From c87b714a46f83bace2bb5840acfa6c26fa866044 Mon Sep 17 00:00:00 2001
From: Simone Bordet <simone.bordet@gmail.com>
Date: Tue, 10 Oct 2017 16:52:06 +0200
Subject: [PATCH] Fixes #901 - Overriding SSL context KeyStoreType requires
 explicit override of TrustStoreType.

The default value of _trustStoreType is now null rather than "JKS", so
that existing logic will use the _keyStoreType also for the trust store.
---
 .../jetty/util/ssl/SslContextFactory.java     |   2 +-
 .../jetty/util/ssl/SslContextFactoryTest.java |  18 ++++++++++++++++++
 jetty-util/src/test/resources/keystore.jce    | Bin 0 -> 2209 bytes
 jetty-util/src/test/resources/keystore.p12    | Bin 0 -> 2533 bytes
 4 files changed, 19 insertions(+), 1 deletion(-)
 create mode 100644 jetty-util/src/test/resources/keystore.jce
 create mode 100644 jetty-util/src/test/resources/keystore.p12

diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
index 7d7647c89b4..70b61574e3e 100644
--- a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
+++ b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
@@ -143,7 +143,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
     private String _certAlias;
     private Resource _trustStoreResource;
     private String _trustStoreProvider;
-    private String _trustStoreType = "JKS";
+    private String _trustStoreType;
     private boolean _needClientAuth = false;
     private boolean _wantClientAuth = false;
     private Password _keyStorePassword;
diff --git a/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java b/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java
index d394300b6ff..da5b9f8ef99 100644
--- a/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java
+++ b/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java
@@ -278,4 +278,22 @@ public class SslContextFactoryTest
         assertFalse(cf.getX509("wild").matches("foo.bar.domain.com"));
         assertFalse(cf.getX509("wild").matches("other.com"));
     }
+
+    @Test
+    public void testNonDefaultKeyStoreTypeUsedForTrustStore() throws Exception
+    {
+        cf = new SslContextFactory();
+        cf.setKeyStoreResource(Resource.newSystemResource("keystore.p12"));
+        cf.setKeyStoreType("pkcs12");
+        cf.setKeyStorePassword("storepwd");
+        cf.start();
+        cf.stop();
+
+        cf = new SslContextFactory();
+        cf.setKeyStoreResource(Resource.newSystemResource("keystore.jce"));
+        cf.setKeyStoreType("jceks");
+        cf.setKeyStorePassword("storepwd");
+        cf.start();
+        cf.stop();
+    }
 }
diff --git a/jetty-util/src/test/resources/keystore.jce b/jetty-util/src/test/resources/keystore.jce
new file mode 100644
index 0000000000000000000000000000000000000000..e5d614492ae4ad4b424c28c1ab14d38df62fb7e7
GIT binary patch
literal 2209
zcmchX`8U*y8^>qH%w!B>8Ih5MP-D5DLH2!X?8%xX8DyAT3}Q?oOQulCAcnC;G2v^E
z7Ln`}5^e}LdxoZkOgC5G<(&H$e9v><KfIpv{^2?A=Q+>t@bEAQ1cK}f{BOZRD5L<&
zKKa0#-#UXp(2qbObOpe`5lV0{6pV$S!GHji7Z`Z-c97E40s)Ic6QRAc+!Q{f2rjT?
