eclipse-ee4j
diff --git a/‎appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/J2EESecurityManager.java‎
Lines changed: 8 additions & 21 deletions b/‎appserver/security/core-ee/src/main/java/com/sun/enterprise/security/ee/J2EESecurityManager.java‎
Lines changed: 8 additions & 21 deletions
diff --git a/‎appserver/web/web-glue/src/main/java/com/sun/enterprise/web/connector/coyote/PECoyoteConnector.java‎
Lines changed: 11 additions & 39 deletions b/‎appserver/web/web-glue/src/main/java/com/sun/enterprise/web/connector/coyote/PECoyoteConnector.java‎
Lines changed: 11 additions & 39 deletions
diff --git a/‎nucleus/admin/server-mgmt/src/main/java/com/sun/enterprise/admin/servermgmt/cli/LocalServerCommand.java‎
Lines changed: 16 additions & 43 deletions b/‎nucleus/admin/server-mgmt/src/main/java/com/sun/enterprise/admin/servermgmt/cli/LocalServerCommand.java‎
Lines changed: 16 additions & 43 deletions
diff --git a/‎nucleus/common/common-util/src/main/java/com/sun/enterprise/security/store/AsadminSecurityUtil.java‎
Lines changed: 15 additions & 33 deletions b/‎nucleus/common/common-util/src/main/java/com/sun/enterprise/security/store/AsadminSecurityUtil.java‎
Lines changed: 15 additions & 33 deletions
@@ -1,4 +1,5 @@
 /*
+ * Copyright (c) 2025 Contributors to the Eclipse Foundation.
  * Copyright (c) 1997, 2020 Oracle and/or its affiliates. All rights reserved.
  *
  * This program and the accompanying materials are made available under the
@@ -23,36 +24,21 @@
 import java.net.SocketPermission;
 import java.util.PropertyPermission;
 
+import static org.glassfish.embeddable.GlassFishVariable.KEYSTORE_PASSWORD;
+import static org.glassfish.embeddable.GlassFishVariable.TRUSTSTORE_PASSWORD;
+
 /**
  * Java 2 security manager that enforces code security.
  *
  * @author Harish Prabandham
  */
+@Deprecated(since = "7.1.0", forRemoval = true)
 public class J2EESecurityManager extends java.rmi.RMISecurityManager {
 
     private CachedPermissionImpl connectPerm;
-
     private PermissionCache cache;
+    private boolean cacheEnabled;
 
-    private boolean cacheEnabled = false;
-
-    public J2EESecurityManager() {
-    }
-
-    /*
-     * public void checkAccess(ThreadGroup t) { Class[] clss = getClassContext(); for(int i=1; i < clss.length; ++i) { //
-     * IASRI 4660742 System.out.println(clss[i] + " : " + clss[i].getProtectionDomain()); // START OF IASRI 4660742
-     * _logger.log(Level.FINE,clss[i] + " : " + clss[i].getProtectionDomain()); // END OF IASRI 4660742 }
-     *
-     * System.out.flush();
-     *
-     * // JDK 1.1. implementation... Class[] clss = getClassContext(); for(int i=1; i < clss.length; ++i) {
-     * checkIfInContainer(clss[i]); } }
-     *
-     * // JDK 1.1. implementation... private void checkIfInContainer(Class clazz) { Class[] parents =
-     * clazz.getDeclaredClasses(); for(int i=0; i < parents.length; ++i) { if(parents[i] == com.sun.ejb.Container.class)
-     * throw new SecurityException("Got it...."); } }
-     */
 
     @Override
     public void checkAccess(ThreadGroup t) {
@@ -106,7 +92,8 @@ private boolean checkConnectPermission() {
     }
 
     private boolean checkProperty(String key) {
-        if (key.equals("javax.net.ssl.keyStorePassword") || key.equals("javax.net.ssl.trustStorePassword")) {
+        if (KEYSTORE_PASSWORD.getSystemPropertyName().equals(key)
+            || TRUSTSTORE_PASSWORD.getSystemPropertyName().equals(key)) {
             SSLUtils.checkPermission(key);
         }
         if (cacheEnabled()) {
 
