From fd7c3e26845a0d8a76fff36708e4b8aa15633b92 Mon Sep 17 00:00:00 2001
From: CatiaCorreia <catia.correia97@gmail.com>
Date: Tue, 2 Dec 2025 20:45:17 +0000
Subject: [PATCH] Documenting changes and existing problem in code for
 demonstration purposes.

Signed-off-by: CatiaCorreia <catia.correia97@gmail.com>
---
 .../EmbeddedLdapAutoConfiguration.java        | 115 ++++++++--
 .../embedded/EmbeddedLdapProperties.java      | 204 +++++++++++++++---
 .../EmbeddedLdapAutoConfigurationTests.java   |  97 +++++++--
 .../ldap/autoconfigure/embedded/keystore.jks  | Bin 32 -> 0 bytes
 .../autoconfigure/embedded/keystore.pkcs12    | Bin 103 -> 0 bytes
 .../ldap/autoconfigure/embedded/rsa-cert.pem  |  23 --
 .../ldap/autoconfigure/embedded/rsa-key.pem   |  28 ---
 .../boot/ldap/autoconfigure/embedded/test.jks | Bin 0 -> 1294 bytes
 8 files changed, 356 insertions(+), 111 deletions(-)
 delete mode 100644 module/spring-boot-ldap/src/test/resources/org/springframework/boot/ldap/autoconfigure/embedded/keystore.jks
 delete mode 100644 module/spring-boot-ldap/src/test/resources/org/springframework/boot/ldap/autoconfigure/embedded/keystore.pkcs12
 delete mode 100644 module/spring-boot-ldap/src/test/resources/org/springframework/boot/ldap/autoconfigure/embedded/rsa-cert.pem
 delete mode 100644 module/spring-boot-ldap/src/test/resources/org/springframework/boot/ldap/autoconfigure/embedded/rsa-key.pem
 create mode 100644 module/spring-boot-ldap/src/test/resources/org/springframework/boot/ldap/autoconfigure/embedded/test.jks

diff --git a/module/spring-boot-ldap/src/main/java/org/springframework/boot/ldap/autoconfigure/embedded/EmbeddedLdapAutoConfiguration.java b/module/spring-boot-ldap/src/main/java/org/springframework/boot/ldap/autoconfigure/embedded/EmbeddedLdapAutoConfiguration.java
index 3fc2ea3f689..27c83b0934b 100644
--- a/module/spring-boot-ldap/src/main/java/org/springframework/boot/ldap/autoconfigure/embedded/EmbeddedLdapAutoConfiguration.java
+++ b/module/spring-boot-ldap/src/main/java/org/springframework/boot/ldap/autoconfigure/embedded/EmbeddedLdapAutoConfiguration.java
@@ -16,21 +16,32 @@
 
 package org.springframework.boot.ldap.autoconfigure.embedded;
 
+import java.io.IOException;
 import java.io.InputStream;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLServerSocketFactory;
 import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
 
 import com.unboundid.ldap.listener.InMemoryDirectoryServer;
 import com.unboundid.ldap.listener.InMemoryDirectoryServerConfig;
 import com.unboundid.ldap.listener.InMemoryListenerConfig;
 import com.unboundid.ldap.sdk.LDAPException;
-import com.unboundid.ldap.sdk.ResultCode;
 import com.unboundid.ldap.sdk.schema.Schema;
 import com.unboundid.ldif.LDIFReader;
 import org.jspecify.annotations.Nullable;
@@ -38,12 +49,12 @@ import org.jspecify.annotations.Nullable;
 import org.springframework.aot.hint.RuntimeHints;
 import org.springframework.aot.hint.RuntimeHintsRegistrar;
 import org.springframework.beans.factory.DisposableBean;
+import org.springframework.beans.factory.ObjectProvider;
 import org.springframework.boot.autoconfigure.AutoConfiguration;
 import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.autoconfigure.condition.ConditionMessage;
 import org.springframework.boot.autoconfigure.condition.ConditionMessage.Builder;
 import org.springframework.boot.autoconfigure.condition.ConditionOutcome;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.autoconfigure.condition.SpringBootCondition;
@@ -53,6 +64,7 @@ import org.springframework.boot.context.properties.bind.Binder;
 import org.springframework.boot.ldap.autoconfigure.LdapAutoConfiguration;
 import org.springframework.boot.ldap.autoconfigure.LdapProperties;
 import org.springframework.boot.ldap.autoconfigure.embedded.EmbeddedLdapAutoConfiguration.EmbeddedLdapAutoConfigurationRuntimeHints;
+import org.springframework.boot.ssl.SslBundle;
 import org.springframework.boot.ssl.SslBundles;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.ConfigurableApplicationContext;
@@ -67,9 +79,12 @@ import org.springframework.core.env.MapPropertySource;
 import org.springframework.core.env.MutablePropertySources;
 import org.springframework.core.env.PropertySource;
 import org.springframework.core.io.Resource;
+import org.springframework.core.io.ResourceLoader;
+import org.springframework.core.io.support.PathMatchingResourcePatternResolver;
 import org.springframework.core.type.AnnotatedTypeMetadata;
 import org.springframework.ldap.core.ContextSource;
 import org.springframework.ldap.core.support.LdapContextSource;
+import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 
 /**
@@ -91,6 +106,8 @@ public final class EmbeddedLdapAutoConfiguration implements DisposableBean {
 
 	private final EmbeddedLdapProperties embeddedProperties;
 
