Using same constants for default keystore password and type

- note that type can be autodetected both by keytool and KeyStore

Signed-off-by: David Matějček <[email protected]>

Author: dmatej

appserver/itest-tools/src/main/java/org/glassfish/main/itest/tools/GlassFishTestEnvironment.java

@@ -57,6 +57,7 @@
 import org.glassfish.main.itest.tools.asadmin.StartServ;
 import org.glassfish.main.jdke.security.KeyTool;
 
+import static com.sun.enterprise.util.SystemPropertyConstants.KEYSTORE_PASSWORD_DEFAULT;
 import static java.net.http.HttpResponse.BodyHandlers.ofString;
 import static org.glassfish.embeddable.GlassFishVariable.JAVA_HOME;
 import static org.glassfish.main.itest.tools.asadmin.AsadminResultMatcher.asadminOK;
@@ -173,7 +174,7 @@ public static Path getDomain1Directory() {
     public static KeyStore getDomain1KeyStore() {
         Path keystore = getDomain1Directory().resolve(Paths.get("config", "keystore.jks"));
         try {
-            return new KeyTool(keystore.toFile(), "changeit".toCharArray()).loadKeyStore();
+            return new KeyTool(keystore.toFile(), KEYSTORE_PASSWORD_DEFAULT.toCharArray()).loadKeyStore();
         } catch (IOException e) {
             throw new IllegalStateException(e);
         }
@@ -183,7 +184,7 @@ public static KeyStore getDomain1KeyStore() {
     public static KeyStore getDomain1TrustStore() {
         Path cacerts = getDomain1Directory().resolve(Paths.get("config", "cacerts.jks"));
         try {
-            return new KeyTool(cacerts.toFile(), "changeit".toCharArray()).loadKeyStore();
+            return new KeyTool(cacerts.toFile(), KEYSTORE_PASSWORD_DEFAULT.toCharArray()).loadKeyStore();
         } catch (IOException e) {
             throw new IllegalStateException(e);
         }

appserver/tests/application/src/test/java/org/glassfish/main/test/app/security/jmac/https/JmacHttpsTest.java

@@ -48,6 +48,7 @@
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.io.TempDir;
 
+import static com.sun.enterprise.util.SystemPropertyConstants.KEYSTORE_PASSWORD_DEFAULT;
 import static java.lang.System.Logger.Level.DEBUG;
 import static java.lang.System.Logger.Level.INFO;
 import static java.lang.System.Logger.Level.TRACE;
@@ -87,7 +88,7 @@ public static void prepareDeployment() throws Exception {
         myKeyStoreTool.generateKeyPair("httpstest", "CN=HTTPSTEST,OU=Eclipse GlassFish Tests", "RSA", 7);
 
         File cacertsFile = getDomain1Directory().resolve(Paths.get("config", "cacerts.jks")).toFile();
-        myKeyStoreTool.copyCertificate("httpstest", cacertsFile, "changeit".toCharArray());
+        myKeyStoreTool.copyCertificate("httpstest", cacertsFile, KEYSTORE_PASSWORD_DEFAULT.toCharArray());
 
         // Default is false, required to set the client certificate to the context.
         ASADMIN.exec("set", "configs.config.server-config.network-config.protocols.protocol.http-listener-2.ssl.client-auth-enabled=true");

appserver/tests/embedded/maven-plugin/secureWebApp/src/test/java/org/glassfish/tests/embedded/securewebapp/SecureWebAppTest.java

@@ -40,6 +40,7 @@
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Test;
 
