Use PKCS12 keystores.

etc/backend-service/pom.xml

@@ -79,7 +79,7 @@
                                 <resource>
                                     <directory>${project.basedir}/../resources</directory>
                                     <includes>
-                                        <include>wso2carbon.jks</include>
+                                        <include>wso2carbon.p12</include>
                                     </includes>
                                 </resource>
                             </resources>

etc/backend-service/src/main/org/wso2/sample/identity/backend/BackendApplication.java

@@ -37,7 +37,7 @@ public class BackendApplication {
     private static final Logger logger = LoggerFactory.getLogger(BookingService.class);
     private static final Properties properties = new Properties();
 
-    // Perform property loading and JKS setup
+    // Perform property loading and keystore setup
     static {
         final InputStream resourceAsStream =
                 BackendApplication.class.getClassLoader().getResourceAsStream("service.properties");
@@ -50,40 +50,41 @@ public class BackendApplication {
             throw new RuntimeException("Service start failed due to configuration loading failure", e);
         }
 
-        setupJKS();
+        setupKeystore();
     }
 
-    private static void setupJKS() {
-        // First find jks properties
-        final InputStream jksInputStream = BackendApplication.class.getClassLoader().getResourceAsStream("jks.properties");
+    private static void setupKeystore() {
+        // First find keystore properties
+        final InputStream keystoreInputStream = BackendApplication.class.getClassLoader()
+                .getResourceAsStream("keystore.properties");
 
-        if (jksInputStream == null) {
-            logger.error("jks.properties not found. Trust store properties will not be set.");
+        if (keystoreInputStream == null) {
+            logger.error("keystore.properties not found. Trust store properties will not be set.");
             return;
         }
 
         // Load properties
-        final Properties jksProperties = new Properties();
+        final Properties keystoreProperties = new Properties();
 
         try {
-            jksProperties.load(jksInputStream);
+            keystoreProperties.load(keystoreInputStream);
         } catch (IOException e) {
             logger.error("Error while loading properties.", e);
             return;
         }
 
-        // Find and store JKS required for SSL communication on a temporary location
-        final InputStream keyStoreAsStream = BackendApplication.class.getClassLoader().getResourceAsStream(jksProperties.getProperty("keystorename"));
+        // Find and store keystore required for SSL communication on a temporary location
+        final InputStream keyStoreAsStream = BackendApplication.class.getClassLoader().getResourceAsStream(keystoreProperties.getProperty("keystorename"));
 
         try {
-            final File keystoreTempFile = File.createTempFile(jksProperties.getProperty("keystorename"), "");
+            final File keystoreTempFile = File.createTempFile(keystoreProperties.getProperty("keystorename"), "");
             keystoreTempFile.deleteOnExit();
 
             Files.copy(keyStoreAsStream, keystoreTempFile.toPath(), StandardCopyOption.REPLACE_EXISTING);
 
             logger.info("Setting trust store path to : " + keystoreTempFile.getPath());
             System.setProperty("javax.net.ssl.trustStore", keystoreTempFile.getPath());
-            System.setProperty("javax.net.ssl.trustStorePassword", jksProperties.getProperty("keystorepassword"));
+            System.setProperty("javax.net.ssl.trustStorePassword", keystoreProperties.getProperty("keystorepassword"));
         } catch (IOException e) {
             logger.error("Error while setting trust store", e);
             throw new RuntimeException(e);

etc/backend-service/src/main/resources/jks.properties → etc/backend-service/src/main/resources/keystore.properties

@@ -1,2 +1,2 @@
-keystorename=wso2carbon.jks
+keystorename=wso2carbon.p12
 keystorepassword=wso2carbon

etc/pickup-sample-app/pickup-saml/src/main/webapp/WEB-INF/web.xml

@@ -41,7 +41,7 @@
     </context-param>
     <context-param>
         <param-name>certificate-file</param-name>
-        <param-value>wso2carbon.jks</param-value>
+        <param-value>wso2carbon.p12</param-value>
     </context-param>
 
 

identity-mgt/info-recovery-sample/README.txt

@@ -23,7 +23,7 @@ Specify the credentials to access Identity Server with admin privileges for "acc
 
 Specify the captcha validation enable or disable in the webApp using captchaDisable propery.
 
