From cefcaa22acaf6570381be093eea7b075f497a4b7 Mon Sep 17 00:00:00 2001
From: "ANTARYAMI.PANIGRAHI@ORACLE.COM"
 <anpanigr@anpanigr-2.subnet1ad3phx.devweblogicphx.oraclevcn.com>
Date: Thu, 25 Mar 2021 01:41:32 +0000
Subject: [PATCH 1/5] Inital check-in

---
 .../kubernetes/ItMiiCustomSslStore.java       | 228 ++++++++++++++++++
 .../kubernetes/utils/CommonMiiTestUtils.java  |   6 +-
 .../weblogic/kubernetes/utils/SslUtils.java   |  51 ++++
 .../bash-scripts/generate-selfsign-jks.sh     |  60 +++++
 .../src/test/resources/ssl/SslTestClient.java |  64 +++++
 .../test/resources/wdt-models/mii.ssl.yaml    |  21 ++
 6 files changed, 428 insertions(+), 2 deletions(-)
 create mode 100644 integration-tests/src/test/java/oracle/weblogic/kubernetes/ItMiiCustomSslStore.java
 create mode 100644 integration-tests/src/test/java/oracle/weblogic/kubernetes/utils/SslUtils.java
 create mode 100755 integration-tests/src/test/resources/bash-scripts/generate-selfsign-jks.sh
 create mode 100644 integration-tests/src/test/resources/ssl/SslTestClient.java
 create mode 100644 integration-tests/src/test/resources/wdt-models/mii.ssl.yaml

