      */
     public OracleCloudCertificationRefresherTask(OracleCloudCertificateService oracleCloudCertificateService) {
         this.oracleCloudCertificateService = oracleCloudCertificateService;
-        oracleCloudCertificateService.refreshCertificate();
     }
 
     /**
@@ -57,12 +56,12 @@ public OracleCloudCertificationRefresherTask(OracleCloudCertificateService oracl
             initialDelay = "${oci.certificates.refresh.delay:24h}")
     public void backgroundRenewal() {
         if (LOG.isDebugEnabled()) {
-            LOG.debug("Running background/scheduled renewal process");
+            LOG.debug("Running background/scheduled certificate renewal process");
         }
         try {
             oracleCloudCertificateService.refreshCertificate();
         } catch (Exception e) {
-            LOG.error("There was error during refreshing certificate process", e);
+            LOG.error("There was error during refreshing certificate process: {}", e.getMessage(), e);
         }
     }
 }

oraclecloud-certificates/src/main/java/io/micronaut/oraclecloud/certificates/config/CertificateClientContextConfigurer.java

@@ -0,0 +1,58 @@
+/*
+ * Copyright 2017-2025 original authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.micronaut.oraclecloud.certificates.config;
+
+import io.micronaut.context.ApplicationContextBuilder;
+import io.micronaut.context.ApplicationContextConfigurer;
+import io.micronaut.context.annotation.ContextConfigurer;
+import io.micronaut.context.env.Environment;
+import io.micronaut.core.annotation.Internal;
+import io.micronaut.core.util.StringUtils;
+
+import java.util.Map;
+
+
+/**
+ * ApplicationContext configurer for the OCI Certificates client.
+ * <p>
+ * Marks the Micronaut ApplicationContext as a bootstrap context and sets
+ * {@code oci.clients.certificates.ssl.enabled=true}. This ensures the per-service
+ * client configuration bean {@link io.micronaut.oraclecloud.core.ServiceOracleCloudClientConfigurationProperties}
+ * named {@code certificates} is created and applied to the OCI Certificates client so SSL and other
+ * client options can be customized under the {@code oci.clients.certificates.*} namespace.
+ * </p>
+ */
+@ContextConfigurer
+@Internal
+public class CertificateClientContextConfigurer implements ApplicationContextConfigurer {
+    /**
+     * Configure the context for the OCI Certificates client by enabling the
+     * per-service client configuration for the {@code certificates} service.
+     * Specifically, this sets {@code oci.clients.certificates.ssl.enabled=true} during bootstrap,
+     * which causes Micronaut to bind and use
+     * {@link io.micronaut.oraclecloud.core.ServiceOracleCloudClientConfigurationProperties}
+     * for the Certificates client.
+     *
+     * @param builder The application context builder
+     */
+    @Override
+    public void configure(ApplicationContextBuilder builder) {
+        System.setProperty(Environment.BOOTSTRAP_CONTEXT_PROPERTY, StringUtils.TRUE);
+        builder.properties(Map.of(
+            "oci.clients.certificates.ssl.enabled", "true"
+        ));
+    }
+}

oraclecloud-certificates/src/main/java/io/micronaut/oraclecloud/certificates/config/CertificateRefreshConfiguration.java

@@ -0,0 +1,52 @@
+/*
+ * Copyright 2017-2025 original authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.micronaut.oraclecloud.certificates.config;
+
+import io.micronaut.context.annotation.ConfigurationProperties;
+import io.micronaut.core.bind.annotation.Bindable;
+import jakarta.annotation.Nullable;
+
+import java.time.Duration;
+
+/**
+ * Configuration for certificate refresh frequency.
+ *
+ * @param frequency The frequency. Default 24 hours.
+ * @param delay The initial delay. Default 24 hours.
+ * @param retry The retry configuration.
+ */
+@ConfigurationProperties(OracleCloudCertificateProperties.PREFIX + ".refresh")
+public record CertificateRefreshConfiguration(
+    @Bindable(defaultValue = "24h")
+    Duration frequency,
+    @Bindable(defaultValue = "24h")
+    Duration delay,
+    @Nullable
+    RetryConfiguration retry
+) {
+    /**
+     * Retry retry configuration.
+     * @param attempts Number of times to retry
+     * @param delay The delay between retries.
+     */
+    @ConfigurationProperties("retry")
+    record RetryConfiguration(
+        @Bindable(defaultValue = "3")
+        int attempts,
+        @Bindable(defaultValue = "1s")
+        Duration delay
+    ) { }
+}

