Merge pull request #4489 from eclipse/jetty-10.0.x-2643-pkcs12_keystores

Fixes #2643 - Switch SslContextFactory.keystoreType from JKS to PKCS12.

examples/embedded/src/main/java/org/eclipse/jetty/embedded/Http2Server.java

@@ -100,13 +100,12 @@ public class Http2Server
         server.addConnector(http);
 
         // SSL Context Factory for HTTPS and HTTP/2
-        Path keystorePath = Paths.get("src/main/resources/etc/keystore").toAbsolutePath();
+        Path keystorePath = Paths.get("src/main/resources/etc/keystore.p12").toAbsolutePath();
         if (!Files.exists(keystorePath))
             throw new FileNotFoundException(keystorePath.toString());
         SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
         sslContextFactory.setKeyStorePath(keystorePath.toString());
-        sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
+        sslContextFactory.setKeyStorePassword("storepwd");
-        sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
         sslContextFactory.setCipherComparator(HTTP2Cipher.COMPARATOR);
         // sslContextFactory.setProvider("Conscrypt");
 

examples/embedded/src/main/java/org/eclipse/jetty/embedded/LikeJettyXml.java

@@ -124,15 +124,14 @@ public class LikeJettyXml
 
         // === jetty-https.xml ===
         // SSL Context Factory
-        Path keystorePath = Paths.get("src/main/resources/etc/keystore").toAbsolutePath();
+        Path keystorePath = Paths.get("src/main/resources/etc/keystore.p12").toAbsolutePath();
         if (!Files.exists(keystorePath))
             throw new FileNotFoundException(keystorePath.toString());
         SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
         sslContextFactory.setKeyStorePath(keystorePath.toString());
-        sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
+        sslContextFactory.setKeyStorePassword("storepwd");
-        sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
         sslContextFactory.setTrustStorePath(keystorePath.toString());
-        sslContextFactory.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
+        sslContextFactory.setTrustStorePassword("storepwd");
 
         // SSL HTTP Configuration
         HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig);

examples/embedded/src/main/java/org/eclipse/jetty/embedded/ManyConnectors.java

@@ -42,7 +42,7 @@ public class ManyConnectors
     {
         // Since this example shows off SSL configuration, we need a keystore
         // with the appropriate key.
-        Path keystorePath = Paths.get("src/main/resources/etc/keystore").toAbsolutePath();
+        Path keystorePath = Paths.get("src/main/resources/etc/keystore.p12").toAbsolutePath();
         if (!Files.exists(keystorePath))
             throw new FileNotFoundException(keystorePath.toString());
 
@@ -81,8 +81,7 @@ public class ManyConnectors
 
         SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
         sslContextFactory.setKeyStorePath(keystorePath.toString());
-        sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
+        sslContextFactory.setKeyStorePassword("storepwd");
-        sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
 
         // OPTIONAL: Un-comment the following to use Conscrypt for SSL instead of
         // the native JSSE implementation.

examples/embedded/src/main/resources/etc/keystore.pkf

@@ -1,20 +0,0 @@
-Bag Attributes
-    friendlyName: jetty
-    localKeyID: 54 69 6D 65 20 31 34 32 33 31 39 38 30 39 33 31 31 35 
-Key Attributes: <No Attributes>
------BEGIN PRIVATE KEY-----
-MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAIPh4Q0t4xklXTzX
-N2VAb47r5n7idAupp4CTNEhhT6lS70iA+A8i4+0lSEHWAogvd9jl3H7SvScr30QM
-4ieC0JCGSOwGc8f+yqKrO56PPd5OuqW380BJ0r74jJczU9CcsuavHD7e6mRLUnmj
-xM20NSxrcicMiPUHY1mJZtN9swtxAgMBAAECgYADS9P6Jll0uXBZIu/pgfDH27GJ
-HlPULstW9VbrMDNzgfUlFMQebLrRpIrnyleJ29Xc//HA4beEkR4lb0T/w88+pEkt
-7fhYeqRLPIfpDOgzloynnsoPcd8f/PypbimQrNLmBiG1178nVcy4Yoh5lYVIJwtU
-3VriqDlvAfTLrrx8AQJBAMLWuh27Hb8xs3LRg4UD7hcv8tJejstm08Y+czRz7cO0
-RENa3aDjGFSegc+IUfdez7BP8uDw+PwE+jybmTvaliECQQCtR/anCY1WS28/bKvy
-lmIwoI15eraBdVFkN0Hfxh+9PfR3rMD5uyvukT5GgTtY/XxADyafSTaipDJiZHJI
-EitRAkBjeCBYYVjUbVlBuvi8Bb+dktsSzzdzXDGtueAy3SR7jyJyiIcxRf775Fg9
-TUkbUwoQ5yAF+sACWcAvBPj796JBAkAEZEeHEkHnxv+pztpIyrDwZJFRW9/WRh/q
-90+PGVlilXhltBYr/idt43Z9mPblGX+VrAyhitx8oMa6IauX0gYRAkEAgnyVeXrD
-jDLUZRA3P8Gu27k1k6GjbTYiUz3HKCz2/6+MZ2MK2qqwafgqocji029Q6dHdPD7a
-4QnRlvraUnyQLA==
------END PRIVATE KEY-----

jetty-alpn/jetty-alpn-conscrypt-server/src/test/java/org/eclipse/jetty/alpn/conscrypt/server/ConscryptHTTP2ServerTest.java

@@ -79,11 +79,9 @@ public class ConscryptHTTP2ServerTest
     private void configureSslContextFactory(SslContextFactory sslContextFactory)
     {
         Path path = Paths.get("src", "test", "resources");
-        File keys = path.resolve("keystore").toFile();
+        File keys = path.resolve("keystore.p12").toFile();
         sslContextFactory.setKeyStorePath(keys.getAbsolutePath());
-        sslContextFactory.setKeyManagerPassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
+        sslContextFactory.setKeyStorePassword("storepwd");
-        sslContextFactory.setTrustStorePath(keys.getAbsolutePath());
-        sslContextFactory.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
         sslContextFactory.setProvider("Conscrypt");
         if (JavaVersion.VERSION.getPlatform() < 9)
         {

jetty-alpn/jetty-alpn-java-server/src/test/java/org/eclipse/jetty/alpn/java/server/JDK9ALPNTest.java

@@ -83,9 +83,8 @@ public class JDK9ALPNTest
     private SslContextFactory.Server newServerSslContextFactory()
     {
         SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
-        sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
+        sslContextFactory.setKeyStorePath("src/test/resources/keystore.p12");
-        sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
+        sslContextFactory.setKeyStorePassword("storepwd");
-        sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
         // The mandatory HTTP/2 cipher.
         sslContextFactory.setIncludeCipherSuites("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
         return sslContextFactory;

jetty-alpn/jetty-alpn-java-server/src/test/java/org/eclipse/jetty/alpn/java/server/JDK9HTTP2Server.java

@@ -46,9 +46,8 @@ public class JDK9HTTP2Server
         httpsConfig.addCustomizer(new SecureRequestCustomizer());
 
         SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
-        sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
+        sslContextFactory.setKeyStorePath("src/test/resources/keystore.p12");
-        sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
+        sslContextFactory.setKeyStorePassword("storepwd");
-        sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
         sslContextFactory.setCipherComparator(HTTP2Cipher.COMPARATOR);
 
         HttpConnectionFactory http = new HttpConnectionFactory(httpsConfig);

jetty-distribution/pom.xml

@@ -291,7 +291,7 @@
             </goals>
             <configuration>
               <tasks>
-                <delete file="${assembly-directory}/etc/keystore" />
+                <delete file="${assembly-directory}/etc/keystore.p12" />
               </tasks>
             </configuration>
           </execution>

jetty-documentation/src/main/asciidoc/distribution-guide/connectors/configuring-ssl.adoc

@@ -386,9 +386,9 @@ ____
 [source%nowrap,plain,linenums]
 ----
 $ cd $JETTY_BASE
-$ keytool -list -keystore etc/keystore -storetype jks -storepass '' -v
+$ keytool -v -list -keystore etc/keystore
 
-Keystore type: JKS
+Keystore type: PKCS12
 Keystore provider: SUN
 
 Your keystore contains 3 entries

jetty-fcgi/fcgi-server/src/test/java/org/eclipse/jetty/fcgi/server/proxy/DrupalHTTP2FastCGIProxyServer.java

@@ -37,10 +37,8 @@ public class DrupalHTTP2FastCGIProxyServer
     public static void main(String[] args) throws Exception
     {
         SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
-        sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
+        sslContextFactory.setKeyStorePath("src/test/resources/keystore.p12");
         sslContextFactory.setKeyStorePassword("storepwd");
-        sslContextFactory.setTrustStorePath("src/test/resources/truststore.jks");
-        sslContextFactory.setTrustStorePassword("storepwd");
         sslContextFactory.setCipherComparator(new HTTP2Cipher.CipherComparator());
 
         Server server = new Server();

jetty-fcgi/fcgi-server/src/test/java/org/eclipse/jetty/fcgi/server/proxy/TryFilesFilterTest.java

@@ -55,7 +55,7 @@ public class TryFilesFilterTest
         server.addConnector(connector);
 
         SslContextFactory.Server serverSslContextFactory = new SslContextFactory.Server();
-        serverSslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
+        serverSslContextFactory.setKeyStorePath("src/test/resources/keystore.p12");
         serverSslContextFactory.setKeyStorePassword("storepwd");
         sslConnector = new ServerConnector(server, serverSslContextFactory);
         server.addConnector(sslConnector);
@@ -71,10 +71,8 @@ public class TryFilesFilterTest
         ClientConnector clientConnector = new ClientConnector();
         SslContextFactory.Client clientSslContextFactory = new SslContextFactory.Client();
         clientSslContextFactory.setEndpointIdentificationAlgorithm(null);
-        clientSslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
+        clientSslContextFactory.setKeyStorePath("src/test/resources/keystore.p12");
         clientSslContextFactory.setKeyStorePassword("storepwd");
-        clientSslContextFactory.setTrustStorePath("src/test/resources/truststore.jks");
-        clientSslContextFactory.setTrustStorePassword("storepwd");
         clientConnector.setSslContextFactory(clientSslContextFactory);
         client = new HttpClient(new HttpClientTransportOverHTTP(clientConnector));
         server.addBean(client);

jetty-fcgi/fcgi-server/src/test/java/org/eclipse/jetty/fcgi/server/proxy/WordPressHTTP2FastCGIProxyServer.java

@@ -43,10 +43,8 @@ public class WordPressHTTP2FastCGIProxyServer
         int tlsPort = 8443;
 
         SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
-        sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
+        sslContextFactory.setKeyStorePath("src/test/resources/keystore.p12");
         sslContextFactory.setKeyStorePassword("storepwd");
-        sslContextFactory.setTrustStorePath("src/test/resources/truststore.jks");
-        sslContextFactory.setTrustStorePassword("storepwd");
         sslContextFactory.setCipherComparator(new HTTP2Cipher.CipherComparator());
 
         Server server = new Server();

jetty-http2/http2-http-client-transport/src/test/java/org/eclipse/jetty/http2/client/http/DirectHTTP2OverTLSTest.java

@@ -112,7 +112,7 @@ public class DirectHTTP2OverTLSTest
 
     private void configureSslContextFactory(SslContextFactory sslContextFactory)
     {
-        sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
+        sslContextFactory.setKeyStorePath("src/test/resources/keystore.p12");
         sslContextFactory.setKeyStorePassword("storepwd");
         sslContextFactory.setUseCipherSuitesOrder(true);
         sslContextFactory.setCipherComparator(HTTP2Cipher.COMPARATOR);

jetty-io/src/test/java/org/eclipse/jetty/io/SocketChannelEndPointTest.java

@@ -630,10 +630,9 @@ public class SocketChannelEndPointTest
         public SslScenario(NormalScenario normalScenario) throws Exception
         {
             _normalScenario = normalScenario;
-            File keystore = MavenTestingUtils.getTestResourceFile("keystore");
+            File keystore = MavenTestingUtils.getTestResourceFile("keystore.p12");
             _sslCtxFactory.setKeyStorePath(keystore.getAbsolutePath());
             _sslCtxFactory.setKeyStorePassword("storepwd");
-            _sslCtxFactory.setKeyManagerPassword("keypwd");
             _sslCtxFactory.start();
         }
 

jetty-io/src/test/java/org/eclipse/jetty/io/SslConnectionTest.java

@@ -141,10 +141,9 @@ public class SslConnectionTest
     @BeforeEach
     public void initSSL() throws Exception
     {
-        File keystore = MavenTestingUtils.getTestResourceFile("keystore");
+        File keystore = MavenTestingUtils.getTestResourceFile("keystore.p12");
         _sslCtxFactory.setKeyStorePath(keystore.getAbsolutePath());
         _sslCtxFactory.setKeyStorePassword("storepwd");
-        _sslCtxFactory.setKeyManagerPassword("keypwd");
         _sslCtxFactory.setRenegotiationAllowed(true);
         _sslCtxFactory.setRenegotiationLimit(-1);
         startManager();

jetty-io/src/test/java/org/eclipse/jetty/io/SslEngineBehaviorTest.java

@@ -44,10 +44,9 @@ public class SslEngineBehaviorTest
     public static void startSsl() throws Exception
     {
         sslCtxFactory = new SslContextFactory.Server();
-        File keystore = MavenTestingUtils.getTestResourceFile("keystore");
+        File keystore = MavenTestingUtils.getTestResourceFile("keystore.p12");
         sslCtxFactory.setKeyStorePath(keystore.getAbsolutePath());
         sslCtxFactory.setKeyStorePassword("storepwd");
-        sslCtxFactory.setKeyManagerPassword("keypwd");
         sslCtxFactory.start();
     }
 

