Update keystore/truststore extension to PKCS

components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/test/resources/repository/conf/carbon.xml

@@ -363,9 +363,9 @@
         -->
         <KeyStore>
             <!-- Keystore file location-->
-            <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
-            <!-- Keystore type (JKS/PKCS12 etc.)-->
-            <Type>JKS</Type>
+            <Location>${carbon.home}/repository/resources/security/wso2carbon.p12</Location>
+            <!-- Keystore type (PKCS12/PKCS12 etc.)-->
+            <Type>PKCS12</Type>
             <!-- Keystore password-->
             <Password>wso2carbon</Password>
             <!-- Private Key alias-->
@@ -380,9 +380,9 @@
         -->
         <TrustStore>
             <!-- trust-store file location -->
-            <Location>${carbon.home}/repository/resources/security/client-truststore.jks</Location>
-            <!-- trust-store type (JKS/PKCS12 etc.) -->
-            <Type>JKS</Type>
+            <Location>${carbon.home}/repository/resources/security/client-truststore.p12</Location>
+            <!-- trust-store type (PKCS12/PKCS12 etc.) -->
+            <Type>PKCS12</Type>
             <!-- trust-store password -->
             <Password>wso2carbon</Password>
         </TrustStore>

components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/src/test/resources/repository/conf/identity/identity.xml

@@ -359,7 +359,7 @@
             <ReceivePort>${Ports.ThriftEntitlementReceivePort}</ReceivePort>
             <ClientTimeout>10000</ClientTimeout>
             <KeyStore>
-                <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
+                <Location>${carbon.home}/repository/resources/security/wso2carbon.p12</Location>
                 <Password>wso2carbon</Password>
             </KeyStore>
             <!-- Enable this element to mention the host-name of your IS machine -->

components/application-mgt/org.wso2.carbon.identity.application.mgt/src/test/resources/repository/conf/carbon.xml

@@ -361,9 +361,9 @@
         -->
         <KeyStore>
             <!-- Keystore file location-->
-            <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
-            <!-- Keystore type (JKS/PKCS12 etc.)-->
-            <Type>JKS</Type>
+            <Location>${carbon.home}/repository/resources/security/wso2carbon.p12</Location>
+            <!-- Keystore type (PKCS12/PKCS12 etc.)-->
+            <Type>PKCS12</Type>
             <!-- Keystore password-->
             <Password>wso2carbon</Password>
             <!-- Private Key alias-->
@@ -378,9 +378,9 @@
         -->
         <TrustStore>
             <!-- trust-store file location -->
-            <Location>${carbon.home}/repository/resources/security/client-truststore.jks</Location>
-            <!-- trust-store type (JKS/PKCS12 etc.) -->
-            <Type>JKS</Type>
+            <Location>${carbon.home}/repository/resources/security/client-truststore.p12</Location>
+            <!-- trust-store type (PKCS12/PKCS12 etc.) -->
+            <Type>PKCS12</Type>
             <!-- trust-store password -->
             <Password>wso2carbon</Password>
         </TrustStore>

components/application-mgt/org.wso2.carbon.identity.application.mgt/src/test/resources/repository/conf/identity/identity.xml

@@ -506,7 +506,7 @@
             <ReceivePort>${Ports.ThriftEntitlementReceivePort}</ReceivePort>
             <ClientTimeout>10000</ClientTimeout>
             <KeyStore>
-                <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
+                <Location>${carbon.home}/repository/resources/security/wso2carbon.p12</Location>
                 <Password>wso2carbon</Password>
             </KeyStore>
             <!-- Enable this element to mention the host-name of your IS machine -->

components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint.util/src/main/java/org/wso2/carbon/identity/application/authentication/endpoint/util/MutualSSLManager.java

@@ -25,6 +25,7 @@
 import org.apache.http.conn.ssl.AllowAllHostnameVerifier;
 import org.wso2.carbon.identity.core.util.IdentityUtil;
 import org.wso2.carbon.utils.CustomHostNameVerifier;
+import org.wso2.carbon.utils.security.KeystoreUtils;
 import org.wso2.securevault.SecretResolver;
 import org.wso2.securevault.SecretResolverFactory;
 import org.wso2.securevault.commons.MiscellaneousUtil;
@@ -71,11 +72,11 @@ public class MutualSSLManager {
     /**
      * Default keystore type of the client
      */
-    private static final String keyStoreType = "JKS";
+    private static final String keyStoreType = KeystoreUtils.getKeyStoreFileExtension();
     /**
      * Default truststore type of the client
      */
-    private static final String trustStoreType = "JKS";
+    private static final String trustStoreType = KeystoreUtils.getTrustStoreFileExtension();
     /**
      * Default keymanager type of the client
      */
@@ -300,7 +301,7 @@ private static boolean isSecuredPropertyAvailable(Properties properties) {
     }
 