-Specify the trustStore absolute resource path for "trustStorePath". eg. path to wso2carbon.jks of the Identity Server
+Specify the trustStore absolute resource path for "trustStorePath". eg. path to wso2carbon.p12 of the Identity Server
 
 
 2. If you are deploying the sample in tomcat enable the SSL configuration in {tomcat_home}/conf/server.xml
@@ -32,7 +32,7 @@ Specify the trustStore absolute resource path for "trustStorePath". eg. path to
     <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
                maxThreads="150" scheme="https" secure="true"
                clientAuth="false" sslProtocol="TLS"
-               keystoreFile="<IS_HOME>/repository/resources/security/wso2carbon.jks" keystorePass="wso2carbon" />
+               keystoreFile="<IS_HOME>/repository/resources/security/wso2carbon.p12" keystorePass="wso2carbon" />
 
 3. Configure the email confirmation links.
 

identity-mgt/info-recovery-sample/pom.xml

@@ -107,12 +107,12 @@
                     <systemProperties>
                         <property>
                             <name>javax.net.ssl.keystore</name>
-                            <value>${basedir}/src/main/resources/keystores/client-truststore.jks
+                            <value>${basedir}/src/main/resources/keystores/client-truststore.p12
                             </value>
                         </property>
                         <property>
                             <name>javax.net.ssl.trustStoreType</name>
-                            <value>JKS</value>
+                            <value>PKCS12</value>
                         </property>
                         <property>
                             <name>javax.net.ssl.trustStorePassword</name>

identity-mgt/info-recovery-sample/src/main/webapp/WEB-INF/web.xml

@@ -245,7 +245,7 @@
     </context-param>
     <context-param>
         <param-name>trustStorePath</param-name>
-        <param-value>/client-truststore.jks</param-value>
+        <param-value>/client-truststore.p12</param-value>
     </context-param>
     <context-param>
         <param-name>accessUsername</param-name>

microprofile/microprofile-jwt/src/main/liberty/config/server.xml

@@ -17,6 +17,6 @@
            audiences="li6JMbjW6WDMKTWsRnGcjp5zcGhi"
            ignoreApplicationAuthMethod="false">
     </mpJwt>
-    <keyStore id="defaultKeyStore" location="${CARBON_HOME}/repository/resources/security/wso2carbon.jks"
+    <keyStore id="defaultKeyStore" location="${CARBON_HOME}/repository/resources/security/wso2carbon.p12"
               type="JKS" password="wso2carbon" />
 </server>

oauth/oauth10a-resource-owner-equivalent/src/main/java/org/wso2/carbon/identity/samples/oauth/Main.java

@@ -78,10 +78,10 @@ public static void main(String[] args) {
             /**
              * Call to Identity Server uses HTTPS protocol.
              * Therefore we to validate the server certificate. The server certificate is looked up in the
-             * trust store. Following code sets what trust-store to look for and its JKs password.
+             * trust store. Following code sets what trust-store to look for and its PKCS12 password.
              * Note : The trust store should have server's certificate.
              */
-            System.setProperty("javax.net.ssl.trustStore",   new File("src/main/resources/wso2carbon.jks").getAbsolutePath());
+            System.setProperty("javax.net.ssl.trustStore",   new File("src/main/resources/wso2carbon.p12").getAbsolutePath());
             System.setProperty("javax.net.ssl.trustStorePassword", "wso2carbon");
 
             client = new OAuthServiceClient(IDENTITY_SERVER , configContext, ADMIN_USER_NAME, ADMIN_PASSWORD);

oidc-uma-samples/photo-edit/src/main/resources/jks.properties → oidc-uma-samples/photo-edit/src/main/resources/keystore.properties

@@ -1,2 +1,2 @@
-keystorename=wso2carbon.jks
+keystorename=wso2carbon.p12
 keystorepassword=wso2carbon

oidc-uma-samples/photo-view/src/main/resources/jks.properties → oidc-uma-samples/photo-view/src/main/resources/keystore.properties

@@ -1,2 +1,2 @@
-keystorename=wso2carbon.jks
+keystorename=wso2carbon.p12
 keystorepassword=wso2carbon

scim/scim-provisioning/src/main/java/org/wso2/scim/sample/utils/SCIMSamplesUtils.java

@@ -34,7 +34,7 @@ public class SCIMSamplesUtils {
     public static final String IS_HOME = ".." + File.separator + ".." + File.separator;
 
     public static final String TRUST_STORE_PATH = IS_HOME + "repository" + File.separator + "resources" +
-                                                  File.separator + "security" + File.separator + "wso2carbon.jks";
+                                                  File.separator + "security" + File.separator + "wso2carbon.p12";
 
     public static final String TRUST_STORE_PASS = "wso2carbon";
 

sso-samples/oidc-sso-sample/pickup-dispatch/pom.xml

@@ -53,7 +53,7 @@
         </dependency>
         <dependency>
             <groupId>org.wso2.samples.is</groupId>
-            <artifactId>oidc-jks-loader</artifactId>
+            <artifactId>oidc-keystore-loader</artifactId>
             <version>${project.version}</version>
         </dependency>
         <dependency>

sso-samples/oidc-sso-sample/pickup-dispatch/src/main/resources/jks.properties → sso-samples/oidc-sso-sample/pickup-dispatch/src/main/resources/keystore.properties