diff --git a/integration-tests/src/test/java/oracle/weblogic/kubernetes/ItMiiCustomSslStore.java b/integration-tests/src/test/java/oracle/weblogic/kubernetes/ItMiiCustomSslStore.java
new file mode 100644
index 00000000000..20e094ee694
--- /dev/null
+++ b/integration-tests/src/test/java/oracle/weblogic/kubernetes/ItMiiCustomSslStore.java
@@ -0,0 +1,228 @@
+// Copyright (c) 2021, Oracle and/or its affiliates.
+// Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+package oracle.weblogic.kubernetes;
+
+import java.nio.file.Paths;
+import java.util.Arrays;
+import java.util.List;
+
+import oracle.weblogic.kubernetes.annotations.IntegrationTest;
+import oracle.weblogic.kubernetes.annotations.Namespaces;
+import oracle.weblogic.kubernetes.logging.LoggingFacade;
+import org.awaitility.core.ConditionFactory;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.MethodOrderer;
+import org.junit.jupiter.api.Order;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.TestMethodOrder;
+
+import static java.util.concurrent.TimeUnit.MINUTES;
+import static java.util.concurrent.TimeUnit.SECONDS;
+import static oracle.weblogic.kubernetes.TestConstants.ADMIN_PASSWORD_DEFAULT;
+import static oracle.weblogic.kubernetes.TestConstants.ADMIN_USERNAME_DEFAULT;
+import static oracle.weblogic.kubernetes.TestConstants.DOMAIN_VERSION;
+import static oracle.weblogic.kubernetes.TestConstants.MII_BASIC_IMAGE_NAME;
+import static oracle.weblogic.kubernetes.TestConstants.MII_BASIC_IMAGE_TAG;
+import static oracle.weblogic.kubernetes.TestConstants.OCIR_SECRET_NAME;
+import static oracle.weblogic.kubernetes.TestConstants.RESULTS_ROOT;
+import static oracle.weblogic.kubernetes.actions.ActionConstants.MODEL_DIR;
+import static oracle.weblogic.kubernetes.actions.ActionConstants.RESOURCE_DIR;
+import static oracle.weblogic.kubernetes.actions.TestActions.scaleCluster;
+import static oracle.weblogic.kubernetes.assertions.TestAssertions.domainExists;
+import static oracle.weblogic.kubernetes.utils.CommonMiiTestUtils.createDomainResourceWithLogHome;
+import static oracle.weblogic.kubernetes.utils.CommonMiiTestUtils.createDomainSecret;
+import static oracle.weblogic.kubernetes.utils.CommonMiiTestUtils.createJobToChangePermissionsOnPvHostPath;
+import static oracle.weblogic.kubernetes.utils.CommonTestUtils.checkPodReadyAndServiceExists;
+import static oracle.weblogic.kubernetes.utils.CommonTestUtils.createConfigMapAndVerify;
+import static oracle.weblogic.kubernetes.utils.CommonTestUtils.createOcirRepoSecret;
+import static oracle.weblogic.kubernetes.utils.CommonTestUtils.createPV;
+import static oracle.weblogic.kubernetes.utils.CommonTestUtils.createPVC;
+import static oracle.weblogic.kubernetes.utils.CommonTestUtils.createSecretForBaseImages;
+import static oracle.weblogic.kubernetes.utils.CommonTestUtils.installAndVerifyOperator;
+import static oracle.weblogic.kubernetes.utils.CommonTestUtils.runClientInsidePod;
+import static oracle.weblogic.kubernetes.utils.CommonTestUtils.runJavacInsidePod;
+import static oracle.weblogic.kubernetes.utils.FileUtils.copyFileToPod;
+import static oracle.weblogic.kubernetes.utils.SslUtils.generateJksStores;
+import static oracle.weblogic.kubernetes.utils.ThreadSafeLogger.getLogger;
+import static org.awaitility.Awaitility.with;
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+/**
+ * This test class verifies usage of CustomIdentityCustomTrust on PV.
+ * Create a MII domain with an attached persistent volume.
+ * Configure custom identity and custom trust on server template
+ * Enable SSL on server template with port 8002 (default 7002 does not work) 
+ * Put the IdentityKeyStore.jks  and TrustKeyStore.jks on /shared directory 
+ *  after administration server pod is started so taht it can be accessible 
+ *  from all managed server pods
+ * Once all servers are started get the JNDI initial context using cluster 
+ *  serice URL with t3s protocol.
+ * Repeat the same after scaling the cluster 
+ */
+
