Enforce JKS trustore

libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/KeyStoreUtil.java

@@ -106,8 +106,12 @@ public static KeyStore filter(KeyStore store, Predicate<KeyStoreEntry> filter) {
      * @param certificates The root certificates to trust
      */
     public static KeyStore buildTrustStore(Iterable<Certificate> certificates) throws GeneralSecurityException {
+        return buildTrustStore(certificates, KeyStore.getDefaultType());
+    }
+
+    public static KeyStore buildTrustStore(Iterable<Certificate> certificates, String type) throws GeneralSecurityException {
         assert certificates != null : "Cannot create keystore with null certificates";
-        KeyStore store = buildNewKeyStore();
+        KeyStore store = buildNewKeyStore(type);
         int counter = 0;
         for (Certificate certificate : certificates) {
             store.setCertificateEntry("cert-" + counter, certificate);
@@ -117,7 +121,11 @@ public static KeyStore buildTrustStore(Iterable<Certificate> certificates) throw
     }
 
     private static KeyStore buildNewKeyStore() throws GeneralSecurityException {
-        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+        return buildNewKeyStore(KeyStore.getDefaultType());
+    }
+
+    private static KeyStore buildNewKeyStore(String type) throws GeneralSecurityException {
+        KeyStore keyStore = KeyStore.getInstance(type);
         try {
             keyStore.load(null, null);
         } catch (IOException e) {

modules/repository-azure/src/yamlRestTest/java/org/elasticsearch/repositories/azure/RepositoryAzureClientYamlTestSuiteIT.java

@@ -71,6 +71,11 @@ public class RepositoryAzureClientYamlTestSuiteIT extends ESClientYamlSuiteTestC
             () -> trustStore.getTrustStorePath().toString(),
             s -> USE_FIXTURE && ESTestCase.inFipsJvm() == false
         )
+        .systemProperty(
+                "javax.net.ssl.trustStoreType",
+                () -> "jks",
+                s -> USE_FIXTURE && ESTestCase.inFipsJvm() == false
+        )
         .build();
 
     @ClassRule(order = 1)

muted-tests.yml

@@ -116,8 +116,6 @@ tests:
   issue: https://github.com/elastic/elasticsearch/issues/111396
 - class: org.elasticsearch.xpack.searchablesnapshots.AzureSearchableSnapshotsIT
   issue: https://github.com/elastic/elasticsearch/issues/111279
-- class: org.elasticsearch.repositories.azure.RepositoryAzureClientYamlTestSuiteIT
-  issue: https://github.com/elastic/elasticsearch/issues/111345
 - class: org.elasticsearch.repositories.blobstore.testkit.AzureSnapshotRepoTestKitIT
   method: testRepositoryAnalysis
   issue: https://github.com/elastic/elasticsearch/issues/111280

test/framework/src/main/java/org/elasticsearch/test/TestTrustStore.java

@@ -50,8 +50,8 @@ protected void before() {
                 .stream()
                 .map(i -> (Certificate) i)
                 .toList();
-            final var trustStore = KeyStoreUtil.buildTrustStore(certificates);
-            trustStore.store(jksStream, null);
+            final var trustStore = KeyStoreUtil.buildTrustStore(certificates, "jks");
+            trustStore.store(jksStream, new char[0]);
             trustStorePath = tmpTrustStorePath;
         } catch (Exception e) {
             throw new AssertionError("unexpected", e);