     /**
-     * Load key store with given keystore.jks
+     * Load key store with given keystore file.
      *
      * @param keyStorePath     Path to keystore
      * @param keyStorePassword Password of keystore
@@ -321,7 +322,7 @@ public static void loadKeyStore(String keyStorePath, String keyStorePassword)
     }
 
     /**
-     * Load trust store with given .jks file
+     * Load trust store with given truststore file
      *
      * @param trustStorePath     Path to truststore
      * @param trustStorePassword Password of truststore

components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint.util/src/main/java/org/wso2/carbon/identity/application/authentication/endpoint/util/TenantMgtAdminServiceClient.java

@@ -21,6 +21,7 @@
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.utils.security.KeystoreUtils;
 
 import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.HttpsURLConnection;
@@ -63,11 +64,11 @@ public class TenantMgtAdminServiceClient {
     /**
      * Default keystore type of the client
      */
-    private static String keyStoreType = "JKS";
+    private static String keyStoreType = KeystoreUtils.getKeyStoreFileExtension();
     /**
      * Default truststore type of the client
      */
-    private static String trustStoreType = "JKS";
+    private static String trustStoreType = KeystoreUtils.getTrustStoreFileExtension();
     /**
      * Default keymanager type of the client
      */
@@ -91,7 +92,7 @@ private TenantMgtAdminServiceClient() {
     }
 
     /**
-     * Load key store with given keystore.jks
+     * Load key store with given keystore file.
      *
      * @param keyStorePath     Path to keystore
      * @param keyStorePassword Password of keystore
@@ -119,7 +120,7 @@ public static void loadKeyStore(String keyStorePath, String keyStorePassword)
     }
 
     /**
-     * Load trust store with given .jks file
+     * Load trust store with given truststore file
      *
      * @param trustStorePath     Path to truststore
      * @param trustStorePassword Password of truststore

components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint.util/src/test/java/org/wso2/carbon/identity/application/authentication/endpoint/util/MutualSSLManagerTest.java

@@ -37,8 +37,8 @@
 @PowerMockIgnore("org.mockito.*")
 public class MutualSSLManagerTest extends PowerMockTestCase {
 
-    private String clientKeyStore = "./repository/resources/security/wso2carbon.jks";
-    private String clientTrustStore = "./repository/resources/security/client-truststore.jks";
+    private String clientKeyStore = "./repository/resources/security/wso2carbon.p12";
+    private String clientTrustStore = "./repository/resources/security/client-truststore.p12";
     private String endpointConfigFileName = "./repository/conf/identity/EndpointConfig.properties";
     private String endpointConfigFileName1 = "./repository/conf/identity/EndpointConfig1.properties";
     private String endpointConfigFileName2 = "./repository/conf/identity/EndpointConfig2.properties";

components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint.util/src/test/resources/repository/conf/carbon.xml

@@ -363,9 +363,9 @@
         -->
         <KeyStore>
             <!-- Keystore file location-->
-            <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
-            <!-- Keystore type (JKS/PKCS12 etc.)-->
-            <Type>JKS</Type>
+            <Location>${carbon.home}/repository/resources/security/wso2carbon.p12</Location>
+            <!-- Keystore type (PKCS12/PKCS12 etc.)-->
+            <Type>PKCS12</Type>
             <!-- Keystore password-->
             <Password>wso2carbon</Password>
             <!-- Private Key alias-->
@@ -380,9 +380,9 @@
         -->
         <TrustStore>
             <!-- trust-store file location -->
-            <Location>${carbon.home}/repository/resources/security/client-truststore.jks</Location>
-            <!-- trust-store type (JKS/PKCS12 etc.) -->
-            <Type>JKS</Type>
+            <Location>${carbon.home}/repository/resources/security/client-truststore.p12</Location>
+            <!-- trust-store type (PKCS12/PKCS12 etc.) -->
+            <Type>PKCS12</Type>
             <!-- trust-store password -->
             <Password>wso2carbon</Password>
         </TrustStore>

components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint.util/src/test/resources/repository/conf/identity/EndpointConfig.properties

