#497: Make mTLS more convenient to use (#498)

* initial

* - make key/trust store configurable
- load key/trust stores on first use only and cache them for subsequent uses

* marked our changes in WebClientOptions.java

* added needed Jetty server properties for testing mTLS (inactive by default)

samples/app-server/start.ini

@@ -33,10 +33,6 @@ etc/xc-loginservice.xml
 # Property Overrides
 #===========================================================
 
-# use XC keystore/truststore
-jetty.sslContext.keyStorePath=etc/xc-keystore.jks
-jetty.sslContext.trustStorePath=etc/xc-keystore.jks
-
 ## the address to which the server will be bound
 #jetty.http.host=0.0.0.0
 #jetty.ssl.host=${jetty.http.host}
@@ -45,3 +41,18 @@ jetty.sslContext.trustStorePath=etc/xc-keystore.jks
 jetty.http.port=8080
 jetty.ssl.port=8443
 jetty.httpConfig.securePort=${jetty.ssl.port}
+
+## use default XC keystore/truststore
+jetty.sslContext.keyStorePath=etc/xc-keystore.jks
+jetty.sslContext.trustStorePath=etc/xc-keystore.jks
+
+## alternative keystore/truststore for testing mTLS
+#jetty.sslContext.keyStorePath=_mtls/server-keystore.jks
+#jetty.sslContext.keyStorePassword=
+#jetty.sslContext.keyManagerPassword=
+
+#jetty.sslContext.trustStorePath=_mtls/server-truststore.jks
+#jetty.sslContext.trustStorePassword=
+
+#jetty.sslContext.needClientAuth=true
+#jetty.sslContext.wantClientAuth=true

samples/testsuite-performance/config/default.properties

@@ -37,6 +37,23 @@ com.xceptance.xlt.ssl.easyMode = true
 ## need to be enabled there again before they can be used here.
 #com.xceptance.xlt.ssl.protocols = SSLv3, TLSv1, TLSv1.1, TLSv1.2
 
+## The path to a Java key store file with a client key/certificate.
+## Specify the path relative to the root directory of the test suite.
+## If the store is protected by a password, you can configure it here
+## as well. Please ensure that the key in the store is always protected by the
+## same password as the store itself.
+#com.xceptance.xlt.tls.keyStore.file = config/keystore.p12
+#com.xceptance.xlt.tls.keyStore.password = <store-pw>
+
+## The path to a Java key store file with trusted server certificates.
+## Specify the path relative to the root directory of the test suite.
+## If the store is protected by a password, you can configure it here
+## as well.
+## If you don't configure any trust store here, the system-default trust store
+## will be used.
+#com.xceptance.xlt.tls.trustStore.file = config/truststore.p12
+#com.xceptance.xlt.tls.trustStore.password = <store-pw>
+
 ## The connection timeout [ms] on sockets and establishing the connection. This
 ## value is used therefore twice. So a value of 30000 will set a timeout of
 ## 30 seconds to establish the connection and 30 seconds on waiting for data.

samples/testsuite-posters/config/default.properties

@@ -37,6 +37,23 @@ com.xceptance.xlt.ssl.easyMode = true
 ## need to be enabled there again before they can be used here.
 #com.xceptance.xlt.ssl.protocols = SSLv3, TLSv1, TLSv1.1, TLSv1.2
 
+## The path to a Java key store file with a client key/certificate.
+## Specify the path relative to the root directory of the test suite.
+## If the store is protected by a password, you can configure it here
+## as well. Please ensure that the key in the store is always protected by the
+## same password as the store itself.
+#com.xceptance.xlt.tls.keyStore.file = config/keystore.p12
+#com.xceptance.xlt.tls.keyStore.password = <store-pw>
+
+## The path to a Java key store file with trusted server certificates.
+## Specify the path relative to the root directory of the test suite.
+## If the store is protected by a password, you can configure it here
+## as well.
+## If you don't configure any trust store here, the system-default trust store
+## will be used.
+#com.xceptance.xlt.tls.trustStore.file = config/truststore.p12
+#com.xceptance.xlt.tls.trustStore.password = <store-pw>
+
 ## The connection timeout [ms] on sockets and establishing the connection. This
 ## value is used therefore twice. So a value of 30000 will set a timeout of
 ## 30 seconds to establish the connection and 30 seconds on waiting for data.

