Merge branch 'feature/CONJ-370' into develop

src/main/java/org/mariadb/jdbc/internal/protocol/AbstractConnectProtocol.java

@@ -82,6 +82,7 @@ WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWIS
 
 import javax.net.ssl.*;
 
+import java.io.FileInputStream;
 import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.InputStream;
@@ -248,6 +249,17 @@ private SSLSocketFactory getSslSocketFactory() throws QueryException {
 
         if (options.keyStore != null) {
             keyManager = new KeyManager[] {loadClientCerts(options.keyStore, options.keyStorePassword, options.keyPassword)};
+        } else {
+            String keyStore = System.getProperty("javax.net.ssl.keyStore");
+            String keyStorePassword = System.getProperty("javax.net.ssl.keyStorePassword");
+            if (keyStore != null) {
+                try {
+                    keyManager = new KeyManager[] {loadClientCerts(keyStore, keyStorePassword, keyStorePassword)};
+                } catch (QueryException queryException) {
+                    keyManager = null;
+                    queryException.printStackTrace();
+                }
+            }
         }
 
         try {
@@ -267,7 +279,12 @@ private KeyManager loadClientCerts(String keyStoreUrl, String keyStorePassword,
         try {
 
             char[] keyStorePasswordChars = keyStorePassword == null ? null : keyStorePassword.toCharArray();
-            inStream = new URL(keyStoreUrl).openStream();
+
+            //permit using "file:..." for compatibility
+            if (keyStoreUrl.startsWith("file:///")) keyStoreUrl = keyStoreUrl.substring(8);
+            if (keyStoreUrl.startsWith("file://")) keyStoreUrl = keyStoreUrl.substring(7);
+
+            inStream = new FileInputStream(keyStoreUrl);
             KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
             ks.load(inStream, keyStorePasswordChars);
             char[] keyStoreChars = (keyPassword == null) ? keyStorePasswordChars : keyPassword.toCharArray();

src/main/java/org/mariadb/jdbc/internal/protocol/tls/MariaDbX509TrustManager.java

@@ -95,8 +95,13 @@ public MariaDbX509TrustManager(Options options) throws QueryException {
             if (options.trustStore != null) {
                 // use the provided keyStore
                 try {
+                    String trustStore = options.trustStore;
+
+                    //permit using "file:..." for compatibility
+                    if (trustStore.startsWith("file:///")) trustStore = trustStore.substring(8);
+                    if (trustStore.startsWith("file://")) trustStore = trustStore.substring(7);
+                    inStream = new FileInputStream(trustStore);
 
-                    inStream = new URL(options.trustStore).openStream();
                     ks.load(inStream,
                             options.trustStorePassword == null ? null : options.trustStorePassword.toCharArray());
 

src/test/java/org/mariadb/jdbc/SslTest.java

@@ -708,6 +708,56 @@ public void testKeyStoreWithProperties() throws Exception {
         }
     }
 
+    @Test
+    public void testKeyStoreWhenServerTrustedWithProperties() throws Exception {
+        // generate a trustStore from the canned serverCertificate
+        File tempKeystore = File.createTempFile("keystore", ".tmp");
+        String keystorePath = tempKeystore.getAbsolutePath();
+
+        String initialTrustStore = System.getProperty("javax.net.ssl.trustStore");
+        String initialTrustStorePwd = System.getProperty("javax.net.ssl.trustStorePassword");
+        String initialKeyStore = System.getProperty("javax.net.ssl.keyStore");
+        String initialKeyStorePwd = System.getProperty("javax.net.ssl.keyStorePassword");
+
+        String testUser = "testKeystore";
+        // For this testcase, the testUser must be configured with ssl_type=X509
+        createSslTestUser(testUser);
+
+        try {
+            generateKeystoreFromFile(serverCertificatePath, keystorePath, "mysecret");
+
+            System.clearProperty("javax.net.ssl.trustStore");
+            System.clearProperty("javax.net.ssl.trustStorePassword");
+            System.setProperty("javax.net.ssl.keyStore", clientKeystorePath);
+            System.setProperty("javax.net.ssl.keyStorePassword", clientKeystorePassword);
+
+            Properties info = new Properties();
+            info.setProperty("useSSL", "true");
+            info.setProperty("trustServerCertificate", "true");
+
+            testConnect(info, true, testUser, "ssltestpassword");
+        } finally {
+            if (initialTrustStore != null) {
+                System.setProperty("javax.net.ssl.trustStore", initialTrustStore);
+            }
+            if (initialTrustStorePwd != null) {
+                System.setProperty("javax.net.ssl.trustStorePassword", initialTrustStorePwd);
+            }
+            if (initialKeyStore != null) {
+                System.setProperty("javax.net.ssl.keyStore", initialKeyStore);
+            } else {
+                System.clearProperty("javax.net.ssl.keyStore");
+            }
+            if (initialKeyStorePwd != null) {
+                System.setProperty("javax.net.ssl.keyStorePassword", initialKeyStorePwd);
+            } else {
+                System.clearProperty("javax.net.ssl.keyStorePassword");
+            }
+            tempKeystore.delete();
+        }
+    }
+
+
     @Test
     public void testClientKeyStoreProperties() throws SQLException, IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException {
         // This test only runs if a client keystore and password have been passed in as properties (-DkeystorePath and -DkeystorePassword)