Support loading of base64 encoded values from the Environment

Author: scottfrederick

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/ssl/BundleContentProperty.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2023 the original author or authors.
+ * Copyright 2012-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,13 +16,12 @@
 
 package org.springframework.boot.autoconfigure.ssl;
 
-import java.io.FileNotFoundException;
-import java.net.URL;
 import java.nio.file.Path;
 
+import org.springframework.boot.io.ApplicationResourceLoader;
 import org.springframework.boot.ssl.pem.PemContent;
+import org.springframework.core.io.Resource;
 import org.springframework.util.Assert;
-import org.springframework.util.ResourceUtils;
 import org.springframework.util.StringUtils;
 
 /**
@@ -57,23 +56,20 @@ Path toWatchPath() {
 
 	private Path toPath() {
 		try {
-			URL url = toUrl();
-			Assert.state(isFileUrl(url), () -> "Value '%s' is not a file URL".formatted(url));
-			return Path.of(url.toURI()).toAbsolutePath();
+			Resource resource = getResource();
+			Assert.state(resource.isFile(), () -> "Value '%s' is not a file resource".formatted(this.value));
+			return Path.of(resource.getFile().getAbsolutePath());
 		}
 		catch (Exception ex) {
 			throw new IllegalStateException("Unable to convert value of property '%s' to a path".formatted(this.name),
 					ex);
 		}
 	}
 
-	private URL toUrl() throws FileNotFoundException {
+	private Resource getResource() {
 		Assert.state(!isPemContent(), "Value contains PEM content");
-		return ResourceUtils.getURL(this.value);
-	}
-
-	private boolean isFileUrl(URL url) {
-		return "file".equalsIgnoreCase(url.getProtocol());
+		ApplicationResourceLoader resourceLoader = new ApplicationResourceLoader();
+		return resourceLoader.getResource(this.value);
 	}
 
 }

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/ssl/JksSslBundleProperties.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2023 the original author or authors.
+ * Copyright 2012-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -62,7 +62,7 @@ public static class Store {
 		private String provider;
 
 		/**
-		 * Location of the resource containing the store content.
+		 * Resource containing the store content.
 		 */
 		private String location;
 

spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/ssl/BundleContentPropertyTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2023 the original author or authors.
+ * Copyright 2012-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,10 +16,11 @@
 
 package org.springframework.boot.autoconfigure.ssl;
 
+import java.net.URISyntaxException;
+import java.net.URL;
 import java.nio.file.Path;
 
 import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.io.TempDir;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
@@ -37,9 +38,6 @@ class BundleContentPropertyTests {
 			-----END CERTIFICATE-----
 			""";
 
-	@TempDir
-	Path temp;
-
 	@Test
 	void isPemContentWhenValueIsPemTextReturnsTrue() {
 		BundleContentProperty property = new BundleContentProperty("name", PEM_TEXT);
@@ -78,8 +76,9 @@ void toWatchPathWhenNotPathThrowsException() {
 	}
 
 	@Test
-	void toWatchPathWhenPathReturnsPath() {
-		Path file = this.temp.toAbsolutePath().resolve("file.txt");
+	void toWatchPathWhenPathReturnsPath() throws URISyntaxException {
+		URL resource = getClass().getResource("keystore.jks");
+		Path file = Path.of(resource.toURI()).toAbsolutePath();
 		BundleContentProperty property = new BundleContentProperty("name", file.toString());
 		assertThat(property.toWatchPath()).isEqualTo(file);
 	}

spring-boot-project/spring-boot/src/main/java/org/springframework/boot/io/ApplicationResourceLoader.java

@@ -0,0 +1,75 @@
+/*
+ * Copyright 2012-2024 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.boot.io;
+
+import org.springframework.core.io.ContextResource;
+import org.springframework.core.io.DefaultResourceLoader;
+import org.springframework.core.io.FileSystemResource;
+import org.springframework.core.io.ProtocolResolver;
+import org.springframework.core.io.Resource;
+import org.springframework.util.ResourceUtils;
+
+/**
+ * A {@link DefaultResourceLoader} with any {@link ProtocolResolver}s registered in a
+ * {@code spring.factories} file applied to it. Plain paths without a qualifier will
+ * resolve to file system resources. This matches the behavior of
+ * {@link ResourceUtils#getURL(String)} but is different from
+ * {@code DefaultResourceLoader}, which resolves unqualified paths to classpath resources.
+ *
+ * @author Scott Frederick
+ * @since 3.3.0
+ */
+public class ApplicationResourceLoader extends DefaultResourceLoader {
+
+	/**
+	 * Create a new {@code ApplicationResourceLoader}.
+	 */
+	public ApplicationResourceLoader() {
+		super();
+		ProtocolResolvers.applyTo(this);
+	}
+
+	/**
+	 * Create a new {@code ApplicationResourceLoader}.
+	 * @param classLoader the {@link ClassLoader} to load class path resources with, or
+	 * {@code null} for using the thread context class loader at the time of actual
+	 * resource access
+	 */
+	public ApplicationResourceLoader(ClassLoader classLoader) {
+		super(classLoader);
+		ProtocolResolvers.applyTo(this);
+	}
+
+	@Override
+	protected Resource getResourceByPath(String path) {
+		return new FileSystemContextResource(path);
+	}
+
+	private static class FileSystemContextResource extends FileSystemResource implements ContextResource {
+
+		FileSystemContextResource(String path) {
+			super(path);
+		}
+
+		@Override
+		public String getPathWithinContext() {
+			return getPath();
+		}
+
+	}
+
+}

spring-boot-project/spring-boot/src/main/java/org/springframework/boot/io/Base64ProtocolResolver.java