samples/testsuite-showcases/config/default.properties

@@ -37,6 +37,23 @@ com.xceptance.xlt.ssl.easyMode = true
 ## need to be enabled there again before they can be used here.
 #com.xceptance.xlt.ssl.protocols = SSLv3, TLSv1, TLSv1.1, TLSv1.2
 
+## The path to a Java key store file with a client key/certificate.
+## Specify the path relative to the root directory of the test suite.
+## If the store is protected by a password, you can configure it here
+## as well. Please ensure that the key in the store is always protected by the
+## same password as the store itself.
+#com.xceptance.xlt.tls.keyStore.file = config/keystore.p12
+#com.xceptance.xlt.tls.keyStore.password = <store-pw>
+
+## The path to a Java key store file with trusted server certificates.
+## Specify the path relative to the root directory of the test suite.
+## If the store is protected by a password, you can configure it here
+## as well.
+## If you don't configure any trust store here, the system-default trust store
+## will be used.
+#com.xceptance.xlt.tls.trustStore.file = config/truststore.p12
+#com.xceptance.xlt.tls.trustStore.password = <store-pw>
+
 ## The connection timeout [ms] on sockets and establishing the connection. This
 ## value is used therefore twice. So a value of 30000 will set a timeout of
 ## 30 seconds to establish the connection and 30 seconds on waiting for data.

samples/testsuite-template/config/default.properties

@@ -37,6 +37,23 @@ com.xceptance.xlt.ssl.easyMode = true
 ## need to be enabled there again before they can be used here.
 #com.xceptance.xlt.ssl.protocols = SSLv3, TLSv1, TLSv1.1, TLSv1.2
 
+## The path to a Java key store file with a client key/certificate.
+## Specify the path relative to the root directory of the test suite.
+## If the store is protected by a password, you can configure it here
+## as well. Please ensure that the key in the store is always protected by the
+## same password as the store itself.
+#com.xceptance.xlt.tls.keyStore.file = config/keystore.p12
+#com.xceptance.xlt.tls.keyStore.password = <store-pw>
+
+## The path to a Java key store file with trusted server certificates.
+## Specify the path relative to the root directory of the test suite.
+## If the store is protected by a password, you can configure it here
+## as well.
+## If you don't configure any trust store here, the system-default trust store
+## will be used.
+#com.xceptance.xlt.tls.trustStore.file = config/truststore.p12
+#com.xceptance.xlt.tls.trustStore.password = <store-pw>
+
 ## The connection timeout [ms] on sockets and establishing the connection. This
 ## value is used therefore twice. So a value of 30000 will set a timeout of
 ## 30 seconds to establish the connection and 30 seconds on waiting for data.

samples/testsuite-xlt/config/default.properties

@@ -37,6 +37,23 @@ com.xceptance.xlt.ssl.easyMode = true
 ## need to be enabled there again before they can be used here.
 #com.xceptance.xlt.ssl.protocols = SSLv3, TLSv1, TLSv1.1, TLSv1.2
 
+## The path to a Java key store file with a client key/certificate.
+## Specify the path relative to the root directory of the test suite.
+## If the store is protected by a password, you can configure it here
+## as well. Please ensure that the key in the store is always protected by the
+## same password as the store itself.
+#com.xceptance.xlt.tls.keyStore.file = config/keystore.p12
+#com.xceptance.xlt.tls.keyStore.password = <store-pw>
+
+## The path to a Java key store file with trusted server certificates.
+## Specify the path relative to the root directory of the test suite.
+## If the store is protected by a password, you can configure it here
+## as well.
+## If you don't configure any trust store here, the system-default trust store
+## will be used.
+#com.xceptance.xlt.tls.trustStore.file = config/truststore.p12
+#com.xceptance.xlt.tls.trustStore.password = <store-pw>
+
 ## The connection timeout [ms] on sockets and establishing the connection. This
 ## value is used therefore twice. So a value of 30000 will set a timeout of
 ## 30 seconds to establish the connection and 30 seconds on waiting for data.