Support for Base64 encoded p12 keystore using the ssl bundle configuration

spring-boot-project/spring-boot/src/main/java/org/springframework/boot/ssl/jks/JksSslStoreBundle.java

@@ -16,6 +16,7 @@
 
 package org.springframework.boot.ssl.jks;
 
+import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.URL;
@@ -24,6 +25,7 @@
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
 import java.security.cert.CertificateException;
+import java.util.Base64;
 
 import org.springframework.boot.ssl.SslStoreBundle;
 import org.springframework.util.Assert;
@@ -109,14 +111,29 @@ private void loadHardwareKeyStore(KeyStore store, String location, char[] passwo
 	private void loadKeyStore(KeyStore store, String location, char[] password) {
 		Assert.state(StringUtils.hasText(location), () -> "Location must not be empty or null");
 		try {
-			URL url = ResourceUtils.getURL(location);
-			try (InputStream stream = url.openStream()) {
-				store.load(stream, password);
+			if (isBase64(location.getBytes())) {
+				store.load(new ByteArrayInputStream(Base64.getDecoder().decode(location)), password);
+			}
+			else {
+				URL url = ResourceUtils.getURL(location);
+				try (InputStream stream = url.openStream()) {
+					store.load(stream, password);
+				}
 			}
 		}
 		catch (Exception ex) {
 			throw new IllegalStateException("Could not load store from '" + location + "'", ex);
 		}
 	}
 
+	private boolean isBase64(byte[] bytes) {
+		try {
+			Base64.getDecoder().decode(bytes);
+		}
+		catch (final IllegalArgumentException ex) {
+			return false;
+		}
+		return true;
+	}
+
 }

spring-boot-project/spring-boot/src/test/java/org/springframework/boot/ssl/jks/JksSslStoreBundleTests.java

@@ -16,12 +16,16 @@
 
 package org.springframework.boot.ssl.jks;
 
+import java.io.IOException;
+import java.nio.file.Files;
 import java.security.KeyStore;
 import java.util.function.Consumer;
 
+import org.apache.hc.client5.http.utils.Base64;
 import org.junit.jupiter.api.Test;
 
 import org.springframework.boot.web.embedded.test.MockPkcs11Security;
+import org.springframework.util.ResourceUtils;
 import org.springframework.util.function.ThrowingConsumer;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -120,6 +124,15 @@ void whenHasTrustStoreProvider() {
 			.withMessageContaining("com.example.KeyStoreProvider");
 	}
 
+	@Test
+	void whenLocationIsBase64EncodedP12() throws IOException {
+		byte[] locationBytes = Files.readAllBytes(ResourceUtils.getFile("classpath:test.p12").toPath());
+		JksSslStoreDetails keyStoreDetails = JksSslStoreDetails.forLocation(Base64.encodeBase64String(locationBytes))
+			.withPassword("secret");
+		JksSslStoreBundle bundle = new JksSslStoreBundle(keyStoreDetails, null);
+		assertThat(bundle.getKeyStore()).satisfies(storeContainingCertAndKey("test-alias", "secret"));
+	}
+
 	private Consumer<KeyStore> storeContainingCertAndKey(String keyAlias, String keyPassword) {
 		return storeContainingCertAndKey(KeyStore.getDefaultType(), keyAlias, keyPassword);
 	}