Merge pull request #1635 from marklogic/feature/ssl-test-tweak

rjrudin · web-flow · commit 715b04a9994c · 2024-01-25T15:49:40.000-05:00
Improved 2-way SSL test
diff --git a/marklogic-client-api/src/test/java/com/marklogic/client/test/ssl/TwoWaySSLTest.java b/marklogic-client-api/src/test/java/com/marklogic/client/test/ssl/TwoWaySSLTest.java
@@ -48,6 +48,7 @@ public class TwoWaySSLTest {
 	private static DatabaseClient securityClient;
 	private static ManageClient manageClient;
 	private static File keyStoreFile;
+	private static File trustStoreFile;
 	private static File p12File;
 
 
@@ -73,9 +74,10 @@ public static void setup() throws Exception {
 		writeClientCertificateFilesToTempDir(clientCertificate, tempDir);
 		createPkcs12File(tempDir);
 		createKeystoreFile(tempDir);
-		keyStoreFile = new File(tempDir.toFile(), "client.jks");
+		keyStoreFile = new File(tempDir.toFile(), "keyStore.jks");
+		trustStoreFile = new File(tempDir.toFile(), "trustStore.jks");
 		p12File = new File(tempDir.toFile(), "client.p12");
-		addServerCertificateToKeyStore(tempDir);
+		addServerCertificateToTrustStore(tempDir);
 	}
 
 	@AfterAll
@@ -90,6 +92,12 @@ public static void teardown() {
 	/**
 	 * After two-way SSL is configured on the java-unittest app server, verify that a DatabaseClient using a proper
 	 * SSLContext can connect to the app server.
+	 *
+	 * This test can be used for manual testing of two-way SSL - e.g. for ml-gradle - by doing the following:
+	 * - Add a breakpoint at the start of the test.
+	 * - Run the test in a debugger.
+	 * - When the breakpoint is hit, look for the location of the files in stdout.
+	 * - Copy those files to a more accessible location and use them for accessing the 8012 app server.
 	 */
 	@Test
 	void digestAuthentication() {
@@ -106,7 +114,7 @@ void digestAuthentication() {
 			.withSSLHostnameVerifier(DatabaseClientFactory.SSLHostnameVerifier.ANY)
 
 			// Starting in 6.5.0, we can use a real trust manager as the server certificate is in the keystore.
-			.withTrustStorePath(keyStoreFile.getAbsolutePath())
+			.withTrustStorePath(trustStoreFile.getAbsolutePath())
 			.withTrustStorePassword(KEYSTORE_PASSWORD)
 			.withTrustStoreType("JKS")
 			.withTrustStoreAlgorithm("SunX509")
@@ -432,7 +440,7 @@ private static void createKeystoreFile(Path tempDir) throws Exception {
 		builder.command("keytool", "-importkeystore",
 			"-deststorepass", KEYSTORE_PASSWORD,
 			"-destkeypass", KEYSTORE_PASSWORD,
-			"-destkeystore", "client.jks",
+			"-destkeystore", "keyStore.jks",
 			"-srckeystore", "client.p12",
 			"-srcstoretype", "PKCS12",
 			"-srcstorepass", KEYSTORE_PASSWORD,
@@ -449,7 +457,7 @@ private static void createKeystoreFile(Path tempDir) throws Exception {
 	 * @param tempDir
 	 * @throws Exception
 	 */
-	private static void addServerCertificateToKeyStore(Path tempDir) throws Exception {
+	private static void addServerCertificateToTrustStore(Path tempDir) throws Exception {
 		Fragment xml = new CertificateTemplateManager(Common.newManageClient()).getCertificatesForTemplate("java-unittest-template");
 		String serverCertificate = xml.getElementValue("/msec:certificate-list/msec:certificate/msec:pem");
 
@@ -459,7 +467,7 @@ private static void addServerCertificateToKeyStore(Path tempDir) throws Exceptio
 		ProcessBuilder builder = new ProcessBuilder();
 		builder.directory(tempDir.toFile());
 		builder.command("keytool", "-importcert",
-			"-keystore", keyStoreFile.getAbsolutePath(),
+			"-keystore", trustStoreFile.getAbsolutePath(),
 			"-storepass", KEYSTORE_PASSWORD,
 			"-file", certificateFile.getAbsolutePath(),
 			"-noprompt",
