feat: add --httpsKeyStoreType option to support custom keystore types (#465)

syedmqasim029 · MarkEWaite · olamy · web-flow · commit 84c818dbabbb · 2025-12-08T20:08:22.000+01:00
* feat: add --httpsKeyStoreType option to support custom keystore types - Added HTTPS_KEY_STORE_TYPE option definition - Modified AbstractSecuredConnectorFactory to use custom keystore type - Updated README with documentation Fixes #450 * remove .DS_Store files * test: add unit test for HTTPS_KEY_STORE_TYPE option * remove .DS_Store file from tracking --------- Co-authored-by: Mark Waite <mark.earl.waite@gmail.com> Co-authored-by: Olivier Lamy <olamy@apache.org>
diff --git a/README.md b/README.md
@@ -66,6 +66,8 @@ To run locally exploded web archive:
        --httpsKeepAliveTimeout  = how long idle HTTPS keep-alive connections are kept around (in ms; default 30000)?
        --httpsKeyStore          = the location of the SSL KeyStore file. Default is ./winstone.ks
        --httpsKeyStorePassword  = the password for the SSL KeyStore file. Default is null
+       --httpsKeyStoreType      = set the HTTPS keystore type (JKS, PKCS12, BCFKS, etc.). 
+                                  Default is the Java default keystore type.
        --httpsKeyManagerType    = the SSL KeyManagerFactory type (eg SunX509, IbmX509). Default is SunX509
        --httpsRedirectHttp      = redirect http requests to https (requires both --httpPort and --httpsPort)
        --http2Port              = set the http2 listening port. -1 to disable, Default is disabled
diff --git a/src/main/java/winstone/AbstractSecuredConnectorFactory.java b/src/main/java/winstone/AbstractSecuredConnectorFactory.java
@@ -47,7 +47,8 @@ protected void configureSsl(Map<String, String> args, Server server) throws IOEx
 
                 this.keystorePassword = pwd;
 
-                keystore = KeyStore.getInstance(KeyStore.getDefaultType());
+                String keyStoreType = Option.HTTPS_KEY_STORE_TYPE.get(args, KeyStore.getDefaultType());
+                keystore = KeyStore.getInstance(keyStoreType);
                 try (InputStream inputStream = new FileInputStream(keyStore)) {
                     keystore.load(inputStream, this.keystorePassword.toCharArray());
                 }
@@ -83,7 +84,8 @@ protected SslContextFactory.Server getSSLContext(Map<String, String> args) {
             KeyManagerFactory kmf = KeyManagerFactory.getInstance(Option.HTTPS_KEY_MANAGER_TYPE.get(args));
 
             // In case the KeyStore password and the KeyPassword are not the same,
-            // the KeyManagerFactory needs the KeyPassword because it will access the individual key(s)
+            // the KeyManagerFactory needs the KeyPassword because it will access the
+            // individual key(s)
             kmf.init(keystore, keystorePassword.toCharArray());
             Logger.log(Level.FINEST, SSL_RESOURCES, "HttpsListener.KeyCount", keystore.size() + "");
             for (Enumeration<String> e = keystore.aliases(); e.hasMoreElements(); ) {
diff --git a/src/main/java/winstone/cmdline/Option.java b/src/main/java/winstone/cmdline/Option.java
@@ -66,6 +66,7 @@ public static List<Option<?>> all(Class<?> clazz) {
             integer("https" + _KEEP_ALIVE_TIMEOUT, _KEEP_ALIVE_TIMEOUT.defaultValue);
     public static final OFile HTTPS_KEY_STORE = file("httpsKeyStore");
     public static final OString HTTPS_KEY_STORE_PASSWORD = string("httpsKeyStorePassword");
+    public static final OString HTTPS_KEY_STORE_TYPE = string("httpsKeyStoreType");
     public static final OString HTTPS_PRIVATE_KEY_PASSWORD = string("httpsPrivateKeyPassword");
     public static final OString HTTPS_KEY_MANAGER_TYPE = string("httpsKeyManagerType", "SunX509");
     public static final OString HTTPS_VERIFY_CLIENT = string("httpsVerifyClient", "false");
diff --git a/src/test/java/winstone/LauncherTest.java b/src/test/java/winstone/LauncherTest.java
@@ -12,12 +12,14 @@
 import java.net.http.HttpRequest;
 import java.net.http.HttpResponse;
 import java.nio.charset.StandardCharsets;
+import java.security.KeyStore;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.zip.GZIPInputStream;
 import org.eclipse.jetty.server.ServerConnector;
 import org.junit.jupiter.api.Test;
 import org.jvnet.hudson.test.Issue;
+import winstone.cmdline.Option;
 
 /**
  * @author Kohsuke Kawaguchi
@@ -121,4 +123,16 @@ void doubleGzip() throws Exception {
         assertFalse(response.headers().firstValue("Content-Encoding").isPresent());
         assertEquals(1345, response.body().length);
     }
+
+    @Test
+    void testHttpsKeyStoreTypeOption() {
+        Map<String, String> args = new HashMap<>();
+
+        String defaultType = Option.HTTPS_KEY_STORE_TYPE.get(args, KeyStore.getDefaultType());
+        assertEquals(KeyStore.getDefaultType(), defaultType);
+
+        args.put("httpsKeyStoreType", "PKCS12");
+        String customType = Option.HTTPS_KEY_STORE_TYPE.get(args, KeyStore.getDefaultType());
+        assertEquals("PKCS12", customType);
+    }
 }