zlzJ%o*p7lp$6WQZ@eYrmZSs(fBcnLWv1|LA*wN-rsS}X$-V$9aNB=b!HAA(Z?d_jN
zDjADrJ4FU3SIvZ|zJ-sQjU@j_-?iVYqxK|!J58eshi;4zL8_twDTH$6yt4Wd`R8_R
z9zlV~_&m(>?V+Ls)W5#S4NG$@Z1cUUTYKqUEfNkNPxyBz(r4`Z{W7WLnsu~=PvvoN
zj6dNJMZXklu<SKDJtB_J5I1=&WtXojxr#dXp#q2h?fShfw}@#y^$=XYF%X+PH*hLX
zA|mN!y3!pDfws;lcT<kt_`&=>Be8WFaDFc;<(>EAJk#g=$-7xgHFc96(5L0%<NiG|
z$!J@<u0mPF?t>`}=H=lYWO|JNR#0WqS{~NlkGFJ-eRg<`sS@tzqwHhk_aVxQH$Fz8
zK`y72suZg<o~^rJh=0e8;BVqeTTbH3Og6RaH|2}mpSZTX+(xUW@~xn-8n4it1fGWv
z{c|rU&JE~UpX+9@+B_$}huW?jJ@opu>9;1Yc&h;?UyV4!8D5pW(eW)$O0Rt{w?=oA
zOcl4xl`42JKNdr@QvR$Jz&;~z_A8-JCapW}<vl5NL0h${(iT$lpO;Bhad*VdPHRJ=
zP_aL*q`C%D<NF4JYV9;3g4azvt2WEoE!&De@AmyQXe}IVo3r{E9Dn}B65kN+sv2>i
zNz_u$Z2OWWcRf8nnodyRp?9R;7cHx2t$XSBR9n2l*L-rG)*D<oGo|y#ytRpNWR6#=
z+k>}ws~yGbX}4%uw#DH`U<pTyIBScfg8HwG6Dnmw)pl^sJ2c+7$$=Q;cUu5k|J!l~
zb3>^|`WC$6*r%avh;T3SMOiLF)Dk<9X3*&cvb&;fCDDXD#+Q8464tEy;$8TOvE(W<
zp?JK^_Lpd52mJdlGEI$FJAI7cuTH^)x()e*<0T(BscOPiG$dUwZ3Y=6<aN{$Nz4&-
zKVxR@ggXxBc)}o8Y$-%p|HJXQ9n!|YuD72KG?>3*{rqk~w84dzYgGvToZEG6#!4@r
zx++$>s4-S5?)UDsOj=S@6sf75jEax?H`?@&{*^?XUHIww`A+&^yBj8iEH;QXcO^ZF
zDp^CP&h+JCq@CU?W;YikyzO$G3_Cbm%s8b(317nuaDV6tw_r9*>U1`eDu9Cb{;Wp5
z&@wLmRWexBsX6$2futdiZ5kptf^p&4j@ISoDc%@UJ#*%B(b~?Z6mvidxw4o9y;PHC
zV;*N2)Jl+?ZKwZ~|Iv)vHLbgw+O7H+8$%I0N6JIlwq|J!2=#Q`nqjXkPJbH%t(JtP
z$Y{MNMZNQ(y}=NR43-Uk=kvwhnk3!f9wr-<MxMFN`is>%0stlXN=bp;a#%?n<s)J7
zOA20ELB(r50hve(2KC96=|Rf&dIAB)3H+wzDJiQrjiJM+BI>;6?6XQQV!|V$o|!vf
z8~04vWY<-CdRcOoPyp$PdVJW{VH?)2MB$bPcdjR6Nh7~Zi`z;2dFiWCs<xx^L43W`
zDLa4sP0mJxdFBr&5V#6mS|jU<D0egFN+_pC*9f31uZvh@we$toQ{I<@6;t)hmOa5{
zN$Rbai`&Eb<Y-s##nH#I|MLRfRZjvsAP`R|kjO&<5+P2-JP<Gh0yXun4+R9^2<$cd
zwQT_~7zqOb7jQ@b0q1dn!qE^HC!8=K_zQT^y!HVEvTp>*7l#7)f3*&vVGbd_L|>c`
zfcnLJ=mTy6gvcQOfd4s=Xqa_CWF!SA0to$b@SqVFL;ZX&5<?>*fg|DqI4vBoUmEI~
z0M0{PKy4oZ?f>HcZH`2+>^~y_!$3TVU_lU&2<C$%g25mLLRja<&e51B=8c*4tm2Ef
zYPa)D-_2fm1zxYv2pa`o7uJllb$%Z`iWVb{t-9g=rJUL!kCfzNt6Lu?x1}J8zV9+D
zu3t<vrA&=Y2I@51$dm0%IU4N@Z-PXw$+M5hpf_WlQESl5pOw|-Et|DT3SJfNo0iLQ
zI}lHr&_wKT#qq6~JrIU+_RUbcjk#*QiJ(yzmvfbi9(Q~Fxrk}mb6>x>|K%lj*+@fk