+	private final ResourceLoader resourceLoader = new PathMatchingResourcePatternResolver();
+
 	private @Nullable InMemoryDirectoryServer server;
 
 	EmbeddedLdapAutoConfiguration(EmbeddedLdapProperties embeddedProperties) {
@@ -98,7 +115,9 @@ public final class EmbeddedLdapAutoConfiguration implements DisposableBean {
 	}
 
 	@Bean
-	InMemoryDirectoryServer directoryServer(ApplicationContext applicationContext) throws LDAPException {
+	InMemoryDirectoryServer directoryServer(ApplicationContext applicationContext, ObjectProvider<SslBundles> sslBundles)
+			throws LDAPException, KeyStoreException, IOException,
+			NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException, KeyManagementException {
 		String[] baseDn = StringUtils.toStringArray(this.embeddedProperties.getBaseDn());
 		InMemoryDirectoryServerConfig config = new InMemoryDirectoryServerConfig(baseDn);
 		String username = this.embeddedProperties.getCredential().getUsername();
@@ -107,8 +126,13 @@ public final class EmbeddedLdapAutoConfiguration implements DisposableBean {
 			config.addAdditionalBindCredentials(username, password);
 		}
 		setSchema(config);
-		if (this.embeddedProperties.isLdaps()) {
-			this.setLdapsListener(applicationContext, config);
+		if (this.embeddedProperties.getSsl().isEnabled()) {
+			EmbeddedLdapProperties.Ssl ssl = this.embeddedProperties.getSsl();
+			SSLContext sslContext = getSslContext(ssl, sslBundles.getIfAvailable());
+			SSLServerSocketFactory serverSocketFactory = sslContext.getServerSocketFactory();
+			SSLSocketFactory clientSocketFactory = sslContext.getSocketFactory();
+			config.setListenerConfigs(InMemoryListenerConfig.createLDAPSConfig("LDAPS", null,
+					this.embeddedProperties.getPort(), serverSocketFactory, clientSocketFactory));
 		}
 		else {
 			config
@@ -148,22 +172,6 @@ public final class EmbeddedLdapAutoConfiguration implements DisposableBean {
 		}
 	}
 
-	@ConditionalOnBean(SslBundles.class)
-	private void setLdapsListener(ApplicationContext applicationContext, InMemoryDirectoryServerConfig config)
-			throws LDAPException {
-		if (StringUtils.hasText(this.embeddedProperties.getSslBundleName())) {
-			SslBundles sslBundles = applicationContext.getBean(SslBundles.class);
-			SSLContext sslContext = sslBundles.getBundle(this.embeddedProperties.getSslBundleName()).createSslContext();
-			SSLServerSocketFactory serverSocketFactory = sslContext.getServerSocketFactory();
-			SSLSocketFactory clientSocketFactory = sslContext.getSocketFactory();
-			config.setListenerConfigs(InMemoryListenerConfig.createLDAPSConfig("LDAPS", null,
-					this.embeddedProperties.getPort(), serverSocketFactory, clientSocketFactory));
-		}
-		else {
-			throw new LDAPException(ResultCode.PARAM_ERROR, "SslBundleName property not specified");
-		}
-	}
-
 	private void importLdif(InMemoryDirectoryServer server, ApplicationContext applicationContext) {
 		String location = this.embeddedProperties.getLdif();
 		if (StringUtils.hasText(location)) {
@@ -208,6 +216,71 @@ public final class EmbeddedLdapAutoConfiguration implements DisposableBean {
 		}
 	}
 