+import static com.sun.enterprise.util.SystemPropertyConstants.KEYSTORE_PASSWORD_DEFAULT;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 
 public class SecureWebAppTest {
@@ -65,7 +66,7 @@ public void checkServerTrusted(X509Certificate[] certs, String authType) {
     @BeforeAll
     public static void createKeyStore() throws Exception {
         File keystore = JUnitSystem.detectBasedir().resolve(Path.of("target", "keystore.jks")).toFile();
-        KeyTool keyTool = new KeyTool(keystore, "changeit".toCharArray());
+        KeyTool keyTool = new KeyTool(keystore, KEYSTORE_PASSWORD_DEFAULT.toCharArray());
         keyTool.generateKeyPair("s1as", "CN=localhost", "RSA", 1);
     }
 

appserver/web/web-core/src/main/java/org/apache/catalina/connector/CoyoteServerSocketFactory.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2022 Contributors to the Eclipse Foundation
+ * Copyright (c) 2022, 2025 Contributors to the Eclipse Foundation
  * Copyright (c) 1997-2018 Oracle and/or its affiliates. All rights reserved.
  * Copyright 2004 The Apache Software Foundation
  *
@@ -22,6 +22,8 @@
 import java.net.InetAddress;
 import java.net.ServerSocket;
 
+import static com.sun.enterprise.util.SystemPropertyConstants.KEYSTORE_PASSWORD_DEFAULT;
+
 
 /**
  * This socket factory holds secure socket factory parameters. Besides the usual
@@ -58,7 +60,7 @@ public class CoyoteServerSocketFactory
     private String keystoreFile;
     private String randomFile;
     private String rootFile;
-    private String keystorePass = "changeit";
+    private String keystorePass = KEYSTORE_PASSWORD_DEFAULT;
     private String keystoreType = "JKS";
     private String protocol = "TLS";
     private String protocols;

nucleus/admin/cli/src/test/java/com/sun/enterprise/admin/cli/CLIUtilTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021, 2024 Contributors to the Eclipse Foundation.
+ * Copyright (c) 2021, 2025 Contributors to the Eclipse Foundation.
  * Copyright (c) 2008, 2018 Oracle and/or its affiliates. All rights reserved.
  *
  * This program and the accompanying materials are made available under the
@@ -41,12 +41,12 @@ public void getUploadFileTest() throws Exception {
         f.deleteOnExit();
         try (BufferedWriter out = new BufferedWriter(new FileWriter(f, UTF_8))) {
             out.write("AS_ADMIN_PASSWORD=adminadmin\n");
-            out.write("AS_ADMIN_MASTERPASSWORD=changeit\n");
+            out.write("AS_ADMIN_MASTERPASSWORD=changeit123\n");
         }
 
         Map<String, String> po = CLIUtil.readPasswordFileOptions(fileName, false);
         assertEquals("adminadmin", po.get("password"), "admin password");
-        assertEquals("changeit", po.get("masterpassword"), "master password");
+        assertEquals("changeit123", po.get("masterpassword"), "master password");
         assertNull(po.get("foobar"), "null");
     }
 }

nucleus/admin/server-mgmt/src/main/java/com/sun/enterprise/admin/servermgmt/KeystoreManager.java

@@ -50,7 +50,6 @@ public class KeystoreManager {
     private static final String CERTIFICATE_DN_SUFFIX = ",OU=GlassFish,O=Eclipse Foundation";
     public static final String CERTIFICATE_ALIAS = "s1as";
     public static final String INSTANCE_SECURE_ADMIN_ALIAS = "glassfish-instance";
-    public static final String DEFAULT_MASTER_PASSWORD = "changeit";
     private static final String INSTANCE_CN_SUFFIX = "-instance";
 
     private static final StringManager _strMgr = StringManager.getManager(KeystoreManager.class);

nucleus/admin/server-mgmt/src/main/java/com/sun/enterprise/admin/servermgmt/cli/CreateDomainCommand.java

@@ -64,6 +64,8 @@
 import static com.sun.enterprise.config.util.PortConstants.PORTBASE_JMX_SUFFIX;
 import static com.sun.enterprise.config.util.PortConstants.PORTBASE_OSGI_SUFFIX;
 import static com.sun.enterprise.config.util.PortConstants.PORT_MAX_VAL;
+import static com.sun.enterprise.util.SystemPropertyConstants.DEFAULT_ADMIN_PASSWORD;
+import static com.sun.enterprise.util.SystemPropertyConstants.KEYSTORE_PASSWORD_DEFAULT;
 import static org.glassfish.embeddable.GlassFishVariable.DOMAINS_ROOT;
 