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2024 Contributors to the Eclipse Foundation.
+ * Copyright (c) 2024, 2025 Contributors to the Eclipse Foundation.
  * Copyright (c) 1997, 2018 Oracle and/or its affiliates. All rights reserved.
  *
  * This program and the accompanying materials are made available under the
@@ -60,6 +60,11 @@
 import org.glassfish.web.admin.monitor.RequestProbeProvider;
 import org.glassfish.web.util.IntrospectionUtils;
 
+import static org.glassfish.embeddable.GlassFishVariable.KEYSTORE_FILE;
+import static org.glassfish.embeddable.GlassFishVariable.KEYSTORE_TYPE;
+import static org.glassfish.embeddable.GlassFishVariable.TRUSTSTORE_FILE;
+import static org.glassfish.embeddable.GlassFishVariable.TRUSTSTORE_TYPE;
+
 public class PECoyoteConnector extends Connector {
 
     private static final String DEFAULT_KEYSTORE_TYPE = "JKS";
@@ -1328,51 +1333,18 @@ private void configureSSL(NetworkListener listener) {
      * Configures this connector with its keystore and truststore.
      */
     private void configureKeysAndCerts() {
-
-        /*
-         * Keystore
-         */
-        String prop = System.getProperty("javax.net.ssl.keyStore");
-        String keyStoreType = System.getProperty("javax.net.ssl.keyStoreType",DEFAULT_KEYSTORE_TYPE);
+        String prop = System.getProperty(KEYSTORE_FILE.getSystemPropertyName());
+        String keyStoreType = System.getProperty(KEYSTORE_TYPE.getSystemPropertyName(), DEFAULT_KEYSTORE_TYPE);
         if (prop != null) {
-            // PE
             setKeystoreFile(prop);
             setKeystoreType(keyStoreType);
         }
 
-        /*
-         * Get keystore password from password.conf file.
-         * Notice that JSSE, the underlying SSL implementation in PE,
-         * currently does not support individual key entry passwords
-         * that are different from the keystore password.
-         *
-        String ksPasswd = null;
-        try {
-            ksPasswd = PasswordConfReader.getKeyStorePassword();
-        } catch (IOException ioe) {
-            // Ignore
-        }
-        if (ksPasswd == null) {
-            ksPasswd = System.getProperty("javax.net.ssl.keyStorePassword");
-        }
-        if (ksPasswd != null) {
-            try {
-                connector.setKeystorePass(ksPasswd);
-            } catch (Exception e) {
-                _logger.log(Level.SEVERE,
-                    "pewebcontainer.http_listener_keystore_password_exception",
-                    e);
-            }
-        }*/
-
-        /*
-         * Truststore
-         */
-        prop = System.getProperty("javax.net.ssl.trustStore");
+        prop = System.getProperty(TRUSTSTORE_FILE.getSystemPropertyName());
+        keyStoreType = System.getProperty(TRUSTSTORE_TYPE.getSystemPropertyName(), DEFAULT_TRUSTSTORE_TYPE);
         if (prop != null) {
-            // PE
             setTruststore(prop);
-            setTruststoreType(DEFAULT_TRUSTSTORE_TYPE);
+            setTruststoreType(keyStoreType);
         }
     }
 
 
@@ -30,9 +30,7 @@
 import com.sun.enterprise.util.io.ServerDirs;
 
 import java.io.File;
-import java.io.FileInputStream;
 import java.io.IOException;
-import java.security.KeyStore;
 import java.time.Duration;
 import java.util.List;
 import java.util.function.Supplier;
@@ -42,6 +40,7 @@
 import org.glassfish.api.ActionReport.ExitCode;
 import org.glassfish.api.admin.CommandException;
 import org.glassfish.main.jdke.i18n.LocalStringsImpl;
+import org.glassfish.main.jdke.security.KeyTool;
 
 import static com.sun.enterprise.admin.cli.CLIConstants.DEFAULT_ADMIN_PORT;
 import static com.sun.enterprise.admin.cli.CLIConstants.DEFAULT_HOSTNAME;
@@ -50,11 +49,7 @@
 import static java.util.logging.Level.FINER;
 
