java source code of EnvironmentDecryptApplicationInitializer

spring-cloud-commons-master
- spring-cloud-context-webflux-integration-tests
  - src
    - test
      - resources
        bootstrap.properties
        application.properties
      - java
        org
        springframework
        cloud
        context
        integration
        webflux
        RefreshEndpointIntegrationTests.java
  - pom.xml
- .github
  - ISSUE_TEMPLATE
    - feature_request.md
    - bug_report.md
  - CONTRIBUTING.md
  - ISSUE_TEMPLATE.md
- spring-cloud-context-integration-tests
  - src
    - test
      - resources
        bootstrap.properties
        data.sql
        schema.sql
        application.properties
      - java
        org
        springframework
        cloud
        context
        integration
        JdbcConfigurationTests.java
        RefreshScopeIntegrationTests.java
  - pom.xml
- src
  - checkstyle
    - checkstyle-suppressions.xml
- .circleci
  - config.yml
- spring-cloud-context
  - src
    - main
      - resources
        META-INF
        spring.factories
        additional-spring-configuration-metadata.json
      - java
        org
        springframework
        cloud
        bootstrap
        BootstrapImportSelector.java
        BootstrapConfiguration.java
        support
        OriginTrackedCompositePropertySource.java
        config
        SimpleBootstrapPropertySource.java
        PropertySourceBootstrapProperties.java
        PropertySourceLocator.java
        BootstrapPropertySource.java
        PropertySourceBootstrapConfiguration.java
        LoggingSystemShutdownListener.java
        encrypt
        RsaProperties.java
        EncryptionBootstrapConfiguration.java
        KeyProperties.java
        EnvironmentDecryptApplicationInitializer.java
        BootstrapImportSelectorConfiguration.java
        BootstrapApplicationListener.java
        endpoint
        RefreshEndpoint.java
        event
        RefreshEventListener.java
        RefreshEvent.java
        health
        RefreshScopeHealthIndicator.java
        context
        properties
        ConfigurationPropertiesBeans.java
        ConfigurationPropertiesRebinder.java
        environment
        WritableEnvironmentEndpointWebExtension.java
        EnvironmentManager.java
        EnvironmentChangeEvent.java
        WritableEnvironmentEndpoint.java
        named
        ClientFactoryObjectProvider.java
        NamedContextFactory.java
        config
        annotation
        RefreshScope.java
        encrypt
        EncryptorFactory.java
        KeyFormatException.java
        refresh
        ContextRefresher.java
        scope
        thread
        ThreadScope.java
        ThreadLocalScopeCache.java
        refresh
        RefreshScopeRefreshedEvent.java
        RefreshScope.java
        StandardScopeCache.java
        ScopeCache.java
        GenericScope.java
        restart
        RestartEndpoint.java
        RestartListener.java
        util
        ProxyUtils.java
        random
        CachedRandomPropertySourceAutoConfiguration.java
        CachedRandomPropertySource.java
        autoconfigure
        RefreshEndpointAutoConfiguration.java
        ConfigurationPropertiesRebinderAutoConfiguration.java
        WritableEnvironmentEndpointAutoConfiguration.java
        RefreshAutoConfiguration.java
        LifecycleMvcEndpointAutoConfiguration.java
        logging
        LoggingRebinder.java
        env
        EnvironmentUtils.java
    - test
      - resources
        external-properties
        bootstrap.properties
        application-override.properties
        bootstrap.properties
        bootstrap-parent.properties
        bootstrap-encrypt.properties
        bootstrap-config.properties
        application-local.properties
        application-config.properties
        example-test-rsa-private-key
        bootstrap-refresh.properties
        server.jks
        application-encrypt.properties
        ordering.properties
        other.properties
        nonenumerable.properties
        messages.properties
        local.properties
        META-INF
        spring.factories
        plain.properties
        custom.properties
        application.properties
      - java
        org
        springframework
        cloud
        bootstrap