@@ -19,9 +19,9 @@ tenantListEnabled=false
 mutualSSLManagerEnabled=false
 hostname.verification.enabled=true
 mutual.ssl.username=admin
-client.keyStore=./repository/resources/security/wso2carbon.jks
+client.keyStore=./repository/resources/security/wso2carbon.p12
 Carbon.Security.KeyStore.Password=wso2carbon
-client.trustStore=./repository/resources/security/client-truststore.jks
+client.trustStore=./repository/resources/security/client-truststore.p12
 Carbon.Security.TrustStore.Password=wso2carbon
 #identity.server.serviceURL=https://localhost:9443/services/
 username.header=UserName

components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint.util/src/test/resources/repository/conf/identity/EndpointConfig1.properties

@@ -19,9 +19,9 @@ tenantListEnabled=false
 mutualSSLManagerEnabled=true
 hostname.verification.enabled=true
 mutual.ssl.username=admin
-client.keyStore=./repository/resources/security/wso2carbon.jks
+client.keyStore=./repository/resources/security/wso2carbon.p12
 Carbon.Security.KeyStore.Password=wso2carbon
-client.trustStore=./repository/resources/security/client-truststore.jks
+client.trustStore=./repository/resources/security/client-truststore.p12
 Carbon.Security.TrustStore.Password=wso2carbon
 #identity.server.serviceURL=https://localhost:9443/services/
 username.header=UserName

components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint.util/src/test/resources/repository/conf/identity/EndpointConfig2.properties

@@ -18,9 +18,9 @@
 tenantListEnabled=false
 hostname.verification.enabled=true
 mutual.ssl.username=admin
-client.keyStore=./repository/resources/security/wso2carbon.jks
+client.keyStore=./repository/resources/security/wso2carbon.p12
 Carbon.Security.KeyStore.Password=wso2carbon
-client.trustStore=./repository/resources/security/client-truststore.jks
+client.trustStore=./repository/resources/security/client-truststore.p12
 Carbon.Security.TrustStore.Password=wso2carbon
 #identity.server.serviceURL=https://localhost:9443/services/
 username.header=UserName

components/authentication-framework/org.wso2.carbon.identity.application.authentication.endpoint.util/src/test/resources/repository/conf/identity/identity.xml

@@ -359,7 +359,7 @@
             <ReceivePort>${Ports.ThriftEntitlementReceivePort}</ReceivePort>
             <ClientTimeout>10000</ClientTimeout>
             <KeyStore>
-                <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
+                <Location>${carbon.home}/repository/resources/security/wso2carbon.p12</Location>
                 <Password>wso2carbon</Password>
             </KeyStore>
             <!-- Enable this element to mention the host-name of your IS machine -->

components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/resources/org/wso2/carbon/identity/application/authentication/framework/config/builder/application-authentication-multi-chain.xml

@@ -96,7 +96,7 @@
         </AuthenticatorConfig>
         <AuthenticatorConfig name="OpenIDAuthenticator" enabled="true">
             <Parameter name="LoginPage">/authenticationendpoint/login.do</Parameter>
-            <Parameter name="TrustStorePath">/repository/resources/security/client-truststore.jks</Parameter>
+            <Parameter name="TrustStorePath">/repository/resources/security/client-truststore.p12</Parameter>
             <Parameter name="TrustStorePassword">wso2carbon</Parameter>
             <!--Parameter name="OpenIDManager">org.wso2.carbon.identity.application.authenticator.openid.manager.DefaultOpenIDManager</Parameter>
             <Parameter name="AttributesRequestor">org.wso2.carbon.identity.application.authenticator.openid.manager.SampleAttributesRequestor</Parameter-->

components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/resources/org/wso2/carbon/identity/application/authentication/framework/config/builder/application-authentication-multi-step-1.xml

@@ -96,7 +96,7 @@
         </AuthenticatorConfig>
         <AuthenticatorConfig name="OpenIDAuthenticator" enabled="true">
             <Parameter name="LoginPage">/authenticationendpoint/login.do</Parameter>
-            <Parameter name="TrustStorePath">/repository/resources/security/client-truststore.jks</Parameter>
+            <Parameter name="TrustStorePath">/repository/resources/security/client-truststore.p12</Parameter>
             <Parameter name="TrustStorePassword">wso2carbon</Parameter>
             <!--Parameter name="OpenIDManager">org.wso2.carbon.identity.application.authenticator.openid.manager.DefaultOpenIDManager</Parameter>
             <Parameter name="AttributesRequestor">org.wso2.carbon.identity.application.authenticator.openid.manager.SampleAttributesRequestor</Parameter-->

components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/resources/org/wso2/carbon/identity/application/authentication/framework/handler/sequence/impl/application-authentication-GraphStepHandlerTest.xml