@@ -1,2 +1,2 @@
-keystorename=wso2carbon.jks
+keystorename=wso2carbon.p12
 keystorepassword=wso2carbon

sso-samples/oidc-sso-sample/pickup-dispatch/src/main/webapp/WEB-INF/web.xml

@@ -60,7 +60,7 @@
     </filter-mapping>
 
     <listener>
-        <listener-class>org.wso2.sample.identity.jks.JKSLoader</listener-class>
+        <listener-class>org.wso2.sample.identity.KeystoreLoader</listener-class>
     </listener>
     <listener>
         <listener-class>org.wso2.sample.identity.oauth2.SampleContextEventListener</listener-class>

sso-samples/oidc-sso-sample/pickup-manager/pom.xml

@@ -58,7 +58,7 @@
         </dependency>
         <dependency>
             <groupId>org.wso2.samples.is</groupId>
-            <artifactId>oidc-jks-loader</artifactId>
+            <artifactId>oidc-keystore-loader</artifactId>
             <version>${project.version}</version>
         </dependency>
         <dependency>

sso-samples/oidc-sso-sample/pickup-manager/src/main/resources/keystore.properties

@@ -0,0 +1,2 @@
+keystorename=wso2carbon.12
+keystorepassword=wso2carbon

sso-samples/saml2-sso-sample/saml2-web-app-pickup-dispatch/src/main/webapp/WEB-INF/web.xml

@@ -57,7 +57,7 @@
     </context-param>
     <context-param>
         <param-name>certificate-file</param-name>
-        <param-value>wso2carbon.jks</param-value>
+        <param-value>wso2carbon.p12</param-value>
     </context-param>
 
     <listener>

sso-samples/saml2-sso-sample/saml2-web-app-pickup-manager/src/main/webapp/WEB-INF/web.xml

@@ -57,7 +57,7 @@
     </context-param>
     <context-param>
         <param-name>certificate-file</param-name>
-        <param-value>wso2carbon.jks</param-value>
+        <param-value>wso2carbon.p12</param-value>
     </context-param>
 
     <listener>

sso/sso-agent-sample/src/main/java/org/wso2/sample/is/sso/agent/SampleContextEventListener.java

@@ -56,7 +56,7 @@ public void contextInitialized(ServletContextEvent servletContextEvent) {
                 }
             }
             InputStream keyStoreInputStream = servletContextEvent.getServletContext().
-                    getResourceAsStream("/WEB-INF/classes/wso2carbon.jks");
+                    getResourceAsStream("/WEB-INF/classes/wso2carbon.p12");
             SSOAgentX509Credential credential =
                     new SSOAgentX509KeyStoreCredential(keyStoreInputStream,
                             properties.getProperty("KeyStorePassword").toCharArray(),

sts/sts-client/src/main/java/org/wso2/carbon/identity/samples/sts/Client.java

@@ -354,7 +354,7 @@ private RampartConfig buildRampartConfig() {
 
 		Properties cryptoProperties = new Properties();
 		cryptoProperties.put(
-				"org.apache.ws.security.crypto.merlin.keystore.type", "JKS");
+				"org.apache.ws.security.crypto.merlin.keystore.type", "PKCS12");
 		cryptoProperties.put("org.apache.ws.security.crypto.merlin.file",
 				keystorePath);
 		cryptoProperties.put(

sts/sts-client/src/main/resources/client.properties

@@ -15,7 +15,7 @@ claim.uris=http://wso2.org/claims/givenname,http://wso2.org/claims/emailaddress
 relyingParty.message=Hello World
 
 #Following paths start from the resources folder
-path.keystore=keystore/wso2carbon.jks
+path.keystore=keystore/wso2carbon.P12
 path.repo=repo
 path.policy.sts=sts-policy-ut.xml
 #path.policy.sts=sts-policy-signonly.xml

user-mgt/remote-user-mgt/client.properties

@@ -5,5 +5,5 @@ remote.server.url=https://localhost:9443/services/
 user.name=admin
 user.password=admin
 
-truststore.path=keystore/client-truststore.jks
+truststore.path=keystore/client-truststore.P12
 truststore.password=wso2carbon

xacml/kmarket-trading-sample/src/main/java/org/wso2/carbon/identity/samples/entitlement/kmarket/trading/WSO2IdentityAgent.java

@@ -104,7 +104,7 @@ public WSO2IdentityAgent(Properties properties) {
             try{
                 trustStore =  (new File(".")).getCanonicalPath() + File.separator +
                                                  "src" + File.separator + "main" + File.separator +
-                                                 "resources" + File.separator + "wso2carbon.jks";
+                                                 "resources" + File.separator + "wso2carbon.P12";
             } catch (IOException e) {
                 e.printStackTrace(); 
             }
@@ -119,7 +119,7 @@ public WSO2IdentityAgent(Properties properties) {
          * Call to https://localhost:9443/services/   uses HTTPS protocol.
          * Therefore we to validate the server certificate or CA chain. The server certificate is looked up in the
          * trust store.
-         * Following code sets what trust-store to look for and its JKs password.
+         * Following code sets what trust-store to look for and its PKCS12 password.
          */
         System.setProperty("javax.net.ssl.trustStore",  trustStore );