3.4.0 SSLBundle breaks keystores on filesystem location: keys/client.p12

Background: we use keystores on filesystem for CI/CD with the `location: xxxx` a bare string without `classpath:` or any other scheme; `xxxx` is a relative filename to where the artifact runs/is tested.

With Spring Boot 3.3.x this would be found on the filesystem.
With Spring Boot 3.4.0 this is broken: it seems that the search is only on classpath: or servlet context

Works with 3.3.x, keystores on filesytem. This breaks on 3.4.0 and the complaint is about
```
Caused by: java.lang.IllegalStateException: Could not load store from 'keys/client.p12'
```

```
# keystores in current directory key/
# application.yml in config/
# works with 3.3.6
# breaks with 3.4.0
spring:
  application:
    name: demo-sslbundle
  ssl:
    bundle:
      jks:
        clientmtls:
          truststore:
            location: "keys/truststore.p12"
            password: "password-truststore"
            type: "PKCS12"
          keystore:
            location: "keys/client.p12"
            password: "password-client"
            type: "PKCS12"
```

With 3.4.0:
```
[INFO] [stdout] 
[INFO] [stdout]   .   ____          _            __ _ _
[INFO] [stdout]  /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
[INFO] [stdout] ( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
[INFO] [stdout]  \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
[INFO] [stdout]   '  |____| .__|_| |_|_| |_\__, | / / / /
[INFO] [stdout]  =========|_|==============|___/=/_/_/_/
[INFO] [stdout] 
[INFO] [stdout]  :: Spring Boot ::                (v3.4.0)
[INFO] [stdout] 
[INFO] [stdout] 2024-12-04T14:38:41.977+08:00  INFO 747663 --- [demo-sslbundle] [           main] c.e.d.s.DemoSslbundleApplication         : Starting DemoSslbundleApplication using Java 21.0.4 with PID 747663 (/work/richard/TreeBox/workspaces/spring/demo-sslbundle/target/classes started by richard in /work/richard/TreeBox/workspaces/spring/demo-sslbundle)
[INFO] [stdout] 2024-12-04T14:38:41.978+08:00  INFO 747663 --- [demo-sslbundle] [           main] c.e.d.s.DemoSslbundleApplication         : No active profile set, falling back to 1 default profile: "default"
[INFO] [stdout] 2024-12-04T14:38:42.297+08:00  INFO 747663 --- [demo-sslbundle] [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat initialized with port 8080 (http)
[INFO] [stdout] 2024-12-04T14:38:42.302+08:00  INFO 747663 --- [demo-sslbundle] [           main] o.apache.catalina.core.StandardService   : Starting service [Tomcat]
[INFO] [stdout] 2024-12-04T14:38:42.302+08:00  INFO 747663 --- [demo-sslbundle] [           main] o.apache.catalina.core.StandardEngine    : Starting Servlet engine: [Apache Tomcat/10.1.33]
[INFO] [stdout] 2024-12-04T14:38:42.316+08:00  INFO 747663 --- [demo-sslbundle] [           main] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext
[INFO] [stdout] 2024-12-04T14:38:42.316+08:00  INFO 747663 --- [demo-sslbundle] [           main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 325 ms
[INFO] [stdout] =======> data = 2024-12-04T14:38:42.369+08:00  WARN 747663 --- [demo-sslbundle] [           main] ConfigServletWebServerApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'demoSslbundleApplication': Invocation of init method failed
[INFO] [stdout] 2024-12-04T14:38:42.370+08:00  INFO 747663 --- [demo-sslbundle] [           main] o.apache.catalina.core.StandardService   : Stopping service [Tomcat]
[INFO] [stdout] 2024-12-04T14:38:42.375+08:00  INFO 747663 --- [demo-sslbundle] [           main] .s.b.a.l.ConditionEvaluationReportLogger : 
[INFO] [stdout] 
[INFO] [stdout] Error starting ApplicationContext. To display the condition evaluation report re-run your application with 'debug' enabled.
[INFO] [stdout] 2024-12-04T14:38:42.380+08:00 ERROR 747663 --- [demo-sslbundle] [           main] o.s.boot.SpringApplication               : Application run failed
[INFO] [stdout] 
[INFO] [stdout] org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'demoSslbundleApplication': Invocation of init method failed