        TestHigherPriorityBootstrapConfiguration.java
        MessageSourceConfigurationTests.java
        BootstrapOrderingCustomPropertySourceIntegrationTests.java
        BootstrapDisabledAutoConfigurationIntegrationTests.java
        config
        BootstrapConfigurationTests.java
        BootstrapListenerHierarchyIntegrationTests.java
        TestBootstrapConfiguration.java
        encrypt
        EncryptorFactoryTests.java
        EncryptionIntegrationTests.java
        EnvironmentDecryptApplicationInitializerTests.java
        EncryptionBootstrapConfigurationTests.java
        RsaDisabledTests.java
        BootstrapOrderingSpringApplicationJsonIntegrationTests.java
        BootstrapOrderingCustomOverrideSystemPropertiesIntegrationTests.java
        BootstrapOrderingAutoConfigurationIntegrationTests.java
        BootstrapSourcesOrderingTests.java
        BootstrapEnvironmentPostProcessorIntegrationTests.java
        endpoint
        RefreshEndpointTests.java
        health
        RefreshScopeHealthIndicatorTests.java
        context
        properties
        ConfigurationPropertiesRebinderProxyIntegrationTests.java
        ConfigurationPropertiesRebinderRefreshScopeIntegrationTests.java
        ConfigurationPropertiesRebinderLifecycleIntegrationTests.java
        ConfigurationPropertiesRebinderIntegrationTests.java
        ConfigurationPropertiesRebinderListIntegrationTests.java
        environment
        EnvironmentManagerIntegrationTests.java
        EnvironmentManagerTest.java
        named
        NamedContextFactoryTests.java
        refresh
        ContextRefresherOrderingIntegrationTests.java
        ContextRefresherIntegrationTests.java
        ContextRefresherTests.java
        scope
        refresh
        MoreRefreshScopeIntegrationTests.java
        RefreshScopeLazyIntegrationTests.java
        RefreshEndpointIntegrationTests.java
        RefreshScopeIntegrationTests.java
        RefreshScopeScaleTests.java
        RefreshScopeListBindingIntegrationTests.java
        RefreshScopeConcurrencyTests.java
        RefreshScopeNullBeanIntegrationTests.java
        RefreshScopeConfigurationTests.java
        RefreshScopeConfigurationScaleTests.java
        RefreshScopeSerializationTests.java
        ImportRefreshScopeIntegrationTests.java
        RefreshScopePureScaleTests.java
        RefreshScopeWebIntegrationTests.java
        restart
        RestartIntegrationTests.java
        util
        random
        CachedRandomPropertySourceTests.java
        AdhocTestSuite.java
        autoconfigure
        LifecycleMvcAutoConfigurationTests.java
        RefreshAutoConfigurationTests.java
        RefreshAutoConfigurationClassPathTests.java
        RefreshAutoConfigurationMoreClassPathTests.java
        logging
        LoggingRebinderTests.java
  - pom.xml
  - README.md
  - eclipse
    - eclipse-code-formatter.xml
    - org.eclipse.jdt.ui.prefs
    - org.eclipse.jdt.core.prefs
- .springformat
- pom.xml
- mvnw
- .editorconfig
- SECURITY.md
- spring-cloud-commons
  - src
    - main
      - resources
        META-INF
        spring.factories
        additional-spring-configuration-metadata.json
      - java
        org
        springframework
        cloud
        configuration
        VerificationResult.java
        SpringBootVersionVerifier.java
        CompatibilityNotMetException.java
        CompatibilityVerifier.java
        CompatibilityVerifierAutoConfiguration.java
        CompatibilityVerifierProperties.java
        CompatibilityPredicate.java
        CompatibilityNotMetFailureAnalyzer.java
        CompositeCompatibilityVerifier.java
        client
        ConditionalOnReactiveDiscoveryEnabled.java
        loadbalancer
        AsyncRestTemplateCustomizer.java
        ServiceInstanceChooser.java
        LoadBalancedRecoveryCallback.java
        reactive
        ReactorLoadBalancerExchangeFilterFunction.java
        DefaultRequest.java
        DefaultResponse.java
        EmptyResponse.java
        DeferringLoadBalancerExchangeFilterFunction.java
        Response.java
        LoadBalancerBeanPostProcessorAutoConfiguration.java
        Request.java
        LoadBalancerWebClientBuilderBeanPostProcessor.java
        WebClientCustomizer.java
        ReactorLoadBalancerClientAutoConfiguration.java