+	private SSLContext getSslContext(EmbeddedLdapProperties.Ssl ssl, @Nullable SslBundles sslBundles)
+			throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException,
+			UnrecoverableKeyException, KeyManagementException {
+		if (sslBundles != null && StringUtils.hasText(ssl.getBundle())) {
+			SslBundle sslBundle = sslBundles.getBundle(ssl.getBundle());
+			Assert.notNull(sslBundle, "SSL bundle name has been set but no SSL bundles found in context");
+			return sslBundle.createSslContext();
+
+		}
+		else {
+			Assert.notNull(ssl.getAlgorithm(), "SSL algorithm must be specified");
+			SSLContext sslContext = SSLContext.getInstance(ssl.getAlgorithm());
+			KeyManager[] keyManagers = configureKeyManagers(ssl);
+			TrustManager[] trustManagers = configureTrustManagers(ssl);
+			sslContext.init(keyManagers, trustManagers, new SecureRandom());
+			return sslContext;
+		}
+	}
+
+	private KeyManager @Nullable [] configureKeyManagers(EmbeddedLdapProperties.Ssl ssl) throws KeyStoreException,
+			IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
+		String keyStoreName = ssl.getKeyStore();
+		String keyStorePassword = ssl.getKeyStorePassword();
+		String storeType = ssl.getKeyStoreType();
+		char[] keyPassphrase = null;
+		if (keyStorePassword != null) {
+			keyPassphrase = keyStorePassword.toCharArray();
+		}
+		KeyManager[] keyManagers = null;
+		if (StringUtils.hasText(keyStoreName)) {
+			Resource resource = this.resourceLoader.getResource(keyStoreName);
+			KeyStore ks = KeyStore.getInstance(storeType);
+			try (InputStream inputStream = resource.getInputStream()) {
+				ks.load(inputStream, keyPassphrase);
+			}
+			KeyManagerFactory kmf = KeyManagerFactory.getInstance(ssl.getKeyStoreAlgorithm());
+			kmf.init(ks, keyPassphrase);
+			keyManagers = kmf.getKeyManagers();
+		}
+		return keyManagers;
+	}
+
+	private TrustManager @Nullable [] configureTrustManagers(EmbeddedLdapProperties.Ssl ssl)
+			throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
+		String trustStoreName = ssl.getTrustStore();
+		String trustStorePassword = ssl.getTrustStorePassword();
+		String storeType = ssl.getTrustStoreType();
+		char[] trustPassphrase = null;
+		if (trustStorePassword != null) {
+			trustPassphrase = trustStorePassword.toCharArray();
+		}
+		TrustManager[] trustManagers = null;
+		if (StringUtils.hasText(trustStoreName)) {
+			Resource resource = this.resourceLoader.getResource(trustStoreName);
+			KeyStore tks = KeyStore.getInstance(storeType);
+			try (InputStream inputStream = resource.getInputStream()) {
+				tks.load(inputStream, trustPassphrase);
+			}
+			TrustManagerFactory tmf = TrustManagerFactory.getInstance(ssl.getTrustStoreAlgorithm());
+			tmf.init(tks);
+			trustManagers = tmf.getTrustManagers();
+		}
+		return trustManagers;
+	}
+
 	/**
 	 * {@link SpringBootCondition} to determine when to apply embedded LDAP
 	 * auto-configuration.
diff --git a/module/spring-boot-ldap/src/main/java/org/springframework/boot/ldap/autoconfigure/embedded/EmbeddedLdapProperties.java b/module/spring-boot-ldap/src/main/java/org/springframework/boot/ldap/autoconfigure/embedded/EmbeddedLdapProperties.java
index e5b480a94ed..55592be0b1f 100644
--- a/module/spring-boot-ldap/src/main/java/org/springframework/boot/ldap/autoconfigure/embedded/EmbeddedLdapProperties.java
+++ b/module/spring-boot-ldap/src/main/java/org/springframework/boot/ldap/autoconfigure/embedded/EmbeddedLdapProperties.java
@@ -16,9 +16,12 @@
 
 package org.springframework.boot.ldap.autoconfigure.embedded;
 
+import java.security.NoSuchAlgorithmException;
 import java.util.ArrayList;
 import java.util.List;
 
+import javax.net.ssl.SSLContext;
+
 import org.jspecify.annotations.Nullable;
 
 import org.springframework.boot.context.properties.ConfigurationProperties;
@@ -58,19 +61,14 @@ public class EmbeddedLdapProperties {
 	private String ldif = "classpath:schema.ldif";
 
 	/**
-	 * Listener type.
+	 * Schema validation.
 	 */
-	private boolean ldaps;
+	private final Validation validation = new Validation();
 
 	/**
-	 * Embedded LDAPS client SSL bundle name.
+	 * SSL configuration.
 	 */
-	@Nullable private String sslBundleName;
-
-	/**
-	 * Schema validation.
-	 */
-	private final Validation validation = new Validation();
+	private final Ssl ssl = new Ssl();
 
 	public int getPort() {
 		return this.port;
@@ -104,26 +102,14 @@ public class EmbeddedLdapProperties {
 		this.ldif = ldif;
 	}
 
-	public boolean isLdaps() {
-		return this.ldaps;
-	}
-
-	public void setLdaps(boolean bool) {
-		this.ldaps = bool;
-	}
-
-	public @Nullable String getSslBundleName() {
-		return this.sslBundleName;
-	}
-
-	public void setSslBundleName(@Nullable String sslBundleName) {
-		this.sslBundleName = sslBundleName;
-	}
-
 	public Validation getValidation() {
 		return this.validation;
 	}
 
+	public Ssl getSsl() {
+		return this.ssl;
+	}
+
 	public static class Credential {
 
