Skip to content

3.4.0 SSLBundle breaks keystores on filesystem location: keys/client.p12 #43373

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
space88man opened this issue Dec 4, 2024 · 2 comments
Closed

3.4.0 SSLBundle breaks keystores on filesystem location: keys/client.p12 #43373

space88man opened this issue Dec 4, 2024 · 2 comments
Labels
status: duplicate A duplicate of another issue

Comments

@space88man
Copy link

space88man commented Dec 4, 2024
edited
Loading

Background: we use keystores on filesystem for CI/CD with the location: xxxx a bare string without classpath: or any other scheme; xxxx is a relative filename to where the artifact runs/is tested.

With Spring Boot 3.3.x this would be found on the filesystem.
With Spring Boot 3.4.0 this is broken: it seems that the search is only on classpath: or servlet context

Works with 3.3.x, keystores on filesytem. This breaks on 3.4.0 and the complaint is about

Caused by: java.lang.IllegalStateException: Could not load store from 'keys/client.p12'

# keystores in current directory key/
# application.yml in config/
# works with 3.3.6
# breaks with 3.4.0
spring:
  application:
    name: demo-sslbundle
  ssl:
    bundle:
      jks:
        clientmtls:
          truststore:
            location: "keys/truststore.p12"
            password: "password-truststore"
            type: "PKCS12"
          keystore:
            location: "keys/client.p12"
            password: "password-client"
            type: "PKCS12"

With 3.4.0:

[INFO] [stdout] 
[INFO] [stdout]   .   ____          _            __ _ _
[INFO] [stdout]  /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
[INFO] [stdout] ( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
[INFO] [stdout]  \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
[INFO] [stdout]   '  |____| .__|_| |_|_| |_\__, | / / / /
[INFO] [stdout]  =========|_|==============|___/=/_/_/_/
[INFO] [stdout] 
[INFO] [stdout]  :: Spring Boot ::                (v3.4.0)
[INFO] [stdout] 
[INFO] [stdout] 2024-12-04T14:38:41.977+08:00  INFO 747663 --- [demo-sslbundle] [           main] c.e.d.s.DemoSslbundleApplication         : Starting DemoSslbundleApplication using Java 21.0.4 with PID 747663 (/work/richard/TreeBox/workspaces/spring/demo-sslbundle/target/classes started by richard in /work/richard/TreeBox/workspaces/spring/demo-sslbundle)
[INFO] [stdout] 2024-12-04T14:38:41.978+08:00  INFO 747663 --- [demo-sslbundle] [           main] c.e.d.s.DemoSslbundleApplication         : No active profile set, falling back to 1 default profile: "default"
[INFO] [stdout] 2024-12-04T14:38:42.297+08:00  INFO 747663 --- [demo-sslbundle] [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat initialized with port 8080 (http)
[INFO] [stdout] 2024-12-04T14:38:42.302+08:00  INFO 747663 --- [demo-sslbundle] [           main] o.apache.catalina.core.StandardService   : Starting service [Tomcat]
[INFO] [stdout] 2024-12-04T14:38:42.302+08:00  INFO 747663 --- [demo-sslbundle] [           main] o.apache.catalina.core.StandardEngine    : Starting Servlet engine: [Apache Tomcat/10.1.33]
[INFO] [stdout] 2024-12-04T14:38:42.316+08:00  INFO 747663 --- [demo-sslbundle] [           main] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext
[INFO] [stdout] 2024-12-04T14:38:42.316+08:00  INFO 747663 --- [demo-sslbundle] [           main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 325 ms
[INFO] [stdout] =======> data = 2024-12-04T14:38:42.369+08:00  WARN 747663 --- [demo-sslbundle] [           main] ConfigServletWebServerApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'demoSslbundleApplication': Invocation of init method failed
[INFO] [stdout] 2024-12-04T14:38:42.370+08:00  INFO 747663 --- [demo-sslbundle] [           main] o.apache.catalina.core.StandardService   : Stopping service [Tomcat]
[INFO] [stdout] 2024-12-04T14:38:42.375+08:00  INFO 747663 --- [demo-sslbundle] [           main] .s.b.a.l.ConditionEvaluationReportLogger : 
[INFO] [stdout] 
[INFO] [stdout] Error starting ApplicationContext. To display the condition evaluation report re-run your application with 'debug' enabled.
[INFO] [stdout] 2024-12-04T14:38:42.380+08:00 ERROR 747663 --- [demo-sslbundle] [           main] o.s.boot.SpringApplication               : Application run failed
[INFO] [stdout] 
[INFO] [stdout] org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'demoSslbundleApplication': Invocation of init method failed
[INFO] [stdout] 	at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor.postProcessBeforeInitialization(InitDestroyAnnotationBeanPostProcessor.java:222) ~[spring-beans-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyBeanPostProcessorsBeforeInitialization(AbstractAutowireCapableBeanFactory.java:423) ~[spring-beans-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1794) ~[spring-beans-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:601) ~[spring-beans-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:523) ~[spring-beans-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:336) ~[spring-beans-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:288) ~[spring-beans-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:334) ~[spring-beans-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199) ~[spring-beans-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.beans.factory.support.DefaultListableBeanFactory.instantiateSingleton(DefaultListableBeanFactory.java:1122) ~[spring-beans-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingleton(DefaultListableBeanFactory.java:1093) ~[spring-beans-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:1030) ~[spring-beans-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:987) ~[spring-context-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:627) ~[spring-context-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:146) ~[spring-boot-3.4.0.jar:3.4.0]
[INFO] [stdout] 	at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:752) ~[spring-boot-3.4.0.jar:3.4.0]
[INFO] [stdout] 	at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:439) ~[spring-boot-3.4.0.jar:3.4.0]
[INFO] [stdout] 	at org.springframework.boot.SpringApplication.run(SpringApplication.java:318) ~[spring-boot-3.4.0.jar:3.4.0]
[INFO] [stdout] 	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1361) ~[spring-boot-3.4.0.jar:3.4.0]
[INFO] [stdout] 	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1350) ~[spring-boot-3.4.0.jar:3.4.0]
[INFO] [stdout] 	at com.example.demos.sslbundle.DemoSslbundleApplication.main(DemoSslbundleApplication.java:17) ~[classes/:na]
[INFO] [stdout] Caused by: java.lang.IllegalStateException: Unable to create key store: Could not load store from 'keys/client.p12'
[INFO] [stdout] 	at org.springframework.boot.ssl.jks.JksSslStoreBundle.createKeyStore(JksSslStoreBundle.java:112) ~[spring-boot-3.4.0.jar:3.4.0]
[INFO] [stdout] 	at org.springframework.boot.ssl.jks.JksSslStoreBundle.lambda$new$0(JksSslStoreBundle.java:75) ~[spring-boot-3.4.0.jar:3.4.0]
[INFO] [stdout] 	at org.springframework.util.function.SingletonSupplier.get(SingletonSupplier.java:106) ~[spring-core-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.boot.ssl.jks.JksSslStoreBundle.toString(JksSslStoreBundle.java:147) ~[spring-boot-3.4.0.jar:3.4.0]
[INFO] [stdout] 	at java.base/java.lang.String.valueOf(String.java:4465) ~[na:na]
[INFO] [stdout] 	at org.springframework.core.style.DefaultValueStyler.styleObject(DefaultValueStyler.java:201) ~[spring-core-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.core.style.DefaultValueStyler.style(DefaultValueStyler.java:81) ~[spring-core-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.core.style.DefaultToStringStyler.styleValue(DefaultToStringStyler.java:96) ~[spring-core-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.core.style.DefaultToStringStyler.styleField(DefaultToStringStyler.java:83) ~[spring-core-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.core.style.ToStringCreator.append(ToStringCreator.java:157) ~[spring-core-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.boot.autoconfigure.ssl.PropertiesSslBundle.toString(PropertiesSslBundle.java:178) ~[spring-boot-autoconfigure-3.4.0.jar:3.4.0]
[INFO] [stdout] 	at java.base/java.util.Formatter$FormatSpecifier.printString(Formatter.java:3158) ~[na:na]
[INFO] [stdout] 	at java.base/java.util.Formatter$FormatSpecifier.print(Formatter.java:3036) ~[na:na]
[INFO] [stdout] 	at java.base/java.util.Formatter.format(Formatter.java:2791) ~[na:na]
[INFO] [stdout] 	at java.base/java.io.PrintStream.implFormat(PrintStream.java:1367) ~[na:na]
[INFO] [stdout] 	at java.base/java.io.PrintStream.format(PrintStream.java:1346) ~[na:na]
[INFO] [stdout] 	at java.base/java.io.PrintStream.printf(PrintStream.java:1245) ~[na:na]
[INFO] [stdout] 	at com.example.demos.sslbundle.DemoSslbundleApplication.postConstruct(DemoSslbundleApplication.java:23) ~[classes/:na]
[INFO] [stdout] 	at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) ~[na:na]
[INFO] [stdout] 	at java.base/java.lang.reflect.Method.invoke(Method.java:580) ~[na:na]
[INFO] [stdout] 	at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor$LifecycleMethod.invoke(InitDestroyAnnotationBeanPostProcessor.java:457) ~[spring-beans-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor$LifecycleMetadata.invokeInitMethods(InitDestroyAnnotationBeanPostProcessor.java:401) ~[spring-beans-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor.postProcessBeforeInitialization(InitDestroyAnnotationBeanPostProcessor.java:219) ~[spring-beans-6.2.0.jar:6.2.0]
[INFO] [stdout] 	... 20 common frames omitted
[INFO] [stdout] Caused by: java.lang.IllegalStateException: Could not load store from 'keys/client.p12'
[INFO] [stdout] 	at org.springframework.boot.ssl.jks.JksSslStoreBundle.loadKeyStore(JksSslStoreBundle.java:140) ~[spring-boot-3.4.0.jar:3.4.0]
[INFO] [stdout] 	at org.springframework.boot.ssl.jks.JksSslStoreBundle.createKeyStore(JksSslStoreBundle.java:107) ~[spring-boot-3.4.0.jar:3.4.0]
[INFO] [stdout] 	... 42 common frames omitted
[INFO] [stdout] Caused by: java.io.FileNotFoundException: Could not open ServletContext resource [/keys/client.p12]
[INFO] [stdout] 	at org.springframework.web.context.support.ServletContextResource.getInputStream(ServletContextResource.java:165) ~[spring-web-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.boot.ssl.jks.JksSslStoreBundle.loadKeyStore(JksSslStoreBundle.java:135) ~[spring-boot-3.4.0.jar:3.4.0]
[INFO] [stdout] 	... 43 common frames omitted