        ReactiveLoadBalancer.java
        CompletionContext.java
        LoadBalancerProperties.java
        DefaultRequestContext.java
        ClientHttpResponseStatusCodeException.java
        LoadBalancedRetryPolicy.java
        LoadBalancerRequestTransformer.java
        RetryLoadBalancerInterceptor.java
        LoadBalancerClient.java
        ServiceRequestWrapper.java
        RetryableStatusCodeException.java
        AsyncLoadBalancerAutoConfiguration.java
        RestTemplateCustomizer.java
        LoadBalancerAutoConfiguration.java
        LoadBalancerInterceptor.java
        LoadBalancedRetryContext.java
        LoadBalanced.java
        LoadBalancedRetryFactory.java
        AsyncLoadBalancerInterceptor.java
        LoadBalancerRetryProperties.java
        LoadBalancerRequestFactory.java
        LoadBalancerUriTools.java
        LoadBalancerRequest.java
        InterceptorRetryPolicy.java
        ConditionalOnDiscoveryHealthIndicatorEnabled.java
        SpringCloudApplication.java
        ConditionalOnDiscoveryEnabled.java
        ReactiveCommonsClientAutoConfiguration.java
        discovery
        ManagementServerPortUtils.java
        simple
        reactive
        SimpleReactiveDiscoveryProperties.java
        SimpleReactiveDiscoveryClientAutoConfiguration.java
        SimpleReactiveDiscoveryClient.java
        SimpleDiscoveryProperties.java
        SimpleDiscoveryClient.java
        SimpleDiscoveryClientAutoConfiguration.java
        health
        reactive
        ReactiveDiscoveryCompositeHealthContributor.java
        ReactiveDiscoveryHealthIndicator.java
        ReactiveDiscoveryClientHealthIndicator.java
        DiscoveryHealthIndicator.java
        DiscoveryClientHealthIndicatorProperties.java
        DiscoveryCompositeHealthContributor.java
        DiscoveryClientHealthIndicator.java
        EnableDiscoveryClientImportSelector.java
        noop
        NoopDiscoveryClientAutoConfiguration.java
        NoopDiscoveryClient.java
        EnableDiscoveryClient.java
        event
        HeartbeatMonitor.java
        InstancePreRegisteredEvent.java
        ParentHeartbeatEvent.java
        HeartbeatEvent.java
        InstanceRegisteredEvent.java
        ReactiveDiscoveryClient.java
        composite
        reactive
        ReactiveCompositeDiscoveryClient.java
        ReactiveCompositeDiscoveryClientAutoConfiguration.java
        CompositeDiscoveryClient.java
        CompositeDiscoveryClientAutoConfiguration.java
        DiscoveryClient.java
        HostInfoEnvironmentPostProcessor.java
        hypermedia
        StaticServiceInstanceProvider.java
        DiscoveredResource.java
        RemoteResourceRefresher.java
        CloudHypermediaAutoConfiguration.java
        TraversalDefinition.java
        RemoteResource.java
        ServiceInstanceProvider.java
        DynamicServiceInstanceProvider.java
        DefaultServiceInstance.java
        ServiceInstance.java
        actuator
        HasFeatures.java
        NamedFeature.java
        FeaturesEndpoint.java
        circuitbreaker
        AbstractCircuitBreakerFactory.java
        ReactiveCircuitBreakerFactory.java
        NoFallbackAvailableException.java
        ReactiveCircuitBreaker.java
        Customizer.java
        CircuitBreakerFactory.java
        EnableCircuitBreaker.java
        EnableCircuitBreakerImportSelector.java
        ConfigBuilder.java
        CircuitBreaker.java
        ConditionalOnBlockingDiscoveryEnabled.java
        serviceregistry
        endpoint
        ServiceRegistryEndpoint.java
        AutoServiceRegistrationConfiguration.java
        AutoServiceRegistrationProperties.java
        AutoServiceRegistration.java
        AutoServiceRegistrationAutoConfiguration.java
        ServiceRegistryAutoConfiguration.java
        AbstractAutoServiceRegistration.java
        Registration.java
        ServiceRegistry.java
        CommonsClientAutoConfiguration.java
        commons
        util
        IdUtils.java
        InetUtilsProperties.java
        InetUtils.java
        UtilAutoConfiguration.java
        SpringFactoryImportSelector.java
        httpclient
        DefaultApacheHttpClientFactory.java
        DefaultOkHttpClientConnectionPoolFactory.java
        OkHttpClientFactory.java
        DefaultOkHttpClientFactory.java