+@TestMethodOrder(MethodOrderer.OrderAnnotation.class)
+@DisplayName("Test verifies usage of CustomIdentityCustomTrust on PV")
+@IntegrationTest
+class ItMiiCustomSslStore {
+
+  private static String opNamespace = null;
+  private static String domainNamespace = null;
+  private static ConditionFactory withStandardRetryPolicy = null;
+  private static int replicaCount = 2;
+  private static final String domainUid = "mii-custom-ssl";
+  private static String pvName = domainUid + "-pv"; 
+  private static String pvcName = domainUid + "-pvc"; 
+  private static final String adminServerPodName = domainUid + "-admin-server";
+  private static final String managedServerPrefix = domainUid + "-managed-server";
+  private static LoggingFacade logger = null;
+  private static String cpUrl;
+
+  /**
+   * Install Operator.
+   * Create domain resource definition.
+   * @param namespaces list of namespaces created by the IntegrationTestWatcher by the 
+   *     JUnit engine parameter resolution mechanism
+   */
+  @BeforeAll
+  public static void initAll(@Namespaces(2) List<String> namespaces) {
+    logger = getLogger();
+    // create standard, reusable retry/backoff policy
+    withStandardRetryPolicy = with().pollDelay(2, SECONDS)
+        .and().with().pollInterval(10, SECONDS)
+        .atMost(5, MINUTES).await();
+
+    // get a new unique opNamespace
+    logger.info("Creating unique namespace for Operator");
+    assertNotNull(namespaces.get(0), "Namespace list is null");
+    opNamespace = namespaces.get(0);
+
+    logger.info("Creating unique namespace for Domain");
+    assertNotNull(namespaces.get(1), "Namespace list is null");
+    domainNamespace = namespaces.get(1);
+ 
+    // Create the repo secret to pull the image
+    // this secret is used only for non-kind cluster
+    createOcirRepoSecret(domainNamespace);
+
+    // install and verify operator
+    installAndVerifyOperator(opNamespace, domainNamespace);
+
+    // create secret for admin credentials
+    logger.info("Create secret for admin credentials");
+    String adminSecretName = "weblogic-credentials";
+    assertDoesNotThrow(() -> createDomainSecret(adminSecretName, 
+            ADMIN_USERNAME_DEFAULT, ADMIN_PASSWORD_DEFAULT, domainNamespace),
+            String.format("createSecret failed for %s", adminSecretName));
+
+    // create encryption secret
+    logger.info("Create encryption secret");
+    String encryptionSecretName = "encryptionsecret";
+    assertDoesNotThrow(() -> createDomainSecret(encryptionSecretName, "weblogicenc",
+            "weblogicenc", domainNamespace),
+             String.format("createSecret failed for %s", encryptionSecretName));
+
+    String configMapName = "mii-ssl-configmap";
+    createConfigMapAndVerify(
+        configMapName, domainUid, domainNamespace,
+        Arrays.asList(MODEL_DIR + "/mii.ssl.yaml"));
+
+    // this secret is used only for non-kind cluster
+    createSecretForBaseImages(domainNamespace);
+
+    // create PV, PVC for logs/data
+    createPV(pvName, domainUid, ItMiiCustomSslStore.class.getSimpleName());
+    createPVC(pvName, pvcName, domainUid, domainNamespace);
+
+    // create job to change permissions on PV hostPath
+    createJobToChangePermissionsOnPvHostPath(pvName, pvcName, domainNamespace);
+
+    // create the domain CR with a pre-defined configmap
+    createDomainResourceWithLogHome(domainUid, domainNamespace,
+        MII_BASIC_IMAGE_NAME + ":" + MII_BASIC_IMAGE_TAG,
+        adminSecretName, OCIR_SECRET_NAME, encryptionSecretName,
+        replicaCount, pvName, pvcName, "cluster-1", configMapName, null, false, false);
+
+    // wait for the domain to exist
+    logger.info("Check for domain custom resource in namespace {0}", domainNamespace);
+    withStandardRetryPolicy
+        .conditionEvaluationListener(
+            condition -> logger.info("Waiting for domain {0} to be created in namespace {1} "
+                    + "(elapsed time {2}ms, remaining time {3}ms)",