z3-lyiMzgdw(!tsz2A;Rb8d$$)d$7=ZK3>~&Mfb<ElR#L;>qYUR$}Fqi<H^Pg`aQ(u
znx8p0pFHR#A98zG>z&*7kT#c+W5GFQC4w)I);b8`0fWG0GJrH7wZB6t6jTf<ir{0*
z-IX;QwmH6tSx_pq_bhTY`)7#zceEcO7!=zeBtmvAzm2OWdjGlER%nG=&=W>Inl)fj
zrr53$ev}n-9v_S>Y;8D}_Get5JMx0}?2wqnQnMxk{RmqXJmk2Q?FD9M5K7o1h=v>P
zBGwZ2ao_8A)t8UhPq1`ii0Pb<V$4Q;f0tx;(f3rdy@vE;_QZ$DF(Z!Vt5Ic4R4w(W
zoV$DNn8b~?Ob@_$UirShMTtC1Gd|>NV^DVXKp2E6=L`?utEA{=xHohcIMLo#1``Co
zOrnlsRU_Eq2l6s)=;{%Gvrpi?DwT*LCt6->bzf5m{D|!DcM)N3WRbkUy#a@dpR1J|
rwV1(ivo@z?)!hglTA8dG4aaDohC*(?Zi%Yvbxe><TtHW$#bDFlieI_z

literal 0
HcmV?d00001

diff --git a/jetty-util/src/test/resources/keystore.p12 b/jetty-util/src/test/resources/keystore.p12
new file mode 100644
index 0000000000000000000000000000000000000000..b51c835024b001ff73c04030e2b9ad05406849a0
GIT binary patch
literal 2533
zcmY+^byO3K8U}E-u`ytDC@Ecvj?U3BO8h{&MM_{GT@rI5&4w@mnKD8?1PKAZ$v`PZ
zM=B*MF-kr{7}63K&$;)0_x|yo_nhZB=lSyoM>A4^01zC_SOsB}OGT#cu>cqVrD(=N
zdNgDHS&W6F=}rHsAf;$}^|MGB2%tNA^8YjdxFCe--wQAR1kOqiO<v$Su*eCh0|KFR
z$!L1I{LhhV>-#}Ck&VG8))Pn#Bz(?eKUb&Nha~qzhIBNt+>-sRp}puUUj#DoLPg6w
z$9*AC!tg2TJfxqEIXVx~GaMElN9g{r<r$FaU8Uu%*W1tcRtV{FNxU{wt!5&2sY!c8
zmwD}`prCUk*>a85qK81%a+3LuH^W@IJ{vv$qf9~KIzHGOXk9|N@8wv2Gj^q}-M#VL
zUOsguE;bXJ2Ev6JwLD3Q@wpQ%wDtWotFDN-<I_OZhNIWVPUvvnN{CdNtF+0i3Di@g
zH+mEXvQY34SGGTKz#S_NqBL~pOlKmJ2+g`)<;%>K(N*Ql3a5X%`i<(MZayaR$BwL?
zP-YMX$uU!_t?GHzjc(E~uKRlG@E5T@gXVmdvyV2zLOd3VKbebhsziQpt4yv(Ay_+_
z-Dl{a#<VQdjm7CVkPAy0M+1?Yg+q!pliyQfmJ>F5RF<|%cng&owG#p~I6<-ckow-*
zfRA>4MKD7e54m-VCK$^#?cB)V0^y#&QF~{#kM#c9j**Vvg#y>e-F2o6Cx>mlY2e$P
zD;ZqJy?gbf5Cii+BT-IY&l@{wVbc`{dfwvITFfTcnCLiYA}Z_S&c(0I^HUUnP*o0h
z%1P6+_;)H(=J(7m2VYqT6dF<0KdLeeNWHadhsgL0JvZOHq#;*UtU2*w9d2c{PY`Z#
z7q^Ja=rfUF4d1aO<JN1EOFe8<L%R><9{5tGjpZSio2}OL)f{ejb@<#924H8(TT8|t
zs9d$Uy5GsrP;wns1l6_dh3zPOT~lIf$Vs<(L^Q~aeoj5ml4N4QQC}|u+fdg9<K*OH
zOTKxga4jlAGUq(~^A1;@KFw=rkBuWFO_s}lBN~);{B%R)cg#K6merMH?fByOzA*dT
z7ygdBZ|_+9P;v&wk{8PcN7<_%B&zJxi`%=4=T*tlve|bka%Nvv`Yrt}bX~|MT!-&I
zs^p8Q@s56$^r^G606-7xYB5%tT9EK@a{T*ZWo|}jlqmT;$g79Ps4izKen%%KZLKIL
zf#^$jJ0&wp2_(Q|-!m*k>tAwHui@^(PC58#pg&qswvlnG!Li*Fl2Qe}&tmRR=tVCS