 /**
- * A class that's supposed to capture all the behavior common to operation on a "local" server. It's getting fairly
- * complicated thus the "section headers" comments. This class plays two roles,
- * <UL>
- * <LI>a place for putting common code - which are final methods. A parent class that is communicating with its own
- * unknown sub-classes. These are non-final methods
+ * A class that's supposed to capture all the behavior common to operation on a "local" server.
  *
  * @author Byron Nevins
  */
@@ -210,62 +205,45 @@ protected final String readFromMasterPasswordFile() {
     }
 
     protected final boolean verifyMasterPassword(String mpv) {
-        //issue : 14971, should ideally use javax.net.ssl.keyStore and
-        //javax.net.ssl.keyStoreType system props here but they are
-        //unavailable to asadmin start-domain hence falling back to
-        //cacerts.jks instead of keystore.jks. Since the truststore
-        //is less-likely to be Non-JKS
-
         return loadAndVerifyKeystore(getJKS(), mpv);
     }
 
     protected boolean loadAndVerifyKeystore(File jks, String mpv) {
-        FileInputStream fis = null;
         try {
-            fis = new FileInputStream(jks);
-            KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
-            ks.load(fis, mpv.toCharArray());
+            new KeyTool(jks, mpv.toCharArray()).loadKeyStore();
             return true;
         } catch (Exception e) {
-            if (logger.isLoggable(FINER)) {
-                logger.finer(e.getMessage());
-            }
+            logger.log(FINER, e.getMessage(), e);
             return false;
-        } finally {
-            try {
-                if (fis != null) {
-                    fis.close();
-                }
-            } catch (IOException ioe) {
-                // ignore, I know ...
-            }
         }
     }
 
     /**
-     * Get the master password, either from a password file or by asking the user.
+     * @return the master password, either from a password file or by asking the user.
      */
     protected final String getMasterPassword() throws CommandException {
         // Sets the password into the launcher info.
         // Yes, returning master password as a string is not right ...
-        final int RETRIES = 3;
-        long t0 = now();
+        final int countOfRetries = 3;
+        final long start = System.currentTimeMillis();
         String mpv = passwords.get(CLIConstants.MASTER_PASSWORD);
-        if (mpv == null) { //not specified in the password file
-            mpv = "changeit"; //optimization for the default case -- see 9592
+        if (mpv == null) {
+            // not specified in the password file
+            // optimization for the default case
+            mpv = "changeit";
             if (!verifyMasterPassword(mpv)) {
                 mpv = readFromMasterPasswordFile();
                 if (!verifyMasterPassword(mpv)) {
-                    mpv = retry(RETRIES);
+                    mpv = retry(countOfRetries);
                 }
             }
-        } else { // the passwordfile contains AS_ADMIN_MASTERPASSWORD, use it
+        } else {
+            // the passwordfile contains AS_ADMIN_MASTERPASSWORD, use it
             if (!verifyMasterPassword(mpv)) {
-                mpv = retry(RETRIES);
+                mpv = retry(countOfRetries);
             }
         }
-        long t1 = now();
-        logger.log(FINER, "Time spent in master password extraction: {0} msec", (t1 - t0)); //TODO
+        logger.log(FINER, "Time spent in master password extraction: {0} ms", (System.currentTimeMillis() - start));
         return mpv;
     }
 
@@ -481,9 +459,4 @@ private File getUniquePath(File f) {
         }
         return f;
     }
-
-    private long now() {
-        // it's just *so* ugly to call this directly!
-        return System.currentTimeMillis();
-    }
 }
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2022 Contributors to the Eclipse Foundation
+ * Copyright (c) 2022, 2025 Contributors to the Eclipse Foundation
  * Copyright (c) 2010, 2021 Oracle and/or its affiliates. All rights reserved.
  *
  * This program and the accompanying materials are made available under the
@@ -20,13 +20,10 @@
 import com.sun.enterprise.util.CULoggerInfo;
 import com.sun.enterprise.util.io.FileUtils;
 
