Fix default key store type for JDK PKCS setup

Fix default key/trust store
type which is `JKS` but not `PKCS12`

Signed-off-by: Andrey Pleskach <[email protected]>

src/main/java/org/opensearch/security/ssl/config/SslCertificatesLoader.java

@@ -14,7 +14,6 @@
 import java.nio.file.Files;
 import java.nio.file.LinkOption;
 import java.nio.file.Path;
-import java.security.KeyStore;
 
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
@@ -27,6 +26,7 @@
 
 import static org.opensearch.security.ssl.SecureSSLSettings.SECURE_SUFFIX;
 import static org.opensearch.security.ssl.util.SSLConfigConstants.DEFAULT_STORE_PASSWORD;
+import static org.opensearch.security.ssl.util.SSLConfigConstants.DEFAULT_STORE_TYPE;
 import static org.opensearch.security.ssl.util.SSLConfigConstants.KEYSTORE_ALIAS;
 import static org.opensearch.security.ssl.util.SSLConfigConstants.KEYSTORE_FILEPATH;
 import static org.opensearch.security.ssl.util.SSLConfigConstants.KEYSTORE_KEY_PASSWORD;
@@ -123,7 +123,7 @@ private KeyStoreConfiguration.JdkKeyStoreConfiguration buildJdkKeyStoreConfigura
     ) {
         return new KeyStoreConfiguration.JdkKeyStoreConfiguration(
             resolvePath(environment.settings().get(sslConfigSuffix + KEYSTORE_FILEPATH), environment),
-            environment.settings().get(sslConfigSuffix + KEYSTORE_TYPE, KeyStore.getDefaultType()),
+            environment.settings().get(sslConfigSuffix + KEYSTORE_TYPE, DEFAULT_STORE_TYPE),
             settings.get(KEYSTORE_ALIAS, null),
             keyStorePassword,
             keyPassword
@@ -137,7 +137,7 @@ private TrustStoreConfiguration.JdkTrustStoreConfiguration buildJdkTrustStoreCon
     ) {
         return new TrustStoreConfiguration.JdkTrustStoreConfiguration(
             resolvePath(environment.settings().get(sslConfigSuffix + TRUSTSTORE_FILEPATH), environment),
-            environment.settings().get(sslConfigSuffix + TRUSTSTORE_TYPE, KeyStore.getDefaultType()),
+            environment.settings().get(sslConfigSuffix + TRUSTSTORE_TYPE, DEFAULT_STORE_TYPE),
             settings.get(TRUSTSTORE_ALIAS, null),
             trustStorePassword
         );

src/main/java/org/opensearch/security/ssl/util/SSLConfigConstants.java

@@ -28,6 +28,8 @@
 
 public final class SSLConfigConstants {
 
+    public static final String DEFAULT_STORE_TYPE = "JKS";
+
     public static final String SSL_PREFIX = "plugins.security.ssl.";
 
     public static final String HTTP_SETTINGS = "http";

src/test/java/org/opensearch/security/ssl/config/JdkSslCertificatesLoaderTest.java

@@ -30,6 +30,7 @@
 import static org.hamcrest.CoreMatchers.is;
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.opensearch.security.ssl.util.SSLConfigConstants.DEFAULT_STORE_PASSWORD;
+import static org.opensearch.security.ssl.util.SSLConfigConstants.DEFAULT_STORE_TYPE;
 import static org.opensearch.security.ssl.util.SSLConfigConstants.ENABLED;
 import static org.opensearch.security.ssl.util.SSLConfigConstants.KEYSTORE_ALIAS;
 import static org.opensearch.security.ssl.util.SSLConfigConstants.KEYSTORE_FILEPATH;
@@ -54,7 +55,7 @@
 
 public class JdkSslCertificatesLoaderTest extends SslCertificatesLoaderTest {
 
-    static final Function<String, String> resolveKeyStoreType = s -> isNull(s) ? KeyStore.getDefaultType() : s;
+    static final Function<String, String> resolveKeyStoreType = s -> isNull(s) ? DEFAULT_STORE_TYPE : s;
 
     static final String SERVER_TRUSTSTORE_ALIAS = "server-truststore-alias";