 		/**
@@ -158,6 +144,174 @@ public class EmbeddedLdapProperties {
 
 	}
 
+	public static class Ssl {
+
+		private static final String SUN_X509 = "SunX509";
+
+		private static final String DEFAULT_PROTOCOL;
+
+		static {
+			String protocol = "TLSv1.1";
+			try {
+				String[] protocols = SSLContext.getDefault().getSupportedSSLParameters().getProtocols();
+				for (String prot : protocols) {
+					if ("TLSv1.2".equals(prot)) {
+						protocol = "TLSv1.2";
+						break;
+					}
+				}
+			}
+			catch (NoSuchAlgorithmException e) {
+				// nothing
+			}
+			DEFAULT_PROTOCOL = protocol;
+		}
+
+		/**
+		 * Whether to enable SSL support.
+		 */
+		private Boolean enabled = false;
+
+		/**
+		 * SSL bundle name.
+		 */
+		private @Nullable String bundle;
+
+		/**
+		 * Path to the key store that holds the SSL certificate.
+		 */
+		private @Nullable String keyStore;
+
+		/**
+		 * Key store type.
+		 */
+		private String keyStoreType = "PKCS12";
+
+		/**
+		 * Password used to access the key store.
+		 */
+		private @Nullable String keyStorePassword;
+
+		/**
+		 * Key store algorithm.
+		 */
+		private String keyStoreAlgorithm = SUN_X509;
+
+		/**
+		 * Trust store that holds SSL certificates.
+		 */
+		private @Nullable String trustStore;
+
+		/**
+		 * Trust store type.
+		 */
+		private String trustStoreType = "JKS";
+
+		/**
+		 * Password used to access the trust store.
+		 */
+		private @Nullable String trustStorePassword;
+
+		/**
+		 * Trust store algorithm.
+		 */
+		private String trustStoreAlgorithm = SUN_X509;
+
+		/**
+		 * SSL algorithm to use.
+		 */
+		private String algorithm = DEFAULT_PROTOCOL;
+
+		public Boolean isEnabled() {
+			return this.enabled;
+		}
+
+		public void setEnabled(Boolean enabled) {
+			this.enabled = enabled;
+		}
+
+		public @Nullable String getBundle() {
+			return this.bundle;
+		}
+
+		public void setBundle(@Nullable String bundle) {
+			this.bundle = bundle;
+		}
+
+		public @Nullable String getKeyStore() {
+			return this.keyStore;
+		}
+
+		public void setKeyStore(@Nullable String keyStore) {
+			this.keyStore = keyStore;
+		}
+
+		public String getKeyStoreType() {
+			return this.keyStoreType;
+		}
+
+		public void setKeyStoreType(String keyStoreType) {
+			this.keyStoreType = keyStoreType;
+		}
+
+		public @Nullable String getKeyStorePassword() {
+			return this.keyStorePassword;
+		}
+
+		public void setKeyStorePassword(@Nullable String keyStorePassword) {
+			this.keyStorePassword = keyStorePassword;
+		}
+
+		public String getKeyStoreAlgorithm() {
+			return this.keyStoreAlgorithm;
+		}
+
+		public void setKeyStoreAlgorithm(String keyStoreAlgorithm) {
+			this.keyStoreAlgorithm = keyStoreAlgorithm;
+		}
+
+		public @Nullable String getTrustStore() {
+			return this.trustStore;
+		}
+
+		public void setTrustStore(@Nullable String trustStore) {
+			this.trustStore = trustStore;
+		}
+
+		public String getTrustStoreType() {
+			return this.trustStoreType;
+		}
+
+		public void setTrustStoreType(String trustStoreType) {
+			this.trustStoreType = trustStoreType;
+		}
+
+		public @Nullable String getTrustStorePassword() {
+			return this.trustStorePassword;
+		}
+
+		public void setTrustStorePassword(@Nullable String trustStorePassword) {
+			this.trustStorePassword = trustStorePassword;
+		}
+
+		public String getTrustStoreAlgorithm() {
+			return this.trustStoreAlgorithm;
+		}
+
+		public void setTrustStoreAlgorithm(String trustStoreAlgorithm) {
+			this.trustStoreAlgorithm = trustStoreAlgorithm;
+		}
+
+		public String getAlgorithm() {
+			return this.algorithm;
+		}
+
+		public void setAlgorithm( String sslAlgorithm) {
+			this.algorithm = sslAlgorithm;
+		}
+
+	}
+
 	public static class Validation {
 
 		/**
diff --git a/module/spring-boot-ldap/src/test/java/org/springframework/boot/ldap/autoconfigure/embedded/EmbeddedLdapAutoConfigurationTests.java b/module/spring-boot-ldap/src/test/java/org/springframework/boot/ldap/autoconfigure/embedded/EmbeddedLdapAutoConfigurationTests.java
index 00e0d23a697..d7724305191 100644
--- a/module/spring-boot-ldap/src/test/java/org/springframework/boot/ldap/autoconfigure/embedded/EmbeddedLdapAutoConfigurationTests.java
+++ b/module/spring-boot-ldap/src/test/java/org/springframework/boot/ldap/autoconfigure/embedded/EmbeddedLdapAutoConfigurationTests.java
@@ -24,6 +24,7 @@ import java.util.ArrayList;
 import java.util.List;
 
 import com.unboundid.ldap.listener.InMemoryDirectoryServer;
+import com.unboundid.ldap.listener.InMemoryListenerConfig;
 import com.unboundid.ldap.sdk.BindResult;
 import com.unboundid.ldap.sdk.DN;
 import com.unboundid.ldap.sdk.LDAPConnection;
@@ -36,7 +37,6 @@ import org.springframework.boot.autoconfigure.AutoConfigurations;
 import org.springframework.boot.autoconfigure.context.PropertyPlaceholderAutoConfiguration;
 import org.springframework.boot.autoconfigure.ssl.SslAutoConfiguration;
 import org.springframework.boot.ldap.autoconfigure.LdapAutoConfiguration;
-import org.springframework.boot.ssl.SslBundles;
 import org.springframework.boot.test.context.FilteredClassLoader;
 import org.springframework.boot.test.context.runner.ApplicationContextRunner;
 import org.springframework.boot.test.util.TestPropertyValues;
@@ -71,26 +71,95 @@ class EmbeddedLdapAutoConfigurationTests {
 	}
 
