From f1635338d5db6e0b22091267fbf4ac1518f95dd0 Mon Sep 17 00:00:00 2001
From: Eric Long <elong@jumpmind.com>
Date: Thu, 7 Jul 2022 14:12:20 -0400
Subject: [PATCH] 0005351: Use PKCS12 for keystore by default

---
 .../src/main/deploy/security/keystore         | Bin 32 -> 88 bytes
 .../jumpmind/security/SecurityConstants.java  |   2 ++
 .../jumpmind/security/SecurityService.java    |  31 ++++++++++++++++--
 3 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/symmetric-server/src/main/deploy/security/keystore b/symmetric-server/src/main/deploy/security/keystore
index c408465500cb0af9cfd1f7371422ef8899ae6725..b0d8c5cc1ad5bfe96be938fd2f4a6fb148031493 100644
GIT binary patch
literal 88
zcmV-e0H^;jRssP7FcAg`Duzgg_YDCD0iXl~0x$qDJ}@CL2?hl#4g&%j1povT!-lIr
urzBiIcvZ;>V)_Rws<){N1QazP5u!@ho|8yYe1J7f*VYX^q(lM(0fwM%hZrgV

literal 32
ncmezO_TO6u1_mY|W_Xm5=la|E{*s%M?mC{^wn--0;QAy0^AQhj

diff --git a/symmetric-util/src/main/java/org/jumpmind/security/SecurityConstants.java b/symmetric-util/src/main/java/org/jumpmind/security/SecurityConstants.java
index b30f824100..902545cdf1 100644
--- a/symmetric-util/src/main/java/org/jumpmind/security/SecurityConstants.java
+++ b/symmetric-util/src/main/java/org/jumpmind/security/SecurityConstants.java
@@ -43,6 +43,8 @@ public class SecurityConstants {
     public static final String CHARSET = "UTF8";
     public static final String KEYSTORE_PASSWORD = "changeit";
     public static final String KEYSTORE_TYPE = "JCEKS";
+    public static final String KEYSTORE_TYPE_PKCS12 = "PKCS12";
+    public static final String KEYSTORE_TYPE_JKS = "JKS";
     public static final byte[] SALT = { (byte) 0x01, (byte) 0x03, (byte) 0x05, (byte) 0x07, (byte) 0xA2,
             (byte) 0xB4, (byte) 0xC6, (byte) 0xD8 };
     public static final String ALIAS_SYM_PRIVATE_KEY = "sym";
diff --git a/symmetric-util/src/main/java/org/jumpmind/security/SecurityService.java b/symmetric-util/src/main/java/org/jumpmind/security/SecurityService.java
index 38403639d0..895cad53e9 100644
--- a/symmetric-util/src/main/java/org/jumpmind/security/SecurityService.java
+++ b/symmetric-util/src/main/java/org/jumpmind/security/SecurityService.java
@@ -110,7 +110,7 @@ public KeyStore getTrustStore() {
     public KeyStore getKeyStore() {
         try {
             checkThatKeystoreFileExists();
-            String keyStoreType = System.getProperty(SecurityConstants.SYSPROP_KEYSTORE_TYPE, SecurityConstants.KEYSTORE_TYPE);
+            String keyStoreType = getKeyStoreType();
             KeyStore ks = KeyStore.getInstance(keyStoreType);
             if (keyStoreFileName != null) {
                 log.debug("Loading keystore from file {}", keyStoreFileName);
@@ -133,6 +133,33 @@ public KeyStore getKeyStore() {
         }
     }
 
+    protected String getKeyStoreType() {
+        String keyStoreType = System.getProperty(SecurityConstants.SYSPROP_KEYSTORE_TYPE);
+        if (keyStoreType == null) {
+            byte[] buffer = new byte[2];
+            if (keyStoreFileName != null) {
+                try (InputStream is = new FileInputStream(keyStoreFileName)) {
+                    is.read(buffer, 0, 2);
+                } catch (IOException e) {
+                }
+            } else if (keyStoreURL != null) {
+                try (InputStream is = keyStoreURL.openStream()) {
+                    is.read(buffer, 0, 2);
+                } catch (IOException e) {
+                }
+            }
+            if (Byte.toUnsignedInt(buffer[0]) == 0xCE && Byte.toUnsignedInt(buffer[1]) == 0xCE) {
+                keyStoreType = SecurityConstants.KEYSTORE_TYPE;
+            } else if (Byte.toUnsignedInt(buffer[0]) == 0xFE && Byte.toUnsignedInt(buffer[1]) == 0xED) {
+                keyStoreType = SecurityConstants.KEYSTORE_TYPE_JKS;
+            }
+        }
+        if (keyStoreType == null) {
+            keyStoreType = SecurityConstants.KEYSTORE_TYPE_PKCS12;
+        }
+        return keyStoreType;
+    }
+
     @Override
     public KeyManagerFactory getKeyManagerFactory() {
         KeyManagerFactory keyManagerFactory;
@@ -230,7 +257,7 @@ protected void checkThatKeystoreFileExists() throws KeyStoreException, NoSuchAlg
         if (!hasInitKeyStore) {
             synchronized (SecurityService.class) {
                 if (!hasInitKeyStore && keyStoreFileName != null && !new File(keyStoreFileName).exists()) {
-                    String keyStoreType = System.getProperty(SecurityConstants.SYSPROP_KEYSTORE_TYPE, SecurityConstants.KEYSTORE_TYPE);
+                    String keyStoreType = System.getProperty(SecurityConstants.SYSPROP_KEYSTORE_TYPE, SecurityConstants.KEYSTORE_TYPE_PKCS12);
                     KeyStore ks = KeyStore.getInstance(keyStoreType);
                     ks.load(null, getKeyStorePassword().toCharArray());
                     try (FileOutputStream os = new FileOutputStream(keyStoreFileName)) {