jetty-jmx/src/test/java/org/eclipse/jetty/jmx/ConnectorServerTest.java

@@ -232,7 +232,7 @@ public class ConnectorServerTest
     public void testJMXOverTLS() throws Exception
     {
         SslContextFactory sslContextFactory = new SslContextFactory.Server();
-        String keyStorePath = MavenTestingUtils.getTestResourcePath("keystore.jks").toString();
+        String keyStorePath = MavenTestingUtils.getTestResourcePath("keystore.p12").toString();
         String keyStorePassword = "storepwd";
         sslContextFactory.setKeyStorePath(keyStorePath);
         sslContextFactory.setKeyStorePassword(keyStorePassword);

jetty-osgi/test-jetty-osgi/src/test/config/etc/jetty-ssl.xml

@@ -31,9 +31,9 @@
   <!-- ============================================================= -->
   <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
     <Set name="Provider"><SystemProperty name="jetty.sslContext.provider"/></Set>
-    <Set name="KeyStorePath"><Property name="jetty.base" default="."/>/<Property name="jetty.sslContext.keyStorePath" default="etc/keystore"/></Set>
+    <Set name="KeyStorePath"><Property name="jetty.base" default="."/>/<Property name="jetty.sslContext.keyStorePath" default="etc/keystore.p12"/></Set>
     <Set name="KeyStorePassword"><Property name="jetty.sslContext.keyStorePassword" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set>
-    <Set name="TrustStorePath"><Property name="jetty.base" default="."/>/<Property name="jetty.sslContext.trustStorePath" default="etc/keystore"/></Set>
+    <Set name="TrustStorePath"><Property name="jetty.base" default="."/>/<Property name="jetty.sslContext.trustStorePath" default="etc/keystore.p12"/></Set>
     <Set name="TrustStorePassword"><Property name="jetty.sslContext.trustStorePassword" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set>
     <Set name="NeedClientAuth" property="jetty.sslContext.needClientAuth"/>
     <Set name="WantClientAuth" property="jetty.sslContext.wantClientAuth"/>

jetty-osgi/test-jetty-osgi/src/test/java/org/eclipse/jetty/osgi/test/TestJettyOSGiBootHTTP2Conscrypt.java

@@ -135,14 +135,12 @@ public class TestJettyOSGiBootHTTP2Conscrypt
             assertNotNull(port);
 
             Path path = Paths.get("src", "test", "config");
-            File keys = path.resolve("etc").resolve("keystore").toFile();
+            File keys = path.resolve("etc").resolve("keystore.p12").toFile();
 
             ClientConnector clientConnector = new ClientConnector();
             SslContextFactory.Client sslContextFactory = new SslContextFactory.Client();
-            sslContextFactory.setKeyManagerPassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
-            sslContextFactory.setTrustStorePath(keys.getAbsolutePath());
             sslContextFactory.setKeyStorePath(keys.getAbsolutePath());
-            sslContextFactory.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
+            sslContextFactory.setKeyStorePassword("storepwd");
             sslContextFactory.setProvider("Conscrypt");
             sslContextFactory.setEndpointIdentificationAlgorithm(null);
             if (JavaVersion.VERSION.getPlatform() < 9)

jetty-osgi/test-jetty-osgi/src/test/java/org/eclipse/jetty/osgi/test/TestJettyOSGiBootHTTP2JDK9.java

@@ -129,14 +129,12 @@ public class TestJettyOSGiBootHTTP2JDK9
             assertNotNull(port);
 
             Path path = Paths.get("src", "test", "config");
-            File keys = path.resolve("etc").resolve("keystore").toFile();
+            File keys = path.resolve("etc").resolve("keystore.p12").toFile();
 
             ClientConnector clientConnector = new ClientConnector();
             SslContextFactory.Client sslContextFactory = new SslContextFactory.Client();
-            sslContextFactory.setKeyManagerPassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
-            sslContextFactory.setTrustStorePath(keys.getAbsolutePath());
             sslContextFactory.setKeyStorePath(keys.getAbsolutePath());
-            sslContextFactory.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
+            sslContextFactory.setKeyStorePassword("storepwd");
             sslContextFactory.setEndpointIdentificationAlgorithm(null);
             clientConnector.setSslContextFactory(sslContextFactory);
             http2Client = new HTTP2Client(clientConnector);

jetty-security/src/main/java/org/eclipse/jetty/security/authentication/ClientCertAuthenticator.java

@@ -58,7 +58,7 @@ public class ClientCertAuthenticator extends LoginAuthenticator
     /**
      * Truststore type
      */
-    private String _trustStoreType = "JKS";
+    private String _trustStoreType = "PKCS12";
     /**
      * Truststore password
      */
@@ -251,7 +251,7 @@ public class ClientCertAuthenticator extends LoginAuthenticator
     }
 
     /**
-     * @return The type of the trust store (default "JKS")
+     * @return The type of the trust store (default "PKCS12")
      */
     public String getTrustStoreType()
     {
@@ -259,7 +259,7 @@ public class ClientCertAuthenticator extends LoginAuthenticator
     }
 
     /**
-     * @param trustStoreType The type of the trust store (default "JKS")
+     * @param trustStoreType The type of the trust store
      */
     public void setTrustStoreType(String trustStoreType)
     {

jetty-server/src/main/config/etc/jetty-ssl-context.xml

@@ -12,12 +12,12 @@
 
 <Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
   <Set name="Provider" property="jetty.sslContext.provider"/>
-  <Set name="KeyStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.sslContext.keyStorePath" default="etc/keystore"/></Set>
+  <Set name="KeyStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.sslContext.keyStorePath" default="etc/keystore.p12"/></Set>
   <Set name="KeyStorePassword"><Property name="jetty.sslContext.keyStorePassword"/></Set>
   <Set name="KeyStoreType" property="jetty.sslContext.keyStoreType"/>
   <Set name="KeyStoreProvider" property="jetty.sslContext.keyStoreProvider"/>
   <Set name="KeyManagerPassword"><Property name="jetty.sslContext.keyManagerPassword"/></Set>
-  <Set name="TrustStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.sslContext.trustStorePath" default="etc/keystore"/></Set>
+  <Set name="TrustStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.sslContext.trustStorePath" default="etc/keystore.p12"/></Set>
   <Set name="TrustStorePassword" property="jetty.sslContext.trustStorePassword"/>
   <Set name="TrustStoreType" property="jetty.sslContext.trustStoreType"/>
   <Set name="TrustStoreProvider" property="jetty.sslContext.trustStoreProvider"/>

jetty-server/src/main/config/modules/ssl.mod

@@ -79,7 +79,7 @@ etc/jetty-ssl-context.xml
 # jetty.sslContext.keyStorePassword=
 
 ## Keystore type and provider
-# jetty.sslContext.keyStoreType=JKS
+# jetty.sslContext.keyStoreType=PKCS12
 # jetty.sslContext.keyStoreProvider=
 