 	@Test
-	void testLdapsVersion() {
+	void testServerDefaultNoSsl() {
+		this.contextRunner
+			.withPropertyValues("spring.ldap.embedded.port:1234", "spring.ldap.embedded.base-dn:dc=spring,dc=org")
+			.run((context) -> {
+				InMemoryDirectoryServer server = context.getBean(InMemoryDirectoryServer.class);
+				assertThat(server.getConfig().getListenerConfigs().size()).isEqualTo(1);
+				InMemoryListenerConfig config = server.getConfig().getListenerConfigs().get(0);
+				assertThat(config.getListenerName()).isEqualTo("LDAP");
+			});
+	}
+
+	 @Test
+	 void testServerWithSslBundle() {
+		 List<String> propertyValues = new ArrayList<>();
+		 String location = "classpath:org/springframework/boot/ldap/autoconfigure/embedded/";
+		 propertyValues.add("spring.ssl.bundle.jks.test.keystore.password=secret");
+		 propertyValues.add("spring.ssl.bundle.jks.test.keystore.location=" + location + "test.jks");
+		 propertyValues.add("spring.ssl.bundle.jks.test.truststore.location=" + location + "test.jks");
+		 propertyValues.add("spring.ldap.embedded.port:1234");
+		 propertyValues.add("spring.ldap.embedded.base-dn:dc=spring,dc=org");
+		 propertyValues.add("spring.ldap.embedded.ssl.enabled:true");
+		 propertyValues.add("spring.ldap.embedded.ssl.bundle:test");
+		 this.contextRunner
+			 .withPropertyValues(propertyValues.toArray(String[]::new))
+			 .run((context) -> {
+				 InMemoryDirectoryServer server = context.getBean(InMemoryDirectoryServer.class);
+				 assertThat(server.getConfig().getListenerConfigs().size()).isEqualTo(1);
+				 InMemoryListenerConfig config = server.getConfig().getListenerConfigs().get(0);
+				 assertThat(config.getListenerName()).isEqualTo("LDAPS");
+				 assertThat(config.getListenPort()).isEqualTo(1234);
+				 assertThat(server.getListenPort()).isEqualTo(1234);
+				 assertThat(server.getConnection("LDAPS").getSSLSession()).isNotNull();
+		 });
+	 }
+
+	@Test
+	void testServerWithInvalidSslBundleShouldFail() {
 		List<String> propertyValues = new ArrayList<>();
 		String location = "classpath:org/springframework/boot/ldap/autoconfigure/embedded/";
-		propertyValues.add("spring.ssl.bundle.pem.test.key.alias=alias1");
-		propertyValues.add("spring.ssl.bundle.pem.test.key.password=secret1");
-		propertyValues.add("spring.ssl.bundle.pem.test.keystore.certificate=" + location + "rsa-cert.pem");
-		propertyValues.add("spring.ssl.bundle.pem.test.keystore.keystore.private-key=" + location + "rsa-key.pem");
-		propertyValues.add("spring.ssl.bundle.pem.test.truststore.certificate=" + location + "rsa-cert.pem");
+		propertyValues.add("spring.ssl.bundle.jks.test.keystore.password=secret");
+		propertyValues.add("spring.ssl.bundle.jks.test.keystore.location=" + location + "test.jks");
 		propertyValues.add("spring.ldap.embedded.port:1234");
 		propertyValues.add("spring.ldap.embedded.base-dn:dc=spring,dc=org");
-		propertyValues.add("spring.ldap.embedded.ldaps:true");
-		propertyValues.add("spring.ldap.embedded.sslBundleName:test");
-		propertyValues.add("spring.ldap.embedded.credential.username:uid=root");
-		propertyValues.add("spring.ldap.embedded.credential.password:boot");
+		propertyValues.add("spring.ldap.embedded.ssl.enabled:true");
+		propertyValues.add("spring.ldap.embedded.ssl.bundle:foo");
+		this.contextRunner.withPropertyValues(propertyValues.toArray(String[]::new)).run((context) -> {
+			assertThat(context).hasFailed();
+			assertThat(context).getFailure().hasMessageContaining("foo");
+			assertThat(context).getFailure().hasMessageContaining("cannot be found");
+		});
+	}
+
+	@Test
+	void testServerWithSsl() {
+		List<String> propertyValues = new ArrayList<>();
+		String location = "classpath:org/springframework/boot/ldap/autoconfigure/embedded/";
+		propertyValues.add("spring.ldap.embedded.port:1234");
+		propertyValues.add("spring.ldap.embedded.base-dn:dc=spring,dc=org");
+		propertyValues.add("spring.ldap.embedded.ssl.enabled:true");
+		propertyValues.add("spring.ldap.embedded.ssl.keyStorePassword=secret");
+		propertyValues.add("spring.ldap.embedded.ssl.keyStore=" + location + "test.jks");
+		propertyValues.add("spring.ldap.embedded.ssl.trustStorePassword=secret");
+		propertyValues.add("spring.ldap.embedded.ssl.trustStore=" + location + "test.jks");
 		this.contextRunner.withPropertyValues(propertyValues.toArray(String[]::new)).run((context) -> {
-			context.getBean(SslBundles.class);
 			InMemoryDirectoryServer server = context.getBean(InMemoryDirectoryServer.class);
+			assertThat(server.getConfig().getListenerConfigs().size()).isEqualTo(1);
+			InMemoryListenerConfig config = server.getConfig().getListenerConfigs().get(0);
+			assertThat(config.getListenerName()).isEqualTo("LDAPS");
+			assertThat(config.getListenPort()).isEqualTo(1234);
 			assertThat(server.getListenPort()).isEqualTo(1234);
-			BindResult result = server.bind("uid=root", "boot");
-			assertThat(result).isNotNull();
+			assertThat(server.getConnection("LDAPS").getSSLSession()).isNotNull();
+		});
+	}
+
+	@Test
+	void testServerWithInvalidSslShouldFail() {
+		List<String> propertyValues = new ArrayList<>();
+		String location = "classpath:org/springframework/boot/ldap/autoconfigure/embedded/";
+		propertyValues.add("spring.ldap.embedded.port:1234");
+		propertyValues.add("spring.ldap.embedded.base-dn:dc=spring,dc=org");
+		propertyValues.add("spring.ldap.embedded.ssl.enabled:true");
+		propertyValues.add("spring.ldap.embedded.ssl.keyStorePassword=secret");
+		propertyValues.add("spring.ldap.embedded.ssl.keyStore=" + location + "foo");
+		propertyValues.add("spring.ldap.embedded.ssl.trustStorePassword=secret");
+		propertyValues.add("spring.ldap.embedded.ssl.trustStore=" + location + "foo");
+		this.contextRunner.withPropertyValues(propertyValues.toArray(String[]::new)).run((context) -> {
+			assertThat(context).hasFailed();
+			assertThat(context).getFailure().hasMessageContaining("foo");
+			assertThat(context).getFailure().hasMessageContaining("does not exist");
 		});
 	}
 