        HttpClientConfiguration.java
        ApacheHttpClientFactory.java
        ApacheHttpClientConnectionManagerFactory.java
        OkHttpClientConnectionPoolFactory.java
        DefaultApacheHttpClientConnectionManagerFactory.java
        reactor
        core
        publisher
        FluxFirstNonEmptyEmitting.java
        CloudFlux.java
    - test
      - resources
        external-properties
        bootstrap.properties
        bootstrap.properties
        bootstrap-parent.properties
        bootstrap-encrypt.properties
        server.jks
        application-encrypt.properties
        other.properties
        plain.properties
        application.properties
      - java
        org
        springframework
        cloud
        configuration
        CompatibilityVerifierDisabledAutoConfigurationTests.java
        CompatibilityVerifierFailureAutoConfigurationTests.java
        SpringBootDependencyTests.java
        CompatibilityVerifierAutoConfigurationTests.java
        CompatibilityVerifierTests.java
        client
        loadbalancer
        reactive
        TestReactiveLoadBalancer.java
        ReactorLoadBalancerExchangeFilterFunctionTests.java
        LoadBalancerTestUtils.java
        ReactorLoadBalancerClientAutoConfigurationTests.java
        RetryLoadBalancerAutoConfigurationTests.java
        LoadBalancerRequestFactoryTests.java
        ClientHttpResponseStatusCodeExceptionTest.java
        LoadBalancerRequestFactoryConfigurationTests.java
        AbstractLoadBalancerAutoConfigurationTests.java
        LoadBalancerUriToolsTests.java
        RetryLoadBalancerInterceptorTest.java
        AsyncLoadBalancerAutoConfigurationTests.java
        LoadBalancerAutoConfigurationTests.java
        LoadBalancedRetryContextTest.java
        InterceptorRetryPolicyTest.java
        discovery
        simple
        reactive
        SimpleReactiveDiscoveryClientTests.java
        SimpleReactiveDiscoveryClientAutoConfigurationTests.java
        SimpleDiscoveryClientTests.java
        ServletSimpleDiscoveryPropertiesAutoConfigurationTests.java
        SimpleDiscoveryClientPropertiesMappingTests.java
        ReactiveSimpleDiscoveryPropertiesAutoConfigurationTests.java
        DiscoveryClientAutoConfigurationDefaultTests.java
        AutoRegisterPropertyFalseTests.java
        health
        reactive
        ReactiveDiscoveryClientHealthIndicatorTests.java
        ReactiveDiscoveryCompositeHealthContributorTests.java
        DiscoveryClientHealthIndicatorTests.java
        DiscoveryCompositeHealthContributorTests.java
        ManagementServerPortUtilsTests.java
        EnableDiscoveryClientImportSelectorTests.java
        event
        HeartbeatMonitorTests.java
        composite
        reactive
        ReactiveCompositeDiscoveryClientAutoConfigurationTests.java
        ReactiveCompositeDiscoveryClientTests.java
        CompositeDiscoveryClientTestsConfig.java
        CompositeDiscoveryClientAutoConfigurationTests.java
        CompositeDiscoveryClientTests.java
        CompositeDiscoveryClientOrderTest.java
        EnableDiscoveryClientMissingImplTests.java
        EnableDiscoveryClientAutoRegisterFalseTests.java
        ReactiveCommonsClientAutoConfigurationTests.java
        hypermedia
        DiscoveredResourceUnitTests.java
        DynamicServiceInstanceProviderUnitTests.java
        CloudHypermediaAutoConfigurationIntegrationTests.java
        actuator
        FeaturesEndpointTests.java
        circuitbreaker
        CustomizerTests.java
        HostInfoEnvironmentPostProcessorTests.java
        serviceregistry
        endpoint
        ServiceRegistryEndpointNoRegistrationTests.java
        ServiceRegistryEndpointTests.java
        ServiceRegistryAutoConfigurationTests.java
        AutoServiceRegistrationAutoConfigurationTests.java
        AbstractAutoServiceRegistrationTests.java
        AbstractAutoServiceRegistrationMgmtDisabledTests.java
        CommonsClientAutoConfigurationTests.java
        commons
        util
        InetUtilsTests.java
        SpringFactoryImportSelectorTests.java
        IdUtilsTests.java
        httpclient
        CustomHttpClientBuilderConfigurationTests.java
        DefaultOkHttpClientConnectionPoolFactoryTest.java
        DefaultOkHttpClientFactoryTest.java