 ## KeyManager password
@@ -89,7 +89,7 @@ etc/jetty-ssl-context.xml
 # jetty.sslContext.trustStorePassword=
 
 ## Truststore type and provider
-# jetty.sslContext.trustStoreType=JKS
+# jetty.sslContext.trustStoreType=PKCS12
 # jetty.sslContext.trustStoreProvider=
 
 ## whether client certificate authentication is required

jetty-server/src/main/config/modules/test-keystore.mod

@@ -9,13 +9,10 @@ ssl
 ssl
 
 [files]
-basehome:modules/test-keystore/keystore|etc/test-keystore
+basehome:modules/test-keystore/test-keystore.p12|etc/test-keystore.p12
 
 [ini]
-jetty.sslContext.keyStorePath?=etc/test-keystore
+jetty.sslContext.keyStorePath?=etc/test-keystore.p12
-jetty.sslContext.trustStorePath?=etc/test-keystore
+jetty.sslContext.trustStorePath?=etc/test-keystore.p12
+jetty.sslContext.keyStoreType?=PKCS12
 jetty.sslContext.keyStorePassword?=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
-jetty.sslContext.keyStoreType?=JKS
-jetty.sslContext.keyManagerPassword?=OBF:1u2u1wml1z7s1z7a1wnl1u2g
-jetty.sslContext.trustStorePassword?=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
-jetty.sslContext.trustStoreType?=JKS

jetty-server/src/test/config/etc/keystore.pkf

@@ -1,20 +0,0 @@
-Bag Attributes
-    friendlyName: jetty
-    localKeyID: 54 69 6D 65 20 31 34 32 33 31 39 38 30 39 33 31 31 35 
-Key Attributes: <No Attributes>
------BEGIN PRIVATE KEY-----
-MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAIPh4Q0t4xklXTzX
-N2VAb47r5n7idAupp4CTNEhhT6lS70iA+A8i4+0lSEHWAogvd9jl3H7SvScr30QM
-4ieC0JCGSOwGc8f+yqKrO56PPd5OuqW380BJ0r74jJczU9CcsuavHD7e6mRLUnmj
-xM20NSxrcicMiPUHY1mJZtN9swtxAgMBAAECgYADS9P6Jll0uXBZIu/pgfDH27GJ
-HlPULstW9VbrMDNzgfUlFMQebLrRpIrnyleJ29Xc//HA4beEkR4lb0T/w88+pEkt
-7fhYeqRLPIfpDOgzloynnsoPcd8f/PypbimQrNLmBiG1178nVcy4Yoh5lYVIJwtU
-3VriqDlvAfTLrrx8AQJBAMLWuh27Hb8xs3LRg4UD7hcv8tJejstm08Y+czRz7cO0
-RENa3aDjGFSegc+IUfdez7BP8uDw+PwE+jybmTvaliECQQCtR/anCY1WS28/bKvy
-lmIwoI15eraBdVFkN0Hfxh+9PfR3rMD5uyvukT5GgTtY/XxADyafSTaipDJiZHJI
-EitRAkBjeCBYYVjUbVlBuvi8Bb+dktsSzzdzXDGtueAy3SR7jyJyiIcxRf775Fg9
-TUkbUwoQ5yAF+sACWcAvBPj796JBAkAEZEeHEkHnxv+pztpIyrDwZJFRW9/WRh/q
-90+PGVlilXhltBYr/idt43Z9mPblGX+VrAyhitx8oMa6IauX0gYRAkEAgnyVeXrD
-jDLUZRA3P8Gu27k1k6GjbTYiUz3HKCz2/6+MZ2MK2qqwafgqocji029Q6dHdPD7a
-4QnRlvraUnyQLA==
------END PRIVATE KEY-----

jetty-server/src/test/java/org/eclipse/jetty/server/ConnectionOpenCloseTest.java

@@ -170,10 +170,9 @@ public class ConnectionOpenCloseTest extends AbstractHttpTest
     public void testSSLOpenRequestClose() throws Exception
     {
         SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
-        File keystore = MavenTestingUtils.getTestResourceFile("keystore");
+        File keystore = MavenTestingUtils.getTestResourceFile("keystore.p12");
         sslContextFactory.setKeyStoreResource(Resource.newResource(keystore));
         sslContextFactory.setKeyStorePassword("storepwd");
-        sslContextFactory.setKeyManagerPassword("keypwd");
         server.addBean(sslContextFactory);
 
         server.removeConnector(connector);

jetty-server/src/test/java/org/eclipse/jetty/server/OptionalSslConnectionTest.java

@@ -50,11 +50,10 @@ public class OptionalSslConnectionTest
         serverThreads.setName("server");
         server = new Server(serverThreads);
 
-        String keystore = MavenTestingUtils.getTestResourceFile("keystore").getAbsolutePath();
+        String keystore = MavenTestingUtils.getTestResourceFile("keystore.p12").getAbsolutePath();
         SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
         sslContextFactory.setKeyStorePath(keystore);
         sslContextFactory.setKeyStorePassword("storepwd");
-        sslContextFactory.setKeyManagerPassword("keypwd");
 
         HttpConfiguration httpConfig = new HttpConfiguration();
         HttpConnectionFactory http = new HttpConnectionFactory(httpConfig);

jetty-server/src/test/java/org/eclipse/jetty/server/ThreadStarvationTest.java

@@ -88,13 +88,10 @@ public class ThreadStarvationTest
         // HTTPS/SSL/TLS
         ConnectorProvider https = (server, acceptors, selectors) ->
         {
-            Path keystorePath = MavenTestingUtils.getTestResourcePath("keystore");
+            Path keystorePath = MavenTestingUtils.getTestResourcePath("keystore.p12");
             SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
             sslContextFactory.setKeyStorePath(keystorePath.toString());
             sslContextFactory.setKeyStorePassword("storepwd");
-            sslContextFactory.setKeyManagerPassword("keypwd");
-            sslContextFactory.setTrustStorePath(keystorePath.toString());
-            sslContextFactory.setTrustStorePassword("storepwd");
             ByteBufferPool pool = new LeakTrackingByteBufferPool(new MappedByteBufferPool.Tagged());
 
             HttpConnectionFactory httpConnectionFactory = new HttpConnectionFactory();

jetty-server/src/test/java/org/eclipse/jetty/server/handler/DebugHandlerTest.java

@@ -74,13 +74,10 @@ public class DebugHandlerTest
         httpConnector.setPort(0);
         server.addConnector(httpConnector);
 
-        File keystorePath = MavenTestingUtils.getTestResourceFile("keystore");
+        File keystorePath = MavenTestingUtils.getTestResourceFile("keystore.p12");
         SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
         sslContextFactory.setKeyStorePath(keystorePath.getAbsolutePath());
         sslContextFactory.setKeyStorePassword("storepwd");
-        sslContextFactory.setKeyManagerPassword("keypwd");
-        sslContextFactory.setTrustStorePath(keystorePath.getAbsolutePath());
-        sslContextFactory.setTrustStorePassword("storepwd");
         ByteBufferPool pool = new LeakTrackingByteBufferPool(new MappedByteBufferPool.Tagged());
         ServerConnector sslConnector = new ServerConnector(server, null, null, pool, 1, 1,
             AbstractConnectionFactory.getFactories(sslContextFactory, new HttpConnectionFactory()));

jetty-server/src/test/java/org/eclipse/jetty/server/handler/SecuredRedirectHandlerTest.java

