From 1e3f5c342be3dc813c8b1ff0156ddd2b68df9ede Mon Sep 17 00:00:00 2001
From: Alex Belyaev <alexander.belyaev@apicasystems.com>
Date: Mon, 5 Apr 2021 12:06:35 +0200
Subject: [PATCH] Properly close input streams when loading key stores

See gh-25884
---
 .../autoconfigure/couchbase/CouchbaseAutoConfiguration.java  | 5 ++++-
 .../boot/web/embedded/netty/SslServerCustomizer.java         | 5 ++++-
 .../boot/web/embedded/undertow/SslBuilderCustomizer.java     | 5 ++++-
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/couchbase/CouchbaseAutoConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/couchbase/CouchbaseAutoConfiguration.java
index 52439a9974b..08c7c58eb84 100644
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/couchbase/CouchbaseAutoConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/couchbase/CouchbaseAutoConfiguration.java
@@ -16,6 +16,7 @@
 
 package org.springframework.boot.autoconfigure.couchbase;
 
+import java.io.InputStream;
 import java.net.URL;
 import java.security.KeyStore;
 
@@ -107,7 +108,9 @@ public class CouchbaseAutoConfiguration {
 	private KeyStore loadKeyStore(String resource, String keyStorePassword) throws Exception {
 		KeyStore store = KeyStore.getInstance(KeyStore.getDefaultType());
 		URL url = ResourceUtils.getURL(resource);
-		store.load(url.openStream(), (keyStorePassword != null) ? keyStorePassword.toCharArray() : null);
+		try (InputStream inputStream = url.openStream()) {
+			store.load(inputStream, (keyStorePassword != null) ? keyStorePassword.toCharArray() : null);
+		}
 		return store;
 	}
 
diff --git a/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/netty/SslServerCustomizer.java b/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/netty/SslServerCustomizer.java
index eeab11a5f92..f9123a70ec5 100644
--- a/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/netty/SslServerCustomizer.java
+++ b/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/netty/SslServerCustomizer.java
@@ -16,6 +16,7 @@
 
 package org.springframework.boot.web.embedded.netty;
 
+import java.io.InputStream;
 import java.net.Socket;
 import java.net.URL;
 import java.security.InvalidAlgorithmParameterException;
@@ -170,7 +171,9 @@ public class SslServerCustomizer implements NettyServerCustomizer {
 		KeyStore store = (provider != null) ? KeyStore.getInstance(type, provider) : KeyStore.getInstance(type);
 		try {
 			URL url = ResourceUtils.getURL(resource);
-			store.load(url.openStream(), (password != null) ? password.toCharArray() : null);
+			try (InputStream inputStream = url.openStream()) {
+				store.load(inputStream, (password != null) ? password.toCharArray() : null);
+			}
 			return store;
 		}
 		catch (Exception ex) {
diff --git a/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/undertow/SslBuilderCustomizer.java b/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/undertow/SslBuilderCustomizer.java
index 65c948be88b..434448c6704 100644
--- a/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/undertow/SslBuilderCustomizer.java
+++ b/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/undertow/SslBuilderCustomizer.java
@@ -16,6 +16,7 @@
 
 package org.springframework.boot.web.embedded.undertow;
 
+import java.io.InputStream;
 import java.net.InetAddress;
 import java.net.Socket;
 import java.net.URL;
@@ -181,7 +182,9 @@ class SslBuilderCustomizer implements UndertowBuilderCustomizer {
 		KeyStore store = (provider != null) ? KeyStore.getInstance(type, provider) : KeyStore.getInstance(type);
 		try {
 			URL url = ResourceUtils.getURL(resource);
-			store.load(url.openStream(), (password != null) ? password.toCharArray() : null);
+			try (InputStream inputStream = url.openStream()) {
+				store.load(inputStream, (password != null) ? password.toCharArray() : null);
+			}
 			return store;
 		}
 		catch (Exception ex) {