diff --git a/module/spring-boot-ldap/src/test/resources/org/springframework/boot/ldap/autoconfigure/embedded/keystore.jks b/module/spring-boot-ldap/src/test/resources/org/springframework/boot/ldap/autoconfigure/embedded/keystore.jks
deleted file mode 100644
index 4e5e1399aee491f1765c8ff8a833c7c1103380ae..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 32
mcmezO_TO6u1_mY|W@tFi`n=R{PU>QDACY&KEuvWkKVksZ3=H4^

diff --git a/module/spring-boot-ldap/src/test/resources/org/springframework/boot/ldap/autoconfigure/embedded/keystore.pkcs12 b/module/spring-boot-ldap/src/test/resources/org/springframework/boot/ldap/autoconfigure/embedded/keystore.pkcs12
deleted file mode 100644
index 8c9a6ffa62f44dc739e0849bacce4b3bd6b2f2a6..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 103
zcmV-t0GR(UWdZ>MFcAg`Duzgg_YDCD0iXl~0x$qDO)xPq4F(BdhDZTr0|WvA1povf
zvJZ7z`bbPmL!}G_MScP$r~?xi3ALqBRfwXz2zS1)1QaQ|@ehK>n61?5=jVJYDi7ZE
JuxSDUClLO2A6)<d