        CustomOkHttpClientBuilderConfigurationTests.java
        DefaultApacheHttpClientFactoryTests.java
        DefaultHttpClientConfigurationTests.java
        CustomHttpClientConfigurationTests.java
        DefaultApacheHttpClientConnectionManagerFactoryTests.java
        AdhocTestSuite.java
        reactor
        core
        publisher
        FluxFirstNonEmptyEmittingTests.java
  - pom.xml
  - README.md
  - eclipse
    - eclipse-code-formatter.xml
    - org.eclipse.jdt.ui.prefs
    - org.eclipse.jdt.core.prefs
- README.adoc
- .mvn
  - wrapper
    - maven-wrapper.jar
    - maven-wrapper.properties
  - jvm.config
  - maven.config
- spring-cloud-test-support
  - src
    - main
      - java
        org
        springframework
        cloud
        test
        ClassPathOverrides.java
        ModifiedClassPathRunner.java
        ClassPathExclusions.java
    - test
      - java
        org
        springframework
        cloud
        test
        ModifiedClassPathRunnerExclusionsTests.java
        ModifiedClassPathRunnerOverridesTests.java
  - pom.xml
  - README.md
  - eclipse
    - eclipse-code-formatter.xml
    - org.eclipse.jdt.ui.prefs
    - org.eclipse.jdt.core.prefs
- spring-cloud-starter
  - pom.xml
- spring-cloud-commons-dependencies
  - pom.xml
- spring-cloud-starter-loadbalancer
  - pom.xml
- .gitignore
- .settings.xml
- docs
  - src
    - main
      - asciidoc
        spring-cloud-circuitbreaker.adoc
        sagan-index.adoc
        appendix.adoc
        spring-cloud-commons.adoc
        README.adoc
        ghpages.sh
        _attributes.adoc
        _configprops.adoc
        jce.adoc
        intro.adoc
        index.adoc
        sagan-boot.adoc
  - pom.xml
- LICENSE.txt
- mvnw.cmd
- spring-cloud-loadbalancer
  - src
    - main
      - resources
        META-INF
        spring.factories
        additional-spring-configuration-metadata.json
      - java
        org
        springframework
        cloud
        loadbalancer
        support
        SimpleObjectProvider.java
        LoadBalancerClientFactory.java
        ServiceInstanceListSuppliers.java
        config
        BlockingLoadBalancerClientAutoConfiguration.java
        LoadBalancerAutoConfiguration.java
        LoadBalancerCacheAutoConfiguration.java
        LoadBalancerZoneConfig.java
        annotation
        LoadBalancerClientConfiguration.java
        LoadBalancerClients.java
        LoadBalancerClient.java
        LoadBalancerClientConfigurationRegistrar.java
        LoadBalancerClientSpecification.java
        cache
        LoadBalancerCacheProperties.java
        CaffeineBasedLoadBalancerCacheManager.java
        LoadBalancerCacheManager.java
        DefaultLoadBalancerCache.java
        DefaultLoadBalancerCacheManager.java
        core
        CachingServiceInstanceListSupplier.java
        ZonePreferenceServiceInstanceListSupplier.java
        DelegatingServiceInstanceListSupplier.java
        RoundRobinLoadBalancer.java
        HealthCheckServiceInstanceListSupplier.java
        ServiceInstanceListSupplierBuilder.java
        ServiceInstanceListSupplier.java
        ReactorServiceInstanceLoadBalancer.java
        DiscoveryClientServiceInstanceListSupplier.java
        NoopServiceInstanceListSupplier.java
        ReactorLoadBalancer.java
        blocking
        client
        BlockingLoadBalancerClient.java
    - test
      - resources
        application.yml
      - java
        org
        springframework
        cloud
        loadbalancer
        config
        LoadBalancerCacheAutoConfigurationTests.java
        BlockingLoadBalancerClientAutoConfigurationTests.java
        annotation
        LoadBalancerClientConfigurationTests.java
        cache
        DefaultLoadBalancerCacheTests.java
        DefaultLoadBalancerCacheManagerTests.java
        core
        LoadBalancerTests.java
        CachingServiceInstanceListSupplierTests.java
        ZonePreferenceServiceInstanceListSupplierTests.java
        ServiceInstanceListSupplierBuilderTests.java
        HealthCheckServiceInstanceListSupplierTests.java
        DiscoveryClientServiceInstanceListSupplierTests.java
        blocking
        client
        BlockingLoadBalancerClientTests.java
  - pom.xml
- eclipse
  - eclipse-code-formatter.xml
  - org.eclipse.jdt.ui.prefs
  - org.eclipse.jdt.core.prefs