 /**
@@ -76,7 +78,6 @@ public final class CreateDomainCommand extends CLICommand {
     private static final String ADMIN_PORT = "adminport";
     private static final String ADMIN_PASSWORD = "password";
     private static final String MASTER_PASSWORD = "masterpassword";
-    private static final String DEFAULT_MASTER_PASSWORD = KeystoreManager.DEFAULT_MASTER_PASSWORD;
     private static final String SAVE_MASTER_PASSWORD = "savemasterpassword";
     private static final String INSTANCE_PORT = "instanceport";
     private static final String DOMAIN_PROPERTIES = "domainproperties";
@@ -257,9 +258,9 @@ protected int executeCommand() throws CommandException, CommandValidationExcepti
         adminUser = programOpts.getUser();
         if (!ok(adminUser)) {
             adminUser = SystemPropertyConstants.DEFAULT_ADMIN_USER;
-            adminPassword = SystemPropertyConstants.DEFAULT_ADMIN_PASSWORD;
+            adminPassword = DEFAULT_ADMIN_PASSWORD;
         } else if (noPassword) {
-            adminPassword = SystemPropertyConstants.DEFAULT_ADMIN_PASSWORD;
+            adminPassword = DEFAULT_ADMIN_PASSWORD;
         } else {
             char[] pwdArr = getAdminPassword();
             adminPassword = pwdArr != null ? new String(pwdArr) : null;
@@ -273,9 +274,9 @@ protected int executeCommand() throws CommandException, CommandValidationExcepti
         if (masterPassword == null) {
             if (useMasterPassword) {
                 char[] mpArr = getMasterPassword();
-                masterPassword = mpArr != null ? new String(mpArr) : null;
+                masterPassword = mpArr == null ? null : new String(mpArr);
             } else {
-                masterPassword = DEFAULT_MASTER_PASSWORD;
+                masterPassword = KEYSTORE_PASSWORD_DEFAULT;
             }
         }
 
@@ -291,14 +292,14 @@ protected int executeCommand() throws CommandException, CommandValidationExcepti
 
             // saving the login information happens inside this method
             createTheDomain(domainDir, domainProperties);
+            return 0;
         } catch (CommandException ce) {
             logger.info(ce.getLocalizedMessage());
             throw new CommandException(strings.get("CouldNotCreateDomain", domainName), ce);
         } catch (Exception e) {
             logger.fine(e.getLocalizedMessage());
             throw new CommandException(strings.get("CouldNotCreateDomain", domainName), e);
         }
-        return 0;
     }
 
     /**
@@ -310,7 +311,7 @@ private char[] getAdminPassword() throws CommandValidationException {
         po.prompt = strings.get("AdminPassword");
         po.promptAgain = strings.get("AdminPasswordAgain");
         po.param._password = true;
-        return getPassword(po, SystemPropertyConstants.DEFAULT_ADMIN_PASSWORD, true);
+        return getPassword(po, DEFAULT_ADMIN_PASSWORD, true);
     }
 
     /**
@@ -322,7 +323,7 @@ private char[] getMasterPassword() throws CommandValidationException {
         po.prompt = strings.get("MasterPassword");
         po.promptAgain = strings.get("MasterPasswordAgain");
         po.param._password = true;
-        return getPassword(po, DEFAULT_MASTER_PASSWORD, true);
+        return getPassword(po, KEYSTORE_PASSWORD_DEFAULT, true);
     }
 
     /**
@@ -438,7 +439,7 @@ private void createTheDomain(final String domainPath, Properties domainPropertie
         logger.info(strings.get("DomainCreated", domainName));
         Integer aPort = (Integer) domainConfig.get(DomainConfig.K_ADMIN_PORT);
         logger.info(strings.get("DomainPort", domainName, Integer.toString(aPort)));
-        if (adminPassword != null && adminPassword.equals(SystemPropertyConstants.DEFAULT_ADMIN_PASSWORD)) {
+        if (adminPassword != null && adminPassword.equals(DEFAULT_ADMIN_PASSWORD)) {
             logger.info(strings.get("DomainAllowsUnauth", domainName, adminUser));
         } else {
             logger.info(strings.get("DomainAdminUser", domainName, adminUser));

nucleus/admin/server-mgmt/src/main/java/com/sun/enterprise/admin/servermgmt/cli/LocalServerCommand.java