@@ -96,7 +96,7 @@
         </AuthenticatorConfig>
         <AuthenticatorConfig name="OpenIDAuthenticator" enabled="true">
             <Parameter name="LoginPage">/authenticationendpoint/login.do</Parameter>
-            <Parameter name="TrustStorePath">/repository/resources/security/client-truststore.jks</Parameter>
+            <Parameter name="TrustStorePath">/repository/resources/security/client-truststore.p12</Parameter>
             <Parameter name="TrustStorePassword">wso2carbon</Parameter>
             <!--Parameter name="OpenIDManager">org.wso2.carbon.identity.application.authenticator.openid.manager.DefaultOpenIDManager</Parameter>
             <Parameter name="AttributesRequestor">org.wso2.carbon.identity.application.authenticator.openid.manager.SampleAttributesRequestor</Parameter-->

components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/resources/org/wso2/carbon/identity/application/authentication/framework/handler/step/impl/application-authentication-AdaptiveStepHandlerTest.xml

@@ -96,7 +96,7 @@
         </AuthenticatorConfig>
         <AuthenticatorConfig name="OpenIDAuthenticator" enabled="true">
             <Parameter name="LoginPage">/authenticationendpoint/login.do</Parameter>
-            <Parameter name="TrustStorePath">/repository/resources/security/client-truststore.jks</Parameter>
+            <Parameter name="TrustStorePath">/repository/resources/security/client-truststore.p12</Parameter>
             <Parameter name="TrustStorePassword">wso2carbon</Parameter>
             <!--Parameter name="OpenIDManager">org.wso2.carbon.identity.application.authenticator.openid.manager.DefaultOpenIDManager</Parameter>
             <Parameter name="AttributesRequestor">org.wso2.carbon.identity.application.authenticator.openid.manager.SampleAttributesRequestor</Parameter-->

components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/resources/org/wso2/carbon/identity/application/authentication/framework/internal/impl/identity-xml-test1.xml

@@ -366,7 +366,7 @@
             <ReceivePort>${Ports.ThriftEntitlementReceivePort}</ReceivePort>
             <ClientTimeout>10000</ClientTimeout>
             <KeyStore>
-                <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
+                <Location>${carbon.home}/repository/resources/security/wso2carbon.p12</Location>
                 <Password>wso2carbon</Password>
             </KeyStore>
             <!-- Enable this element to mention the host-name of your IS machine -->

components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/resources/repository/conf/carbon.xml

@@ -361,9 +361,9 @@
         -->
         <KeyStore>
             <!-- Keystore file location-->
-            <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
-            <!-- Keystore type (JKS/PKCS12 etc.)-->
-            <Type>JKS</Type>
+            <Location>${carbon.home}/repository/resources/security/wso2carbon.p12</Location>
+            <!-- Keystore type (PKCS12/PKCS12 etc.)-->
+            <Type>PKCS12</Type>
             <!-- Keystore password-->
             <Password>wso2carbon</Password>
             <!-- Private Key alias-->
@@ -378,9 +378,9 @@
         -->
         <TrustStore>
             <!-- trust-store file location -->
-            <Location>${carbon.home}/repository/resources/security/client-truststore.jks</Location>
-            <!-- trust-store type (JKS/PKCS12 etc.) -->
-            <Type>JKS</Type>
+            <Location>${carbon.home}/repository/resources/security/client-truststore.p12</Location>
+            <!-- trust-store type (PKCS12/PKCS12 etc.) -->
+            <Type>PKCS12</Type>
             <!-- trust-store password -->
             <Password>wso2carbon</Password>
         </TrustStore>

components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/resources/repository/conf/identity/identity.xml

@@ -510,7 +510,7 @@
             <ReceivePort>${Ports.ThriftEntitlementReceivePort}</ReceivePort>
             <ClientTimeout>10000</ClientTimeout>
             <KeyStore>
-                <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
+                <Location>${carbon.home}/repository/resources/security/wso2carbon.p12</Location>
                 <Password>wso2carbon</Password>
             </KeyStore>
             <!-- Enable this element to mention the host-name of your IS machine -->

components/claim-mgt/org.wso2.carbon.identity.claim.metadata.mgt/src/test/resources/repository/conf/carbon.xml