/*
 * Copyright 2013-2020 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.springframework.cloud.bootstrap.encrypt;

import java.util.ArrayList;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

import org.springframework.cloud.bootstrap.BootstrapApplicationListener;
import org.springframework.cloud.context.environment.EnvironmentChangeEvent;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextInitializer;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.core.Ordered;
import org.springframework.core.env.CompositePropertySource;
import org.springframework.core.env.ConfigurableEnvironment;
import org.springframework.core.env.EnumerablePropertySource;
import org.springframework.core.env.MutablePropertySources;
import org.springframework.core.env.PropertySource;
import org.springframework.core.env.PropertySources;
import org.springframework.core.env.SystemEnvironmentPropertySource;
import org.springframework.security.crypto.encrypt.TextEncryptor;

/**
 * Decrypt properties from the environment and insert them with high priority so they
 * override the encrypted values.
 *
 * @author Dave Syer
 * @author Tim Ysewyn
 */
public class EnvironmentDecryptApplicationInitializer implements
		ApplicationContextInitializer<ConfigurableApplicationContext>, Ordered {

	/**
	 * Name of the decrypted property source.
	 */
	public static final String DECRYPTED_PROPERTY_SOURCE_NAME = "decrypted";

	/**
	 * Name of the decrypted bootstrap property source.
	 */
	public static final String DECRYPTED_BOOTSTRAP_PROPERTY_SOURCE_NAME = "decryptedBootstrap";