@@ -66,13 +66,10 @@ public class SecuredRedirectHandlerTest
     public static void startServer() throws Exception
     {
         // Setup SSL
-        File keystore = MavenTestingUtils.getTestResourceFile("keystore");
+        File keystore = MavenTestingUtils.getTestResourceFile("keystore.p12");
         SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
         sslContextFactory.setKeyStorePath(keystore.getAbsolutePath());
         sslContextFactory.setKeyStorePassword("storepwd");
-        sslContextFactory.setKeyManagerPassword("keypwd");
-        sslContextFactory.setTrustStorePath(keystore.getAbsolutePath());
-        sslContextFactory.setTrustStorePassword("storepwd");
 
         server = new Server();
 

jetty-server/src/test/java/org/eclipse/jetty/server/ssl/SSLCloseTest.java

@@ -44,11 +44,10 @@ public class SSLCloseTest
     @Test
     public void testClose() throws Exception
     {
-        File keystore = MavenTestingUtils.getTestResourceFile("keystore");
+        File keystore = MavenTestingUtils.getTestResourceFile("keystore.p12");
         SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
         sslContextFactory.setKeyStoreResource(Resource.newResource(keystore));
         sslContextFactory.setKeyStorePassword("storepwd");
-        sslContextFactory.setKeyManagerPassword("keypwd");
 
         Server server = new Server();
         ServerConnector connector = new ServerConnector(server, sslContextFactory);

jetty-server/src/test/java/org/eclipse/jetty/server/ssl/SSLEngineTest.java

@@ -110,11 +110,10 @@ public class SSLEngineTest
     @BeforeEach
     public void startServer() throws Exception
     {
-        String keystore = MavenTestingUtils.getTestResourceFile("keystore").getAbsolutePath();
+        String keystore = MavenTestingUtils.getTestResourceFile("keystore.p12").getAbsolutePath();
         SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
         sslContextFactory.setKeyStorePath(keystore);
         sslContextFactory.setKeyStorePassword("storepwd");
-        sslContextFactory.setKeyManagerPassword("keypwd");
 
         server = new Server();
         HttpConnectionFactory http = new HttpConnectionFactory();

jetty-server/src/test/java/org/eclipse/jetty/server/ssl/SSLReadEOFAfterResponseTest.java

@@ -52,11 +52,10 @@ public class SSLReadEOFAfterResponseTest
     @Test
     public void testReadEOFAfterResponse() throws Exception
     {
-        File keystore = MavenTestingUtils.getTestResourceFile("keystore");
+        File keystore = MavenTestingUtils.getTestResourceFile("keystore.p12");
         SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
         sslContextFactory.setKeyStoreResource(Resource.newResource(keystore));
         sslContextFactory.setKeyStorePassword("storepwd");
-        sslContextFactory.setKeyManagerPassword("keypwd");
 
         Server server = new Server();
         ServerConnector connector = new ServerConnector(server, sslContextFactory);

jetty-server/src/test/java/org/eclipse/jetty/server/ssl/SSLSelectChannelConnectorLoadTest.java

@@ -61,13 +61,10 @@ public class SSLSelectChannelConnectorLoadTest
     @BeforeAll
     public static void startServer() throws Exception
     {
-        String keystorePath = System.getProperty("basedir", ".") + "/src/test/resources/keystore";
+        String keystorePath = System.getProperty("basedir", ".") + "/src/test/resources/keystore.p12";
         SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
         sslContextFactory.setKeyStorePath(keystorePath);
         sslContextFactory.setKeyStorePassword("storepwd");
-        sslContextFactory.setKeyManagerPassword("keypwd");
-        sslContextFactory.setTrustStorePath(keystorePath);
-        sslContextFactory.setTrustStorePassword("storepwd");
 
         server = new Server();
         connector = new ServerConnector(server, sslContextFactory);

jetty-server/src/test/java/org/eclipse/jetty/server/ssl/SelectChannelServerSslTest.java

@@ -81,13 +81,10 @@ public class SelectChannelServerSslTest extends HttpServerTestBase
     @BeforeEach
     public void init() throws Exception
     {
-        String keystorePath = MavenTestingUtils.getTestResourcePath("keystore").toString();
+        String keystorePath = MavenTestingUtils.getTestResourcePath("keystore.p12").toString();
         SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
         sslContextFactory.setKeyStorePath(keystorePath);
         sslContextFactory.setKeyStorePassword("storepwd");
-        sslContextFactory.setKeyManagerPassword("keypwd");
-        sslContextFactory.setTrustStorePath(keystorePath);
-        sslContextFactory.setTrustStorePassword("storepwd");
         ByteBufferPool pool = new LeakTrackingByteBufferPool(new MappedByteBufferPool.Tagged());
 
         HttpConnectionFactory httpConnectionFactory = new HttpConnectionFactory();

jetty-server/src/test/java/org/eclipse/jetty/server/ssl/SlowClientsTest.java

@@ -59,11 +59,10 @@ public class SlowClientsTest
     @Test
     public void testSlowClientsWithSmallThreadPool() throws Exception
     {
-        File keystore = MavenTestingUtils.getTestResourceFile("keystore");
+        File keystore = MavenTestingUtils.getTestResourceFile("keystore.p12");
         SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
         sslContextFactory.setKeyStorePath(keystore.getAbsolutePath());
         sslContextFactory.setKeyStorePassword("storepwd");
-        sslContextFactory.setKeyManagerPassword("keypwd");
 
         int maxThreads = 6;
         int contentLength = 8 * 1024 * 1024;

jetty-server/src/test/java/org/eclipse/jetty/server/ssl/SniSslConnectionFactoryTest.java

@@ -131,8 +131,7 @@ public class SniSslConnectionFactoryTest
         if (!keystoreFile.exists())
             throw new FileNotFoundException(keystoreFile.getAbsolutePath());
 
-        sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
+        sslContextFactory.setKeyStorePassword("storepwd");
-        sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
 
         ServerConnector https = _connector = new ServerConnector(_server,
             new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),

jetty-server/src/test/java/org/eclipse/jetty/server/ssl/SslConnectionFactoryTest.java

@@ -70,7 +70,7 @@ public class SslConnectionFactoryTest
     @BeforeEach
     public void before() throws Exception
     {
-        String keystorePath = "src/test/resources/keystore";
+        String keystorePath = "src/test/resources/keystore.p12";
         File keystoreFile = new File(keystorePath);
         if (!keystoreFile.exists())
             throw new FileNotFoundException(keystoreFile.getAbsolutePath());
@@ -86,8 +86,7 @@ public class SslConnectionFactoryTest
 
         SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
         sslContextFactory.setKeyStorePath(keystoreFile.getAbsolutePath());
-        sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
+        sslContextFactory.setKeyStorePassword("storepwd");
-        sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
 