[INFO] [stdout] 	at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor.postProcessBeforeInitialization(InitDestroyAnnotationBeanPostProcessor.java:222) ~[spring-beans-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyBeanPostProcessorsBeforeInitialization(AbstractAutowireCapableBeanFactory.java:423) ~[spring-beans-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1794) ~[spring-beans-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:601) ~[spring-beans-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:523) ~[spring-beans-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:336) ~[spring-beans-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:288) ~[spring-beans-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:334) ~[spring-beans-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199) ~[spring-beans-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.beans.factory.support.DefaultListableBeanFactory.instantiateSingleton(DefaultListableBeanFactory.java:1122) ~[spring-beans-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingleton(DefaultListableBeanFactory.java:1093) ~[spring-beans-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:1030) ~[spring-beans-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:987) ~[spring-context-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:627) ~[spring-context-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:146) ~[spring-boot-3.4.0.jar:3.4.0]
[INFO] [stdout] 	at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:752) ~[spring-boot-3.4.0.jar:3.4.0]
[INFO] [stdout] 	at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:439) ~[spring-boot-3.4.0.jar:3.4.0]
[INFO] [stdout] 	at org.springframework.boot.SpringApplication.run(SpringApplication.java:318) ~[spring-boot-3.4.0.jar:3.4.0]
[INFO] [stdout] 	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1361) ~[spring-boot-3.4.0.jar:3.4.0]
[INFO] [stdout] 	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1350) ~[spring-boot-3.4.0.jar:3.4.0]
[INFO] [stdout] 	at com.example.demos.sslbundle.DemoSslbundleApplication.main(DemoSslbundleApplication.java:17) ~[classes/:na]
[INFO] [stdout] Caused by: java.lang.IllegalStateException: Unable to create key store: Could not load store from 'keys/client.p12'
[INFO] [stdout] 	at org.springframework.boot.ssl.jks.JksSslStoreBundle.createKeyStore(JksSslStoreBundle.java:112) ~[spring-boot-3.4.0.jar:3.4.0]
[INFO] [stdout] 	at org.springframework.boot.ssl.jks.JksSslStoreBundle.lambda$new$0(JksSslStoreBundle.java:75) ~[spring-boot-3.4.0.jar:3.4.0]
[INFO] [stdout] 	at org.springframework.util.function.SingletonSupplier.get(SingletonSupplier.java:106) ~[spring-core-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.boot.ssl.jks.JksSslStoreBundle.toString(JksSslStoreBundle.java:147) ~[spring-boot-3.4.0.jar:3.4.0]
[INFO] [stdout] 	at java.base/java.lang.String.valueOf(String.java:4465) ~[na:na]
[INFO] [stdout] 	at org.springframework.core.style.DefaultValueStyler.styleObject(DefaultValueStyler.java:201) ~[spring-core-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.core.style.DefaultValueStyler.style(DefaultValueStyler.java:81) ~[spring-core-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.core.style.DefaultToStringStyler.styleValue(DefaultToStringStyler.java:96) ~[spring-core-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.core.style.DefaultToStringStyler.styleField(DefaultToStringStyler.java:83) ~[spring-core-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.core.style.ToStringCreator.append(ToStringCreator.java:157) ~[spring-core-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.boot.autoconfigure.ssl.PropertiesSslBundle.toString(PropertiesSslBundle.java:178) ~[spring-boot-autoconfigure-3.4.0.jar:3.4.0]
[INFO] [stdout] 	at java.base/java.util.Formatter$FormatSpecifier.printString(Formatter.java:3158) ~[na:na]
[INFO] [stdout] 	at java.base/java.util.Formatter$FormatSpecifier.print(Formatter.java:3036) ~[na:na]
[INFO] [stdout] 	at java.base/java.util.Formatter.format(Formatter.java:2791) ~[na:na]
[INFO] [stdout] 	at java.base/java.io.PrintStream.implFormat(PrintStream.java:1367) ~[na:na]
[INFO] [stdout] 	at java.base/java.io.PrintStream.format(PrintStream.java:1346) ~[na:na]
[INFO] [stdout] 	at java.base/java.io.PrintStream.printf(PrintStream.java:1245) ~[na:na]
[INFO] [stdout] 	at com.example.demos.sslbundle.DemoSslbundleApplication.postConstruct(DemoSslbundleApplication.java:23) ~[classes/:na]
[INFO] [stdout] 	at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) ~[na:na]
[INFO] [stdout] 	at java.base/java.lang.reflect.Method.invoke(Method.java:580) ~[na:na]
[INFO] [stdout] 	at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor$LifecycleMethod.invoke(InitDestroyAnnotationBeanPostProcessor.java:457) ~[spring-beans-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor$LifecycleMetadata.invokeInitMethods(InitDestroyAnnotationBeanPostProcessor.java:401) ~[spring-beans-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor.postProcessBeforeInitialization(InitDestroyAnnotationBeanPostProcessor.java:219) ~[spring-beans-6.2.0.jar:6.2.0]