diff --git a/module/spring-boot-ldap/src/test/resources/org/springframework/boot/ldap/autoconfigure/embedded/rsa-cert.pem b/module/spring-boot-ldap/src/test/resources/org/springframework/boot/ldap/autoconfigure/embedded/rsa-cert.pem
deleted file mode 100644
index a92d2cca7fd..00000000000
--- a/module/spring-boot-ldap/src/test/resources/org/springframework/boot/ldap/autoconfigure/embedded/rsa-cert.pem
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID1zCCAr+gAwIBAgIUNM5QQv8IzVQsgSmmdPQNaqyzWs4wDQYJKoZIhvcNAQEL
-BQAwezELMAkGA1UEBhMCWFgxEjAQBgNVBAgMCVN0YXRlTmFtZTERMA8GA1UEBwwI
-Q2l0eU5hbWUxFDASBgNVBAoMC0NvbXBhbnlOYW1lMRswGQYDVQQLDBJDb21wYW55
-U2VjdGlvbk5hbWUxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMzA5MTExMjExNTha
-Fw0zMzA5MDgxMjExNThaMHsxCzAJBgNVBAYTAlhYMRIwEAYDVQQIDAlTdGF0ZU5h
-bWUxETAPBgNVBAcMCENpdHlOYW1lMRQwEgYDVQQKDAtDb21wYW55TmFtZTEbMBkG
-A1UECwwSQ29tcGFueVNlY3Rpb25OYW1lMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEi
-MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfdkeEiCk+5mpXUhJ1FLmOCx6/
-jAHHaDxZ8hIpyp/c4ZAqFX5uamP08jL056kRKL4RRoUamNWdt0dgpHqds/84pb+3
-OlCVjnFvzGVrvRwdrrQA2mda0BDm2Qnb0r9IhZr7tBpursbDsIC1U6zk1iwrbiO3
-hu0/9uXlMWt49nccTDOpTtuhYUPEA3+NQFqUCwHrd8H9j+BQD5lf4RhoE6krDdV1
-JD8qOns+uD6IKn0xfyPHmy8LD0mM5Rch6J13TZnH1yeFT8Y0ZnAPuwXHO5BNw504
-3Kt/das3NvV+4Qq0qQ08NFK+vmoooP11uIcZb8gUaMgmRINL4P3TOhyA1ueXAgMB
-AAGjUzBRMB0GA1UdDgQWBBRHYz8OjqU/4JZMegJaN/jQbdj4MjAfBgNVHSMEGDAW
-gBRHYz8OjqU/4JZMegJaN/jQbdj4MjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
-DQEBCwUAA4IBAQBr9zqlNx7Mr1ordGfhk+xFrDtyBnk1vXbwVdnog66REqpPLH+K
-MfCKdj6wFoPa8ZjPb4VYFp2DvMxVXtFMzqGfLjYJPqefEzQCleOcA5aiE/ENIaaD
-ybYh99V5CsFAqyKuHLBFEzeYJ028SR3QsCISom0k/Fh6y2IwHJJEHykjqJKvL4bb
-V0IJjcmYjEZbTvpjFKznvaFiOUv+8L7jHQ1/Yf+9c3C8gSjdUfv88m17pqYXd+Ds
-HEmfmNNjht130UyjNCITmLVXyy5p35vWmdf95U3uEbJSnNVtXH8qRmN9oK9mUpDb
-ngX6JBJI7fw7tXoqWSLHNiBODM88fUlQSho8
------END CERTIFICATE-----
diff --git a/module/spring-boot-ldap/src/test/resources/org/springframework/boot/ldap/autoconfigure/embedded/rsa-key.pem b/module/spring-boot-ldap/src/test/resources/org/springframework/boot/ldap/autoconfigure/embedded/rsa-key.pem
deleted file mode 100644
index 895b7763f49..00000000000
--- a/module/spring-boot-ldap/src/test/resources/org/springframework/boot/ldap/autoconfigure/embedded/rsa-key.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCfdkeEiCk+5mpX
-UhJ1FLmOCx6/jAHHaDxZ8hIpyp/c4ZAqFX5uamP08jL056kRKL4RRoUamNWdt0dg
-pHqds/84pb+3OlCVjnFvzGVrvRwdrrQA2mda0BDm2Qnb0r9IhZr7tBpursbDsIC1
-U6zk1iwrbiO3hu0/9uXlMWt49nccTDOpTtuhYUPEA3+NQFqUCwHrd8H9j+BQD5lf
-4RhoE6krDdV1JD8qOns+uD6IKn0xfyPHmy8LD0mM5Rch6J13TZnH1yeFT8Y0ZnAP
-uwXHO5BNw5043Kt/das3NvV+4Qq0qQ08NFK+vmoooP11uIcZb8gUaMgmRINL4P3T
-OhyA1ueXAgMBAAECggEAPK1LqmULWMlhdoeeyVlQ//lAQn+6X4/MwycG/UsCSJC2
-BCV4nfgyv853UFRkM0jPBhDQ7h1wz1ohuWbs11xaBcqgKE7ywe3ZQULD5tqnO64y
-BU8V2+rnO4gjpbdMHQLlxdgy5KHxtR3Q4+6Kj+rlFMOMqLWZSmke8na7H+SczzGf