         ServerConnector https = _connector = new ServerConnector(_server,
             new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
@@ -129,7 +128,7 @@ public class SslConnectionFactoryTest
     @Test
     public void testSNIConnect() throws Exception
     {
-        String response = getResponse("localhost", "localhost", "jetty.eclipse.org");
+        String response = getResponse("localhost", "localhost", "localhost");
         assertThat(response, Matchers.containsString("host=localhost"));
     }
 

jetty-server/src/test/java/org/eclipse/jetty/server/ssl/SslContextFactoryReloadTest.java

@@ -59,8 +59,8 @@ import static org.junit.jupiter.api.Assertions.assertNotNull;
 
 public class SslContextFactoryReloadTest
 {
-    public static final String KEYSTORE_1 = "src/test/resources/reload_keystore_1.jks";
+    public static final String KEYSTORE_1 = "src/test/resources/reload_keystore_1.p12";
-    public static final String KEYSTORE_2 = "src/test/resources/reload_keystore_2.jks";
+    public static final String KEYSTORE_2 = "src/test/resources/reload_keystore_2.p12";
 
     private Server server;
     private SslContextFactory.Server sslContextFactory;
@@ -73,8 +73,6 @@ public class SslContextFactoryReloadTest
         sslContextFactory = new SslContextFactory.Server();
         sslContextFactory.setKeyStorePath(KEYSTORE_1);
         sslContextFactory.setKeyStorePassword("storepwd");
-        sslContextFactory.setKeyStoreType("JKS");
-        sslContextFactory.setKeyStoreProvider(null);
 
         HttpConfiguration httpsConfig = new HttpConfiguration();
         httpsConfig.addCustomizer(new SecureRequestCustomizer());

jetty-server/src/test/java/org/eclipse/jetty/server/ssl/SslSelectChannelTimeoutTest.java

@@ -43,13 +43,10 @@ public class SslSelectChannelTimeoutTest extends ConnectorTimeoutTest
     @BeforeEach
     public void init() throws Exception
     {
-        String keystorePath = System.getProperty("basedir", ".") + "/src/test/resources/keystore";
+        String keystorePath = System.getProperty("basedir", ".") + "/src/test/resources/keystore.p12";
         SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
         sslContextFactory.setKeyStorePath(keystorePath);
         sslContextFactory.setKeyStorePassword("storepwd");
-        sslContextFactory.setKeyManagerPassword("keypwd");
-        sslContextFactory.setTrustStorePath(keystorePath);
-        sslContextFactory.setTrustStorePassword("storepwd");
         ServerConnector connector = new ServerConnector(_server, 1, 1, sslContextFactory);
         connector.setIdleTimeout(MAX_IDLE_TIME); //250 msec max idle
         startServer(connector);

jetty-server/src/test/java/org/eclipse/jetty/server/ssl/SslUploadTest.java

@@ -60,14 +60,11 @@ public class SslUploadTest
     @BeforeAll
     public static void startServer() throws Exception
     {
-        File keystore = MavenTestingUtils.getTestResourceFile("keystore");
+        File keystore = MavenTestingUtils.getTestResourceFile("keystore.p12");
 
         SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
         sslContextFactory.setKeyStorePath(keystore.getAbsolutePath());
         sslContextFactory.setKeyStorePassword("storepwd");
-        sslContextFactory.setKeyManagerPassword("keypwd");
-        sslContextFactory.setTrustStorePath(keystore.getAbsolutePath());
-        sslContextFactory.setTrustStorePassword("storepwd");
 
         server = new Server();
         connector = new ServerConnector(server, sslContextFactory);

jetty-servlet/src/test/java/org/eclipse/jetty/servlet/SSLAsyncIOServletTest.java

@@ -218,14 +218,11 @@ public class SSLAsyncIOServletTest
 
         public void start(HttpServlet servlet) throws Exception
         {
-            Path keystorePath = MavenTestingUtils.getTestResourcePath("keystore.jks");
+            Path keystorePath = MavenTestingUtils.getTestResourcePath("keystore.p12");
-            Path truststorePath = MavenTestingUtils.getTestResourcePath("truststore.jks");
 
             sslContextFactory = new SslContextFactory.Server();
             sslContextFactory.setKeyStorePath(keystorePath.toString());
             sslContextFactory.setKeyStorePassword("storepwd");
-            sslContextFactory.setTrustStorePath(truststorePath.toString());
-            sslContextFactory.setTrustStorePassword("storepwd");
 
             server = new Server();
 

jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java

@@ -150,7 +150,7 @@ public abstract class SslContextFactory extends AbstractLifeCycle implements Dum
     private String[] _selectedCipherSuites;
     private Resource _keyStoreResource;
     private String _keyStoreProvider;
-    private String _keyStoreType = "JKS";
+    private String _keyStoreType = "PKCS12";
     private String _certAlias;
     private Resource _trustStoreResource;
     private String _trustStoreProvider;
@@ -640,7 +640,7 @@ public abstract class SslContextFactory extends AbstractLifeCycle implements Dum
     }
 
     /**
-     * @return The type of the key store (default "JKS")
+     * @return The type of the key store (default "PKCS12")
      */
     @ManagedAttribute("The keyStore type")
     public String getKeyStoreType()
@@ -649,7 +649,7 @@ public abstract class SslContextFactory extends AbstractLifeCycle implements Dum
     }
 
     /**
-     * @param keyStoreType The type of the key store (default "JKS")
+     * @param keyStoreType The type of the key store
      */
     public void setKeyStoreType(String keyStoreType)
     {
@@ -1049,7 +1049,7 @@ public abstract class SslContextFactory extends AbstractLifeCycle implements Dum
 
     /**
      * When set to "HTTPS" hostname verification will be enabled.
-     * Deployments can be vulnerable to a man-in-the-middle attack if a EndpointIndentificationAlgorithm
+     * Deployments can be vulnerable to a man-in-the-middle attack if a EndpointIdentificationAlgorithm
      * is not set.
      *
      * @param endpointIdentificationAlgorithm Set the endpointIdentificationAlgorithm

jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java

@@ -72,7 +72,6 @@ public class SslContextFactoryTest
     public void testSLOTH() throws Exception
     {
         cf.setKeyStorePassword("storepwd");
-        cf.setKeyManagerPassword("keypwd");
 
         cf.start();
 
@@ -93,7 +92,6 @@ public class SslContextFactoryTest
     public void testDumpIncludeTlsRsa() throws Exception
     {
         cf.setKeyStorePassword("storepwd");
-        cf.setKeyManagerPassword("keypwd");
         cf.setIncludeCipherSuites("TLS_RSA_.*");
         cf.setExcludeCipherSuites("BOGUS"); // just to not exclude anything
 
@@ -125,117 +123,92 @@ public class SslContextFactoryTest
     public void testNoTsFileKs() throws Exception
     {
         cf.setKeyStorePassword("storepwd");
-        cf.setKeyManagerPassword("keypwd");
 
         cf.start();
 