+                domainUid,
+                domainNamespace,
+                condition.getElapsedTimeInMS(),
+                condition.getRemainingTimeInMS()))
+        .until(domainExists(domainUid, DOMAIN_VERSION, domainNamespace));
+
+    logger.info("Check admin service and pod {0} is created in namespace {1}",
+        adminServerPodName, domainNamespace);
+    checkPodReadyAndServiceExists(adminServerPodName, domainUid, domainNamespace);
+    // Generate JKS Keystore using openssl before 
+    // managed server services and pods are ready
+    generateJksStores();
+    assertDoesNotThrow(() -> copyFileToPod(domainNamespace,
+        adminServerPodName, "",
+        Paths.get(RESULTS_ROOT, "IdentityKeyStore.jks"),
+        Paths.get("/shared/IdentityKeyStore.jks")));
+    assertDoesNotThrow(() -> copyFileToPod(domainNamespace,
+        adminServerPodName, "",
+        Paths.get(RESULTS_ROOT, "TrustKeyStore.jks"),
+        Paths.get("/shared/TrustKeyStore.jks")));
+
+    for (int i = 1; i <= replicaCount; i++) {
+      logger.info("Wait for managed server services and pods are created in namespace {0}",
+          domainNamespace);
+      checkPodReadyAndServiceExists(managedServerPrefix + i, domainUid, domainNamespace);
+    }
+  }
+
+  /**
+   * Verify a standalone java client can access JNDI Context inside a pod.
+   * The client uses t3s cluster URL with custom SSL TrustStore on commandline  
+   */
+  @Test
+  @Order(1)
+  @DisplayName("Verify JNDI Context can be accessed using t3s cluster URL")
+  public void testMiiGetCustomSSLContext() {
+   
+    // build the standalone Client on Admin pod after rolling restart
+    String destLocation = "/u01/SslTestClient.java";
+    assertDoesNotThrow(() -> copyFileToPod(domainNamespace,
+        adminServerPodName, "",
+        Paths.get(RESOURCE_DIR, "ssl", "SslTestClient.java"),
+        Paths.get(destLocation)));
+    runJavacInsidePod(adminServerPodName, domainNamespace, destLocation);
+    
+    runClientOnAdminPod();
+
+    boolean psuccess = assertDoesNotThrow(() ->
+            scaleCluster(domainUid, domainNamespace, "cluster-1", 3),
+        String.format("replica patching to 3 failed for domain %s in namespace %s", domainUid, domainNamespace));
+    assertTrue(psuccess,
+        String.format("Cluster replica patching failed for domain %s in namespace %s", domainUid, domainNamespace));
+    checkPodReadyAndServiceExists(managedServerPrefix + "3", domainUid, domainNamespace);
+
+    runClientOnAdminPod();
+  }
+
+  // Run standalone client to get initial context using t3s cluster url
+  private void runClientOnAdminPod() {
+
+    StringBuffer extOpts = new StringBuffer("");
+    extOpts.append("-Dweblogic.security.SSL.ignoreHostnameVerification=true ");
+    extOpts.append("-Dweblogic.security.SSL.trustedCAKeyStore=/shared/TrustKeyStore.jks ");
+    extOpts.append("-Dweblogic.security.SSL.trustedCAKeyStorePassPhrase=changeit ");
+    withStandardRetryPolicy
+        .conditionEvaluationListener(
+            condition -> logger.info("Wait for client to get Initial context "
+                    + "(elapsed time {0}ms, remaining time {1}ms)",
+                condition.getElapsedTimeInMS(),
+                condition.getRemainingTimeInMS()))
+        .until(runClientInsidePod(adminServerPodName, domainNamespace,
+            "/u01", extOpts.toString() + " SslTestClient", "t3s://" + domainUid + "-cluster-cluster-1:8002"));
+  }
+}
diff --git a/integration-tests/src/test/java/oracle/weblogic/kubernetes/utils/CommonMiiTestUtils.java b/integration-tests/src/test/java/oracle/weblogic/kubernetes/utils/CommonMiiTestUtils.java
index ed259566b6f..759552adab8 100644
--- a/integration-tests/src/test/java/oracle/weblogic/kubernetes/utils/CommonMiiTestUtils.java
+++ b/integration-tests/src/test/java/oracle/weblogic/kubernetes/utils/CommonMiiTestUtils.java
@@ -278,7 +278,9 @@ public static Domain createDomainResourceWithLogHome(
     LoggingFacade logger = getLogger();
 