	/**
	 * Prefix indicating an encrypted value.
	 */
	public static final String ENCRYPTED_PROPERTY_PREFIX = "{cipher}";

	private static final Pattern COLLECTION_PROPERTY = Pattern
			.compile("(\\S+)?\\[(\\d+)\\](\\.\\S+)?");

	private static Log logger = LogFactory
			.getLog(EnvironmentDecryptApplicationInitializer.class);

	private int order = Ordered.HIGHEST_PRECEDENCE + 15;

	private TextEncryptor encryptor;

	private boolean failOnError = true;

	/**
	 * Strategy to determine how to handle exceptions during decryption.
	 * @param failOnError the flag value (default true)
	 */
	public void setFailOnError(boolean failOnError) {
		this.failOnError = failOnError;
	}

	public EnvironmentDecryptApplicationInitializer(TextEncryptor encryptor) {
		this.encryptor = encryptor;
	}

	@Override
	public int getOrder() {
		return this.order;
	}

	public void setOrder(int order) {
		this.order = order;
	}

	@Override
	public void initialize(ConfigurableApplicationContext applicationContext) {
		ConfigurableEnvironment environment = applicationContext.getEnvironment();
		MutablePropertySources propertySources = environment.getPropertySources();

		Set<String> found = new LinkedHashSet<>();
		if (!propertySources.contains(DECRYPTED_BOOTSTRAP_PROPERTY_SOURCE_NAME)) {
			// No reason to decrypt bootstrap twice
			PropertySource<?> bootstrap = propertySources
					.get(BootstrapApplicationListener.BOOTSTRAP_PROPERTY_SOURCE_NAME);
			if (bootstrap != null) {
				Map<String, Object> map = decrypt(bootstrap);
				if (!map.isEmpty()) {
					found.addAll(map.keySet());
					insert(applicationContext, new SystemEnvironmentPropertySource(
							DECRYPTED_BOOTSTRAP_PROPERTY_SOURCE_NAME, map));
				}
			}
		}
		removeDecryptedProperties(applicationContext);
		Map<String, Object> map = decrypt(propertySources);
		if (!map.isEmpty()) {
			// We have some decrypted properties
			found.addAll(map.keySet());
			insert(applicationContext, new SystemEnvironmentPropertySource(
					DECRYPTED_PROPERTY_SOURCE_NAME, map));
		}
		if (!found.isEmpty()) {
			ApplicationContext parent = applicationContext.getParent();
			if (parent != null) {
				// The parent is actually the bootstrap context, and it is fully
				// initialized, so we can fire an EnvironmentChangeEvent there to rebind
				// @ConfigurationProperties, in case they were encrypted.
				parent.publishEvent(new EnvironmentChangeEvent(parent, found));
			}

		}
	}

	private void insert(ApplicationContext applicationContext,
			PropertySource<?> propertySource) {
		ApplicationContext parent = applicationContext;
		while (parent != null) {
			if (parent.getEnvironment() instanceof ConfigurableEnvironment) {
				ConfigurableEnvironment mutable = (ConfigurableEnvironment) parent
						.getEnvironment();
				insert(mutable.getPropertySources(), propertySource);
			}
			parent = parent.getParent();
		}
	}

	private void insert(MutablePropertySources propertySources,
			PropertySource<?> propertySource) {
		if (propertySources
				.contains(BootstrapApplicationListener.BOOTSTRAP_PROPERTY_SOURCE_NAME)) {
			if (DECRYPTED_BOOTSTRAP_PROPERTY_SOURCE_NAME
					.equals(propertySource.getName())) {
				propertySources.addBefore(
						BootstrapApplicationListener.BOOTSTRAP_PROPERTY_SOURCE_NAME,
						propertySource);
			}
			else {
				propertySources.addAfter(
						BootstrapApplicationListener.BOOTSTRAP_PROPERTY_SOURCE_NAME,
						propertySource);
			}
		}
		else {
			propertySources.addFirst(propertySource);
		}
	}