-        assertTrue(cf.getSslContext() != null);
+        assertNotNull(cf.getSslContext());
     }
 
     @Test
     public void testNoTsSetKs() throws Exception
     {
-        KeyStore ks = KeyStore.getInstance("JKS");
+        KeyStore ks = KeyStore.getInstance("PKCS12");
-        try (InputStream keystoreInputStream = this.getClass().getResourceAsStream("keystore"))
+        try (InputStream keystoreInputStream = this.getClass().getResourceAsStream("keystore.p12"))
         {
             ks.load(keystoreInputStream, "storepwd".toCharArray());
         }
         cf.setKeyStore(ks);
-        cf.setKeyManagerPassword("keypwd");
 
         cf.start();
 
-        assertTrue(cf.getSslContext() != null);
+        assertNotNull(cf.getSslContext());
     }
 
     @Test
     public void testNoTsNoKs() throws Exception
     {
         cf.start();
-        assertTrue(cf.getSslContext() != null);
+        assertNotNull(cf.getSslContext());
     }
 
     @Test
     public void testTrustAll() throws Exception
     {
         cf.start();
-        assertTrue(cf.getSslContext() != null);
+        assertNotNull(cf.getSslContext());
     }
 
     @Test
     public void testNoTsResourceKs() throws Exception
     {
-        Resource keystoreResource = Resource.newSystemResource("keystore");
+        Resource keystoreResource = Resource.newSystemResource("keystore.p12");
 
         cf.setKeyStoreResource(keystoreResource);
         cf.setKeyStorePassword("storepwd");
-        cf.setKeyManagerPassword("keypwd");
         cf.setTrustStoreResource(keystoreResource);
         cf.setTrustStorePassword(null);
 
         cf.start();
 
-        assertTrue(cf.getSslContext() != null);
+        assertNotNull(cf.getSslContext());
     }
 
     @Test
     public void testResourceTsResourceKs() throws Exception
     {
-        Resource keystoreResource = Resource.newSystemResource("keystore");
+        Resource keystoreResource = Resource.newSystemResource("keystore.p12");
-        Resource truststoreResource = Resource.newSystemResource("keystore");
+        Resource truststoreResource = Resource.newSystemResource("keystore.p12");
 
         cf.setKeyStoreResource(keystoreResource);
-        cf.setTrustStoreResource(truststoreResource);
         cf.setKeyStorePassword("storepwd");
-        cf.setKeyManagerPassword("keypwd");
+        cf.setTrustStoreResource(truststoreResource);
         cf.setTrustStorePassword("storepwd");
 
         cf.start();
 
-        assertTrue(cf.getSslContext() != null);
+        assertNotNull(cf.getSslContext());
-    }
-
-    @Test
-    public void testResourceTsResourceKsWrongPW() throws Exception
-    {
-        Resource keystoreResource = Resource.newSystemResource("keystore");
-        Resource truststoreResource = Resource.newSystemResource("keystore");
-
-        cf.setKeyStoreResource(keystoreResource);
-        cf.setTrustStoreResource(truststoreResource);
-        cf.setKeyStorePassword("storepwd");
-        cf.setKeyManagerPassword("wrong_keypwd");
-        cf.setTrustStorePassword("storepwd");
-
-        try (StacklessLogging ignore = new StacklessLogging(AbstractLifeCycle.class))
-        {
-            java.security.UnrecoverableKeyException x = assertThrows(
-                java.security.UnrecoverableKeyException.class, () -> cf.start());
-            assertThat(x.getMessage(), containsString("Cannot recover key"));
-        }
     }
 
     @Test
     public void testResourceTsWrongPWResourceKs() throws Exception
     {
-        Resource keystoreResource = Resource.newSystemResource("keystore");
+        Resource keystoreResource = Resource.newSystemResource("keystore.p12");
-        Resource truststoreResource = Resource.newSystemResource("keystore");
+        Resource truststoreResource = Resource.newSystemResource("keystore.p12");
 
         cf.setKeyStoreResource(keystoreResource);
-        cf.setTrustStoreResource(truststoreResource);
         cf.setKeyStorePassword("storepwd");
-        cf.setKeyManagerPassword("keypwd");
+        cf.setTrustStoreResource(truststoreResource);
         cf.setTrustStorePassword("wrong_storepwd");
 
         try (StacklessLogging ignore = new StacklessLogging(AbstractLifeCycle.class))
         {
             IOException x = assertThrows(IOException.class, () -> cf.start());
-            assertThat(x.getMessage(), containsString("Keystore was tampered with, or password was incorrect"));
+            assertThat(x.getMessage(), containsString("password was incorrect"));
         }
     }
 
     @Test
-    public void testNoKeyConfig() throws Exception
+    public void testNoKeyConfig()
     {
         try (StacklessLogging ignore = new StacklessLogging(AbstractLifeCycle.class))
         {
@@ -289,11 +262,10 @@ public class SslContextFactoryTest
     @Test
     public void testSNICertificates() throws Exception
     {
-        Resource keystoreResource = Resource.newSystemResource("snikeystore");
+        Resource keystoreResource = Resource.newSystemResource("snikeystore.p12");
 
         cf.setKeyStoreResource(keystoreResource);
         cf.setKeyStorePassword("storepwd");
-        cf.setKeyManagerPassword("keypwd");
 
         cf.start();
 
@@ -331,8 +303,8 @@ public class SslContextFactoryTest
     public void testNonDefaultKeyStoreTypeUsedForTrustStore() throws Exception
     {
         cf = new SslContextFactory.Server();
-        cf.setKeyStoreResource(Resource.newSystemResource("keystore.p12"));
+        cf.setKeyStoreResource(Resource.newSystemResource("keystore.jks"));
-        cf.setKeyStoreType("pkcs12");
+        cf.setKeyStoreType("jks");
         cf.setKeyStorePassword("storepwd");
         cf.start();
         cf.stop();

jetty-util/src/test/java/org/eclipse/jetty/util/ssl/X509Test.java

@@ -134,8 +134,7 @@ public class X509Test
         SslContextFactory serverSsl = new SslContextFactory.Server();
         Path keystorePath = MavenTestingUtils.getTestResourcePathFile("keystore_sni.p12");
         serverSsl.setKeyStoreResource(new PathResource(keystorePath));
-        serverSsl.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
+        serverSsl.setKeyStorePassword("storepwd");
-        serverSsl.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
         serverSsl.start();
     }
 
@@ -145,8 +144,7 @@ public class X509Test
         SslContextFactory clientSsl = new SslContextFactory.Client();
         Path keystorePath = MavenTestingUtils.getTestResourcePathFile("keystore_sni.p12");
         clientSsl.setKeyStoreResource(new PathResource(keystorePath));
-        clientSsl.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
+        clientSsl.setKeyStorePassword("storepwd");
-        clientSsl.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
         clientSsl.start();
     }
 
