Revert "Only attempt to decrypt properties that are not overridden (#462)"

This reverts commit 59798f52ed.

spring-cloud-context/src/main/java/org/springframework/cloud/bootstrap/encrypt/EnvironmentDecryptApplicationInitializer.java

@@ -163,25 +163,21 @@ public class EnvironmentDecryptApplicationInitializer implements
 			sources.add(0, source);
 		}
 		for (PropertySource<?> source : sources) {
-			collectEncryptedProperties(source, overrides);
+			decrypt(source, overrides);
 		}
-
-		doDecrypt(overrides);
 		return overrides;
 	}
 
 	private Map<String, Object> decrypt(PropertySource<?> source) {
 		Map<String, Object> overrides = new LinkedHashMap<>();
-		collectEncryptedProperties(source, overrides);
-		doDecrypt(overrides);
+		decrypt(source, overrides);
 		return overrides;
 	}
 
 	private static final Pattern COLLECTION_PROPERTY = Pattern
 			.compile("(\\S+)?\\[(\\d+)\\](\\.\\S+)?");
 
-	private void collectEncryptedProperties(PropertySource<?> source,
-			Map<String, Object> overrides) {
+	private void decrypt(PropertySource<?> source, Map<String, Object> overrides) {
 
 		if (source instanceof EnumerablePropertySource) {
 			Map<String, Object> otherCollectionProperties = new LinkedHashMap<>();
@@ -193,6 +189,28 @@ public class EnvironmentDecryptApplicationInitializer implements
 				if (property != null) {
 					String value = property.toString();
 					if (value.startsWith("{cipher}")) {
+						value = value.substring("{cipher}".length());
+						try {
+							value = this.encryptor.decrypt(value);
+							if (logger.isDebugEnabled()) {
+								logger.debug("Decrypted: key=" + key);
+							}
+						}
+						catch (Exception e) {
+							String message = "Cannot decrypt: key=" + key;
+							if (this.failOnError) {
+								throw new IllegalStateException(message, e);
+							}
+							if (logger.isDebugEnabled()) {
+								logger.warn(message, e);
+							}
+							else {
+								logger.warn(message);
+							}
+							// Set value to empty to avoid making a password out of the
+							// cipher text
+							value = "";
+						}
 						overrides.put(key, value);
 						if (COLLECTION_PROPERTY.matcher(key).matches()) {
 							sourceHasDecryptedCollection = true;
@@ -215,42 +233,11 @@ public class EnvironmentDecryptApplicationInitializer implements
 
 			for (PropertySource<?> nested : ((CompositePropertySource) source)
 					.getPropertySources()) {
-				collectEncryptedProperties(nested, overrides);
+				decrypt(nested, overrides);
 			}
 
 		}
 
 	}
 
-	private void doDecrypt(Map<String, Object> overrides) {
-		for (String key : overrides.keySet()) {
-			String value = overrides.get(key).toString();
-			if (value.startsWith("{cipher}")) {
-				value = value.substring("{cipher}".length());
-				try {
-					value = this.encryptor.decrypt(value);
-					if (logger.isDebugEnabled()) {
-						logger.debug("Decrypted: key=" + key);
-					}
-				}
-				catch (Exception e) {
-					String message = "Cannot decrypt: key=" + key;
-					if (this.failOnError) {
-						throw new IllegalStateException(message, e);
-					}
-					if (logger.isDebugEnabled()) {
-						logger.warn(message, e);
-					}
-					else {
-						logger.warn(message);
-					}
-					// Set value to empty to avoid making a password out of the
-					// cipher text
-					value = "";
-				}
-				overrides.put(key, value);
-			}
-		}
-	}
-
 }

spring-cloud-context/src/test/java/org/springframework/cloud/bootstrap/encrypt/EnvironmentDecryptApplicationInitializerTests.java

@@ -30,14 +30,11 @@ import org.springframework.core.env.MapPropertySource;
 import org.springframework.core.env.MutablePropertySources;
 import org.springframework.core.env.PropertySource;
 import org.springframework.security.crypto.encrypt.Encryptors;
-import org.springframework.security.crypto.encrypt.TextEncryptor;
 
 import static org.hamcrest.Matchers.is;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertThat;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.verifyNoMoreInteractions;
 import static org.mockito.Mockito.when;
 import static org.springframework.cloud.bootstrap.encrypt.EnvironmentDecryptApplicationInitializer.DECRYPTED_PROPERTY_SOURCE_NAME;
 
@@ -153,22 +150,4 @@ public class EnvironmentDecryptApplicationInitializerTests {
 		assertEquals("value", ctx.getEnvironment().getProperty("key"));
 	}
 
-	@Test
-	public void testOnlyDecryptIfNotOverridden() {
-		ConfigurableApplicationContext context = new AnnotationConfigApplicationContext();
-		TextEncryptor encryptor = mock(TextEncryptor.class);
-		when(encryptor.decrypt("bar2")).thenReturn("bar2");
-		EnvironmentDecryptApplicationInitializer initializer = new EnvironmentDecryptApplicationInitializer(
-				encryptor);
-		TestPropertyValues.of("foo: {cipher}bar", "foo2: {cipher}bar2").applyTo(context);
-		context.getEnvironment().getPropertySources()
-				.addFirst(new MapPropertySource("test_override",
-						Collections.<String, Object>singletonMap("foo", "spam")));
-		initializer.initialize(context);
-		assertEquals("spam", context.getEnvironment().getProperty("foo"));
-		assertEquals("bar2", context.getEnvironment().getProperty("foo2"));
-		verify(encryptor).decrypt("bar2");
-		verifyNoMoreInteractions(encryptor);
-	}
-
 }