0005351: Use PKCS12 for keystore by default

JumpMind · Jul 7, 2022 · f163533 · f163533
1 parent 1940044
commit f163533
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 2 deletions.
diff --git a/symmetric-server/src/main/deploy/security/keystore b/symmetric-server/src/main/deploy/security/keystore
diff --git a/symmetric-util/src/main/java/org/jumpmind/security/SecurityConstants.java b/symmetric-util/src/main/java/org/jumpmind/security/SecurityConstants.java
@@ -43,6 +43,8 @@ public class SecurityConstants {
     public static final String CHARSET = "UTF8";
     public static final String KEYSTORE_PASSWORD = "changeit";
     public static final String KEYSTORE_TYPE = "JCEKS";
+    public static final String KEYSTORE_TYPE_PKCS12 = "PKCS12";
+    public static final String KEYSTORE_TYPE_JKS = "JKS";
     public static final byte[] SALT = { (byte) 0x01, (byte) 0x03, (byte) 0x05, (byte) 0x07, (byte) 0xA2,
             (byte) 0xB4, (byte) 0xC6, (byte) 0xD8 };
     public static final String ALIAS_SYM_PRIVATE_KEY = "sym";

diff --git a/symmetric-util/src/main/java/org/jumpmind/security/SecurityService.java b/symmetric-util/src/main/java/org/jumpmind/security/SecurityService.java
@@ -110,7 +110,7 @@ public KeyStore getTrustStore() {
     public KeyStore getKeyStore() {
         try {
             checkThatKeystoreFileExists();
-            String keyStoreType = System.getProperty(SecurityConstants.SYSPROP_KEYSTORE_TYPE, SecurityConstants.KEYSTORE_TYPE);
+            String keyStoreType = getKeyStoreType();
             KeyStore ks = KeyStore.getInstance(keyStoreType);
             if (keyStoreFileName != null) {
                 log.debug("Loading keystore from file {}", keyStoreFileName);
@@ -133,6 +133,33 @@ public KeyStore getKeyStore() {
         }
     }
 
+    protected String getKeyStoreType() {
+        String keyStoreType = System.getProperty(SecurityConstants.SYSPROP_KEYSTORE_TYPE);
+        if (keyStoreType == null) {
+            byte[] buffer = new byte[2];
+            if (keyStoreFileName != null) {
+                try (InputStream is = new FileInputStream(keyStoreFileName)) {
+                    is.read(buffer, 0, 2);
+                } catch (IOException e) {
+                }
+            } else if (keyStoreURL != null) {
+                try (InputStream is = keyStoreURL.openStream()) {
+                    is.read(buffer, 0, 2);
+                } catch (IOException e) {
+                }
+            }
+            if (Byte.toUnsignedInt(buffer[0]) == 0xCE && Byte.toUnsignedInt(buffer[1]) == 0xCE) {
+                keyStoreType = SecurityConstants.KEYSTORE_TYPE;
+            } else if (Byte.toUnsignedInt(buffer[0]) == 0xFE && Byte.toUnsignedInt(buffer[1]) == 0xED) {
+                keyStoreType = SecurityConstants.KEYSTORE_TYPE_JKS;
+            }
+        }
+        if (keyStoreType == null) {
+            keyStoreType = SecurityConstants.KEYSTORE_TYPE_PKCS12;
+        }
+        return keyStoreType;
+    }
+
     @Override
     public KeyManagerFactory getKeyManagerFactory() {
         KeyManagerFactory keyManagerFactory;
@@ -230,7 +257,7 @@ protected void checkThatKeystoreFileExists() throws KeyStoreException, NoSuchAlg
         if (!hasInitKeyStore) {
             synchronized (SecurityService.class) {
                 if (!hasInitKeyStore && keyStoreFileName != null && !new File(keyStoreFileName).exists()) {
-                    String keyStoreType = System.getProperty(SecurityConstants.SYSPROP_KEYSTORE_TYPE, SecurityConstants.KEYSTORE_TYPE);
+                    String keyStoreType = System.getProperty(SecurityConstants.SYSPROP_KEYSTORE_TYPE, SecurityConstants.KEYSTORE_TYPE_PKCS12);
                     KeyStore ks = KeyStore.getInstance(keyStoreType);
                     ks.load(null, getKeyStorePassword().toCharArray());
                     try (FileOutputStream os = new FileOutputStream(keyStoreFileName)) {