This is another issue related to https://github.com/spring-projects/spring-boot/issues/43274.
I am getting an exception with the SslBundles not being able to load the keystore using the reactive stack. This error occurs in SB 3.4.0, SB 3.4.1 and SB 3.4.2.
The configuration looks like this:
spring.ssl.bundle.jks.asa-server-ssl.key.alias=asa-server-ssl
spring.ssl.bundle.jks.asa-server-ssl.key.password=
spring.ssl.bundle.jks.asa-server-ssl.keystore.location=/jks/keystore.jks
spring.ssl.bundle.jks.asa-server-ssl.keystore.password=
spring.ssl.bundle.jks.asa-server-ssl.keystore.type=JKS
This is the exception I got:
java.io.FileNotFoundException: ReactiveWebContext resource [/jks/keystore.jks] cannot be opened because it does not exist
at org.springframework.boot.web.reactive.context.FilteredReactiveWebContextResource.getInputStream(FilteredReactiveWebContextResource.java:63)
at org.springframework.boot.ssl.jks.JksSslStoreBundle.loadKeyStore(JksSslStoreBundle.java:135) ... 27
common frames omitted Wrapped by: java.lang.IllegalStateException: Could not load store from '/jks/keystore.jks'
at org.springframework.boot.ssl.jks.JksSslStoreBundle.loadKeyStore(JksSslStoreBundle.java:140)
at org.springframework.boot.ssl.jks.JksSslStoreBundle.createKeyStore(JksSslStoreBundle.java:107) ... 26 common frames omitted
Wrapped by: java.lang.IllegalStateException: Unable to create key store: Could not load store from '/jks/keystore.jks'
at org.springframework.boot.ssl.jks.JksSslStoreBundle.createKeyStore(JksSslStoreBundle.java:112) at org.springframework.boot.ssl.jks.JksSslStoreBundle.lambda$new$0(JksSslStoreBundle.java:75)
at org.springframework.util.function.SingletonSupplier.get(SingletonSupplier.java:106) at org.springframework.boot.ssl.jks.JksSslStoreBundle.getKeyStore(JksSslStoreBundle.java:81)
at org.springframework.boot.ssl.DefaultSslManagerBundle.getKeyManagerFactory(DefaultSslManagerBundle.java:45)
at org.springframework.boot.web.embedded.netty.SslServerCustomizer.createSslContextSpec(SslServerCustomizer.java:115)
at org.springframework.boot.web.embedded.netty.SslServerCustomizer.createSslProvider(SslServerCustomizer.java:103)
at org.springframework.boot.web.embedded.netty.SslServerCustomizer.<init>(SslServerCustomizer.java:67)
at org.springframework.boot.web.embedded.netty.NettyReactiveWebServerFactory.customizeSslConfiguration(NettyReactiveWebServerFactory.java:177)
at org.springframework.boot.web.embedded.netty.NettyReactiveWebServerFactory.createHttpServer(NettyReactiveWebServerFactory.java:165)
at org.springframework.boot.web.embedded.netty.NettyReactiveWebServerFactory.getWebServer(NettyReactiveWebServerFactory.java:73)
at org.springframework.boot.web.reactive.context.WebServerManager.<init>(WebServerManager.java:50)
at org.springframework.boot.web.reactive.context.ReactiveWebServerApplicationContext.createWebServer(ReactiveWebServerApplicationContext.java:96)
at org.springframework.boot.web.reactive.context.ReactiveWebServerApplicationContext.onRefresh(ReactiveWebServerApplicationContext.java:81) ... 13 common frames omitted
Wrapped by: org.springframework.context.ApplicationContextException:
Unable to start reactive web server at org.springframework.boot.web.reactive.context.ReactiveWebServerApplicationContext.onRefresh(ReactiveWebServerApplicationContext.java:84)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:621)
at org.springframework.boot.web.reactive.context.ReactiveWebServerApplicationContext.refresh(ReactiveWebServerApplicationContext.java:66)
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:752) at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:439)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:318) at org.springframework.boot.SpringApplication.run(SpringApplication.java:1361)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1350) at be.liantis.zo.invoiceservice.InvoiceServiceApplicationKt.main(InvoiceServiceApplication.kt:21)
at jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) at java.lang.reflect.Method.invoke(Method.java:580)
at org.springframework.boot.loader.launch.Launcher.launch(Launcher.java:102) at org.springframework.boot.loader.launch.Launcher.launch(Launcher.java:64)
at org.springframework.boot.loader.launch.JarLauncher.main(JarLauncher.java:40)
When changing the property to spring.ssl.bundle.jks.asa-server-ssl.keystore.location=file:/jks/keystore.jks, the service starts up again.
BUT... In spring boot admin, the service is still marked as DOWN because the same error is thrown (as warning) by the new SslHealthIndicator (https://docs.spring.io/spring-boot/api/java/org/springframework/boot/actuate/ssl/SslHealthIndicator.html):
It throws the same exception as above...
Disabling the SSL health indicator with management.health.ssl.enabled=false marks the service green again in spring boot admin. But I think that is not a proper option.
Comment From: q-thomaseastgate
Just checked and can confirm this is still happening on SB 3.4.3 as well.
Comment From: nosan
@snicoll I'm not sure if you've already started working on this issue. I had a look at it today and might have found a potential fix. However, I'm not entirely confident that it's 100% correct — you might already have something similar or even better.
I've created a branch here: https://github.com/spring-projects/spring-boot/compare/3.4.x...nosan:spring-boot:43953, which contains the suggested fix. I hope it will be helpful! 🙂
Comment From: snicoll
Thanks for the ping @nosan. I did start working on it but had trouble in reproducing the problem in a unit test. I need to check what I did back then. I'll review your proposal and follow-up accordingly.