     List<String> securityList = new ArrayList<>();
-    securityList.add(dbSecretName);
+    if (dbSecretName != null) {
+      securityList.add(dbSecretName);
+    }
 
     // create the domain CR
     Domain domain = new Domain()
@@ -305,7 +307,7 @@ public static Domain createDomainResourceWithLogHome(
             .serverPod(new ServerPod()
                 .addEnvItem(new V1EnvVar()
                     .name("JAVA_OPTIONS")
-                    .value("-Dweblogic.StdoutDebugEnabled=false"))
+                    .value("-Dweblogic.security.SSL.ignoreHostnameVerification=true"))
                 .addEnvItem(new V1EnvVar()
                     .name("USER_MEM_ARGS")
                     .value("-Djava.security.egd=file:/dev/./urandom "))
diff --git a/integration-tests/src/test/java/oracle/weblogic/kubernetes/utils/SslUtils.java b/integration-tests/src/test/java/oracle/weblogic/kubernetes/utils/SslUtils.java
new file mode 100644
index 00000000000..6674e8dc248
--- /dev/null
+++ b/integration-tests/src/test/java/oracle/weblogic/kubernetes/utils/SslUtils.java
@@ -0,0 +1,51 @@
+// Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+// Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+package oracle.weblogic.kubernetes.utils;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.nio.file.StandardCopyOption;
+
+import oracle.weblogic.kubernetes.actions.impl.primitive.Command;
+import oracle.weblogic.kubernetes.logging.LoggingFacade;
+
+import static oracle.weblogic.kubernetes.TestConstants.RESULTS_ROOT;
+import static oracle.weblogic.kubernetes.actions.ActionConstants.RESOURCE_DIR;
+import static oracle.weblogic.kubernetes.actions.impl.primitive.Command.defaultCommandParams;
+import static oracle.weblogic.kubernetes.utils.ThreadSafeLogger.getLogger;
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+/**
+ * The SSL utility class for tests.
+ */
+public class SslUtils {
+
+  /**
+   * Generate SSL KeyStore in JKS format.
+   */
+  public static void generateJksStores() {
+    LoggingFacade logger = getLogger();
+    Path jksInstallPath =
+        Paths.get(RESOURCE_DIR, "bash-scripts", "generate-selfsign-jks.sh");
+    String installScript = jksInstallPath.toString();
+    String command =
+        String.format("%s %s", installScript, RESULTS_ROOT);
+    logger.info("JKS Store creation command {0}", command);
+    assertTrue(() -> Command.withParams(
+        defaultCommandParams()
+            .command(command)
+            .redirect(false))
+        .execute());
+    
+    // Copy the scripts to RESULTS_ROOT
+    assertDoesNotThrow(() -> Files.copy(
+        Paths.get(RESOURCE_DIR, "bash-scripts", "generate-selfsign-jks.sh"),
+        Paths.get(RESULTS_ROOT, "generate-selfsign-jks.sh"), 
+        StandardCopyOption.REPLACE_EXISTING),
+        "Copy generate-selfsign-jks.sh to RESULTS_ROOT failed");
+  }
+
+}
diff --git a/integration-tests/src/test/resources/bash-scripts/generate-selfsign-jks.sh b/integration-tests/src/test/resources/bash-scripts/generate-selfsign-jks.sh
new file mode 100755
index 00000000000..73a5f5c92e1
--- /dev/null
+++ b/integration-tests/src/test/resources/bash-scripts/generate-selfsign-jks.sh
@@ -0,0 +1,60 @@
+#!/bin/bash
+# Copyright (c) 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+
+# Usage:
+#
+#  $0 [install-dir]
+
+# Define functions
+function generate_jks_stores {
+
+( cd $workdir;
+
+host=`hostname`
+
+openssl req -newkey rsa:2048 -days 1 \
+       -passout pass:changeit -passin pass:changeit \
+       -x509 -keyout cakey.pem -out cacert.pem \
+       -subj "/C=US/ST=NJ/L=Basking Ridge/O=QA/CN=${host}"
+
+#cakey.pem is the private key
+#cacert.pem is the public certificate
+
+openssl pkcs12 -export -in cacert.pem -inkey cakey.pem \
+       -passout pass:changeit -passin pass:changeit \
+       -out identity.p12 -name "mykey" 
+
+keytool -importkeystore -destkeystore IdentityKeyStore.jks \
+        -deststorepass changeit -srckeystore identity.p12 \
+        -srcstoretype PKCS12 -srcstorepass changeit 
+
+keytool -import -file cacert.pem -keystore TrustKeyStore.jks \
+        -storepass changeit -noprompt
+
+#keytool -list -v -keystore TrustKeyStore.jks -storepass changeit
+#keytool -list -v -keystore IdentityKeyStore.jks -storepass changeit
+)
+
+}
+
+# MAIN
+workdir=${1:-`pwd`}
+
+if [ ! -d ${workdir} ]; then
+  mkdir -p $workdir
+fi
+
+( cd $workdir;
+  rm -rf *.pem *.der
+  rm -rf TrustKeyStore.jks IdentityKeyStore.jks
+  rm -rf *.p12
+)
+ generate_jks_stores ${workdir}
+
+( cd $workdir;
+  rm -rf *.pem *.der
+  rm -rf *.p12
+)
+
diff --git a/integration-tests/src/test/resources/ssl/SslTestClient.java b/integration-tests/src/test/resources/ssl/SslTestClient.java
new file mode 100644
index 00000000000..0a4c03f76bd
--- /dev/null
+++ b/integration-tests/src/test/resources/ssl/SslTestClient.java
@@ -0,0 +1,64 @@
+// Copyright (c) 2021, Oracle and/or its affiliates.
+// Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+import java.util.Hashtable;
+import javax.naming.Context;
+import javax.naming.InitialContext;
+import javax.naming.NamingException;
+
+import javax.jms.ConnectionFactory;
+
+public class SslTestClient {
+
+  private String    url;
+  private String    action;
+
+  public SslTestClient(String[] args)
+  {
+    url      = args[0];
+
+    try {
+       Context ctx = getInitialContext();
+       System.out.println("Got the Initial JNDI Context ["+ctx+"]");
+       String cfName="weblogic.jms.ConnectionFactory";
+       ConnectionFactory qcf=(ConnectionFactory)ctx.lookup(cfName);
+       System.out.println("Looked up default JMS connection factory ["+qcf+"]");
+     } catch ( Exception  ex ) { 
+       System.out.println("Got Unknown Exception ---> "+ ex);
+       ex.printStackTrace();
+       System.exit(-1);
+     } 
+   } 
+
+   private void debug(String err) { System.out.println("<DEBUG> " + err); }
+   private void log(String err) { System.out.println(err); }
+
+   private Context getInitialContext()
+   {
+      Context jndiContext = null;
+      System.out.println("Lookup Url [" + url + "]");
+      Hashtable props = new Hashtable();
+      props.put(Context.PROVIDER_URL, url);
+
+      props.put("java.naming.factory.initial",
+          "weblogic.jndi.WLInitialContextFactory" );
+      props.put("java.naming.security.principal","weblogic");
+      props.put("java.naming.security.credentials","welcome1");
+      try {
+        jndiContext = new InitialContext(props);
+      } catch (Exception e) {
+       System.out.println("Unable to get Initial JNDI Context "+e);
+       System.exit(-1);
+      }
+      return jndiContext;
+   }
+
+   public static void main(String[] args){
+    if ( args.length < 1 ) {
+     System.out.println("Usage : SslTestClient [t3s]url ");
+     System.exit(-1);
+    }
+    SslTestClient client = new SslTestClient(args);
+   }
+ 
+}
diff --git a/integration-tests/src/test/resources/wdt-models/mii.ssl.yaml b/integration-tests/src/test/resources/wdt-models/mii.ssl.yaml
new file mode 100644
index 00000000000..ecf1d81fcd4
--- /dev/null
+++ b/integration-tests/src/test/resources/wdt-models/mii.ssl.yaml
@@ -0,0 +1,21 @@
+# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+topology:
+    Server:
+        "admin-server":
+            SSL:
+             Enabled: true
+             ListenPort: 7002
+    ServerTemplate:
+        "cluster-1-template":
+            Cluster: "cluster-1"
+            KeyStores: 'CustomIdentityAndCustomTrust'
+            CustomTrustKeyStorePassPhraseEncrypted: 'changeit'
+            CustomIdentityKeyStorePassPhraseEncrypted: 'changeit'
+            CustomIdentityKeyStoreFileName: '/shared/IdentityKeyStore.jks'
+            CustomTrustKeyStoreFileName: '/shared/TrustKeyStore.jks'
+            SSL:
+             Enabled: true
+             ListenPort: 8002
+             ServerPrivateKeyAlias: 'mykey'
+             ServerPrivateKeyPassPhraseEncrypted: 'changeit'

