Cleaned-up logging for client-cert test

arjantijms · arjantijms · commit a8d68c3d11f5 · 2018-11-03T01:22:18.000+01:00
diff --git a/servlet/security-clientcert/src/test/java/org/javaee7/servlet/security/clientcert/SecureServletTest.java b/servlet/security-clientcert/src/test/java/org/javaee7/servlet/security/clientcert/SecureServletTest.java
@@ -32,7 +32,6 @@
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.List;
-import java.util.logging.Level;
 import java.util.logging.Logger;
 
 import javax.net.ssl.SSLContext;
@@ -84,6 +83,8 @@ public class SecureServletTest {
     @Deployment(testable = false)
     public static WebArchive createDeployment() throws FileNotFoundException, IOException {
 
+        System.out.println("\n*********** DEPLOYMENT START ***************************");
+        
         Provider provider = new BouncyCastleProvider();
         Security.addProvider(provider);
 
@@ -114,93 +115,78 @@ public static WebArchive createDeployment() throws FileNotFoundException, IOExce
         addCertificateToContainerTrustStore(clientCertificate);
 
         return create(WebArchive.class)
-                .addClass(SecureServlet.class)
+                .addClasses(SecureServlet.class)
                 .addAsWebInfResource((new File(WEBAPP_SRC + "/WEB-INF", "web.xml")))
                 .addAsWebInfResource((new File(WEBAPP_SRC + "/WEB-INF", "glassfish-web.xml")));
     }
 
     @Before
     public void setup() throws FileNotFoundException, IOException {
+        
+        System.out.println("\n*********** SETUP START ***************************");
+        
+        webClient = new WebClient();
 
-        // ### Ask the server for its certificate and add that to a new local trust store
-
-        // First get the HTTPS url for which the server is listening
+        // First get the HTTPS URL for which the server is listening
         baseHttps = ServerOperations.toContainerHttps(base);
+        if (baseHttps == null) {
+            throw new IllegalStateException("No https URL could be created from " + base);
+        }
 
-        System.out.println("***************************************");
-
-        if (baseHttps != null) {
-            System.out.println("Created " + baseHttps);
-            X509Certificate[] serverCertificateChain = getCertificateChainFromServer(baseHttps.getHost(), baseHttps.getPort());
+        
+        
+        // ### Ask the server for its certificate and add that to a new local trust store
+        
+        // Server -> client : the trust store certificates are used to validate the certificate sent
+        // by the server
+        X509Certificate[] serverCertificateChain = getCertificateChainFromServer(baseHttps.getHost(), baseHttps.getPort());
+        
+        if (serverCertificateChain != null && serverCertificateChain.length > 0) {
+            
+            System.out.println("Obtained certificate from server. Storing it in client trust store");
+        
             createTrustStore(serverCertificateChain);
+    
+            String trustStorePath = System.getProperty("buildDirectory", "") +  "/clientTrustStore.jks";
+            System.out.println("Reading trust store from: " + trustStorePath);
+            
+            webClient.getOptions().setSSLTrustStore(new File(trustStorePath).toURI().toURL(), "changeit", "jks");
             
+            // If the use.cnHost property is we try to extract the host from the server
+            // certificate and use exactly that host for our requests.
+            // This is needed if a server is listening to multiple host names, for instance
+            // localhost and example.com. If the certificate is for example.com, we can't
+            // localhost for the request, as that will not be accepted.
             if (System.getProperty("use.cnHost") != null) {
-                if (serverCertificateChain != null && serverCertificateChain.length > 0) {
-                    X509Certificate firstCert = serverCertificateChain[0];
-                    String name = firstCert.getIssuerX500Principal().getName();
-                    System.out.println("Full certificate issuer name " + name);
-                    String[] names = name.split(",");
-                    // cn should be first
-                    if (names != null && names.length > 0) {
-                        String cnNameString = names[0];
-                        String cn = cnNameString.substring(cnNameString.indexOf('=') + 1).trim();
-                        System.out.println("Issuer CN name " + cn);
-                        
-                        try {
-                            URL httpsUrl = new URL(
-                                baseHttps.getProtocol(),
-                                cn,
-                                baseHttps.getPort(),
-                                baseHttps.getFile()
-                            );
-                            
-                            System.out.println("Changing to " + httpsUrl + " from " + baseHttps);
-                            
-                            baseHttps = httpsUrl;
-                            
-                        } catch (MalformedURLException e) {
-                            System.out.println("Failure creating HTTPS URL");
-                            e.printStackTrace();
-                        }
-                        
-                    }
-                    
-                }
+                System.out.println("use.cnHost set. Trying to grab CN from certificate and use as host for requests.");
+                baseHttps = getHostFromCertificate(serverCertificateChain, baseHttps);
             }
-            
         } else {
-            System.out.println("No https URL could be created from " + base);
+            System.out.println("Could not obtain certificates from server. Continuing without custom truststore");
         }
-
-
-        webClient = new WebClient();
-        
-        // Server -> client : the trust store certificates are used to validate the certificate sent
-        // by the server
-
-        String trustStorePath = System.getProperty("buildDirectory", "") +  "/clientTrustStore.jks";
-        System.out.println("Reading trust store from: " + trustStorePath);
-
-        webClient.getOptions().setSSLTrustStore(new File(trustStorePath).toURI().toURL(), "changeit", "jks");
-
+       
         String keyStorePath = System.getProperty("buildDirectory", "") +  "/clientKeyStore.jks";
         System.out.println("Reading key store from: " + keyStorePath);
 