@@ -154,10 +152,9 @@ public class X509Test
     public void testServerClassWithoutSni() throws Exception
     {
         SslContextFactory serverSsl = new SslContextFactory.Server();
-        Resource keystoreResource = Resource.newSystemResource("keystore");
+        Resource keystoreResource = Resource.newSystemResource("keystore.p12");
         serverSsl.setKeyStoreResource(keystoreResource);
         serverSsl.setKeyStorePassword("storepwd");
-        serverSsl.setKeyManagerPassword("keypwd");
         serverSsl.start();
     }
 
@@ -165,10 +162,9 @@ public class X509Test
     public void testClientClassWithoutSni() throws Exception
     {
         SslContextFactory clientSsl = new SslContextFactory.Client();
-        Resource keystoreResource = Resource.newSystemResource("keystore");
+        Resource keystoreResource = Resource.newSystemResource("keystore.p12");
         clientSsl.setKeyStoreResource(keystoreResource);
         clientSsl.setKeyStorePassword("storepwd");
-        clientSsl.setKeyManagerPassword("keypwd");
         clientSsl.start();
     }
 }

jetty-websocket/websocket-core/src/test/java/org/eclipse/jetty/websocket/core/WebSocketCloseTest.java

@@ -623,7 +623,7 @@ public class WebSocketCloseTest extends WebSocketTester
         private SslContextFactory.Server createServerSslContextFactory()
         {
             SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
-            sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
+            sslContextFactory.setKeyStorePath("src/test/resources/keystore.p12");
             sslContextFactory.setKeyStorePassword("storepwd");
             return sslContextFactory;
         }

jetty-websocket/websocket-javax-tests/src/main/java/org/eclipse/jetty/websocket/javax/tests/LocalServer.java

@@ -201,9 +201,8 @@ public class LocalServer extends ContainerLifeCycle implements LocalFuzzer.Provi
             httpConfig.setSendDateHeader(false);
 
             sslContextFactory = new SslContextFactory.Server();
-            sslContextFactory.setKeyStorePath(MavenTestingUtils.getTestResourceFile("keystore").getAbsolutePath());
+            sslContextFactory.setKeyStorePath(MavenTestingUtils.getTestResourceFile("keystore.p12").getAbsolutePath());
             sslContextFactory.setKeyStorePassword("storepwd");
-            sslContextFactory.setKeyManagerPassword("keypwd");
             sslContextFactory.setExcludeCipherSuites("SSL_RSA_WITH_DES_CBC_SHA", "SSL_DHE_RSA_WITH_DES_CBC_SHA", "SSL_DHE_DSS_WITH_DES_CBC_SHA",
                 "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
                 "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA");

tests/test-http-client-transport/src/test/java/org/eclipse/jetty/http/client/HttpClientTest.java

@@ -22,6 +22,7 @@ import java.io.IOException;
 import java.io.InputStream;
 import java.io.InterruptedIOException;
 import java.util.List;
+import java.util.Optional;
 import java.util.Random;
 import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.ExecutionException;
@@ -46,6 +47,7 @@ import org.eclipse.jetty.http.HttpMethod;
 import org.eclipse.jetty.http.HttpStatus;
 import org.eclipse.jetty.http2.FlowControlStrategy;
 import org.eclipse.jetty.server.Request;
+import org.eclipse.jetty.server.ServerConnector;
 import org.eclipse.jetty.server.handler.AbstractHandler;
 import org.eclipse.jetty.util.Callback;
 import org.eclipse.jetty.util.IO;
@@ -356,7 +358,9 @@ public class HttpClientTest extends AbstractTest<TransportScenario>
 
         assertThrows(ExecutionException.class, () ->
         {
-            scenario.client.newRequest(scenario.newURI())
+            // Use IP address since the certificate contains a host name.
+            int serverPort = ((ServerConnector)scenario.connector).getLocalPort();
+            scenario.client.newRequest("https://127.0.0.1:" + serverPort)
                 .timeout(5, TimeUnit.SECONDS)
                 .send();
         });

tests/test-http-client-transport/src/test/java/org/eclipse/jetty/http/client/HttpClientTransportDynamicTest.java

@@ -190,7 +190,7 @@ public class HttpClientTransportDynamicTest
 
     private void configureSslContextFactory(SslContextFactory sslContextFactory)
     {
-        sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
+        sslContextFactory.setKeyStorePath("src/test/resources/keystore.p12");
         sslContextFactory.setKeyStorePassword("storepwd");
         // The mandatory HTTP/2 cipher.
         sslContextFactory.setIncludeCipherSuites("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");

tests/test-http-client-transport/src/test/java/org/eclipse/jetty/http/client/ProxyWithDynamicTransportTest.java

@@ -116,7 +116,7 @@ public class ProxyWithDynamicTransportTest
     private void startServer(Handler handler) throws Exception
     {
         SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
-        sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
+        sslContextFactory.setKeyStorePath("src/test/resources/keystore.p12");
         sslContextFactory.setKeyStorePassword("storepwd");
         sslContextFactory.setUseCipherSuitesOrder(true);
         sslContextFactory.setCipherComparator(HTTP2Cipher.COMPARATOR);
@@ -147,7 +147,7 @@ public class ProxyWithDynamicTransportTest
     private void startProxy(ConnectHandler connectHandler) throws Exception
     {
         SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
-        sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
+        sslContextFactory.setKeyStorePath("src/test/resources/keystore.p12");
         sslContextFactory.setKeyStorePassword("storepwd");
         sslContextFactory.setUseCipherSuitesOrder(true);
         sslContextFactory.setCipherComparator(HTTP2Cipher.COMPARATOR);

tests/test-http-client-transport/src/test/java/org/eclipse/jetty/http/client/TransportScenario.java

@@ -365,10 +365,8 @@ public class TransportScenario
 
     private void configureSslContextFactory(SslContextFactory sslContextFactory)
     {
-        sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
+        sslContextFactory.setKeyStorePath("src/test/resources/keystore.p12");
         sslContextFactory.setKeyStorePassword("storepwd");
-        sslContextFactory.setTrustStorePath("src/test/resources/truststore.jks");
-        sslContextFactory.setTrustStorePassword("storepwd");
         sslContextFactory.setUseCipherSuitesOrder(true);
         sslContextFactory.setCipherComparator(HTTP2Cipher.COMPARATOR);
     }

tests/test-integration/src/test/java/org/eclipse/jetty/test/HttpInputIntegrationTest.java

@@ -102,11 +102,9 @@ public class HttpInputIntegrationTest
         __server.addConnector(http);
 
         // SSL Context Factory for HTTPS and HTTP/2
-        String jettyDistro = System.getProperty("jetty.distro", "../../jetty-distribution/target/distribution");
         __sslContextFactory = new SslContextFactory.Server();
-        __sslContextFactory.setKeyStorePath(jettyDistro + "/../../../jetty-server/src/test/config/etc/keystore");
+        __sslContextFactory.setKeyStorePath("src/test/resources/keystore.p12");
-        __sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
+        __sslContextFactory.setKeyStorePassword("storepwd");
-        __sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
 
         // HTTPS Configuration
         __sslConfig = new HttpConfiguration(__config);