From 2f22767dc10fbabd448054289b97f37c523d29fc Mon Sep 17 00:00:00 2001
From: Tony Copping <tony@sigsoft.ca>
Date: Mon, 19 Aug 2024 18:41:35 -0600
Subject: [PATCH 1/2] Issue #12175 Update SslContextFactory to use Credential
 instead of Password

Signed-off-by: Tony Copping <tony@sigsoft.ca>
---
 .../jetty/util/ssl/SslContextFactory.java     | 22 +++++++++----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/jetty-core/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java b/jetty-core/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
index 83cf59cd1d8..1351a653400 100644
--- a/jetty-core/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
+++ b/jetty-core/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
@@ -86,7 +86,7 @@ import org.eclipse.jetty.util.resource.ResourceFactory;
 import org.eclipse.jetty.util.resource.Resources;
 import org.eclipse.jetty.util.security.CertificateUtils;
 import org.eclipse.jetty.util.security.CertificateValidator;
-import org.eclipse.jetty.util.security.Password;
+import org.eclipse.jetty.util.security.Credential;
 import org.eclipse.jetty.util.thread.AutoLock;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -157,9 +157,9 @@ public abstract class SslContextFactory extends ContainerLifeCycle implements Du
     private Resource _trustStoreResource;
     private String _trustStoreProvider;
     private String _trustStoreType;
-    private Password _keyStorePassword;
-    private Password _keyManagerPassword;
-    private Password _trustStorePassword;
+    private Credential _keyStorePassword;
+    private Credential _keyManagerPassword;
+    private Credential _trustStorePassword;
     private String _sslProvider;
     private String _sslProtocol = "TLS";
     private String _secureRandomAlgorithm;
@@ -1148,7 +1148,7 @@ public abstract class SslContextFactory extends ContainerLifeCycle implements Du
     {
         String type = Objects.toString(getTrustStoreType(), getKeyStoreType());
         String provider = Objects.toString(getTrustStoreProvider(), getKeyStoreProvider());
-        Password passwd = _trustStorePassword;
+        Credential passwd = _trustStorePassword;
         if (resource == null || resource.equals(_keyStoreResource))
         {
             resource = _keyStoreResource;
@@ -1614,23 +1614,23 @@ public abstract class SslContextFactory extends ContainerLifeCycle implements Du
      * Returns the password object for the given realm.
      *
      * @param realm the realm
-     * @return the Password object
+     * @return the Credential object
      */
-    protected Password getPassword(String realm)
+    protected Credential getPassword(String realm)
     {
         String password = System.getProperty(realm);
         return password == null ? null : newPassword(password);
     }
 
     /**
-     * Creates a new Password object.
+     * Creates a new Credential object.
      *
      * @param password the password string
-     * @return the new Password object
+     * @return the new Credential object
      */
-    public Password newPassword(String password)
+    public Credential newPassword(String password)
     {
-        return new Password(password);
+        return Credential.getCredential(password);
     }
 
     public SSLServerSocket newSslServerSocket(String host, int port, int backlog) throws IOException

From 66e4bd862f038e5ac50b93f217319748210d23d3 Mon Sep 17 00:00:00 2001
From: Tony Copping <tony@sigsoft.ca>
Date: Sat, 24 Aug 2024 09:59:28 -0600
Subject: [PATCH 2/2] Issue #12175 Updates based on feedback

Signed-off-by: Tony Copping <tony@sigsoft.ca>
---
 .../jetty/util/ssl/SslContextFactory.java     | 72 ++++++++++++-------
 1 file changed, 48 insertions(+), 24 deletions(-)

diff --git a/jetty-core/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java b/jetty-core/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
index 1351a653400..bf08c19a08f 100644
--- a/jetty-core/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
+++ b/jetty-core/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
@@ -87,6 +87,7 @@ import org.eclipse.jetty.util.resource.Resources;
 import org.eclipse.jetty.util.security.CertificateUtils;
 import org.eclipse.jetty.util.security.CertificateValidator;
 import org.eclipse.jetty.util.security.Credential;
+import org.eclipse.jetty.util.security.Password;
 import org.eclipse.jetty.util.thread.AutoLock;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -157,9 +158,9 @@ public abstract class SslContextFactory extends ContainerLifeCycle implements Du
     private Resource _trustStoreResource;
     private String _trustStoreProvider;
     private String _trustStoreType;
-    private Credential _keyStorePassword;
-    private Credential _keyManagerPassword;
-    private Credential _trustStorePassword;
+    private Credential _keyStoreCredential;
+    private Credential _keyManagerCredential;
+    private Credential _trustStoreCredential;
     private String _sslProvider;
     private String _sslProtocol = "TLS";
     private String _secureRandomAlgorithm;
@@ -811,46 +812,42 @@ public abstract class SslContextFactory extends ContainerLifeCycle implements Du
 
     public String getKeyStorePassword()
     {
-        return _keyStorePassword == null ? null : _keyStorePassword.toString();
+        return _keyStoreCredential == null ? null : _keyStoreCredential.toString();
     }
 