	private void removeDecryptedProperties(ApplicationContext applicationContext) {
		ApplicationContext parent = applicationContext;
		while (parent != null) {
			if (parent.getEnvironment() instanceof ConfigurableEnvironment) {
				((ConfigurableEnvironment) parent.getEnvironment()).getPropertySources()
						.remove(DECRYPTED_PROPERTY_SOURCE_NAME);
			}
			parent = parent.getParent();
		}
	}

	public Map<String, Object> decrypt(PropertySources propertySources) {
		Map<String, Object> properties = merge(propertySources);
		decrypt(properties);
		return properties;
	}

	private Map<String, Object> decrypt(PropertySource<?> source) {
		Map<String, Object> properties = merge(source);
		decrypt(properties);
		return properties;
	}

	private Map<String, Object> merge(PropertySources propertySources) {
		Map<String, Object> properties = new LinkedHashMap<>();
		List<PropertySource<?>> sources = new ArrayList<>();
		for (PropertySource<?> source : propertySources) {
			sources.add(0, source);
		}
		for (PropertySource<?> source : sources) {
			merge(source, properties);
		}
		return properties;
	}

	private Map<String, Object> merge(PropertySource<?> source) {
		Map<String, Object> properties = new LinkedHashMap<>();
		merge(source, properties);
		return properties;
	}

	private void merge(PropertySource<?> source, Map<String, Object> properties) {
		if (source instanceof CompositePropertySource) {

			List<PropertySource<?>> sources = new ArrayList<>(
					((CompositePropertySource) source).getPropertySources());
			Collections.reverse(sources);

			for (PropertySource<?> nested : sources) {
				merge(nested, properties);
			}

		}
		else if (source instanceof EnumerablePropertySource) {
			Map<String, Object> otherCollectionProperties = new LinkedHashMap<>();
			boolean sourceHasDecryptedCollection = false;

			EnumerablePropertySource<?> enumerable = (EnumerablePropertySource<?>) source;
			for (String key : enumerable.getPropertyNames()) {
				Object property = source.getProperty(key);
				if (property != null) {
					String value = property.toString();
					if (value.startsWith(ENCRYPTED_PROPERTY_PREFIX)) {
						properties.put(key, value);
						if (COLLECTION_PROPERTY.matcher(key).matches()) {
							sourceHasDecryptedCollection = true;
						}
					}
					else if (COLLECTION_PROPERTY.matcher(key).matches()) {
						// put non-encrypted properties so merging of index properties
						// happens correctly
						otherCollectionProperties.put(key, value);
					}
					else {
						// override previously encrypted with non-encrypted property
						properties.remove(key);
					}
				}
			}
			// copy all indexed properties even if not encrypted
			if (sourceHasDecryptedCollection && !otherCollectionProperties.isEmpty()) {
				properties.putAll(otherCollectionProperties);
			}

		}
	}

	private void decrypt(Map<String, Object> properties) {
		properties.replaceAll((key, value) -> {
			String valueString = value.toString();
			if (!valueString.startsWith(ENCRYPTED_PROPERTY_PREFIX)) {
				return value;
			}
			return decrypt(key, valueString);
		});
	}

	private String decrypt(String key, String original) {
		String value = original.substring(ENCRYPTED_PROPERTY_PREFIX.length());
		try {
			value = this.encryptor.decrypt(value);
			if (logger.isDebugEnabled()) {
				logger.debug("Decrypted: key=" + key);
			}
			return value;
		}
		catch (Exception e) {
			String message = "Cannot decrypt: key=" + key;
			if (logger.isDebugEnabled()) {
				logger.warn(message, e);
			}
			else {
				logger.warn(message);
			}
			if (this.failOnError) {
				throw new IllegalStateException(message, e);
			}
			return "";
		}
	}

}