-import java.io.BufferedInputStream;
 import java.io.Console;
 import java.io.File;
-import java.io.FileInputStream;
 import java.io.FileNotFoundException;
 import java.io.IOException;
-import java.io.InputStream;
 import java.nio.file.Path;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
@@ -36,9 +33,10 @@
 import java.util.logging.Logger;
 
 import org.glassfish.main.jdke.i18n.LocalStringsImpl;
+import org.glassfish.main.jdke.security.KeyTool;
 
-import static com.sun.enterprise.util.SystemPropertyConstants.CLIENT_TRUSTSTORE_PASSWORD_PROPERTY;
-import static com.sun.enterprise.util.SystemPropertyConstants.KEYSTORE_PROPERTY;
+import static org.glassfish.embeddable.GlassFishVariable.KEYSTORE_FILE;
+import static org.glassfish.embeddable.GlassFishVariable.TRUSTSTORE_PASSWORD;
 
 /**
  * Various utility methods related to certificate-based security.
@@ -111,16 +109,6 @@ public synchronized static AsadminSecurityUtil getInstance(final boolean isPromp
         return getInstance(null, isPromptable);
     }
 
-
-
-    /**
-     * @return the master password for the keystore and truststore, as set by the system property
-     * (defaulted if the property is not set).
-     */
-    public static char[] getAsadminTruststorePassword() {
-        return System.getProperty(CLIENT_TRUSTSTORE_PASSWORD_PROPERTY, "changeit").toCharArray();
-    }
-
     private AsadminSecurityUtil(final char[] commandLineMasterPassword, final boolean isPromptable) {
         try {
             init(commandLineMasterPassword, isPromptable);
@@ -178,10 +166,8 @@ private void init(final char[] commandLineMasterPassword, final boolean isPrompt
             }
         } catch (IOException ex) {
             if (ex.getCause() instanceof UnrecoverableKeyException) {
-                /*
-                 * The password did not allow access to the keystore.  Prompt
-                 * the user if possible.
-                 */
+                // The password did not allow access to the keystore.
+                // Prompt the user if possible.
                 if (!isPromptable) {
                     throw ex;
                 }
@@ -222,15 +208,11 @@ private AsadminTruststore openTruststore(final char[] password)
      */
     private KeyStore openKeystore(final char[] candidateMasterPassword)
         throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
-        final KeyStore permanentKS = KeyStore.getInstance("JKS");
-
-        try (InputStream keyStoreStream = asadminKeyStoreStream()) {
-            if (keyStoreStream == null) {
-                return null;
-            }
-            permanentKS.load(keyStoreStream, candidateMasterPassword);
-            return permanentKS;
+        final File keystoreFile = getAsadminKeyStoreFile();
+        if (keystoreFile == null) {
+            return null;
         }
+        return new KeyTool(keystoreFile, candidateMasterPassword).loadKeyStore();
     }
 
     /**
@@ -246,19 +228,19 @@ private char[] chooseMasterPassword(final char[] commandMasterPassword) {
     /**
      * Returns an open stream to the keystore.
      *
-     * @return stream to the keystore
+     * @return keystore file or null
      * @throws FileNotFoundException
      */
-    private InputStream asadminKeyStoreStream() throws FileNotFoundException {
-        String location = System.getProperty(KEYSTORE_PROPERTY);
+    private File getAsadminKeyStoreFile() throws FileNotFoundException {
+        String location = System.getProperty(KEYSTORE_FILE.getSystemPropertyName());
         if (location == null) {
             return null;
         }
-        return new BufferedInputStream(new FileInputStream(location));
+        return new File(location);
     }
 
     private char[] defaultMasterPassword() {
-        return System.getProperty(CLIENT_TRUSTSTORE_PASSWORD_PROPERTY, "changeit").toCharArray();
+        return System.getProperty(TRUSTSTORE_PASSWORD.getSystemPropertyName(), "changeit").toCharArray();
     }
 
 }