-+dZO4LRTbjGmFdUidehovm2icSM8OdU2w3FHlFRu2NBsTHGeAhRw86Yw24KfJp4R
-GSDQIBdwp1wCs5w7w4zPjxS7Zi+Uwspyq31KDJwyfK2O1WLI05bQ6FLqVRD/xy+Y
-b4WCse1O08SYWze2No915LB07sokgmomr3//bOwuEQKBgQDPBrPQXokn0BoTlgsa
-JohgWzQ5P9u/2WY+u2SG/xgNEx0s+lk/AmAH80wsBJ68FV6z5Non7TzD7xCsf2HJ
-3cP/EHl2ngTctz/eqpCcS5UPZBHmay60q6WKIkH/3ml7c0UhlqSqS3EDVyEe05hk
-msWAN+fV4ajVlhWgiUZRVdxMpwKBgQDFLyPBOEn6zLOHfkQWcibVf8s2LTe76R/S
-8Gk3jbk5mimR3vNm0L/rHqGwl75rOuFiFOHVkfuY9Dawaht0QnagjayT5hDqr6aD
-s5Chyoy9qpXnfnqOgk6rQZqj+/ODkjqEkBdRCKWvCVnDIi3Au2kS3QIc4iTsGrBW
-ygZdbxM7kQKBgEuzS7T5nHVuZtqaltytElkJgIMekqAIQpbVtuCWDplZT+XOdSvR
-FoRRtpyx48kql0J4gDzxRrLui85Hld5WtQBjacax6V07tKMbA13jVVIXaWQz9RQj
-X5ivBisljLSTZcfuaa/LfjuWdIntHWBMJ8PGrYNLzIytIKNfDtNW7gMpAoGAIRZQ
-5JpCZ7Azq9e3KyEKfSbNfZDG2mQ679Vhgm3ol87TjOOhai47FgP008IStMGTkja4
-0nKFilvoVV/orXB9oWFEhSjEy+yff1gBO/TV+vmF3+tsOz+IXdpLTZr4eKpv4VCg
-aPuPebiS9Fhm3wFTl1O4iAo2cdvknRuXR9RcoNECgYADksGk1lJGW5kMIMJ+6os+
-CJdGnJiX7XsnM0VzkagswnqDe03SqkJuFOmIp96eitxLT4EfB+585pYQRSy2fyJX
-WR2AAnC7oqUcQFkgDt9WBZAazI6aLXYO+trRoGKuWynGM8mjetr5C75g0auj4lsN
-rGiie2UnjshJ67FrG4kZoA==
------END PRIVATE KEY-----
diff --git a/module/spring-boot-ldap/src/test/resources/org/springframework/boot/ldap/autoconfigure/embedded/test.jks b/module/spring-boot-ldap/src/test/resources/org/springframework/boot/ldap/autoconfigure/embedded/test.jks
new file mode 100644
index 0000000000000000000000000000000000000000..8413be810956262d0da0387e8781fc4d27f6b027
GIT binary patch
literal 1294
zcmezO_TO6u1_mY|W&~r_+{*0KN+2&TwQlnkAl+}!#Mo`X$Ht}2#>m2`#U#kc$jZRd
z#8^J5!~Wmp7|YE9c_o202CEfvPJAt&F-z+E+Y5Je-P@SM3x!M{?<`L$d7kPy>HgY<
z0rl+7ddFPf9_^UC?)~PM8U_ciTzNlZu6ENGso!d;PtM$lt<~ROC~|P;oYPIU`ifCm
z3xrl>nF}qFRax}#!Gf-mKc9ryWTqXD5RA>>WDIzayKC#wV=9~F(x>fBQsZQ6{U|+U
z!WW$>x*Dgfn4=QHB86`zaB53NZvW1sG()7e{`<U!S?8zCS9z5CW6v$FyNvpa>TIV!
z&3V4Ogyo;agqT?@rcV<jL#tUeZw9W-J`kJyeuA8BvZmfzLn+VcqDAwji7ix8`;_3Y
zY2n_+uW^g_$Vn8*UJ*I{Q0Z-4lYgK&%j@7dhc<^knH@Y;y<I`?L&Li49M)R~$$_aQ
z?=JfJC@rpBmV4^(%rioF|4sA%^toN((EI)pu16ocyA5q-DBibbT=zBh#lh8v*$=D}
z&Ph7z6xNH`o?NqG*_mGMMG6Iqv-^bJ_1?ej-0|eOcM~L*BJ@lREEyP>Ee)EOO%0lu
zJ}+QqVq{`s(UY*NH{fPt*J|@PXTieE%3zRVC;*H-=1>+kVfN6x?7aN)JeUXvh6p=`
z2p5J3H--o^T*N?5oY&CYz!C_}4NXl=qCi|jBLfR4m(H$fV%z~ty*jYqU<7jHnHn1z
z{?-RK%9aXg2Hp3Xqxa^?^KXLNgKXZrFdUY%Z`c;7mgySnpcME!(zZ9^*Z!klcNu&;
zJv%h#dZTrNtV#Z-w1n;1GXs_`nLqypOSOQ~A^+Vgum9VAO!|j)`14~cmWlGS{BHhs
z`Ka7sCesk%D6xq~-%3BP(@wmu_5PC*v*g^19*oDCL>Z<h1oVq4bD!BXX=l@-*Dc&1
zB4oaToc8_Ug4S!ZZSS4lvpU9XNBGXlDeHItvU=6@Gu(&Umc1!GFfzPv*Of^BXNBwn
zjSX8o#R`>Q_-Kd;Z$Hmz)N^9lLmRQG?vR>ZjR%X@$!Tw1Ryr|naXt4hMbo5@zmuvM
zRjkh}`M7UI;DpW<&G#QhJ)O@ssXHyMp*mDGh0(|Q-+50h=EhbAkUKiu|LR|O{i|~8
zG#9?b`_jG2zRtb(d;J9c=WfRw1SLMc;#t4^)bdH$I%1_8mU!~AelPGZ&F0$q@R`9O
zTlJYe_wAPLtUcO4Q%WhRoN3F19Qh9Ow1TBSOuwH0IP>TZsa20}Jy&_$o4sju^m418
zzVifG8;&#`T)}fG(e3OcJ!7?pmWGQJ4de}Ef$3J3k420{WPN8vSnXA<!mrme*PZ?L
z%*nN-o*N~dGwU-L=rD<B6q$wY7vp-IX<fc$#jEHOx8F_kXA-d~+AFiYeA~YN+1I~b
he<go)d!F{}Lp97Id)QjtHUveOI|oSiZN4wW002kI0+Ij#

literal 0
HcmV?d00001