From 7686a19db9121c048644908db69e63e99da17ea9 Mon Sep 17 00:00:00 2001
From: Greg Wilkins <gregw@webtide.com>
Date: Thu, 23 Jul 2015 11:21:22 +1000
Subject: [PATCH] 473321 - Overriding SSL context KeyStoreType requires
 explicit override of TrustStoreType

---
 .../jetty/util/ssl/SslContextFactory.java      | 18 ++++++++++++++++--
 .../jetty/util/ssl/SslContextFactoryTest.java  | 18 +++---------------
 2 files changed, 19 insertions(+), 17 deletions(-)

diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
index 6f982352f8d..32b5ef8b5a0 100644
--- a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
+++ b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
@@ -338,7 +338,7 @@ public class SslContextFactory extends AbstractLifeCycle
                 if (keyStore==null)
                     keyStore=loadKeyStore(_keyStoreResource);
                 if (trustStore==null)
-                    trustStore=loadTrustStore(_trustStoreResource==null?_keyStoreResource:_trustStoreResource);
+                    trustStore=loadTrustStore(_trustStoreResource);
 
                 Collection<? extends CRL> crls = loadCRL(_crlPath);
 
@@ -1062,7 +1062,21 @@ public class SslContextFactory extends AbstractLifeCycle
      */
     protected KeyStore loadTrustStore(Resource resource) throws Exception
     {
-        return CertificateUtils.getKeyStore(resource, _trustStoreType,  _trustStoreProvider,_trustStorePassword==null? null:_trustStorePassword.toString());
+        String type=_trustStoreType;
+        String provider= _trustStoreProvider;
+        String passwd=_trustStorePassword==null? null:_trustStorePassword.toString();
+        if (resource==null || resource.equals(_keyStoreResource))
+        {
+            resource=_keyStoreResource;
+            if (type==null)
+                type=_keyStoreType;
+            if (provider==null)
+                provider= _keyStoreProvider;
+            if (passwd==null)
+                passwd=_keyStorePassword==null? null:_keyStorePassword.toString();
+        }
+            
+        return CertificateUtils.getKeyStore(resource,type,provider,passwd);
     }
 
     /**
diff --git a/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java b/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java
index 35bc5738544..81ecea8aff5 100644
--- a/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java
+++ b/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java
@@ -18,9 +18,8 @@
 
 package org.eclipse.jetty.util.ssl;
 
-import static org.hamcrest.Matchers.equalTo;
 import static org.hamcrest.Matchers.greaterThan;
-import static org.hamcrest.Matchers.is;
+import static org.hamcrest.Matchers.equalTo;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertThat;
 import static org.junit.Assert.assertTrue;
@@ -28,7 +27,6 @@ import static org.junit.Assert.assertTrue;
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.KeyStore;
-import java.util.Arrays;
 
 import javax.net.ssl.SSLEngine;
 
@@ -56,7 +54,6 @@ public class SslContextFactoryTest
     @Test
     public void testNoTsFileKs() throws Exception
     {
-        String keystorePath = System.getProperty("basedir",".") + "/src/test/resources/keystore";
         cf.setKeyStorePassword("storepwd");
         cf.setKeyManagerPassword("keypwd");
 
@@ -199,20 +196,19 @@ public class SslContextFactoryTest
         String[] enabledCipherSuites = sslEngine.getEnabledCipherSuites();
         assertThat("At least 1 cipherSuite is enabled", enabledCipherSuites.length, greaterThan(0));
         for (String enabledCipherSuite : enabledCipherSuites)
-            assertThat("CipherSuite does not contain RC4", enabledCipherSuite.contains("RC4"), is(false));
+            assertThat("CipherSuite does not contain RC4", enabledCipherSuite.contains("RC4"), equalTo(false));
     }
 
     @Test
     public void testSetIncludeCipherSuitesRegex() throws Exception
     {
-        Log.getLogger(SslContextFactory.class).setDebugEnabled(true);
         cf.setIncludeCipherSuites(".*ECDHE.*",".*WIBBLE.*");
         cf.start();
         SSLEngine sslEngine = cf.newSSLEngine();
         String[] enabledCipherSuites = sslEngine.getEnabledCipherSuites();
         assertThat("At least 1 cipherSuite is enabled", enabledCipherSuites.length, greaterThan(1));
         for (String enabledCipherSuite : enabledCipherSuites)
-            assertThat("CipherSuite contains ECDHE", enabledCipherSuite.contains("ECDHE"), is(true));
+            assertThat("CipherSuite contains ECDHE", enabledCipherSuite.contains("ECDHE"), equalTo(true));
     }
 
     @Test
@@ -223,12 +219,4 @@ public class SslContextFactoryTest
     	assertNotNull(cf.getExcludeCipherSuites());
     	assertNotNull(cf.getIncludeCipherSuites());
     }
-    
-    private void assertSelectedMatchesIncluded(String[] includeStrings, String[] selectedStrings)
-    {
-        assertThat(includeStrings.length + " strings are selected", selectedStrings.length, is(includeStrings.length));
-        assertThat("order from includeStrings is preserved", selectedStrings[0], equalTo(includeStrings[0]));
-        assertThat("order from includeStrings is preserved", selectedStrings[1], equalTo(includeStrings[1]));
-        assertThat("order from includeStrings is preserved", selectedStrings[2], equalTo(includeStrings[2]));
-    }
 }