@@ -0,0 +1,51 @@
+/*
+ * Copyright 2012-2024 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.boot.io;
+
+import java.util.Base64;
+
+import org.springframework.core.io.ByteArrayResource;
+import org.springframework.core.io.ProtocolResolver;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.ResourceLoader;
+
+/**
+ * {@link ProtocolResolver} for resources containing base 64 encoded text.
+ *
+ * @author Scott Frederick
+ */
+class Base64ProtocolResolver implements ProtocolResolver {
+
+	private static final String BASE64_PREFIX = "base64:";
+
+	@Override
+	public Resource resolve(String location, ResourceLoader resourceLoader) {
+		if (location.startsWith(BASE64_PREFIX)) {
+			return new Base64ByteArrayResource(location.substring(BASE64_PREFIX.length()));
+		}
+		return null;
+	}
+
+	static class Base64ByteArrayResource extends ByteArrayResource {
+
+		Base64ByteArrayResource(String location) {
+			super(Base64.getDecoder().decode(location.getBytes()));
+		}
+
+	}
+
+}

spring-boot-project/spring-boot/src/main/java/org/springframework/boot/io/ProtocolResolvers.java

@@ -0,0 +1,83 @@
+/*
+ * Copyright 2012-2024 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.boot.io;
+
+import java.util.List;
+
+import org.springframework.beans.factory.BeanFactory;
+import org.springframework.boot.context.event.ApplicationPreparedEvent;
+import org.springframework.context.ApplicationListener;
+import org.springframework.context.ConfigurableApplicationContext;
+import org.springframework.core.env.Environment;
+import org.springframework.core.io.DefaultResourceLoader;
+import org.springframework.core.io.ProtocolResolver;
+import org.springframework.core.io.support.SpringFactoriesLoader;
+import org.springframework.core.io.support.SpringFactoriesLoader.ArgumentResolver;
+import org.springframework.util.Assert;
+
+/**
+ * {@link ProtocolResolver} implementations that are loaded from a
+ * {@code spring.factories} file.
+ *
+ * @author Scott Frederick
+ */
+final class ProtocolResolvers {
+
+	private static List<ProtocolResolver> protocolResolvers;
+
+	private ProtocolResolvers() {
+	}
+
+	/**
+	 * Apply all discovered {@link ProtocolResolver}s to the provided
+	 * {@link DefaultResourceLoader}.
+	 * @param resourceLoader the resource loader to apply protocol resolvers to
+	 * @param <T> a resource loader
+	 */
+	static <T extends DefaultResourceLoader> void applyTo(T resourceLoader) {
+		Assert.notNull(resourceLoader, "ResourceLoader must not be null");
+		if (protocolResolvers != null) {
+			resourceLoader.getProtocolResolvers().addAll(protocolResolvers);
+		}
+	}
+
+	private static void initialize(ConfigurableApplicationContext context) {
+		ArgumentResolver argumentResolver = getArgumentResolver(context);
+		SpringFactoriesLoader loader = SpringFactoriesLoader
+			.forDefaultResourceLocation((context != null) ? context.getClassLoader() : null);
+		protocolResolvers = loader.load(ProtocolResolver.class, argumentResolver);
+	}
+
+	private static ArgumentResolver getArgumentResolver(ConfigurableApplicationContext context) {
+		if (context == null) {
+			return null;
+		}
+		return ArgumentResolver.of(BeanFactory.class, context.getBeanFactory())
+			.and(Environment.class, context.getEnvironment());
+	}
+
+	static class ProtocolResolversInitializer implements ApplicationListener<ApplicationPreparedEvent> {
+
+		@Override
+		public void onApplicationEvent(ApplicationPreparedEvent event) {
+			ConfigurableApplicationContext context = event.getApplicationContext();
+			ProtocolResolvers.initialize(context);
+		}
+
+	}
+
+}

spring-boot-project/spring-boot/src/main/java/org/springframework/boot/io/package-info.java

@@ -0,0 +1,20 @@
+/*
+ * Copyright 2012-2024 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * Support for loading resources.
+ */
+package org.springframework.boot.io;

spring-boot-project/spring-boot/src/main/java/org/springframework/boot/ssl/jks/JksSslStoreBundle.java

@@ -18,17 +18,18 @@
 
 import java.io.IOException;
 import java.io.InputStream;
-import java.net.URL;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
 import java.security.cert.CertificateException;
 
+import org.springframework.boot.io.ApplicationResourceLoader;
 import org.springframework.boot.ssl.SslStoreBundle;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.ResourceLoader;
 import org.springframework.core.style.ToStringCreator;
 import org.springframework.util.Assert;
-import org.springframework.util.ResourceUtils;
 import org.springframework.util.StringUtils;
 
 /**
@@ -114,8 +115,9 @@ private void loadHardwareKeyStore(KeyStore store, String location, char[] passwo
 	private void loadKeyStore(KeyStore store, String location, char[] password) {
 		Assert.state(StringUtils.hasText(location), () -> "Location must not be empty or null");
 		try {
-			URL url = ResourceUtils.getURL(location);
-			try (InputStream stream = url.openStream()) {
+			ResourceLoader resourceLoader = new ApplicationResourceLoader();
+			Resource resource = resourceLoader.getResource(location);
+			try (InputStream stream = resource.getInputStream()) {
 				store.load(stream, password);
 			}
 		}