@@ -45,6 +45,7 @@
 import static com.sun.enterprise.admin.cli.CLIConstants.DEFAULT_ADMIN_PORT;
 import static com.sun.enterprise.admin.cli.CLIConstants.DEFAULT_HOSTNAME;
 import static com.sun.enterprise.admin.cli.ProgramOptions.PasswordLocation.LOCAL_PASSWORD;
+import static com.sun.enterprise.util.SystemPropertyConstants.KEYSTORE_PASSWORD_DEFAULT;
 import static java.util.logging.Level.CONFIG;
 import static java.util.logging.Level.FINER;
 
@@ -230,7 +231,7 @@ protected final String getMasterPassword() throws CommandException {
         if (mpv == null) {
             // not specified in the password file
             // optimization for the default case
-            mpv = "changeit";
+            mpv = KEYSTORE_PASSWORD_DEFAULT;
             if (!verifyMasterPassword(mpv)) {
                 mpv = readFromMasterPasswordFile();
                 if (!verifyMasterPassword(mpv)) {

nucleus/admin/server-mgmt/src/main/java/com/sun/enterprise/admin/servermgmt/domain/DomainSecurity.java

@@ -29,6 +29,7 @@
 
 import static com.sun.enterprise.admin.servermgmt.domain.DomainConstants.KEYSTORE_FILE;
 import static com.sun.enterprise.admin.servermgmt.domain.DomainConstants.TRUSTSTORE_FILE;
+import static com.sun.enterprise.util.SystemPropertyConstants.KEYSTORE_PASSWORD_DEFAULT;
 
 public class DomainSecurity extends MasterPasswordFileManager {
 
@@ -75,7 +76,7 @@ void createPasswordAliasKeystore(File pwFile, String password) throws Repository
      */
     void createSSLCertificateDatabase(File configDir, DomainConfig config, String masterPassword) throws RepositoryException {
         createKeyStore(new File(configDir, KEYSTORE_FILE), config, masterPassword);
-        changeKeystorePassword(DEFAULT_MASTER_PASSWORD, masterPassword, new File(configDir, TRUSTSTORE_FILE));
+        changeKeystorePassword(KEYSTORE_PASSWORD_DEFAULT, masterPassword, new File(configDir, TRUSTSTORE_FILE));
         copyCertificatesToTrustStore(configDir, config, masterPassword);
     }
 

nucleus/cluster/cli/src/main/java/com/sun/enterprise/admin/cli/cluster/CreateLocalInstanceCommand.java

@@ -1,4 +1,5 @@
 /*
+ * Copyright (c) 2025 Contributors to the Eclipse Foundation.
  * Copyright (c) 1997, 2018 Oracle and/or its affiliates. All rights reserved.
  *
  * This program and the accompanying materials are made available under the
@@ -18,7 +19,6 @@
 
 import com.sun.enterprise.admin.cli.CLIConstants;
 import com.sun.enterprise.admin.cli.remote.RemoteCLICommand;
-import com.sun.enterprise.admin.servermgmt.KeystoreManager;
 import com.sun.enterprise.admin.util.CommandModelData.ParamModelData;
 import com.sun.enterprise.security.store.PasswordAdapter;
 import com.sun.enterprise.universal.glassfish.TokenResolver;
@@ -42,6 +42,8 @@
 import org.glassfish.hk2.api.PerLookup;
 import org.jvnet.hk2.annotations.Service;
 
+import static com.sun.enterprise.util.SystemPropertyConstants.KEYSTORE_PASSWORD_DEFAULT;
+
 
 /**
  *  This is a local command that calls the primitive remote _register-instance to add the
@@ -87,7 +89,6 @@ public final class CreateLocalInstanceCommand extends CreateLocalInstanceFilesys
     private String RENDEZVOUS_DOTTED_NAME;
     private boolean _rendezvousOccurred;
     private String _node;
-    private static final String DEFAULT_MASTER_PASSWORD = KeystoreManager.DEFAULT_MASTER_PASSWORD;
     private ParamModelData masterPasswordOption;
     private static final String MASTER_PASSWORD_ALIAS="master-password";
 