With 3.3.6:

[INFO] Attaching agents: []
[INFO] [stdout] 
[INFO] [stdout]   .   ____          _            __ _ _
[INFO] [stdout]  /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
[INFO] [stdout] ( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
[INFO] [stdout]  \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
[INFO] [stdout]   '  |____| .__|_| |_|_| |_\__, | / / / /
[INFO] [stdout]  =========|_|==============|___/=/_/_/_/
[INFO] [stdout] 
[INFO] [stdout]  :: Spring Boot ::                (v3.3.6)
[INFO] [stdout] 
[INFO] [stdout] 2024-12-04T14:31:47.064+08:00  INFO 746788 --- [demo-sslbundle] [           main] c.e.d.s.DemoSslbundleApplication         : Starting DemoSslbundleApplication using Java 21.0.4 with PID 746788 (/work/richard/TreeBox/workspaces/spring/demo-sslbundle/target/classes started by richard in /work/richard/TreeBox/workspaces/spring/demo-sslbundle)
[INFO] [stdout] 2024-12-04T14:31:47.065+08:00  INFO 746788 --- [demo-sslbundle] [           main] c.e.d.s.DemoSslbundleApplication         : No active profile set, falling back to 1 default profile: "default"
[INFO] [stdout] 2024-12-04T14:31:47.382+08:00  INFO 746788 --- [demo-sslbundle] [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat initialized with port 8080 (http)
[INFO] [stdout] 2024-12-04T14:31:47.387+08:00  INFO 746788 --- [demo-sslbundle] [           main] o.apache.catalina.core.StandardService   : Starting service [Tomcat]
[INFO] [stdout] 2024-12-04T14:31:47.387+08:00  INFO 746788 --- [demo-sslbundle] [           main] o.apache.catalina.core.StandardEngine    : Starting Servlet engine: [Apache Tomcat/10.1.33]
[INFO] [stdout] 2024-12-04T14:31:47.401+08:00  INFO 746788 --- [demo-sslbundle] [           main] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext
[INFO] [stdout] 2024-12-04T14:31:47.402+08:00  INFO 746788 --- [demo-sslbundle] [           main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 319 ms
[INFO] [stdout] =======> data = [PropertiesSslBundle@1f67761b key = [SslBundleKey.1@5a034157 alias = [null], password = [null]], options = [SslOptions.1@2f4ba1ae ciphers = [null], enabledProtocols = [null]], protocol = 'TLS', stores = [JksSslStoreBundle@1391af3b keyStore.type = 'PKCS12', keyStorePassword = '******', trustStore.type = 'PKCS12']]
[INFO] [stdout] 2024-12-04T14:31:47.615+08:00  INFO 746788 --- [demo-sslbundle] [           main] o.s.b.a.e.web.EndpointLinksResolver      : Exposing 1 endpoint beneath base path '/actuator'
[INFO] [stdout] 2024-12-04T14:31:47.633+08:00  INFO 746788 --- [demo-sslbundle] [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port 8080 (http) with context path '/'
[INFO] [stdout] 2024-12-04T14:31:47.637+08:00  INFO 746788 --- [demo-sslbundle] [           main] c.e.d.s.DemoSslbundleApplication         : Started DemoSslbundleApplication in 0.703 seconds (process running for 0.796)

Reproducer: try with 3.3.6 and 3.4.0
demo-sslbundle.zip
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Dec 4, 2024
@quaff
Copy link
Contributor

quaff commented Dec 4, 2024

It should be fixed by 3ddfd62

@space88man
Copy link
Author

Closing as duplicate of #43274

@bclozel bclozel added status: duplicate A duplicate of another issue and removed status: waiting-for-triage An issue we've not yet triaged labels Dec 4, 2024
@bclozel bclozel closed this as not planned Won't fix, can't repro, duplicate, stale Dec 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status: duplicate A duplicate of another issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bclozel @quaff @spring-projects-issues @space88man