From 7d35873bcd51157afc6a3474c0dd37fe38991eb4 Mon Sep 17 00:00:00 2001
From: "ANTARYAMI.PANIGRAHI@ORACLE.COM"
 <anpanigr@anpanigr-2.subnet1ad3phx.devweblogicphx.oraclevcn.com>
Date: Thu, 25 Mar 2021 14:15:38 +0000
Subject: [PATCH 2/5] remove unused code

---
 .../src/test/resources/ssl/SslTestClient.java            | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/integration-tests/src/test/resources/ssl/SslTestClient.java b/integration-tests/src/test/resources/ssl/SslTestClient.java
index 0a4c03f76bd..616e92d0083 100644
--- a/integration-tests/src/test/resources/ssl/SslTestClient.java
+++ b/integration-tests/src/test/resources/ssl/SslTestClient.java
@@ -16,7 +16,6 @@ public class SslTestClient {
   public SslTestClient(String[] args)
   {
     url      = args[0];
-
     try {
        Context ctx = getInitialContext();
        System.out.println("Got the Initial JNDI Context ["+ctx+"]");
@@ -24,19 +23,16 @@ public SslTestClient(String[] args)
        ConnectionFactory qcf=(ConnectionFactory)ctx.lookup(cfName);
        System.out.println("Looked up default JMS connection factory ["+qcf+"]");
      } catch ( Exception  ex ) { 
-       System.out.println("Got Unknown Exception ---> "+ ex);
+       System.out.println("Got Unknown Exception ["+ ex + "]");
        ex.printStackTrace();
        System.exit(-1);
      } 
    } 
 