@@ -154,10 +155,11 @@ protected int executeCommand()
         int exitCode = -1;
 
         if (node == null) {
-            if(nodeDirChild == null)
+            if(nodeDirChild == null) {
                 throw new CommandException(Strings.get("internal.error",
                         "nodeDirChild was null.  The Base Class is supposed to "
                         + "guarantee that this won't happen"));
+            }
             _node = nodeDirChild.getName();
             String nodeHost = getInstanceHostName(true);
             createNodeImplicit(_node, getProductRootPath(), nodeHost);
@@ -205,8 +207,9 @@ private void validateInstanceDirUnique() throws CommandException {
         RemoteCLICommand rc = new RemoteCLICommand("list-instances", this.programOpts, this.env);
         String returnOutput =
                 rc.executeAndReturnOutput("list-instances", "--nostatus", _node);
-        if (returnOutput == null)
+        if (returnOutput == null) {
             return;
+        }
         String[] registeredInstanceNamesOnThisNode = returnOutput.split("\r?\n");
         for (String registeredInstanceName : registeredInstanceNamesOnThisNode) {
             File instanceListDir = new File(nodeDirChild, registeredInstanceName);
@@ -245,25 +248,25 @@ private int bootstrapSecureAdminFiles() throws CommandException {
      * @throws CommandException
      */
     private void saveMasterPassword() throws CommandException {
-        masterPasswordOption = new ParamModelData(CLIConstants.MASTER_PASSWORD,
-                String.class, false, null);
+        masterPasswordOption = new ParamModelData(CLIConstants.MASTER_PASSWORD, String.class, false, null);
         masterPasswordOption.prompt = Strings.get("MasterPassword");
         masterPasswordOption.promptAgain = Strings.get("MasterPasswordAgain");
         masterPasswordOption.param._password = true;
-        if (saveMasterPassword)
+        if (saveMasterPassword) {
             useMasterPassword = true;
-        if (useMasterPassword)
-            masterPassword = getPassword(masterPasswordOption,
-                    DEFAULT_MASTER_PASSWORD, true) != null ? new String(getPassword(masterPasswordOption,
-                DEFAULT_MASTER_PASSWORD, true)) : null;
-        if (masterPassword == null)
-            masterPassword = DEFAULT_MASTER_PASSWORD;
+        }
+        if (useMasterPassword) {
+            char[] password = getPassword(masterPasswordOption, KEYSTORE_PASSWORD_DEFAULT, true);
+            masterPassword = password == null ? null : new String(password);
+        }
+        if (masterPassword == null) {
+            masterPassword = KEYSTORE_PASSWORD_DEFAULT;
+        }
 
         if (saveMasterPassword) {
             File mp = new File(new File(getServerDirs().getServerDir(), "config"), "keystore.jks");
             if (mp.canRead()) {
                 if (verifyMasterPassword(masterPassword)) {
-
                     createMasterPasswordFile(masterPassword);
                 } else {
                     logger.info(Strings.get("masterPasswordIncorrect"));
@@ -297,14 +300,17 @@ protected void createMasterPasswordFile(String masterPassword) throws CommandExc
 
     protected void chmod(String args, File file) throws IOException {
         if (OS.isUNIX()) {
-            if (!file.exists()) throw new IOException(Strings.get("fileNotFound", file.getAbsolutePath()));
+            if (!file.exists()) {
+                throw new IOException(Strings.get("fileNotFound", file.getAbsolutePath()));
+            }
 
             // " +" regular expression for 1 or more spaces
             final String[] argsString = args.split(" +");
             List<String> cmdList = new ArrayList<String>();
             cmdList.add("/bin/chmod");
-            for (String arg : argsString)
+            for (String arg : argsString) {
                 cmdList.add(arg);
+            }
             cmdList.add(file.getAbsolutePath());
             new ProcessBuilder(cmdList).start();
         }