oraclecloud-certificates/src/main/java/io/micronaut/oraclecloud/certificates/config/OracleCloudCertificateConfiguration.java

@@ -0,0 +1,56 @@
+/*
+ * Copyright 2017-2025 original authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.micronaut.oraclecloud.certificates.config;
+
+import io.micronaut.context.annotation.BootstrapContextCompatible;
+import io.micronaut.context.annotation.EachProperty;
+import io.micronaut.context.annotation.Parameter;
+import io.micronaut.context.annotation.Requires;
+import io.micronaut.core.annotation.NonNull;
+import io.micronaut.core.annotation.Nullable;
+import io.micronaut.core.bind.annotation.Bindable;
+import io.micronaut.oraclecloud.certificates.OracleCloudCertificationsConfiguration;
+
+/**
+ * Configuration entry for an Oracle Cloud Infrastructure (OCI) certificate.
+ * <p>
+ * Each instance represents one certificate to be fetched from OCI Certificates service and exposed
+ * to Micronaut's SSL infrastructure.
+ * </p>
+ *
+ * @param name The name of the config.
+ * @param certificateId The OCID of the certificate.
+ * @param versionNumber The specific certificate version number to use, or null to resolve by name/latest.
+ * @param certificateVersionName The named certificate version to use, or null.
+ * @param enabled Whether this certificate entry is enabled. Defaults to true when unspecified.
+ */
+@EachProperty(value = OracleCloudCertificateProperties.PREFIX)
+@Requires(missingProperty = OracleCloudCertificationsConfiguration.CERTIFICATE_ID)
+@Requires(missingProperty = OracleCloudCertificationsConfiguration.ENABLED_PROPERTY)
+@BootstrapContextCompatible
+public record OracleCloudCertificateConfiguration(
+    @Parameter String name,
+    @NonNull String certificateId,
+    @Nullable Long versionNumber,
+    @Nullable String certificateVersionName,
+    @Bindable(defaultValue = "true") boolean enabled
+) implements OracleCloudCertificateProperties {
+
+    @Override
+    public @NonNull String getName() {
+        return name;
+    }
+}

oraclecloud-certificates/src/main/java/io/micronaut/oraclecloud/certificates/config/OracleCloudCertificateProperties.java

@@ -0,0 +1,56 @@
+/*
+ * Copyright 2017-2025 original authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.micronaut.oraclecloud.certificates.config;
+
+import io.micronaut.core.annotation.NonNull;
+import io.micronaut.core.naming.Named;
+import io.micronaut.core.util.Toggleable;
+import io.micronaut.oraclecloud.core.OracleCloudCoreFactory;
+import jakarta.annotation.Nullable;
+
+/**
+ * Interface for configuration properties for certificates.
+ */
+public interface OracleCloudCertificateProperties extends Toggleable, Named {
+    String PREFIX = OracleCloudCoreFactory.ORACLE_CLOUD + ".certificates";
+
+    /**
+     * @return Is the certificate enabled.
+     */
+    boolean enabled();
+
+    /**
+     * @return The ID of the certificate
+     */
+    @NonNull
+    String certificateId();
+
+    /**
+     * @return The version number of the certificate
+     */
+    @Nullable
+    Long versionNumber();
+
+    /**
+     * @return The version name of the certificate.
+     */
+    @Nullable String certificateVersionName();
+
+    @Override
+    default boolean isEnabled() {
+        return enabled();
+    }
+}