[INFO] [stdout] 	... 20 common frames omitted
[INFO] [stdout] Caused by: java.lang.IllegalStateException: Could not load store from 'keys/client.p12'
[INFO] [stdout] 	at org.springframework.boot.ssl.jks.JksSslStoreBundle.loadKeyStore(JksSslStoreBundle.java:140) ~[spring-boot-3.4.0.jar:3.4.0]
[INFO] [stdout] 	at org.springframework.boot.ssl.jks.JksSslStoreBundle.createKeyStore(JksSslStoreBundle.java:107) ~[spring-boot-3.4.0.jar:3.4.0]
[INFO] [stdout] 	... 42 common frames omitted
[INFO] [stdout] Caused by: java.io.FileNotFoundException: Could not open ServletContext resource [/keys/client.p12]
[INFO] [stdout] 	at org.springframework.web.context.support.ServletContextResource.getInputStream(ServletContextResource.java:165) ~[spring-web-6.2.0.jar:6.2.0]
[INFO] [stdout] 	at org.springframework.boot.ssl.jks.JksSslStoreBundle.loadKeyStore(JksSslStoreBundle.java:135) ~[spring-boot-3.4.0.jar:3.4.0]
[INFO] [stdout] 	... 43 common frames omitted
```
With 3.3.6:
```
[INFO] Attaching agents: []
[INFO] [stdout] 
[INFO] [stdout]   .   ____          _            __ _ _
[INFO] [stdout]  /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
[INFO] [stdout] ( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
[INFO] [stdout]  \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
[INFO] [stdout]   '  |____| .__|_| |_|_| |_\__, | / / / /
[INFO] [stdout]  =========|_|==============|___/=/_/_/_/
[INFO] [stdout] 
[INFO] [stdout]  :: Spring Boot ::                (v3.3.6)
[INFO] [stdout] 
[INFO] [stdout] 2024-12-04T14:31:47.064+08:00  INFO 746788 --- [demo-sslbundle] [           main] c.e.d.s.DemoSslbundleApplication         : Starting DemoSslbundleApplication using Java 21.0.4 with PID 746788 (/work/richard/TreeBox/workspaces/spring/demo-sslbundle/target/classes started by richard in /work/richard/TreeBox/workspaces/spring/demo-sslbundle)
[INFO] [stdout] 2024-12-04T14:31:47.065+08:00  INFO 746788 --- [demo-sslbundle] [           main] c.e.d.s.DemoSslbundleApplication         : No active profile set, falling back to 1 default profile: "default"
[INFO] [stdout] 2024-12-04T14:31:47.382+08:00  INFO 746788 --- [demo-sslbundle] [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat initialized with port 8080 (http)
[INFO] [stdout] 2024-12-04T14:31:47.387+08:00  INFO 746788 --- [demo-sslbundle] [           main] o.apache.catalina.core.StandardService   : Starting service [Tomcat]
[INFO] [stdout] 2024-12-04T14:31:47.387+08:00  INFO 746788 --- [demo-sslbundle] [           main] o.apache.catalina.core.StandardEngine    : Starting Servlet engine: [Apache Tomcat/10.1.33]
[INFO] [stdout] 2024-12-04T14:31:47.401+08:00  INFO 746788 --- [demo-sslbundle] [           main] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext
[INFO] [stdout] 2024-12-04T14:31:47.402+08:00  INFO 746788 --- [demo-sslbundle] [           main] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 319 ms
[INFO] [stdout] =======> data = [PropertiesSslBundle@1f67761b key = [SslBundleKey.1@5a034157 alias = [null], password = [null]], options = [SslOptions.1@2f4ba1ae ciphers = [null], enabledProtocols = [null]], protocol = 'TLS', stores = [JksSslStoreBundle@1391af3b keyStore.type = 'PKCS12', keyStorePassword = '******', trustStore.type = 'PKCS12']]
[INFO] [stdout] 2024-12-04T14:31:47.615+08:00  INFO 746788 --- [demo-sslbundle] [           main] o.s.b.a.e.web.EndpointLinksResolver      : Exposing 1 endpoint beneath base path '/actuator'
[INFO] [stdout] 2024-12-04T14:31:47.633+08:00  INFO 746788 --- [demo-sslbundle] [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port 8080 (http) with context path '/'
[INFO] [stdout] 2024-12-04T14:31:47.637+08:00  INFO 746788 --- [demo-sslbundle] [           main] c.e.d.s.DemoSslbundleApplication         : Started DemoSslbundleApplication in 0.703 seconds (process running for 0.796)
```

Reproducer: try with 3.3.6 and 3.4.0
[demo-sslbundle.zip](https://github.com/user-attachments/files/18003534/demo-sslbundle.zip)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

3.4.0 SSLBundle breaks keystores on filesystem location: keys/client.p12 #43373

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

3.4.0 SSLBundle breaks keystores on filesystem location: keys/client.p12 #43373

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions