More KeyTool class usages

Signed-off-by: David Matějček <[email protected]>

Author: dmatej

appserver/itest-tools/src/main/java/org/glassfish/main/itest/tools/GlassFishTestEnvironment.java

@@ -55,6 +55,7 @@
 import org.glassfish.main.itest.tools.asadmin.Asadmin;
 import org.glassfish.main.itest.tools.asadmin.AsadminResult;
 import org.glassfish.main.itest.tools.asadmin.StartServ;
+import org.glassfish.main.jdke.security.KeyTool;
 
 import static java.net.http.HttpResponse.BodyHandlers.ofString;
 import static org.glassfish.embeddable.GlassFishVariable.JAVA_HOME;
@@ -81,7 +82,6 @@ public class GlassFishTestEnvironment {
 
     private static final File ASADMIN = findAsadmin();
     private static final File STARTSERV = findStartServ();
-    private static final File KEYTOOL = findKeyTool();
     private static final File JARSIGNER = findJarSigner();
     private static final File PASSWORD_FILE_FOR_UPDATE = findPasswordFile("password_update.txt");
     private static final File PASSWORD_FILE = findPasswordFile("password.txt");
@@ -150,11 +150,6 @@ public static StartServ getStartServInTopLevelBin() {
     }
 
 
-    public static KeyTool getKeyTool() {
-        return new KeyTool(KEYTOOL);
-    }
-
-
     public static JarSigner getJarSigner() {
         return new JarSigner(JARSIGNER);
     }
@@ -177,13 +172,21 @@ public static Path getDomain1Directory() {
 
     public static KeyStore getDomain1KeyStore() {
         Path keystore = getDomain1Directory().resolve(Paths.get("config", "keystore.jks"));
-        return KeyTool.loadKeyStore(keystore.toFile(), "changeit".toCharArray());
+        try {
+            return new KeyTool(keystore.toFile(), "changeit".toCharArray()).loadKeyStore();
+        } catch (IOException e) {
+            throw new IllegalStateException(e);
+        }
     }
 
 
     public static KeyStore getDomain1TrustStore() {
         Path cacerts = getDomain1Directory().resolve(Paths.get("config", "cacerts.jks"));
-        return KeyTool.loadKeyStore(cacerts.toFile(), "changeit".toCharArray());
+        try {
+            return new KeyTool(cacerts.toFile(), "changeit".toCharArray()).loadKeyStore();
+        } catch (IOException e) {
+            throw new IllegalStateException(e);
+        }
     }
 
 

appserver/itest-tools/src/main/java/org/glassfish/main/itest/tools/KeyTool.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2023, 2025 Contributors to the Eclipse Foundation
+ * Copyright (c) 2023, 2025 Contributors to the Eclipse Foundation.
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Public License v. 2.0, which is available at
@@ -36,9 +36,9 @@
 import javax.net.ssl.X509TrustManager;
 
 import org.glassfish.main.itest.tools.GlassFishTestEnvironment;
-import org.glassfish.main.itest.tools.KeyTool;
 import org.glassfish.main.itest.tools.TestUtilities;
 import org.glassfish.main.itest.tools.asadmin.Asadmin;
+import org.glassfish.main.jdke.security.KeyTool;
 import org.jboss.shrinkwrap.api.ShrinkWrap;
 import org.jboss.shrinkwrap.api.exporter.ZipExporter;
 import org.jboss.shrinkwrap.api.spec.JavaArchive;
@@ -63,34 +63,31 @@
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
 public class JmacHttpsTest {
-    private static final String MYKS_PASSWORD = UUID.randomUUID().toString();
+    private static final char[] MYKS_PASSWORD = UUID.randomUUID().toString().toCharArray();
 
     private static final Logger LOG = System.getLogger(JmacHttpsTest.class.getName());
 
     private static final String APP_NAME = "security-jmac-https";
     private static final String AUTH_MODULE_NAME = "httpsTestAuthModule";
 
     private static final Asadmin ASADMIN = GlassFishTestEnvironment.getAsadmin();
-    private static final KeyTool KEYTOOL = GlassFishTestEnvironment.getKeyTool();
 
     @TempDir
     private static File tempDir;
     private static File myKeyStore;
     private static File warFile;
     private static File loginModuleFile;
+    private static KeyTool myKeyStoreTool;
 
 
     @BeforeAll
     public static void prepareDeployment() throws Exception {
         myKeyStore = new File(tempDir, "httpstest.jks");
-        KEYTOOL.exec("-genkey", "-alias", "httpstest", "-keyalg", "RSA", "-dname",
-            "CN=HTTPSTEST,OU=Eclipse GlassFish Tests",
-            "-validity", "7", "-keypass", MYKS_PASSWORD, "-keystore", myKeyStore.getAbsolutePath(), "-storepass",
-            MYKS_PASSWORD);
+        myKeyStoreTool = new KeyTool(myKeyStore, MYKS_PASSWORD);
+        myKeyStoreTool.generateKeyPair("httpstest", "CN=HTTPSTEST,OU=Eclipse GlassFish Tests", "RSA", 7);
 
-        KEYTOOL.exec("-importkeystore", "-srckeystore", myKeyStore.getAbsolutePath(), "-srcstorepass", MYKS_PASSWORD,
-            "-destkeystore", GlassFishTestEnvironment.getDomain1Directory().resolve(Paths.get("config", "cacerts.jks"))
-                .toFile().getAbsolutePath(), "-deststorepass", "changeit");
+        File cacertsFile = getDomain1Directory().resolve(Paths.get("config", "cacerts.jks")).toFile();
+        myKeyStoreTool.copyCertificate("httpstest", cacertsFile, "changeit".toCharArray());
 
         // Default is false, required to set the client certificate to the context.
         ASADMIN.exec("set", "configs.config.server-config.network-config.protocols.protocol.http-listener-2.ssl.client-auth-enabled=true");
@@ -137,7 +134,7 @@ void test() throws Exception {
         HttpsURLConnection connection = openConnection(true, 8181, "/" + APP_NAME + "/index.jsp");
         SSLContext sslContext = SSLContext.getInstance("TLSv1.3");
         KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
-        keyManagerFactory.init(KeyTool.loadKeyStore(myKeyStore, MYKS_PASSWORD.toCharArray()), MYKS_PASSWORD.toCharArray());
+        keyManagerFactory.init(myKeyStoreTool.loadKeyStore(), MYKS_PASSWORD);
         sslContext.init(keyManagerFactory.getKeyManagers(), new TrustManager[] {new TestTrustManager()}, null);
         SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
         connection.setSSLSocketFactory(sslSocketFactory);

appserver/tests/application/src/test/java/org/glassfish/main/test/app/security/jmac/https/JmacHttpsTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2024 Contributors to the Eclipse Foundation.
+ * Copyright (c) 2024, 2025 Contributors to the Eclipse Foundation.
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Public License v. 2.0, which is available at
@@ -22,8 +22,8 @@
 
 import org.glassfish.main.itest.tools.GlassFishTestEnvironment;
 import org.glassfish.main.itest.tools.JarSigner;
-import org.glassfish.main.itest.tools.KeyTool;
 import org.glassfish.main.itest.tools.asadmin.Asadmin;
+import org.glassfish.main.jdke.security.KeyTool;
 import org.glassfish.main.test.app.signedear.api.ExampleRemote;
 import org.glassfish.main.test.app.signedear.impl.ExampleBean;
 import org.jboss.shrinkwrap.api.ShrinkWrap;
@@ -41,8 +41,8 @@
 /**
  * Integration test for deployment EAR application that contains signed
  * shared libraries and modules.
- *
- * <p>This integration test checks the correctness of the classloading
+ * <p>
+ * This integration test checks the correctness of the classloading
  * of generated classes.
  */
 public class SignedEarDeploymentTest {
@@ -54,22 +54,16 @@ public class SignedEarDeploymentTest {
     private static final String KEYSTORE_PASSWORD = UUID.randomUUID().toString();
 
     private static final Asadmin ASADMIN = GlassFishTestEnvironment.getAsadmin();
-    private static final KeyTool KEYTOOL = GlassFishTestEnvironment.getKeyTool();
     private static final JarSigner JARSIGNER = GlassFishTestEnvironment.getJarSigner();
 
     @TempDir
     private static File tempDir;
     private static File earFile;
 
     @BeforeAll
-    public static void prepareDeployment() {
+    public static void prepareDeployment() throws Exception {
         File keyStore = new File(tempDir, "signtest.jks");
-
-        // Generate a key pair (a public key and associated private key).
-        KEYTOOL.exec("-genkeypair", "-alias", "signtest", "-keyalg", "RSA", "-dname",
-            "CN=SIGNTEST, OU=Eclipse Glassfish Tests, O=Eclipse Foundation, L=Brussels, ST=Belgium, C=Belgium",
-            "-validity", "7", "-keypass", KEYSTORE_PASSWORD, "-keystore", keyStore.getAbsolutePath(),
-            "-storepass", KEYSTORE_PASSWORD);
+        new KeyTool(keyStore, KEYSTORE_PASSWORD.toCharArray()).generateKeyPair("signtest", "CN=SIGNTEST", "RSA", 7);
 
         // Create shared library.
         JavaArchive apiArchive = ShrinkWrap.create(JavaArchive.class)
@@ -83,8 +77,7 @@ public static void prepareDeployment() {
             "-keypass", KEYSTORE_PASSWORD, apiFile.getAbsolutePath(), "signtest");
 
         // Create EAR EJB module.
-        JavaArchive implArchive = ShrinkWrap.create(JavaArchive.class)
-            .addClass(ExampleBean.class);
+        JavaArchive implArchive = ShrinkWrap.create(JavaArchive.class).addClass(ExampleBean.class);
         File implFile = new File(tempDir, "impl.jar");
         implArchive.as(ZipExporter.class).exportTo(implFile);
         LOG.log(Level.INFO, implArchive.toString(true));

appserver/tests/application/src/test/java/org/glassfish/main/test/app/signedear/SignedEarDeploymentTest.java

@@ -27,7 +27,6 @@
 import com.sun.enterprise.admin.servermgmt.DomainException;
 import com.sun.enterprise.admin.servermgmt.DomainsManager;
 import com.sun.enterprise.admin.servermgmt.KeystoreManager;
-import com.sun.enterprise.admin.servermgmt.RepositoryManager;
 import com.sun.enterprise.admin.servermgmt.domain.DomainBuilder;
 import com.sun.enterprise.admin.servermgmt.pe.PEDomainsManager;
 import com.sun.enterprise.admin.util.CommandModelData.ParamModelData;
@@ -77,7 +76,7 @@ public final class CreateDomainCommand extends CLICommand {
     private static final String ADMIN_PORT = "adminport";
     private static final String ADMIN_PASSWORD = "password";
     private static final String MASTER_PASSWORD = "masterpassword";
-    private static final String DEFAULT_MASTER_PASSWORD = RepositoryManager.DEFAULT_MASTER_PASSWORD;
+    private static final String DEFAULT_MASTER_PASSWORD = KeystoreManager.DEFAULT_MASTER_PASSWORD;
     private static final String SAVE_MASTER_PASSWORD = "savemasterpassword";
     private static final String INSTANCE_PORT = "instanceport";
     private static final String DOMAIN_PROPERTIES = "domainproperties";