@@ -361,9 +361,9 @@
         -->
         <KeyStore>
             <!-- Keystore file location-->
-            <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
-            <!-- Keystore type (JKS/PKCS12 etc.)-->
-            <Type>JKS</Type>
+            <Location>${carbon.home}/repository/resources/security/wso2carbon.p12</Location>
+            <!-- Keystore type (PKCS12/PKCS12 etc.)-->
+            <Type>PKCS12</Type>
             <!-- Keystore password-->
             <Password>wso2carbon</Password>
             <!-- Private Key alias-->
@@ -378,9 +378,9 @@
         -->
         <TrustStore>
             <!-- trust-store file location -->
-            <Location>${carbon.home}/repository/resources/security/client-truststore.jks</Location>
-            <!-- trust-store type (JKS/PKCS12 etc.) -->
-            <Type>JKS</Type>
+            <Location>${carbon.home}/repository/resources/security/client-truststore.p12</Location>
+            <!-- trust-store type (PKCS12/PKCS12 etc.) -->
+            <Type>PKCS12</Type>
             <!-- trust-store password -->
             <Password>wso2carbon</Password>
         </TrustStore>

components/claim-mgt/org.wso2.carbon.identity.claim.metadata.mgt/src/test/resources/repository/conf/identity/identity.xml

@@ -510,7 +510,7 @@
             <ReceivePort>${Ports.ThriftEntitlementReceivePort}</ReceivePort>
             <ClientTimeout>10000</ClientTimeout>
             <KeyStore>
-                <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
+                <Location>${carbon.home}/repository/resources/security/wso2carbon.p12</Location>
                 <Password>wso2carbon</Password>
             </KeyStore>
             <!-- Enable this element to mention the host-name of your IS machine -->

components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/CertificateRetriever.java

@@ -26,7 +26,7 @@
 /**
  * Service contract for retrieving certificates for a given certificate identifier.
  * Implementations of this interface is responsible for retrieving the certificate
- * from the relevant store. e.g. JKS file, database
+ * from the relevant store. e.g. PKCS12 file, database
  */
 public interface CertificateRetriever {
 

components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/KeyStoreCertificateRetriever.java

@@ -24,12 +24,13 @@
 import org.wso2.carbon.core.util.KeyStoreManager;
 import org.wso2.carbon.user.api.Tenant;
 import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
+import org.wso2.carbon.utils.security.KeystoreUtils;
 
 import java.security.KeyStore;
 import java.security.cert.X509Certificate;
 
 /**
- * The Keystore file (JKS) based implementation of @{@link CertificateRetriever}
+ * The Keystore file (PKCS12) based implementation of @{@link CertificateRetriever}
  */
 public class KeyStoreCertificateRetriever implements CertificateRetriever {
 
@@ -75,6 +76,6 @@ public X509Certificate getCertificate(String certificateId, Tenant tenant) throw
 
     private String getKeyStoreName(String tenantDomain) {
         String keyStoreName = tenantDomain.trim().replace(".", "-");
-        return keyStoreName + ".jks";
+        return keyStoreName + KeystoreUtils.getKeyStoreFileExtension();
     }
 }

components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/internal/DefaultKeystoreManagerExtension.java

@@ -24,6 +24,7 @@
 import org.wso2.carbon.identity.core.KeyStoreManagerExtension;
 import org.wso2.carbon.user.api.UserStoreException;
 import org.wso2.carbon.user.core.service.RealmService;
+import org.wso2.carbon.utils.security.KeystoreUtils;
 
 import java.security.PrivateKey;
 import java.security.cert.Certificate;
@@ -52,9 +53,9 @@ public PrivateKey getPrivateKey(String tenantDomain) throws IdentityException {
             if (!tenantDomain.equals(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) {
                 // derive key store name
                 String ksName = tenantDomain.trim().replace(".", "-");
-                // derive JKS name
-                String jksName = ksName + ".jks";
-                privateKey = (PrivateKey) keyStoreManager.getPrivateKey(jksName, tenantDomain);
+                // derive PKCS12 name
+                String PKCS12Name = ksName + KeystoreUtils.getKeyStoreFileExtension();
+                privateKey = (PrivateKey) keyStoreManager.getPrivateKey(PKCS12Name, tenantDomain);
 
             } else {
                 privateKey = keyStoreManager.getDefaultPrivateKey();