         // Client -> Server : the key store private keys and certificates are used to sign
         // and sent a reply to the server
         webClient.getOptions().setSSLClientCertificate(new File(keyStorePath).toURI().toURL(), "changeit", "jks");
-
         
+        System.out.println("*********** SETUP DONE ***************************\n");
     }
 
     @After
     public void tearDown() {
         webClient.getCookieManager().clearCookies();
         webClient.close();
+        System.out.println("\n*********** TEST END ***************************\n");
     }
 
     @Test
     public void testGetWithCorrectCredentials() throws Exception {
+        
+        System.out.println("\n*********** TEST START ***************************\n");
+        
         try {
             TextPage page = webClient.getPage(baseHttps + "SecureServlet");
 
@@ -316,7 +302,7 @@ private static void createKeyStore(PrivateKey privateKey, X509Certificate certif
 
             String path = System.getProperty("buildDirectory", "") +  "/clientKeyStore.jks";
 
-            System.out.println("Storing key store at: " + path);
+            System.out.println("Storing client key store at: " + path);
 
             keyStore.store(new FileOutputStream(path), "changeit".toCharArray());
         } catch (Exception ex) {
@@ -343,6 +329,43 @@ private static void createTrustStore(X509Certificate[] certificates) {
         }
     }
     
+    private static URL getHostFromCertificate(X509Certificate[] serverCertificateChain, URL existingURL) {
+        X509Certificate firstCert = serverCertificateChain[0];
+        String name = firstCert.getIssuerX500Principal().getName();
+        System.out.println("Full certificate issuer name " + name);
+        
+        String[] names = name.split(",");
+        
+        // cn should be first
+        if (names != null && names.length > 0) {
+            String cnNameString = names[0];
+            String cn = cnNameString.substring(cnNameString.indexOf('=') + 1).trim();
+            System.out.println("Issuer CN name: \"" + cn + "\"");
+            
+            try {
+                URL httpsUrl = new URL(
+                    existingURL.getProtocol(),
+                    cn,
+                    existingURL.getPort(),
+                    existingURL.getFile()
+                );
+                
+                System.out.println("Changing base URL from " + existingURL + " into " + httpsUrl + "\n");
+                
+                return httpsUrl;
+                
+            } catch (MalformedURLException e) {
+                System.out.println("Failure creating HTTPS URL");
+                e.printStackTrace();
+            }
+            
+        }
+        
+        System.out.println("FAILED to get CN. Using existing URL: " + existingURL);
+        
+        return existingURL;
+    }
+    
     private static void enableSSLDebug() {
         System.setProperty("javax.net.debug", "ssl:handshake");
         
diff --git a/test-utils/src/main/java/org/javaee7/ServerOperations.java b/test-utils/src/main/java/org/javaee7/ServerOperations.java
@@ -98,11 +98,12 @@ public static void addCertificateToContainerTrustStore(Certificate clientCertifi
             Path cacertsPath = gfHomePath.resolve("glassfish/domains/" + domain + "/config/cacerts.jks");
             
             if (!cacertsPath.toFile().exists()) {
-                logger.severe("The trust store at " + cacertsPath.toAbsolutePath() + " does not exists");
+                logger.severe("The container trust store at " + cacertsPath.toAbsolutePath() + " does not exists");
+                logger.severe("Is the domain \"" + domain + "\" correct?");
                 return;
             }
             
-            logger.info("*** Adding certificate to: " + cacertsPath.toAbsolutePath());
+            logger.info("*** Adding certificate to container trust store: " + cacertsPath.toAbsolutePath());
         
             KeyStore keyStore = null;
             try (InputStream in = new FileInputStream(cacertsPath.toAbsolutePath().toFile())) {
@@ -145,8 +146,7 @@ public static URL toContainerHttps(URL url) {
                     url.getFile()
                 );
                 
-                System.out.println("Returning " + httpsUrl + " for " + url);
-                logger.info("Returning " + httpsUrl + " for " + url);
+                System.out.println("Changing base URL from " + url + " into " + httpsUrl);
                 
                 return httpsUrl;
                 