-   private void debug(String err) { System.out.println("<DEBUG> " + err); }
-   private void log(String err) { System.out.println(err); }
-
    private Context getInitialContext()
    {
       Context jndiContext = null;
-      System.out.println("Lookup Url [" + url + "]");
+      System.out.println("Lookup URL [" + url + "]");
       Hashtable props = new Hashtable();
       props.put(Context.PROVIDER_URL, url);
 
@@ -60,5 +56,4 @@ public static void main(String[] args){
     }
     SslTestClient client = new SslTestClient(args);
    }
- 
 }

From d182a91679c868dac98c01cf51686235ee746c4f Mon Sep 17 00:00:00 2001
From: "ANTARYAMI.PANIGRAHI@ORACLE.COM"
 <anpanigr@anpanigr-2.subnet1ad3phx.devweblogicphx.oraclevcn.com>
Date: Thu, 25 Mar 2021 14:23:34 +0000
Subject: [PATCH 3/5] Typo in the javadoc

---
 .../java/oracle/weblogic/kubernetes/ItMiiCustomSslStore.java  | 4 ++--
 integration-tests/src/test/resources/ssl/SslTestClient.java   | 2 --
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/integration-tests/src/test/java/oracle/weblogic/kubernetes/ItMiiCustomSslStore.java b/integration-tests/src/test/java/oracle/weblogic/kubernetes/ItMiiCustomSslStore.java
index 20e094ee694..6316208b08b 100644
--- a/integration-tests/src/test/java/oracle/weblogic/kubernetes/ItMiiCustomSslStore.java
+++ b/integration-tests/src/test/java/oracle/weblogic/kubernetes/ItMiiCustomSslStore.java
@@ -57,10 +57,10 @@
  * Configure custom identity and custom trust on server template
  * Enable SSL on server template with port 8002 (default 7002 does not work) 
  * Put the IdentityKeyStore.jks  and TrustKeyStore.jks on /shared directory 
- *  after administration server pod is started so taht it can be accessible 
+ *  after administration server pod is started so that it can be accessible 
  *  from all managed server pods
  * Once all servers are started get the JNDI initial context using cluster 
- *  serice URL with t3s protocol.
+ *  service URL with t3s protocol.
  * Repeat the same after scaling the cluster 
  */
 
diff --git a/integration-tests/src/test/resources/ssl/SslTestClient.java b/integration-tests/src/test/resources/ssl/SslTestClient.java
index 616e92d0083..b4ee1757303 100644
--- a/integration-tests/src/test/resources/ssl/SslTestClient.java
+++ b/integration-tests/src/test/resources/ssl/SslTestClient.java
@@ -9,9 +9,7 @@
 import javax.jms.ConnectionFactory;
 
 public class SslTestClient {
-
   private String    url;
-  private String    action;
 
   public SslTestClient(String[] args)
   {

From 5c7dbec4ae6e3f9f74aed0075d02f23254a57691 Mon Sep 17 00:00:00 2001
From: "ANTARYAMI.PANIGRAHI@ORACLE.COM"
 <anpanigr@anpanigr-2.subnet1ad3phx.devweblogicphx.oraclevcn.com>
Date: Fri, 26 Mar 2021 13:11:31 +0000
Subject: [PATCH 4/5] Addressed review comments

---
 .../src/test/resources/bash-scripts/generate-selfsign-jks.sh   | 2 --
 integration-tests/src/test/resources/wdt-models/mii.ssl.yaml   | 3 ++-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/integration-tests/src/test/resources/bash-scripts/generate-selfsign-jks.sh b/integration-tests/src/test/resources/bash-scripts/generate-selfsign-jks.sh
index 73a5f5c92e1..0d7e312e85a 100755
--- a/integration-tests/src/test/resources/bash-scripts/generate-selfsign-jks.sh
+++ b/integration-tests/src/test/resources/bash-scripts/generate-selfsign-jks.sh
@@ -33,8 +33,6 @@ keytool -importkeystore -destkeystore IdentityKeyStore.jks \
 keytool -import -file cacert.pem -keystore TrustKeyStore.jks \
         -storepass changeit -noprompt
 
