Thanks Robert Kanter for the review!
For your second bullet point (not requiring those configs), I don't see any code changes for that. I only see code changes for your first bullet point (getOptionalPassword). Unless the code already does that?
Sorry, forgot to mention that there is an existing HttpServer2$Build#getPassword that throws an exception when password not found. Replacing HttpServer2$Build#getPassword with HttpServer2$Build#getOptionalPassword makes keystore keypassword and trust store password.
BTW, trust store location is already optional due to its Configuration#get call.
In your first bullet point, that would be that the keystoremanager password is not required, right? The keystore password is required.
Yes, HttpServer2 uses the term keypassword to stand for keystoremanager password.
I don't see why the method should be named getOptionalPassword. It's really just a wrapper around getPassword that returns a String instead of a char, so why not call it getPassword or getPasswordString?
See comment for the first item.