     /**
-     * @param password The password for the key store.  If null is passed and
-     * a keystore is set, then
-     * the {@link #getPassword(String)} is used to
-     * obtain a password either from the {@value #PASSWORD_PROPERTY}
-     * system property.
+     * @param password The password for the key store. If null is passed then
+     * {@link #getCredential(String)} is used to obtain a password from
+     * the {@value #PASSWORD_PROPERTY} system property.
      */
     public void setKeyStorePassword(String password)
     {
-        _keyStorePassword = password == null ? getPassword(PASSWORD_PROPERTY) : newPassword(password);
+        _keyStoreCredential = password == null ? getCredential(PASSWORD_PROPERTY) : newCredential(password);
     }
 
     public String getKeyManagerPassword()
     {
-        return _keyManagerPassword == null ? null : _keyManagerPassword.toString();
+        return _keyManagerCredential == null ? null : _keyManagerCredential.toString();
     }
 
     /**
      * @param password The password (if any) for the specific key within the key store.
-     * If null is passed and the {@value #KEYPASSWORD_PROPERTY} system property is set,
-     * then the {@link #getPassword(String)} is used to
+     * If null is passed then {@link #getCredential(String)} is used to
      * obtain a password from the {@value #KEYPASSWORD_PROPERTY} system property.
      */
     public void setKeyManagerPassword(String password)
     {
-        _keyManagerPassword = password == null ? getPassword(KEYPASSWORD_PROPERTY) : newPassword(password);
+        _keyManagerCredential = password == null ? getCredential(KEYPASSWORD_PROPERTY) : newCredential(password);
     }
 
     /**
      * @param password The password for the truststore. If null is passed then
-     * the {@link #getPassword(String)} is used to
-     * obtain a password from the {@value #PASSWORD_PROPERTY}
+     * {@link #getCredential(String)} is used to obtain a password from the {@value #PASSWORD_PROPERTY}
      * system property.
      */
     public void setTrustStorePassword(String password)
     {
-        _trustStorePassword = password == null ? getPassword(PASSWORD_PROPERTY) : newPassword(password);
+        _trustStoreCredential = password == null ? getCredential(PASSWORD_PROPERTY) : newCredential(password);
     }
 
     /**
@@ -1133,7 +1130,7 @@ public abstract class SslContextFactory extends ContainerLifeCycle implements Du
      */
     protected KeyStore loadKeyStore(Resource resource) throws Exception
     {
-        String storePassword = Objects.toString(_keyStorePassword, null);
+        String storePassword = Objects.toString(_keyStoreCredential, null);
         return CertificateUtils.getKeyStore(resource, getKeyStoreType(), getKeyStoreProvider(), storePassword);
     }
 
@@ -1148,12 +1145,12 @@ public abstract class SslContextFactory extends ContainerLifeCycle implements Du
     {
         String type = Objects.toString(getTrustStoreType(), getKeyStoreType());
         String provider = Objects.toString(getTrustStoreProvider(), getKeyStoreProvider());
-        Credential passwd = _trustStorePassword;
+        Credential passwd = _trustStoreCredential;
         if (resource == null || resource.equals(_keyStoreResource))
         {
             resource = _keyStoreResource;
             if (passwd == null)
-                passwd = _keyStorePassword;
+                passwd = _keyStoreCredential;
         }
         return CertificateUtils.getKeyStore(resource, type, provider, Objects.toString(passwd, null));
     }
@@ -1180,7 +1177,7 @@ public abstract class SslContextFactory extends ContainerLifeCycle implements Du
         if (keyStore != null)
         {
             KeyManagerFactory keyManagerFactory = getKeyManagerFactoryInstance();
-            keyManagerFactory.init(keyStore, _keyManagerPassword == null ? (_keyStorePassword == null ? null : _keyStorePassword.toString().toCharArray()) : _keyManagerPassword.toString().toCharArray());
+            keyManagerFactory.init(keyStore, _keyManagerCredential == null ? (_keyStoreCredential == null ? null : _keyStoreCredential.toString().toCharArray()) : _keyManagerCredential.toString().toCharArray());
             managers = keyManagerFactory.getKeyManagers();
 
             if (managers != null)
@@ -1614,21 +1611,48 @@ public abstract class SslContextFactory extends ContainerLifeCycle implements Du
      * Returns the password object for the given realm.
      *
      * @param realm the realm
-     * @return the Credential object
+     * @return the Password object
+     * @deprecated use {#link getCredential} instead.
      */
-    protected Credential getPassword(String realm)
+    @Deprecated(since = "12.0.13", forRemoval = true)
+    protected Password getPassword(String realm)
     {
         String password = System.getProperty(realm);
         return password == null ? null : newPassword(password);
     }
 
+    /**
+     * Creates a new Password object.
+     *
+     * @param password the password string
+     * @return the new Password object
+     * @deprecated use {#link newCredential} instead.
+     */
+    @Deprecated(since = "12.0.13", forRemoval = true)
+    public Password newPassword(String password)
+    {
+        return new Password(password);
+    }
+
+    /**
+     * Returns the credential object for the given realm.
+     *
+     * @param realm the realm
+     * @return the Credential object
+     */
+    protected Credential getCredential(String realm)
+    {
+        String password = System.getProperty(realm);
+        return password == null ? null : newCredential(password);
+    }
+
     /**
      * Creates a new Credential object.
      *
      * @param password the password string
      * @return the new Credential object
      */
-    public Credential newPassword(String password)
+    public Credential newCredential(String password)
     {
         return Credential.getCredential(password);
     }