In a reactive web app, SslBundle can no longer open store file locations without using a 'file:' prefix

[lauhin]

This is another issue related to #43274.

I am getting an exception with the SslBundles not being able to load the keystore using the reactive stack. This error occurs in SB 3.4.0, SB 3.4.1 and SB 3.4.2.

The configuration looks like this:

spring.ssl.bundle.jks.asa-server-ssl.key.alias=asa-server-ssl
spring.ssl.bundle.jks.asa-server-ssl.key.password=
spring.ssl.bundle.jks.asa-server-ssl.keystore.location=/jks/keystore.jks
spring.ssl.bundle.jks.asa-server-ssl.keystore.password=
spring.ssl.bundle.jks.asa-server-ssl.keystore.type=JKS

This is the exception I got:

java.io.FileNotFoundException: ReactiveWebContext resource [/jks/keystore.jks] cannot be opened because it does not exist
at org.springframework.boot.web.reactive.context.FilteredReactiveWebContextResource.getInputStream(FilteredReactiveWebContextResource.java:63)
at org.springframework.boot.ssl.jks.JksSslStoreBundle.loadKeyStore(JksSslStoreBundle.java:135) ... 27
common frames omitted Wrapped by: java.lang.IllegalStateException: Could not load store from '/jks/keystore.jks'
at org.springframework.boot.ssl.jks.JksSslStoreBundle.loadKeyStore(JksSslStoreBundle.java:140)
at org.springframework.boot.ssl.jks.JksSslStoreBundle.createKeyStore(JksSslStoreBundle.java:107) ... 26 common frames omitted
Wrapped by: java.lang.IllegalStateException: Unable to create key store: Could not load store from '/jks/keystore.jks'
at org.springframework.boot.ssl.jks.JksSslStoreBundle.createKeyStore(JksSslStoreBundle.java:112) at org.springframework.boot.ssl.jks.JksSslStoreBundle.lambda$new$0(JksSslStoreBundle.java:75)
at org.springframework.util.function.SingletonSupplier.get(SingletonSupplier.java:106) at org.springframework.boot.ssl.jks.JksSslStoreBundle.getKeyStore(JksSslStoreBundle.java:81)
at org.springframework.boot.ssl.DefaultSslManagerBundle.getKeyManagerFactory(DefaultSslManagerBundle.java:45)
at org.springframework.boot.web.embedded.netty.SslServerCustomizer.createSslContextSpec(SslServerCustomizer.java:115)
at org.springframework.boot.web.embedded.netty.SslServerCustomizer.createSslProvider(SslServerCustomizer.java:103)
at org.springframework.boot.web.embedded.netty.SslServerCustomizer.<init>(SslServerCustomizer.java:67)
at org.springframework.boot.web.embedded.netty.NettyReactiveWebServerFactory.customizeSslConfiguration(NettyReactiveWebServerFactory.java:177)
at org.springframework.boot.web.embedded.netty.NettyReactiveWebServerFactory.createHttpServer(NettyReactiveWebServerFactory.java:165)
at org.springframework.boot.web.embedded.netty.NettyReactiveWebServerFactory.getWebServer(NettyReactiveWebServerFactory.java:73)
at org.springframework.boot.web.reactive.context.WebServerManager.<init>(WebServerManager.java:50)
at org.springframework.boot.web.reactive.context.ReactiveWebServerApplicationContext.createWebServer(ReactiveWebServerApplicationContext.java:96)
at org.springframework.boot.web.reactive.context.ReactiveWebServerApplicationContext.onRefresh(ReactiveWebServerApplicationContext.java:81) ... 13 common frames omitted
Wrapped by: org.springframework.context.ApplicationContextException:
Unable to start reactive web server at org.springframework.boot.web.reactive.context.ReactiveWebServerApplicationContext.onRefresh(ReactiveWebServerApplicationContext.java:84)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:621)
at org.springframework.boot.web.reactive.context.ReactiveWebServerApplicationContext.refresh(ReactiveWebServerApplicationContext.java:66)
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:752) at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:439)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:318) at org.springframework.boot.SpringApplication.run(SpringApplication.java:1361)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1350) at be.liantis.zo.invoiceservice.InvoiceServiceApplicationKt.main(InvoiceServiceApplication.kt:21)
at jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke(Method.java:580)
at org.springframework.boot.loader.launch.Launcher.launch(Launcher.java:102) at org.springframework.boot.loader.launch.Launcher.launch(Launcher.java:64)
at org.springframework.boot.loader.launch.JarLauncher.main(JarLauncher.java:40)

When changing the property to spring.ssl.bundle.jks.asa-server-ssl.keystore.location=file:/jks/keystore.jks, the service starts up again.

BUT...
In spring boot admin, the service is still marked as DOWN because the same error is thrown (as warning) by the new SslHealthIndicator (https://docs.spring.io/spring-boot/api/java/org/springframework/boot/actuate/ssl/SslHealthIndicator.html):

It throws the same exception as above...

Disabling the SSL health indicator with management.health.ssl.enabled=false marks the service green again in spring boot admin. But I think that is not a proper option.