From 77e6d72aa5c706680657009994c03a97f2a6c7ea Mon Sep 17 00:00:00 2001
From: Brian Stansberry <brian.stansberry@redhat.com>
Date: Tue, 16 Jul 2024 06:56:15 -0500
Subject: [PATCH] Tell Java to use our truststore

---
 security/wildfly-mods/arquillian.xml  | 2 +-
 security/wildfly-mods/profile.xml     | 1 +
 security/wildfly/configure-server.cli | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/security/wildfly-mods/arquillian.xml b/security/wildfly-mods/arquillian.xml
index 5b099fc..d972773 100644
--- a/security/wildfly-mods/arquillian.xml
+++ b/security/wildfly-mods/arquillian.xml
@@ -6,7 +6,7 @@
     <container qualifier="default" default="true">
         <configuration>
             <property name="jbossHome">${test.wildfly.home}</property>
-            <property name="javaVmArguments">${debugJvmArgs} -Djboss.https.port=9443</property>
+            <property name="javaVmArguments">${debugJvmArgs} -Djboss.https.port=9443 -Djavax.net.ssl.trustStore=${test.wildfly.home}/standalone/configuration/client.truststore.pkcs12 -Djavax.net.ssl.trustStorePassword=changeit</property>
             <property name="serverName">wildfly</property>
             <property name="host">localhost</property>
         </configuration>
diff --git a/security/wildfly-mods/profile.xml b/security/wildfly-mods/profile.xml
index 9f87433..e734358 100644
--- a/security/wildfly-mods/profile.xml
+++ b/security/wildfly-mods/profile.xml
@@ -45,6 +45,7 @@
                             <systemPropertyVariables>
                                 <!-- Properties shared with Arquillian -->
                                 <tck_server>${jboss.server.name}</tck_server>
+								<javax.net.ssl.trustStore>${env.JBOSS_HOME}/standalone/configuration/client.truststore.pkcs12</javax.net.ssl.trustStore>
                             </systemPropertyVariables>
                             <!-- Standard client side JPMS settings -->
                             <argLine>
diff --git a/security/wildfly/configure-server.cli b/security/wildfly/configure-server.cli
index 2b273ab..e275a5a 100644
--- a/security/wildfly/configure-server.cli
+++ b/security/wildfly/configure-server.cli
@@ -21,7 +21,7 @@ end-if
 # Configure the keystore
 if (outcome != success) of /subsystem=elytron/key-store=tckTs:read-resource
     # create the truststore for the client that has the cert from the server's keystore
-    /subsystem=elytron/key-store=tckTs:add(path=client.truststore.pkcs12,relative-to=jboss.server.config.dir,credential-reference={clear-text=changeit},type=PKCS12)
+    /subsystem=elytron/key-store=tckTs:add(path=client.truststore.jks,relative-to=jboss.server.config.dir,credential-reference={clear-text=changeit},type=PKCS12)
     /subsystem=elytron/key-store=tckTs:import-certificate(alias=tomcat,path="${tck.root}/app-openid2/tomcat.cert",credential-reference={clear-text=changeit},trust-cacerts=true,validate=false)
     /subsystem=elytron/key-store=tckTs:store()