diff --git a/marklogic-client-api/src/test/java/com/marklogic/client/test/ssl/TwoWaySSLTest.java b/marklogic-client-api/src/test/java/com/marklogic/client/test/ssl/TwoWaySSLTest.java index 767661d43..579d8b8d8 100644 --- a/marklogic-client-api/src/test/java/com/marklogic/client/test/ssl/TwoWaySSLTest.java +++ b/marklogic-client-api/src/test/java/com/marklogic/client/test/ssl/TwoWaySSLTest.java @@ -48,6 +48,7 @@ public class TwoWaySSLTest { private static DatabaseClient securityClient; private static ManageClient manageClient; private static File keyStoreFile; + private static File trustStoreFile; private static File p12File; @@ -73,9 +74,10 @@ public static void setup() throws Exception { writeClientCertificateFilesToTempDir(clientCertificate, tempDir); createPkcs12File(tempDir); createKeystoreFile(tempDir); - keyStoreFile = new File(tempDir.toFile(), "client.jks"); + keyStoreFile = new File(tempDir.toFile(), "keyStore.jks"); + trustStoreFile = new File(tempDir.toFile(), "trustStore.jks"); p12File = new File(tempDir.toFile(), "client.p12"); - addServerCertificateToKeyStore(tempDir); + addServerCertificateToTrustStore(tempDir); } @AfterAll @@ -90,6 +92,12 @@ public static void teardown() { /** * After two-way SSL is configured on the java-unittest app server, verify that a DatabaseClient using a proper * SSLContext can connect to the app server. + * + * This test can be used for manual testing of two-way SSL - e.g. for ml-gradle - by doing the following: + * - Add a breakpoint at the start of the test. + * - Run the test in a debugger. + * - When the breakpoint is hit, look for the location of the files in stdout. + * - Copy those files to a more accessible location and use them for accessing the 8012 app server. */ @Test void digestAuthentication() { @@ -106,7 +114,7 @@ void digestAuthentication() { .withSSLHostnameVerifier(DatabaseClientFactory.SSLHostnameVerifier.ANY) // Starting in 6.5.0, we can use a real trust manager as the server certificate is in the keystore. - .withTrustStorePath(keyStoreFile.getAbsolutePath()) + .withTrustStorePath(trustStoreFile.getAbsolutePath()) .withTrustStorePassword(KEYSTORE_PASSWORD) .withTrustStoreType("JKS") .withTrustStoreAlgorithm("SunX509") @@ -432,7 +440,7 @@ private static void createKeystoreFile(Path tempDir) throws Exception { builder.command("keytool", "-importkeystore", "-deststorepass", KEYSTORE_PASSWORD, "-destkeypass", KEYSTORE_PASSWORD, - "-destkeystore", "client.jks", + "-destkeystore", "keyStore.jks", "-srckeystore", "client.p12", "-srcstoretype", "PKCS12", "-srcstorepass", KEYSTORE_PASSWORD, @@ -449,7 +457,7 @@ private static void createKeystoreFile(Path tempDir) throws Exception { * @param tempDir * @throws Exception */ - private static void addServerCertificateToKeyStore(Path tempDir) throws Exception { + private static void addServerCertificateToTrustStore(Path tempDir) throws Exception { Fragment xml = new CertificateTemplateManager(Common.newManageClient()).getCertificatesForTemplate("java-unittest-template"); String serverCertificate = xml.getElementValue("/msec:certificate-list/msec:certificate/msec:pem"); @@ -459,7 +467,7 @@ private static void addServerCertificateToKeyStore(Path tempDir) throws Exceptio ProcessBuilder builder = new ProcessBuilder(); builder.directory(tempDir.toFile()); builder.command("keytool", "-importcert", - "-keystore", keyStoreFile.getAbsolutePath(), + "-keystore", trustStoreFile.getAbsolutePath(), "-storepass", KEYSTORE_PASSWORD, "-file", certificateFile.getAbsolutePath(), "-noprompt",