-#keytool -list -v -keystore TrustKeyStore.jks -storepass changeit
-#keytool -list -v -keystore IdentityKeyStore.jks -storepass changeit
 )
 
 }
diff --git a/integration-tests/src/test/resources/wdt-models/mii.ssl.yaml b/integration-tests/src/test/resources/wdt-models/mii.ssl.yaml
index ecf1d81fcd4..5d6d2415942 100644
--- a/integration-tests/src/test/resources/wdt-models/mii.ssl.yaml
+++ b/integration-tests/src/test/resources/wdt-models/mii.ssl.yaml
@@ -1,4 +1,4 @@
-# Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+# Copyright (c) 2021, Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 topology:
     Server:
@@ -19,3 +19,4 @@ topology:
              ListenPort: 8002
              ServerPrivateKeyAlias: 'mykey'
              ServerPrivateKeyPassPhraseEncrypted: 'changeit'
+             HostnameVerificationIgnored: true

From beb533de62f8457046ff6b3bee77b438b43bdadd Mon Sep 17 00:00:00 2001
From: "ANTARYAMI.PANIGRAHI@ORACLE.COM"
 <anpanigr@anpanigr-2.subnet1ad3phx.devweblogicphx.oraclevcn.com>
Date: Fri, 26 Mar 2021 21:53:32 +0000
Subject: [PATCH 5/5] More review change

---
 .../java/oracle/weblogic/kubernetes/utils/SslUtils.java   | 2 +-
 .../src/test/resources/ssl/SslTestClient.java             | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/integration-tests/src/test/java/oracle/weblogic/kubernetes/utils/SslUtils.java b/integration-tests/src/test/java/oracle/weblogic/kubernetes/utils/SslUtils.java
index 6674e8dc248..6ca2587312f 100644
--- a/integration-tests/src/test/java/oracle/weblogic/kubernetes/utils/SslUtils.java
+++ b/integration-tests/src/test/java/oracle/weblogic/kubernetes/utils/SslUtils.java
@@ -1,4 +1,4 @@
-// Copyright (c) 2020, 2021, Oracle and/or its affiliates.
+// Copyright (c) 2021, Oracle and/or its affiliates.
 // Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 package oracle.weblogic.kubernetes.utils;
diff --git a/integration-tests/src/test/resources/ssl/SslTestClient.java b/integration-tests/src/test/resources/ssl/SslTestClient.java
index b4ee1757303..84c57941fd7 100644
--- a/integration-tests/src/test/resources/ssl/SslTestClient.java
+++ b/integration-tests/src/test/resources/ssl/SslTestClient.java
@@ -13,13 +13,13 @@ public class SslTestClient {
 
   public SslTestClient(String[] args)
   {
-    url      = args[0];
+    url = args[0];
     try {
        Context ctx = getInitialContext();
-       System.out.println("Got the Initial JNDI Context ["+ctx+"]");
+       System.out.println("Got the Initial JNDI Context ["+ ctx +"]");
        String cfName="weblogic.jms.ConnectionFactory";
        ConnectionFactory qcf=(ConnectionFactory)ctx.lookup(cfName);
-       System.out.println("Looked up default JMS connection factory ["+qcf+"]");
+       System.out.println("Looked up JMS connection factory ["+ qcf +"]");
      } catch ( Exception  ex ) { 
        System.out.println("Got Unknown Exception ["+ ex + "]");
        ex.printStackTrace();
@@ -41,7 +41,7 @@ private Context getInitialContext()
       try {
         jndiContext = new InitialContext(props);
       } catch (Exception e) {
-       System.out.println("Unable to get Initial JNDI Context "+e);
+       System.out.println("Unable to get Initial JNDI Context " + e);
        System.exit(-1);
       }
       return jndiContext;