z2ekssWW!+wefY;9FMRH;OJAZ!-Z;weSg6;Of6NKOOiMz&)8vCScoAv5<D!`S0})HZ
ztocNnAL&Z=Qza{5#Y)H@@E7TZi(O)M!^|;>$42#FLj2u7U~eUEhcns#iO&vmQ>xK<
zHUJT9WdP9Lvw#gV!6b^r)(1~p?`Mv=+U`e^u_4WluUurgJDD=YJmN)DJp>@{ru!%b
zW68!oxh`{DB5H)Lk)ST(Wb&tBQOwgg1a%vl{Fk(rZ^BHF;Ca1aI2x?~KVX!i!HV=~
z@a3~u?(C!>%>Uto2>?8E=EoT@EB~ho=(j4;wT&bvZ`iBfs?ek9-@hnW3mJ+=HVZC`
z>UY)UJ={AQ96c19+GLz00Qjh8H;3S40!Lp6Wp*-<4st_|I5uB5U~gLROF;3J{~fB<
z)G)&NHjRbX;I2yG^E|$cp#{FKT3zEJ$@OVLLL3x{^?JbJ@aSlOM4S&2&Y{RIHMQ5X
zjDKNwH<af~p^fJ|htP}(<^VrJs4OcVWy4s9oWnge*s59`K;fZ$jp{emmnc+ktS*U;
zw&dYytFGR}ue{Z-W4<NVbl~f7tLLzZsMMCOUEzAP8+h{W)$1YHPtFq2PCdkHNC&&$
z)k3&qoJgG4*Ic%5ar#I~MCmAxEJR-z^&D->Um>=*?TbN(?lfu1-4+!|Wwa(9+)xEu
zajP`HP(IQouchNTcME4f)L)UZiYdNc=PD0FVyFgO2%=;n8H0U)sA8#uwOI=tU54Jk
z+k0g=!7dg)o>8c{`*?xbUMz70%;6rMfMapq-&m2k7YvwDR&8Ha`P?q36&}f#aQN4F
zARR`9q6p$!OlA5&D9ylWCXYKHaM{%oEZGeu8^H*Hed<X>nNX{9!rn2X+9qpqf!NmC
zx-q|M>D55C3{LNy^69Jmo&NEwNTTg_m4q%?2Hs^YPZhT|bGL3zbLavO$ee>Gxr*Rp
zU6x7*X<NHTuWrJpt$X+Eaye`uj;1&yrz7)6W-U@1;;JyGl^CWh#lt<busnqB;G(aM
z;-SNuQ#X#T+w4Ie)~B`SaCl-){dfg3?R?QQ@q3!Y0Z5E9N?GTjSnWNJZ3zkGS(`HK
z?Kr8haAcAKbv8CmD6KK*bExcyIV$({KvTbt&@8Zbic=)h)MwNB<Z{Gl&dLbv4=m#?
zB5kz!65n$PHonUA7w-rx1G*UD<RSmCx&AS#T%R4GeMHx&;f>e)CdqJFfWqJ3D5Es#
zM0|`OaIdby3s+4vT%<J*)TS!ok&VSO3V~5z#!6EGmvgT*U!qW{t-`5$QNzc69!G=M
z0vB<sAw43t=!30*W-0M;B-bzo2ka2wKl!yt^loahfhGHq7WNmfSj=icAD-6_tFK%%
zG7Qc4WrGst+khI;iGK^Busq>|Sq@b8n)aHXiiudw1{Y%O9DZ^)>B5|7wV%#CW$BBL
zfP_AJO#yFF+zMP1VvU&`=v)ZXO?=ZP$Z`5(GME=LO9)DIi5T_n&TL+h+U)XQ20g_+
zJY_Pmb7?wdi7Kt!m^1MtXD@%3uE^+=nGG|zKr-g11cdj2s>3NXTUUmJJZS^las!ij
zEYzbmoxKK{e|HvzihU9ssMFUpPiT3bbx%{nY3M=SPHBR2tzD(AehdEQ{$ISGPlAtp
zY5LWiWrxVM0{SNfXlbm~hss+EweiUN4JIVbmrUm?pUx3IH+7Q|`ZD`|nR)n+&6wnm
zg*26s6uA7fab$Ptz#`DtQD5-R9nLRC_+0A+cD1b{Y63emkiqSmS9~g+7A307aXM10
z<%$u#@I$e5L2gI9hjPsn(+HU18p$q#JH5=vEnVmGv8%cNNpMRoPbL`lvqDwc4#F^G
z<9Ae*G+xd9Qe7%l{F@^GjJsckttA1q73}(}!ZtkwyAw2W$bxZNE_glxt0n)@O*>#6
zsBiU`$;G5-^C(Ed#s8}#BaZ?vJvU!zk?rBuCz2C$1)VjyhTOMR@ENWE7lkuIz!zCT
qKz=YCJ@+QG$EQu(N&pRTtMA>#eKmjz#n3~YrzrDW%~|ummHZb7Y^aO?

literal 0
HcmV?d00001