Added trust store handling for remote EJB with SSL sample

Author: arjantijms

ejb/remote/roles-allowed-ssl/src/test/java/org/javaee7/ejb/remote/ssl/RemoteBeanTest.java

@@ -1,24 +1,30 @@
 /** Copyright Payara Services Limited **/
 package org.javaee7.ejb.remote.ssl;
 
+import static javax.naming.Context.SECURITY_PROTOCOL;
 import static org.javaee7.ServerOperations.addUsersToContainerIdentityStore;
 import static org.jboss.shrinkwrap.api.ShrinkWrap.create;
 import static org.jboss.shrinkwrap.api.asset.EmptyAsset.INSTANCE;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assume.assumeTrue;
+import static org.omnifaces.utils.security.Certificates.createTempJKSTrustStore;
+import static org.omnifaces.utils.security.Certificates.getCertificateChainFromServer;
+import static org.omnifaces.utils.security.Certificates.getHostFromCertificate;
+import static org.omnifaces.utils.security.Certificates.setSystemTrustStore;
+
+import java.net.URL;
+import java.security.cert.X509Certificate;
 
 import javax.naming.Context;
 import javax.naming.NamingException;
 
 import org.javaee7.RemoteEJBContextFactory;
 import org.javaee7.RemoteEJBContextProvider;
-import org.javaee7.ejb.remote.ssl.Bean;
-import org.javaee7.ejb.remote.ssl.BeanRemote;
 import org.jboss.arquillian.container.test.api.Deployment;
 import org.jboss.arquillian.container.test.api.RunAsClient;
 import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.arquillian.test.api.ArquillianResource;
 import org.jboss.shrinkwrap.api.Archive;
-import org.jboss.shrinkwrap.api.ShrinkWrap;
 import org.jboss.shrinkwrap.api.spec.EnterpriseArchive;
 import org.jboss.shrinkwrap.api.spec.JavaArchive;
 import org.jboss.shrinkwrap.api.spec.WebArchive;
@@ -39,6 +45,9 @@
  */
 @RunWith(Arquillian.class)
 public class RemoteBeanTest {
+	
+	@ArquillianResource
+	private URL base;
 
     private RemoteEJBContextProvider remoteEJBContextProvider;
 
@@ -66,7 +75,7 @@ public static Archive<EnterpriseArchive> deployment() {
                         create(WebArchive.class, "test.war")
                     );
 
-            System.out.println(archive.toString(true));
+            System.out.println("\n**** Deploying archive: " + archive.toString(true) + " \n");
 
             return archive;
         } catch (Exception e) {
@@ -94,8 +103,37 @@ public void callProtectedRemoteBean() throws NamingException {
 
         // Obtain the JNDI naming context in a vendor specific way.
         Context ejbRemoteContext = remoteEJBContextProvider.getContextWithCredentialsSet("u1", "p1");
-
-        BeanRemote beanRemote = (BeanRemote) ejbRemoteContext.lookup("java:global/test/Bean");
+        
+        ejbRemoteContext.addToEnvironment(SECURITY_PROTOCOL, "ssl");
+        
+        System.out.println("\n**** Quering server for its certificate at " + base.getHost() + ":" + "3920" + "\n");
+        
+        // Get the certificate from the server, using the EJB SSL port
+        X509Certificate[] serverCertificateChain = getCertificateChainFromServer(base.getHost(), 3920);
+        
+        for (X509Certificate certificate : serverCertificateChain) {
+            System.out.println("\n**** Server presented certificate:" + certificate + " \n");
+        }
+        
+        // Create a trust store on disk containing the servers's certificates
+        String trustStorePath = createTempJKSTrustStore(serverCertificateChain);
+        
+        System.out.println("\n**** Temp trust store with server certificates created at: " + trustStorePath + " \n");
+        
+        // Set the newly created trust store as the system wide trust store 
+        setSystemTrustStore(trustStorePath);
+        
+        // Get the host name from the certificate the server presented, and use that for the host
+        // to ultimately do our SSL request to.
+        String host = getHostFromCertificate(serverCertificateChain);
+        ejbRemoteContext.addToEnvironment("org.omg.CORBA.ORBInitialHost", host);
+        
+        System.out.println("\n**** Obtained host \"" + host + "\" from server certificate and will use that for request \n");
+        
+        // Do the actual request to the server for our remote EJB
+        BeanRemote beanRemote = (BeanRemote) ejbRemoteContext.lookup("java:global/my/myEJB/Bean");
+        
+        System.out.println("\n**** Remote EJB obtained via SSL: " + beanRemote + " \n");
 
         assertEquals("method", beanRemote.method());
     }

pom.xml

@@ -76,21 +76,6 @@
                 <enabled>false</enabled>
             </snapshots>
         </repository>
-
-        <repository>
-            <id>ossrh</id>
-            <name>Sonatype-snapshot</name>
-            
-            <url>https://oss.sonatype.org/content/repositories/snapshots</url>
-            
-            <releases>
-                <enabled>false</enabled>
-            </releases>
-            <snapshots>
-                <enabled>true</enabled>
-                <updatePolicy>always</updatePolicy>
-            </snapshots>
-        </repository>
     </repositories>
 
 
@@ -255,6 +240,12 @@
             <version>1.6.0</version>
             <scope>test</scope>
         </dependency>
+        <dependency>
+        	<groupId>org.omnifaces</groupId>
+    		<artifactId>omniutils</artifactId>
+    		<version>0.10</version>
+    		<scope>test</scope>
+        </dependency>
     </dependencies>