1 files changed, 37 insertions, 0 deletions

diff --git a/container-core/src/main/java/com/yahoo/jdisc/http/ssl/impl/JDiscSslContextFactory.java b/container-core/src/main/java/com/yahoo/jdisc/http/ssl/impl/JDiscSslContextFactory.java
new file mode 100644
index 00000000000..006a282e1e0
--- /dev/null
+++ b/container-core/src/main/java/com/yahoo/jdisc/http/ssl/impl/JDiscSslContextFactory.java
@@ -0,0 +1,37 @@
+// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.jdisc.http.ssl.impl;
+
+import org.eclipse.jetty.util.resource.Resource;
+import org.eclipse.jetty.util.security.CertificateUtils;
+import org.eclipse.jetty.util.ssl.SslContextFactory;
+
+import java.security.KeyStore;
+import java.util.Objects;
+
+/**
+ * A modified {@link SslContextFactory} that allows passwordless truststore in combination with password protected keystore.
+ *
+ * @author bjorncs
+ */
+class JDiscSslContextFactory extends SslContextFactory.Server {
+
+    private String trustStorePassword;
+
+    @Override
+    public void setTrustStorePassword(String password) {
+        super.setTrustStorePassword(password);
+        this.trustStorePassword = password;
+    }
+
+
+    // Overriden to stop Jetty from using the keystore password if no truststore password is specified.
+    @Override
+    protected KeyStore loadTrustStore(Resource resource) throws Exception {
+        return CertificateUtils.getKeyStore(
+                resource != null ? resource : getKeyStoreResource(),
+                Objects.toString(getTrustStoreType(), getKeyStoreType()),
+                Objects.toString(getTrustStoreProvider(), getKeyStoreProvider()),
+                trustStorePassword);
+    }
+
+}